update

2023-11-03 19:32:58 +01:00 · 2023-11-03 19:32:58 +01:00 · 0f42ce46b4
commit 0f42ce46b4
parent 0a971ebdac
4 changed files with 125 additions and 1 deletions
--- a/provisioning/roles/deploy_all/files/bin/findcert.sh
+++ b/provisioning/roles/deploy_all/files/bin/findcert.sh
@ -0,0 +1,37 @@
 #!/bin/bash
 set -euo pipefail
 . driglibash-base
 if [ "$#" -lt 1 ] ; then
 	die "Usage: $0 <service_nanme> [-v]"
 fi
 service="$1"
 shift
 verbose=false
 if [ "$#" -ge 1 ] && [ "$1" = "-v" ] ; then
 	verbose=true
 fi
 . /etc/jeancloud.env
 # Look in both dns directories
 for dir in "$dns_certs_path" "$http_certs_path" ; do
 	name="$(ls "$dir" | grep "^$service\(-[0-9]\{4\}\)\?$")" || true
 	if [ -z "$name" ] ; then
 		if $verbose ; then
 			echo "Service $service have no certificate in $dir" >&2
 		fi
 	elif [ ! -e "$dir/$name/fullchain.pem" ] ; then
 		if $verbose ; then
 			echo "Service $service have no cert in dir $dir" >&2
 		fi
 	else
 		echo "$dir/$name"
 		exit 0
 	fi
 done
 # If nothing found, use dummy cert
 echo "$dummy_cert_path"
--- a/provisioning/roles/deploy_all/files/bin/hugo_rclone.sh
+++ b/provisioning/roles/deploy_all/files/bin/hugo_rclone.sh
@ -32,4 +32,4 @@ while read filename ; do
 done < <(find -type d -name '.attachments.*')
 # Build the website
-hugo
+hugo --ignoreCache
--- a/services/coldcms.chahut.jean-cloud.net/docker-compose.yml
+++ b/services/coldcms.chahut.jean-cloud.net/docker-compose.yml
@ -0,0 +1,32 @@
 version: '2'
 services:
  coldcms:
    image: coldcms/coldcms-backend:latest
    volumes:
      - $DATA_DIR/coldcms:/srv/build
      - $DATA_DIR/db:/var/db
    environment:
      - DJANGO_SETTINGS_MODULE=coldcms.settings
      - DB_URL=sqlite:////var/db/database.sqlite3
      - BUILD_DIR=/srv/build
      - STATIC_ROOT=/srv/build/static/
      - ALLOWED_HOSTS=$JC_SERVICE
      - SECRET_KEY=275bLEjLIsDg19HkIcjjwgdC41zcyTAc1y527VuX23khKUZGRCMybChydeBKFNJVjhD0KMrzIeLbMlS30IxPhfqLAcR2OK0LVxOu4G8dgx3p2pia4SUFm39tOznKZ0Kt9IdbX
    restart: unless-stopped
    networks:
      default:
        ipv4_address: 172.29.20.100
    deploy:
      resources:
        limits:
          cpus: '0.50'
          memory: 500M
 networks:
  default:
    ipam:
      config:
        - subnet: 172.29.20.0/24
--- a/services/coldcms.chahut.jean-cloud.net/nginx_server.conf
+++ b/services/coldcms.chahut.jean-cloud.net/nginx_server.conf
@ -0,0 +1,55 @@
 server {
  listen 443 ssl http2;    
  listen [::]:443 ssl http2;    
  ssl_certificate $JC_CERT/fullchain.pem;    
  ssl_certificate_key $JC_CERT/privkey.pem;    
  server_name $JC_SERVICE www.$JC_SERVICE;    
    add_header  Strict-Transport-Security "max-age=31536000";
    gzip on;
    gzip_disable    "msie6";
    gzip_types      text/plain text/css application/json text/xml application/xml text/javascript application/x-javascript;
    gzip_min_length 1000;
    gzip_proxied    no-cache no-store private expired auth;
    gzip_vary       on;
    root $HTTP_DIR;
    location / {
        set $try_files_value '';
        if ($request_method = GET){
            set $try_files_value $uri/;
        }
        gzip_static on;
        try_files $try_files_value @uwsgi_backend;
    }
    location @uwsgi_backend {
        uwsgi_pass 172.29.20.100:8000;
        include uwsgi_params;
        client_max_body_size 20m;
    }
    location /media/ {
        gzip_static on;
        expires 100d;
        add_header Cache-Control public;
        access_log off;
    }
    location /static/ {
        gzip_static on;
        expires 100d;
        add_header Cache-Control public;
        access_log off;
    }
    location /admin/ {
        uwsgi_pass 172.29.20.100:8000;
        include uwsgi_params;
        client_max_body_size 20m;
    }
 }