Production deployment of the ManyFEWS tool is acheived using Docker. Each part of the application is containerized within the Dockerfile, which implements a multi-stage build process. The finer details of this are documented within the Dockerfile itself.
An azure-pipelines.yml file controls deployment to Azure. The nginx container is hosted using within the Durham University Advanced Web Hosting project Azure App Service plan. This provides a reverse-proxy to the WSGI gateway located within the internal network.
All secret keys are stored as Azure Pipelines variables and are applied to the Docker containers as environment variables at runtime.
Developers should take care to ensure that no application secrets are stored as code in this repository.
Pushing to the release branch in GitHub will trigger the CI/CD workflow. This will run tests locally and trigger the azure pipeline to build and release the Docker containers. Follow the process documented in README.md to push to release.
The azure-pipelines.yml file handles automated deployment. The first stage (Build) builds the Docker images and pushes them to the DurhamARC DockerHub organisation. The Release stage releases the code to the production servers.
Two docker compose files are included under the azure directory. docker-compose.azure.yml configures the manyfews-web image within the Azure App Service plan. The docker-compose.backend.yml is used to deploy the backend containers (see the above image), including the external containers (RabbitMQ, PostGIS).
A number of docker-compose configurations are included within this project, both for local and production deployment. Additional settings can be customised by creating a docker-compose.override.yml file per the compose documentation.
You should create a .env file using .env.CI as a base. Place this within the root of the project directory and customise the variables as required with your API keys. It will be picked up by docker compose to populate environment variables.
The production example uses Træfik to reverse proxy the application stack and request certificates. It also includes watchtower to monitor for and pull base image updates.
- Install Docker
- Docker-compose has been included in the base docker package since version 4.4.2.
- Older versions of Docker may require installation of the plugin or the standalone
docker-composecommand.
- Clone the git repo (or at a minimum,
docker-compose.ymlanddocker-compose.production.yml) - Move
docker-compose.production.ymltodocker-compose.override.yml - Copy
manyfews/manyfews/.env.CIto.env - Edit
.envto populate it with the production environment variables. - Run
docker compose pull && docker compose up -d- Note that if you decided to install the standalone command, this is
docker-compose, with a hyphen.
- Note that if you decided to install the standalone command, this is
- Check that the ports for
:80and:443are open to serve http+s traffic. - Wait for certificate issuance while Traefik uses Let'sEncrypt to request a TLS cert.
The following environment variables must be set in the .env file to use this configuration:
ALLOWED_HOSTS=example.com
CSRF_TRUSTED_ORIGINS=https://example.com,http://example.com
DOMAIN=example.comThe DOMAIN variable is used by the compose file to tell Træfik the domain to request certificates using Let's Encrypt. You should ensure that your domain is set up with an A and/or CNAME DNS record (as appropriate) pointing to your production server's IP address.
The ALLOWED_HOSTS and CSRF_TRUSTED_ORIGINS variables tell Django's security features to allow HTTP requests originating from your custom domain.
The settings.py file serves as the master list of configurable environment variables. A sample .env file for Docker deployment is also shared within this repository (.env.CI).