mirror of
https://github.com/frappe/frappe_docker.git
synced 2024-11-14 00:54:07 +00:00
a9b6b755ce
* Rename `bench-build` target to `bench` in bake file * Update bake file and break everything * Rename docker-compose.yml to compose.yml to avoid conflicting on `docker buildx bake` * Fix groups in bake file * Update frappe-worker * Update frappe-nginx, erpnext-nginx * Remove old erpnext images * Update frappe-socketio * Fix develop frappe-nginx build on linux/arm64 * Update dockerignore * Update gitignore * Update gitignore * Update .env files * Update installation (overrides) * Update tests * Fix image names * Update compose * Update get-latest-tags * Update CI * Setup and remove .env on tests * Add build bench workflow * Add triggers to main workflow * Add release helm job * Use reusable workflows * Rollback * Print configuration before running tests * Show tests/.env * Revert "Show tests/.env" This reverts commit4bc3bdebaf
. * Fix ci image versions * Remove `frappe-` prefix in build directories * Move requirements-dev.txt * Fix image name in CI * Update gitignore * Update pre-commit config * Drop `version:` in compose files * Add push-backup * Fix postgres CI test * Change .yml to .yaml in compose file to follow compose-spec * Remove prettierignore * Fix dockerignore * Change .yml to .yaml in compose file to follow compose-spec * Don't depend on boto3 while testing (do it in backend) * Update erpnext example version * Don't fail ping on URLError * Move assets volume to main compose file * Fix type annotations for v12 * Fix postgres ci override in tests * Fix spaces in socketio * Reorder stages in nginx image, improve perfomance * Remove unused todo * Optimize worker build * Install Node in worker image * Add 502 error page * Remove unused quiet-pull in tests * Add configurator service to dynamically set common config * Remove unused compose.ci-postgres.yml * Use Python for configurator service: faster and more robust * Add TODO.md * Use python script to get latest tags in CI * Clean up nginx dockerfile * Remove VOLUME declaration https://stackoverflow.com/a/55052682 * Add custom app example * Remove pwd for now * Remove pwd for now * Use jq for parsing config in healthcheck * Take advantage of yaml lang: add defaults in compose file. Also require env vars * Fix CI * Use resusable workflow * Update * Move release_helm job to main.yml * Rename docker-build to docker-build-push * Rename main to build_stable * Rename bench targets * Remove quotes from docker-build-push inputs * Update build develop * Remove HELM_DEPLOY_KEY secret from docker-build-push * Add job names * Remove build_bench workflow * Update version input description in docker-build-push * Print .env in tests, if version is develop, change to latest (for tag) * Fix env setup * Uncomment tests * Parse and set short tags from git tag in bake file * Move devcontainer settings to devcontainer.json * Add db command notice * Fix CI? * Fix inconsistencies in development readme * Remove pwd for now * Remove custom apps for production instruction * Update todos * Add docs for images and compose files * Add variables docs and allow custom frappe site name header * Add notice about internal environment variables * Update site-operations docs * Update todos * Add Overrides header in images-and-compose-files * Update todos * Remove extra docs * Don't log requests in worker image (nginx already does that) * Remove default value of FRAPPE_SITE_NAME_HEADER in example.env * Use file that consistent in v12, v13 and develop to check /assets * Fix paths in CI * Update todos * Remove TODO.md * Update tests/_check_backup_files.py Co-authored-by: Revant Nandgaonkar <revant.one@gmail.com> * Change variables MINIO_ACCESS_KEY and MINIO_SECRET_KEY to S3_ACCESS_KEY, S3_SECRET_KEY in tests * Fix S3 test * Use `nginxinc/nginx-unprivileged` instead of `nginx` image Also use Ngnix 1.20 instead of unstable 1.21 * Fix https override * Update Dockerfile * Mount assets to backend service in read only mode * Touch .build (#307), use scripts from nginx image to generate config and touch .build * Update example env after building stable images * Touch `.build` on develop image (untill https://github.com/frappe/frappe/issues/15396 is resolved) * Add `make` to worker build deps for linux/arm64 * Fix update example.env job * Fix .build creation on develop branch * Move bench CI to different file This way workflow runs only on PRs that relevant to bench build * Fix app name in custom app example * Update erpnext and frappe versions in example.env * Don't install `svg-sprite` and `sass` node modules in nginx image on linux/arm64 (https://github.com/frappe/frappe/pull/15275) * docs: README and docs * docs: add link to site operations from docker swarm * ci: fix tests as per changes to compose.yaml * docs: move wiki articles to docs * docs: fix add custom domain * docs: fix patch code from images * fix: do not expose port 80 for old images * fix: custom domain labels to frontend container/service * Add missing descriptions to envs in example.env * Fix redis depends_on * Fix docker compose in tests when not running on TTY * Set -T flag in `docker compose exec` only if not tty * Run pre-commit on docs * Remove postgres healthcheck (it gets overriden by mariadb) * Refactor test * Update workflow names * Add pip to dependabot config * docs: backup and push (#19) * Beautify changes by @revant (#20) * feat: add gevent to worker image * feat: real_ip configuration for nginx * Return `healthcheck.sh` just for tests Co-authored-by: Lev Vereshchagin <mail@vrslev.com> * Make pretend bench catch unknown commands (closes #666) * Remove debug print in push-backup * Fix typing issues in push-backup * Update file keys in push-backups: from abs path to <site>/<file> * Refactor push-backup * Move gevent installation in Frappe step * Don't pin boto stubs requirement * Cache pip deps on build * Update example env versions * Refactor check backup files * Fix backup test * Fix backup test * Rename build/ dir to images/ * Rename build/ dir to images/ * Fix /build -> /images in docs * Update example.env * Use reusable workflow in frappe user instead of vrslev * Fix compose`s `project` option in docs (https://github.com/frappe/frappe_docker/pull/617#issuecomment-1065178792) * Add note about project option in site-operations doc * Update example env * Rename build arg `USERNAME` to `REGISTRY_USER` * Allow https proxy to access Docker socket * Revert "Use reusable workflow in frappe user instead of vrslev" This reverts commit6062500d0d
. * Revert "Revert "Use reusable workflow in frappe user instead of vrslev"" This reverts commit4680d18ff8
. Co-authored-by: Revant Nandgaonkar <revant.one@gmail.com>
121 lines
3.0 KiB
Plaintext
121 lines
3.0 KiB
Plaintext
upstream backend-server {
|
|
server ${BACKEND} fail_timeout=0;
|
|
}
|
|
|
|
upstream socketio-server {
|
|
server ${SOCKETIO} fail_timeout=0;
|
|
}
|
|
|
|
# Parse the X-Forwarded-Proto header - if set - defaulting to $scheme.
|
|
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
|
|
default $scheme;
|
|
https https;
|
|
}
|
|
|
|
server {
|
|
listen 8080;
|
|
server_name $http_host;
|
|
root /usr/share/nginx/html;
|
|
|
|
proxy_buffer_size 128k;
|
|
proxy_buffers 4 256k;
|
|
proxy_busy_buffers_size 256k;
|
|
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header Referrer-Policy "same-origin, strict-origin-when-cross-origin";
|
|
|
|
set_real_ip_from ${UPSTREAM_REAL_IP_ADDRESS};
|
|
real_ip_header ${UPSTREAM_REAL_IP_HEADER};
|
|
real_ip_recursive ${UPSTREAM_REAL_IP_RECURSIVE};
|
|
|
|
location /assets {
|
|
try_files $uri =404;
|
|
}
|
|
|
|
location ~ ^/protected/(.*) {
|
|
internal;
|
|
try_files /sites/$http_host/$1 =404;
|
|
}
|
|
|
|
location /socket.io {
|
|
proxy_http_version 1.1;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header X-Frappe-Site-Name ${FRAPPE_SITE_NAME_HEADER};
|
|
proxy_set_header Origin $scheme://$http_host;
|
|
proxy_set_header Host $host;
|
|
|
|
proxy_pass http://socketio-server;
|
|
}
|
|
|
|
location / {
|
|
rewrite ^(.+)/$ $1 permanent;
|
|
rewrite ^(.+)/index\.html$ $1 permanent;
|
|
rewrite ^(.+)\.html$ $1 permanent;
|
|
|
|
location ~ ^/files/.*.(htm|html|svg|xml) {
|
|
add_header Content-disposition "attachment";
|
|
try_files /sites/$http_host/public/$uri @webserver;
|
|
}
|
|
|
|
try_files /sites/$http_host/public/$uri @webserver;
|
|
}
|
|
|
|
location @webserver {
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
|
|
proxy_set_header X-Frappe-Site-Name ${FRAPPE_SITE_NAME_HEADER};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Use-X-Accel-Redirect True;
|
|
proxy_read_timeout 120;
|
|
proxy_redirect off;
|
|
|
|
proxy_pass http://backend-server;
|
|
}
|
|
|
|
# error pages
|
|
error_page 502 /502.html;
|
|
location /502.html {
|
|
internal;
|
|
}
|
|
|
|
# optimizations
|
|
sendfile on;
|
|
keepalive_timeout 15;
|
|
client_max_body_size 50m;
|
|
client_body_buffer_size 16K;
|
|
client_header_buffer_size 1k;
|
|
|
|
# enable gzip compression
|
|
# based on https://mattstauffer.co/blog/enabling-gzip-on-nginx-servers-including-laravel-forge
|
|
gzip on;
|
|
gzip_http_version 1.1;
|
|
gzip_comp_level 5;
|
|
gzip_min_length 256;
|
|
gzip_proxied any;
|
|
gzip_vary on;
|
|
gzip_types
|
|
application/atom+xml
|
|
application/javascript
|
|
application/json
|
|
application/rss+xml
|
|
application/vnd.ms-fontobject
|
|
application/x-font-ttf
|
|
application/font-woff
|
|
application/x-web-app-manifest+json
|
|
application/xhtml+xml
|
|
application/xml
|
|
font/opentype
|
|
image/svg+xml
|
|
image/x-icon
|
|
text/css
|
|
text/plain
|
|
text/x-component;
|
|
# text/html is always compressed by HttpGzipModule
|
|
}
|