This is a Docker Compose app with all the services imported as submodules. It's configured for production usage.
- services
frontend
andapi
are each behind a HAProxy reverse-proxy container- the HAProxy container includes cluster discovery so newly created containers are immediately picked up
- scaling the services is very easy:
docker-compose scale api=3 frontend=2
- main
- the main reverse proxy is nginx
- HTTPS connections are enforced; HSTS is also turned on
- secure SSL certificate: 2048-bit key encrypted with SHA256
- extra measures for security
X-Frame-Options SAMEORIGIN
– block framesX-Content-Type-Options nosniff
– disable content-type sniffingX-XSS-Protection "1; mode=block"
– force enable the browser XSS filter
- Gzip and SPDY enabled for extra speed
- Google's PageSpeed module baked in for even more speed and performance
- orchestration
- services run inside containers using Docker Engine
- containers are managed with Docker Compose
- the cluster of servers is managed by Docker Swarm
- the servers are on Digital Ocean deployed with Docker Machine
- stats
- set up nginx to cache static pages
# Log in to tutum.co (used as our private registry)
$ docker login tutum.co
# Build the container images
$ docker build -t 'tutum.co/<user>/fouapi' api
$ docker build -t 'tutum.co/<user>/foufrontend' frontend
$ docker build -t 'tutum.co/<user>/founginx' nginx
# Push the images
$ docker push 'tutum.co/<user>/fouapi'
$ docker push 'tutum.co/<user>/foufrontend'
$ docker push 'tutum.co/<user>/founginx'
# Generate a discovery token
$ docker run --rm swarm create
# Deploy the master server on Digital Ocean
$ docker-machine create \
--driver digitalocean \
--digitalocean-access-token=$DO_TOKEN \
--digitalocean-region=ams2 \
--swarm \
--swarm-master \
--swarm-discovery token://$SWARM_TOKEN \
fou-prod-00
# Deploy nodes
$ docker-machine create \
--driver digitalocean \
--digitalocean-access-token=$DO_TOKEN \
--digitalocean-region=ams2 \
--swarm \
--swarm-discovery token://$SWARM_TOKEN \
fou-prod-01
# Configure the docker cli to use the swarm
$ eval $(docker-machine env --swarm fou-prod-master)
# Start the app
$ docker-compose up -d
fou.fashion
– the frontend serviceapi.fou.fashion
– the root API endpointrethinkdb.fou.fashion
– RethinkDB dashboard (password protected)
Also do these for your own sanity:
$ alias dk=docker
$ alias dc=docker-compose
$ alias ma=docker-machine