pkhamre/reddit_stock_analyzer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

prod docker compose fixes.

Browse Source
This commit is contained in:
Pål-Kristian Hamre
2025-07-29 20:00:01 +02:00
parent c792ea0bf8
commit 5d3e510f6b
5 changed files with 59 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
config/nginx/rstat.net-SSL.conf
View File

@@ -32,18 +32,14 @@ server {
add_header Strict-Transport-Security "max-age=63072000" always; add_header Strict-Transport-Security "max-age=63072000" always;
location / { location / {
root /usr/share/nginx/www.rstat.net; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://varnish:80;
proxy_redirect off;
} }
#location / {
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header Host $http_host;
# proxy_pass http://varnish:80;
# proxy_redirect off;
#}
} }
# intermediate configuration # intermediate configuration

18
config/varnish/default.vcl
View File

@@ -8,8 +8,8 @@ import dynamic;
import std; import std;
backend default { backend default {
.host = "ghost"; .host = "rstat-dashboard";
.port = "2368"; .port = "5000";
} }
acl purge { acl purge {
@@ -23,7 +23,7 @@ sub vcl_recv {
if (!client.ip ~ purge) { if (!client.ip ~ purge) {
return(synth(403, "Not allowed.")); return(synth(403, "Not allowed."));
} }
ban("req.http.host == its.pkhamre.com"); ban("req.http.host == rstat.net");
return(synth(200, "Cache cleared")); return(synth(200, "Cache cleared"));
} }
@@ -33,16 +33,6 @@ sub vcl_recv {
return(hash); return(hash);
} }
# Don't cache if these cookies are present
if (req.http.Cookie ~ "ghost-members-ssr" || req.http.Cookie ~ "ghost-admin-api-session") {
return(pass);
}
# Don't cache these paths
if (req.url ~ "^/(ghost|members|p)/") {
return(pass);
}
# Remove all cookies for other requests # Remove all cookies for other requests
unset req.http.Cookie; unset req.http.Cookie;
return(hash); return(hash);
@@ -50,7 +40,7 @@ sub vcl_recv {
sub vcl_backend_response { sub vcl_backend_response {
# Cache static files and other content in Varnish for 1 year # Cache static files and other content in Varnish for 1 year
set beresp.ttl = 1y; set beresp.ttl = 1m;
# Enable stale content serving # Enable stale content serving
set beresp.grace = 24h; set beresp.grace = 24h;
# Preserve the origin's Cache-Control header for client-side caching # Preserve the origin's Cache-Control header for client-side caching

39
config/varnish/hit-miss.vcl Normal file
View File

@@ -0,0 +1,39 @@
sub vcl_recv {
unset req.http.x-cache;
}
sub vcl_hit {
set req.http.x-cache = "hit";
if (obj.ttl <= 0s && obj.grace > 0s) {
set req.http.x-cache = "hit graced";
}
}
sub vcl_miss {
set req.http.x-cache = "miss";
}
sub vcl_pass {
set req.http.x-cache = "pass";
}
sub vcl_pipe {
set req.http.x-cache = "pipe uncacheable";
}
sub vcl_synth {
set req.http.x-cache = "synth synth";
# comment the following line to omit the x-cache header in the response
set resp.http.x-cache = req.http.x-cache;
}
sub vcl_deliver {
if (obj.uncacheable) {
set req.http.x-cache = req.http.x-cache + " uncacheable" ;
} else {
set req.http.x-cache = req.http.x-cache + " cached" ;
}
# comment the following line to omit the x-cache header in the response
set resp.http.x-cache = req.http.x-cache;
}

29
docker-compose-prod.yml
View File

@@ -7,36 +7,7 @@ services:
context: . context: .
dockerfile: Dockerfile dockerfile: Dockerfile
restart: always restart: always
environment:
- FLASK_ENV=production
- FLASK_APP=rstat_tool.app:create_app
- RSTAT_CONFIG_FILE=/app/config/config.py
volumes: volumes:
- ./reddit_stocks:/usr/share/app/reddit_stocks.db:ro - ./reddit_stocks:/usr/share/app/reddit_stocks.db:ro
ports: ports:
- "5000:5000" - "5000:5000"
nginx:
image: nginx:1.29.0
restart: always
volumes:
- ./config/nginx:/etc/nginx/conf.d:ro
- ./config/certbot:/etc/nginx/ssl:ro
- ./public:/usr/share/nginx:ro
ports:
- "80:80"
- "443:443"
varnish:
image: varnish:7.7.1
restart: always
volumes:
- ./config/varnish/default.vcl:/etc/varnish/default.vcl:ro"
tmpfs:
- /var/lib/varnish/varnishd:exec
certbot:
image: certbot/certbot:v4.1.1
volumes:
- ./config/certbot:/etc/letsencrypt:rw
- ./public/certbot:/usr/share/nginx/certbot:rw

9
docker-compose.yml
View File

@@ -13,6 +13,15 @@ services:
- "80:80" - "80:80"
- "443:443" - "443:443"
varnish:
image: varnish:7.7.1
restart: always
volumes:
- ./config/varnish/default.vcl:/etc/varnish/default.vcl:ro"
- ./config/varnish/hit-miss.vcl:/etc/varnish/hit-miss.vcl:ro"
tmpfs:
- /var/lib/varnish/varnishd:exec
certbot: certbot:
image: certbot/certbot:v4.1.1 image: certbot/certbot:v4.1.1
volumes: volumes: