-
-
Notifications
You must be signed in to change notification settings - Fork 41
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[skip ci]
- Loading branch information
Kyle Clemens
committed
Jul 11, 2018
1 parent
8c18a98
commit b163ab7
Showing
15 changed files
with
456 additions
and
146 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
FROM debian:stretch | ||
|
||
RUN apt-get update | ||
RUN apt-get install \ | ||
--no-install-recommends \ | ||
--assume-yes \ | ||
curl ca-certificates \ | ||
git \ | ||
build-essential \ | ||
cmake \ | ||
autoconf automake libtool \ | ||
libssl1.0-dev libssh-dev libz-dev clang \ | ||
libpq-dev \ | ||
pkg-config | ||
|
||
RUN git clone -b stable git://github.com/jedisct1/libsodium.git /libsodium | ||
|
||
WORKDIR /libsodium | ||
|
||
RUN ./autogen.sh | ||
RUN ./configure --prefix="$HOME/libsodium-build" | ||
RUN make install | ||
|
||
WORKDIR / | ||
|
||
RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain nightly-2018-06-28 | ||
|
||
RUN echo "source $HOME/.cargo/env" >> $HOME/.bashrc | ||
RUN echo "export PKG_CONFIG_PATH=$HOME/libsodium-build/lib/pkgconfig" >> $HOME/.bashrc | ||
RUN echo "export LD_LIBRARY_PATH=$HOME/libsodium-build/lib" >> $HOME/.bashrc | ||
|
||
WORKDIR /paste |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
version: '3' | ||
services: | ||
backend: | ||
build: run | ||
command: /run.sh --release | ||
volumes: | ||
- "../:/paste" | ||
depends_on: | ||
- postgres | ||
- redis | ||
- sidekiq | ||
redis: | ||
image: redis | ||
postgres: | ||
image: postgres | ||
environment: | ||
- POSTGRES_USER=paste | ||
- POSTGRES_PASSWORD=paste | ||
sidekiq: | ||
build: sidekiq | ||
depends_on: | ||
- redis | ||
volumes: | ||
- "../:/paste" | ||
nginx: | ||
image: nginx:alpine | ||
restart: always | ||
depends_on: | ||
- backend | ||
ports: | ||
- "80:80" | ||
- "443:443" | ||
volumes: | ||
- "./run/nginx/nginx.conf:/etc/nginx/nginx.conf:ro" | ||
- "./run/nginx/sites:/etc/nginx/sites:ro" | ||
- "./run/nginx/certs:/etc/nginx/certs:ro" | ||
- "../webserver/web/static:/etc/nginx/web/static:ro" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
FROM jkcclemens/paste | ||
|
||
RUN $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features postgres | ||
|
||
RUN apt-get install --assume-yes netcat | ||
|
||
ADD run.sh /run.sh | ||
|
||
CMD /run.sh |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
# NOTE: change this based on your machine (equal to # CPU cores) | ||
worker_processes 2; | ||
# NOTE: change this based on your machine (ulimit -n) | ||
worker_connections 1024; | ||
|
||
error_log error.log; | ||
error_log info.log notice; | ||
error_log info.log info; | ||
|
||
pid nginx.pid; | ||
|
||
events { | ||
worker_connections 1024; | ||
} | ||
|
||
http { | ||
include mime.types; | ||
default_type application/octet-stream; | ||
|
||
server_tokens off; | ||
|
||
sendfile on; | ||
|
||
keepalive_timeout 65; | ||
|
||
gzip on; | ||
|
||
# TODO: brotli by default somehow | ||
# brotli on; | ||
# brotli_comp_level 4; | ||
# brotli_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss; | ||
|
||
# TODO: TLS security | ||
# ssl_dhparam /etc/ssl/dhparam.pem; | ||
|
||
# ssl_protocols TLSv1.3 TLSv1.2; | ||
# ssl_ciphers 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA'; | ||
# ssl_prefer_server_ciphers on; | ||
|
||
# ssl_session_timeout 1d; | ||
# ssl_session_cache shared:SSL:50m; | ||
# ssl_session_tickets off; | ||
# ssl_ecdh_curve X25519:secp384r1; | ||
|
||
# OCSP stapling | ||
ssl_stapling on; | ||
ssl_stapling_verify on; | ||
resolver 1.1.1.1; # 1dot1dot1dot1.cloudflare-dns.com | ||
|
||
|
||
# NOTE: change this to change the max upload size nginx will accept (Rocket must also be changed) | ||
client_max_body_size 1m; | ||
client_body_buffer_size 10K; | ||
client_header_buffer_size 1k; | ||
large_client_header_buffers 2 1k; | ||
|
||
include sites/*.conf; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
# This file should be called paste.conf when you are done with it | ||
|
||
server { | ||
listen 80; | ||
listen [::]:80; | ||
# CHANGE: change this to your host | ||
server_name change.me; | ||
|
||
location /static/ { | ||
alias /etc/nginx/web/static/; | ||
} | ||
|
||
location /favicon.ico { | ||
return 308 /static/favicons/favicon.ico; | ||
} | ||
|
||
location / { | ||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
proxy_set_header X-Real-IP $remote_addr; | ||
# CHANGE: change this to your host | ||
proxy_set_header Host change.me; | ||
proxy_pass https://backend:8000; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
# This file should be called paste.conf when you are done with it | ||
|
||
server { | ||
listen 443 ssl http2; | ||
listen [::]:443 ssl http2; | ||
# CHANGE: change this to your host | ||
server_name change.me; | ||
|
||
# CHANGE: change fullchain.pem and privkey.pem to the files you've put in the certs directroy | ||
# place certs and keys in .docker/run/nginx/certs | ||
ssl_certificate /etc/nginx/certs/fullchain.pem; | ||
ssl_certificate_key /etc/nginx/certs/privkey.pem; | ||
|
||
# NOTE: uncomment to enable HSTS | ||
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; | ||
|
||
location /static/ { | ||
alias /etc/nginx/web/static/; | ||
} | ||
|
||
location /favicon.ico { | ||
return 308 /static/favicons/favicon.ico; | ||
} | ||
|
||
location / { | ||
# CHANGE: change this to your host | ||
proxy_set_header Host change.me; | ||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
proxy_set_header X-Real-IP $remote_addr; | ||
proxy_pass https://backend:8000; | ||
} | ||
} | ||
|
||
# This redirects all http requests to https | ||
server { | ||
listen 80; | ||
listen [::]:80; | ||
# CHANGE: change this to your host | ||
server_name change.me; | ||
|
||
return 301 https://$server_name$request_uri; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
#!/bin/bash | ||
|
||
set -e | ||
|
||
source "$HOME/.bashrc" | ||
|
||
while ! nc -z postgres 5432; do | ||
sleep 1 | ||
done | ||
|
||
diesel migration --migration-dir=webserver/migrations run | ||
|
||
cargo build -p worker_email "$@" | ||
cargo build -p worker_delete_all_pastes "$@" | ||
|
||
cargo run "$@" -p webserver config.toml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
# FROM ruby:alpine # can't use alpine because ffi shared libraries | ||
FROM ruby | ||
|
||
# RUN apk add --no-cache build-base | ||
RUN apt-get update && apt-get install --assume-yes --no-install-recommends build-essential | ||
|
||
RUN gem install sidekiq ffi | ||
|
||
WORKDIR /paste | ||
|
||
CMD ./sidekiq.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,12 @@ | ||
/target | ||
**/*.rs.bk | ||
|
||
/Rocket.toml | ||
/config.toml | ||
/.env | ||
/sidekiq.yml | ||
/sidekiq.sh | ||
|
||
.docker/run/nginx/certs/* | ||
.docker/run/nginx/sites/*.conf | ||
.docker/run/nginx/nginx.conf |
Oops, something went wrong.