Initial commit

Author: cjjouanne

.gitignore

@@ -0,0 +1,146 @@
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.env_db
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# Visual Studio Code #
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+.history
+
+nginx-conf/
+nginx-conf/*
+nginx-conf/local/
+nginx-conf/local/*
+nginx-conf/local/nginx.conf
+
+data/
+data/*

Dockerfile

@@ -0,0 +1,18 @@
+FROM python:3.8
+
+ADD . /usr/src/app
+
+WORKDIR /usr/src/app
+
+RUN apt-get update
+
+COPY requirements.txt ./
+
+EXPOSE 5000
+
+RUN pip install -r requirements.txt
+
+# Development (comment production lines and uncomment development lines)
+RUN export FLASK_APP=run.py
+
+CMD ["flask", "run"]

README.md

@@ -0,0 +1,73 @@
+# Flask APP project template
+
+> by [Charlie Jouanne](https://github.com/cjjouanne)
+
+## Prerequisites 🐳
+
+* `Docker`
+* `docker-compose`
+
+## Config app variables
+
+First, run this command on the terminal inside the project directory to create a `.env` file.
+```
+touch .env
+```
+Then add this inside the `.env` file
+```
+SECRET_KEY="a12b9af2eb5a96ch8rl1e1c6771e525b30fa2c8"
+SQLALCHEMY_DATABASE_URI="postgresql://myuser:mypassword@postgres:5432/my_app"
+
+MAIL_SERVER="smtp.gmail.com"
+MAIL_PORT=465
+MAIL_USERNAME="[email protected]"
+MAIL_PASSWORD="********"
+MAIL_USE_TLS=False
+MAIL_USE_SSL=True
+```
+## Config Database variables
+
+Run this command on terminal to create `.env_db` file.
+```
+touch .env_db
+```
+Then add this inside the `.env_db` file
+```
+POSTGRES_USER="myuser"
+POSTGRES_PASSWORD="mypassword"
+POSTGRES_DB="my_app"
+```
+## Settig up Nginx
+
+First, launch the app with this command
+```
+docker-compose -f local-docker-compose.yml up -d
+```
+and then run
+```
+docker-compose -f local-docker-compose.yml stop
+docker-compose -f local-docker-compose.yml down
+```
+This will stop the app and create a new folder named `./nginx-conf/local`. Then add a`nginx.conf` file inside this folder by running the following commands
+
+```
+cd nginx-conf/local
+touch nginx.conf
+```
+Add this inside the `nginx.conf` file
+```
+server {
+	listen 80;
+	server_name localhost; #on production use domian.extension www.domain.extension
+	location / {
+		proxy_pass http://web:5000;
+	}
+}
+```
+Now, you are ready to go!
+
+## Run the app! 🖥
+```
+docker-compose -f local-docker-compose.yml up
+```
+Now go to http://localhost:80 and start browsing 😉

docker-compose.yml

@@ -0,0 +1,58 @@
+version: '3'
+services:
+  postgres:
+    image: postgres
+    container_name: my_app_psql
+    ports:
+      - 5432:5432
+    env_file:
+      - ./.env_db
+    volumes:
+      - postgresdata:/var/lib/postgresql/data
+  web:
+    build: .
+    container_name: my_app_flask
+    restart: always
+    volumes:
+      - .:/usr/app/
+    ports:
+      - "5000:5000"
+    command:
+      "gunicorn --bind 0.0.0.0:5000 wsgi:app"
+    env_file:
+      - ./.env
+    depends_on:
+      - postgres
+      - redis
+  nginx:
+    image: nginx:mainline-alpine
+    container_name: my_app_nginx
+    depends_on:
+        - web
+    volumes:
+        - ./nginx-conf/production:/etc/nginx/conf.d
+        - ./data/certbot/conf:/etc/letsencrypt
+        - ./data/certbot/www:/var/www/certbot
+    ports:
+        - 80:80
+        - 443:443
+    logging:
+      driver: json-file
+  certbot:
+    image: certbot/certbot
+    container_name: my_app_cert
+    volumes:
+      - ./data/certbot/conf:/etc/letsencrypt
+      - ./data/certbot/www:/var/www/certbot
+    entrypoint:
+      - "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
+  redis:
+    image: "redis:alpine"
+    container_name: my_app_redis
+    ports:
+        - 6379:6379
+    volumes:
+        - redis_data:/data
+volumes:
+    postgresdata:
+    redis_data:

init-letsencrypt.sh

@@ -0,0 +1,80 @@
+#!/bin/bash
+
+if ! [ -x "$(command -v docker-compose)" ]; then
+  echo 'Error: docker-compose is not installed.' >&2
+  exit 1
+fi
+
+domains=(domain.extension www.domain.extension)
+rsa_key_size=4096
+data_path="./data/certbot"
+email="[email protected]" # Adding a valid address is strongly recommended
+staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits
+
+if [ -d "$data_path" ]; then
+  read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision
+  if [ "$decision" != "Y" ] && [ "$decision" != "y" ]; then
+    exit
+  fi
+fi
+
+
+if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then
+  echo "### Downloading recommended TLS parameters ..."
+  mkdir -p "$data_path/conf"
+  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
+  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
+  echo
+fi
+
+echo "### Creating dummy certificate for $domains ..."
+path="/etc/letsencrypt/live/$domains"
+mkdir -p "$data_path/conf/live/$domains"
+docker-compose run --rm --entrypoint "\
+  openssl req -x509 -nodes -newkey rsa:4096 -days 1\
+    -keyout '$path/privkey.pem' \
+    -out '$path/fullchain.pem' \
+    -subj '/CN=localhost'" certbot
+echo
+
+
+echo "### Starting nginx ..."
+docker-compose up --force-recreate -d nginx
+echo
+
+echo "### Deleting dummy certificate for $domains ..."
+docker-compose run --rm --entrypoint "\
+  rm -Rf /etc/letsencrypt/live/$domains && \
+  rm -Rf /etc/letsencrypt/archive/$domains && \
+  rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot
+echo
+
+
+echo "### Requesting Let's Encrypt certificate for $domains ..."
+#Join $domains to -d args
+domain_args=""
+for domain in "${domains[@]}"; do
+  domain_args="$domain_args -d $domain"
+done
+
+# Select appropriate email arg
+case "$email" in
+  "") email_arg="--register-unsafely-without-email" ;;
+  *) email_arg="--email $email" ;;
+esac
+
+# Enable staging mode if needed
+if [ $staging != "0" ]; then staging_arg="--staging"; fi
+
+docker-compose run --rm --entrypoint "\
+  certbot certonly --webroot -w /var/www/certbot \
+    $staging_arg \
+    $email_arg \
+    $domain_args \
+    --rsa-key-size $rsa_key_size \
+    --agree-tos \
+    --force-renewal" certbot
+echo
+
+echo "### Reloading nginx ..."
+docker-compose exec nginx nginx -s reload