-
Notifications
You must be signed in to change notification settings - Fork 6
Running Resumis in production with Docker
Resumis is setup on Docker Hub as an automated build, so every push to master will generate a new image. maxfierke/resumis:latest will point to the latest master. Once Resumis v1.0 is released, there will be tagged versions as well, and latest will switch to pointing to the latest tagged release.
docker-compose is the recommend way to get resumis up and running on Docker.
docker-compose uses a YAML manifest with services, networks, and volumes, which it will spin up for one project.
Below is an example compose file for spinning up the Resumis API, sidekiq, PostgreSQL, and Redis.
docker-compose.yml
version: '3.8'
networks:
frontend:
backend:
services:
api:
image: maxfierke/resumis:latest
depends_on:
- db
- redis
env_file: /path/to/env/file/on/host
networks:
- frontend
- backend
ports:
- "5000:5000"
restart: always
worker:
image: maxfierke/resumis:latest
command: bundle exec sidekiq
depends_on:
- db
- redis
env_file: /path/to/env/file/on/host
networks:
- backend
restart: always
db:
image: postgres:14-alpine
networks:
- backend
ports:
- "5432:5432"
environment:
- POSTGRES_PASSWORD=password
restart: always
volumes:
- db:/var/lib/postgresql/data
redis:
image: redis:6.2-alpine
networks:
- backend
restart: always
volumes:
- redis:/data
volumes:
db:
redis:
Also a dotenv file is needed, for example:
.env
SECRET_KEY_BASE=<secret_key_base>
RESUMIS_DEVISE_SECRET=<resumis_devise_secret>
RESUMIS_MAIL_SENDER=RESUMIS_MAIL_SENDER
RESUMIS_CANONICAL_HOST=localhost
DATABASE_URL="postgres://postgres:password@db/resumis_db"
REDIS_URL="redis://redis:6379/1"
Please note the supplied database password string should be equal to the one provided as POSTGRES_PASSWORD value in docker-compose.yml file.
And then run the following steps to initialize:
docker-compose run api rake db:create db:migrate
docker-compose run api rake resumis:useradd
If you're building a frontend application which uses the Resumis API and you'd like to Dockerize this, you might add another service with your build Docker image:
services:
[...]
your_frontend:
image: you/your_frontend:latest
depends_on:
- api
networks:
- frontend
ports:
- "3000:3000"
restart: always
[...]
Resumis is intended to be run behind a reverse-proxy like NGINX, which can handle things like TLS termination, load-balancing and other nice things.
upstream api {
server localhost:5000;
}
server {
listen 443 ssl http2;
server_name myresumisapp.com;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_certificate /path/to/your/tls/cert_with_full_chain.pem;
ssl_certificate_key /path/to/your/tls/private_key.pem;
# based on Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
# generated 2023-03-01
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_dhparam /path/to/your/dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 208.67.222.222 valid=300s;
resolver_timeout 5s;
client_max_body_size 32M;
keepalive_timeout 60;
proxy_buffers 16 64k;
proxy_buffer_size 128k;
location / {
try_files $uri $uri/ @api;
}
location @api {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://api;
proxy_intercept_errors on;
}
}