update with instructions for caddy, removing nginx

2024-11-22 17:47:08 +03:00 · 2017-08-14 11:48:17 +02:00 · 2017-08-14 11:48:17 +02:00 · 5492a2b387
commit 5492a2b387
parent e4d94b52d5
1 changed files with 9 additions and 55 deletions
--- a/docs/deployment-with-docker.rst
+++ b/docs/deployment-with-docker.rst
@ -17,7 +17,7 @@ of this application gets its configuration from. Notice how it provides configur

 * `postgres` service that runs the database
 * `redis` for caching
-* `nginx` as reverse proxy
+* `caddy` as webserver
 * `django` is the Django project run by gunicorn

 If you chose the `use_celery` option, there are two more services:
@ -25,10 +25,6 @@ If you chose the `use_celery` option, there are two more services:
 * `celeryworker` which runs the celery worker process
 * `celerybeat` which runs the celery beat process

-If you chose the `use_letsencrypt` option, you also have:
-
-* `certbot` which keeps your certs from letsencrypt up-to-date
-
 Populate .env With Your Environment Variables
 ---------------------------------------------

@ -57,66 +53,24 @@ It is always better to deploy a site behind HTTPS and will become crucial as the

 * If you are not using a subdomain of the domain name set in the project, then remember to put the your staging/production IP address in the :code:`DJANGO_ALLOWED_HOSTS` environment variable (see :ref:`settings`) before you deploy your website. Failure to do this will mean you will not have access to your website through the HTTP protocol.

-* Access to the Django admin is set up by default to require HTTPS in production or once *live*. We recommend that you look into setting up the *Certbot and Let's Encrypt Setup* mentioned below or another HTTPS certification service.
+* Access to the Django admin is set up by default to require HTTPS in production or once *live*.

-Optional: nginx-proxy Setup
---------------------------

-By default, the application is configured to listen on all interfaces on port 80. If you want to change that, open the
-`production.yml` file and replace `0.0.0.0` with your own ip.
+HTTPS is configured by default
+------------------------------

-If you are using `nginx-proxy`_ to run multiple application stacks on one host, remove the port setting entirely and add `VIRTUAL_HOST=example.com` to your env file. Here, replace example.com with the value you entered for `domain_name`.
+The Caddy webserver used in the default configuration will get you a valid certificate from Lets Encrypt and update it automatically. All you need to do to enable this is to make sure that your DNS records are pointing to the server Caddy runs on.

-This pass all incoming requests on `nginx-proxy`_ to the nginx service your application is using.
+You can read more about this here at `Automatic HTTPS`_ in the Caddy docs.
+
+.. _Automatic HTTPS: https://caddyserver.com/docs/automatic-https

-.. _nginx-proxy: https://github.com/jwilder/nginx-proxy

 Optional: Postgres Data Volume Modifications
 ---------------------------------------------

 Postgres is saving its database files to the `postgres_data` volume by default. Change that if you want something else and make sure to make backups since this is not done automatically.

-Optional: Certbot and Let's Encrypt Setup
------------------------------------------
-
-If you chose `use_letsencrypt` and will be using certbot for https, you must do the following before running anything with docker-compose:
-
-Replace dhparam.pem.example with a generated dhparams.pem file before running anything with docker-compose. You can generate this on ubuntu or OS X by running the following in the project root:
-
-::
-
-    $ openssl dhparam -out /path/to/project/compose/nginx/dhparams.pem 2048
-
-If you would like to add additional subdomains to your certificate, you must add additional parameters to the certbot command in the `production.yml` file:
-
-Replace:
-
-::
-
-    command: bash -c "sleep 6 && certbot certonly -n --standalone -d {{ cookiecutter.domain_name }} --test --agree-tos --email {{ cookiecutter.email }} --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --verbose --keep-until-expiring --preferred-challenges http-01"
-
-With:
-
-::
-
-    command: bash -c "sleep 6 && certbot certonly -n --standalone -d {{ cookiecutter.domain_name }} -d www.{{ cookiecutter.domain_name }} -d etc.{{ cookiecutter.domain_name }} --test --agree-tos --email {{ cookiecutter.email }} --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --verbose --keep-until-expiring --preferred-challenges http-01"
-
-Please be cognizant of Certbot/Letsencrypt certificate requests limits when getting this set up. The provide a test server that does not count against the limit while you are getting set up.
-
-The certbot certificates expire after 3 months.
-If you would like to set up autorenewal of your certificates, the following commands can be put into a bash script:
-
-::
-
-    #!/bin/bash
-    cd <project directory>
-    docker-compose -f production.yml run --rm --name certbot certbot bash -c "sleep 6 && certbot certonly --standalone -d {{ cookiecutter.domain_name }} --test --agree-tos --email {{ cookiecutter.email }} --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --verbose --keep-until-expiring --preferred-challenges http-01"
-    docker exec {{ cookiecutter.project_name }}_nginx_1 nginx -s reload
-
-And then set a cronjob by running `crontab -e` and placing in it (period can be adjusted as desired)::
-
-    0 4 * * 1 /path/to/bashscript/renew_certbot.sh
-
 Run your app with docker-compose
 --------------------------------

@ -154,7 +108,7 @@ If you want to scale your application, run::
   docker-compose -f production.yml scale django=4
   docker-compose -f production.yml scale celeryworker=2

-.. warning:: Don't run the scale command on postgres, celerybeat, certbot, or nginx.
+.. warning:: Don't run the scale command on postgres, celerybeat, or caddy.

 If you have errors, you can always check your stack with `docker-compose`. Switch to your projects root directory and run::