CopyBot/mediacms
1
0
Fork 0
mirror of https://github.com/mediacms-io/mediacms.git synced 2025-12-09 21:42:31 -05:00
Code Issues Packages Projects Releases Wiki Activity

Docker story refactoring

Browse Source
This commit is contained in:
Markos Gogoulos
2025-11-15 15:01:39 +02:00
parent 9b3d9fe1e7
commit 6ef45640d9
19 changed files with 1824 additions and 166 deletions
Download Patch File Download Diff File Expand all files Collapse all files

113
.docker-backup/Dockerfile Normal file
View File

@@ -0,0 +1,113 @@
FROM python:3.13.5-slim-bookworm AS build-image
# Install system dependencies needed for downloading and extracting
RUN apt-get update -y && \
apt-get install -y --no-install-recommends wget xz-utils unzip && \
rm -rf /var/lib/apt/lists/* && \
apt-get purge --auto-remove && \
apt-get clean
RUN wget -q https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz
RUN mkdir -p ffmpeg-tmp && \
tar -xf ffmpeg-release-amd64-static.tar.xz --strip-components 1 -C ffmpeg-tmp && \
cp -v ffmpeg-tmp/ffmpeg ffmpeg-tmp/ffprobe ffmpeg-tmp/qt-faststart /usr/local/bin && \
rm -rf ffmpeg-tmp ffmpeg-release-amd64-static.tar.xz
# Install Bento4 in the specified location
RUN mkdir -p /home/mediacms.io/bento4 && \
wget -q http://zebulon.bok.net/Bento4/binaries/Bento4-SDK-1-6-0-637.x86_64-unknown-linux.zip && \
unzip Bento4-SDK-1-6-0-637.x86_64-unknown-linux.zip -d /home/mediacms.io/bento4 && \
mv /home/mediacms.io/bento4/Bento4-SDK-1-6-0-637.x86_64-unknown-linux/* /home/mediacms.io/bento4/ && \
rm -rf /home/mediacms.io/bento4/Bento4-SDK-1-6-0-637.x86_64-unknown-linux && \
rm -rf /home/mediacms.io/bento4/docs && \
rm Bento4-SDK-1-6-0-637.x86_64-unknown-linux.zip
############ BASE RUNTIME IMAGE ############
FROM python:3.13.5-slim-bookworm AS base
SHELL ["/bin/bash", "-c"]
ENV PYTHONUNBUFFERED=1
ENV PYTHONDONTWRITEBYTECODE=1
ENV CELERY_APP='cms'
ENV VIRTUAL_ENV=/home/mediacms.io
ENV PATH="$VIRTUAL_ENV/bin:$PATH"
# Install system dependencies first
RUN apt-get update -y && \
apt-get -y upgrade && \
apt-get install --no-install-recommends -y \
supervisor \
nginx \
imagemagick \
procps \
build-essential \
pkg-config \
zlib1g-dev \
zlib1g \
libxml2-dev \
libxmlsec1-dev \
libxmlsec1-openssl \
libpq-dev \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Set up virtualenv first
RUN mkdir -p /home/mediacms.io/mediacms/{logs} && \
cd /home/mediacms.io && \
python3 -m venv $VIRTUAL_ENV
# Copy requirements files
COPY requirements.txt requirements-dev.txt ./
# Install Python dependencies using pip (within virtualenv)
ARG DEVELOPMENT_MODE=False
RUN pip install --no-cache-dir uv && \
uv pip install --no-binary lxml --no-binary xmlsec -r requirements.txt && \
if [ "$DEVELOPMENT_MODE" = "True" ]; then \
echo "Installing development dependencies..." && \
uv pip install -r requirements-dev.txt; \
fi && \
apt-get purge -y --auto-remove \
build-essential \
pkg-config \
libxml2-dev \
libxmlsec1-dev \
libpq-dev
# Copy ffmpeg and Bento4 from build image
COPY --from=build-image /usr/local/bin/ffmpeg /usr/local/bin/ffmpeg
COPY --from=build-image /usr/local/bin/ffprobe /usr/local/bin/ffprobe
COPY --from=build-image /usr/local/bin/qt-faststart /usr/local/bin/qt-faststart
COPY --from=build-image /home/mediacms.io/bento4 /home/mediacms.io/bento4
# Copy application files
COPY . /home/mediacms.io/mediacms
WORKDIR /home/mediacms.io/mediacms
# required for sprite thumbnail generation for large video files
COPY deploy/docker/policy.xml /etc/ImageMagick-6/policy.xml
# Set process control environment variables
ENV ENABLE_UWSGI='yes' \
ENABLE_NGINX='yes' \
ENABLE_CELERY_BEAT='yes' \
ENABLE_CELERY_SHORT='yes' \
ENABLE_CELERY_LONG='yes' \
ENABLE_MIGRATIONS='yes'
EXPOSE 9000 80
RUN chmod +x ./deploy/docker/entrypoint.sh
ENTRYPOINT ["./deploy/docker/entrypoint.sh"]
CMD ["./deploy/docker/start.sh"]
############ FULL IMAGE ############
FROM base AS full
COPY requirements-full.txt ./
RUN mkdir -p /root/.cache/ && \
chmod go+rwx /root/ && \
chmod go+rwx /root/.cache/
RUN uv pip install -r requirements-full.txt

119
.docker-backup/docker-compose-cert.yaml Normal file
View File

@@ -0,0 +1,119 @@
version: "3"
services:
nginx-proxy:
image: nginxproxy/nginx-proxy
container_name: nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- conf:/etc/nginx/conf.d
- vhost:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- dhparam:/etc/nginx/dhparam
- certs:/etc/nginx/certs:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./deploy/docker/reverse_proxy/client_max_body_size.conf:/etc/nginx/conf.d/client_max_body_size.conf:ro
acme-companion:
image: nginxproxy/acme-companion
container_name: nginx-proxy-acme
volumes_from:
- nginx-proxy
volumes:
- certs:/etc/nginx/certs:rw
- acme:/etc/acme.sh
- /var/run/docker.sock:/var/run/docker.sock:ro
migrations:
image: mediacms/mediacms:latest
volumes:
- ./:/home/mediacms.io/mediacms/
environment:
ENABLE_UWSGI: 'no'
ENABLE_NGINX: 'no'
ENABLE_CELERY_SHORT: 'no'
ENABLE_CELERY_LONG: 'no'
ENABLE_CELERY_BEAT: 'no'
ADMIN_USER: 'admin'
ADMIN_EMAIL: 'Y'
ADMIN_PASSWORD: 'X'
command: "./deploy/docker/prestart.sh"
restart: on-failure
depends_on:
redis:
condition: service_healthy
db:
condition: service_healthy
web:
image: mediacms/mediacms:latest
deploy:
replicas: 1
volumes:
- ./:/home/mediacms.io/mediacms/
environment:
ENABLE_CELERY_BEAT: 'no'
ENABLE_CELERY_SHORT: 'no'
ENABLE_CELERY_LONG: 'no'
ENABLE_MIGRATIONS: 'no'
VIRTUAL_HOST: 'X.mediacms.io'
LETSENCRYPT_HOST: 'X.mediacms.io'
LETSENCRYPT_EMAIL: 'X'
depends_on:
- migrations
celery_beat:
image: mediacms/mediacms:latest
volumes:
- ./:/home/mediacms.io/mediacms/
environment:
ENABLE_UWSGI: 'no'
ENABLE_NGINX: 'no'
ENABLE_CELERY_SHORT: 'no'
ENABLE_CELERY_LONG: 'no'
ENABLE_MIGRATIONS: 'no'
depends_on:
- redis
celery_worker:
image: mediacms/mediacms:full
deploy:
replicas: 1
volumes:
- ./:/home/mediacms.io/mediacms/
environment:
ENABLE_UWSGI: 'no'
ENABLE_NGINX: 'no'
ENABLE_CELERY_BEAT: 'no'
ENABLE_MIGRATIONS: 'no'
depends_on:
- migrations
db:
image: postgres:17.2-alpine
volumes:
- ../postgres_data:/var/lib/postgresql/data/
restart: always
environment:
POSTGRES_USER: mediacms
POSTGRES_PASSWORD: mediacms
POSTGRES_DB: mediacms
TZ: Europe/London
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
interval: 10s
timeout: 5s
retries: 5
redis:
image: "redis:alpine"
restart: always
healthcheck:
test: ["CMD", "redis-cli","ping"]
interval: 10s
timeout: 5s
retries: 3
volumes:
conf:
vhost:
html:
dhparam:
certs:
acme:

89
.docker-backup/docker-compose-dev.yaml Normal file
View File

@@ -0,0 +1,89 @@
version: "3"
services:
migrations:
build:
context: .
dockerfile: ./Dockerfile
target: base
args:
- DEVELOPMENT_MODE=True
image: mediacms/mediacms-dev:latest
volumes:
- ./:/home/mediacms.io/mediacms/
command: "./deploy/docker/prestart.sh"
environment:
DEVELOPMENT_MODE: True
ENABLE_UWSGI: 'no'
ENABLE_NGINX: 'no'
ENABLE_CELERY_SHORT: 'no'
ENABLE_CELERY_LONG: 'no'
ENABLE_CELERY_BEAT: 'no'
ADMIN_USER: 'admin'
ADMIN_EMAIL: 'admin@localhost'
ADMIN_PASSWORD: 'admin'
restart: on-failure
depends_on:
redis:
condition: service_healthy
db:
condition: service_healthy
frontend:
image: node:20
volumes:
- ${PWD}/frontend:/home/mediacms.io/mediacms/frontend/
working_dir: /home/mediacms.io/mediacms/frontend/
command: bash -c "npm install && npm run start"
env_file:
- ${PWD}/frontend/.env
ports:
- "8088:8088"
depends_on:
- web
web:
image: mediacms/mediacms-dev:latest
command: "python manage.py runserver 0.0.0.0:80"
environment:
DEVELOPMENT_MODE: True
ports:
- "80:80"
volumes:
- ./:/home/mediacms.io/mediacms/
depends_on:
- migrations
db:
image: postgres:17.2-alpine
volumes:
- ../postgres_data:/var/lib/postgresql/data/
restart: always
environment:
POSTGRES_USER: mediacms
POSTGRES_PASSWORD: mediacms
POSTGRES_DB: mediacms
TZ: Europe/London
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}", "--host=db", "--dbname=$POSTGRES_DB", "--username=$POSTGRES_USER"]
interval: 10s
timeout: 5s
retries: 5
redis:
image: "redis:alpine"
restart: always
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 30s
timeout: 10s
retries: 3
celery_worker:
image: mediacms/mediacms-dev:latest
deploy:
replicas: 1
volumes:
- ./:/home/mediacms.io/mediacms/
environment:
ENABLE_UWSGI: 'no'
ENABLE_NGINX: 'no'
ENABLE_CELERY_BEAT: 'no'
ENABLE_MIGRATIONS: 'no'
depends_on:
- web

86
.docker-backup/docker-compose.yaml Normal file
View File

@@ -0,0 +1,86 @@
version: "3"
services:
migrations:
image: mediacms/mediacms:latest
volumes:
- ./:/home/mediacms.io/mediacms/
environment:
ENABLE_UWSGI: 'no'
ENABLE_NGINX: 'no'
ENABLE_CELERY_SHORT: 'no'
ENABLE_CELERY_LONG: 'no'
ENABLE_CELERY_BEAT: 'no'
ADMIN_USER: 'admin'
ADMIN_EMAIL: 'admin@localhost'
# ADMIN_PASSWORD: 'uncomment_and_set_password_here'
command: "./deploy/docker/prestart.sh"
restart: on-failure
depends_on:
redis:
condition: service_healthy
db:
condition: service_healthy
web:
image: mediacms/mediacms:latest
deploy:
replicas: 1
ports:
- "80:80"
volumes:
- ./:/home/mediacms.io/mediacms/
environment:
ENABLE_CELERY_BEAT: 'no'
ENABLE_CELERY_SHORT: 'no'
ENABLE_CELERY_LONG: 'no'
ENABLE_MIGRATIONS: 'no'
depends_on:
- migrations
celery_beat:
image: mediacms/mediacms:latest
volumes:
- ./:/home/mediacms.io/mediacms/
environment:
ENABLE_UWSGI: 'no'
ENABLE_NGINX: 'no'
ENABLE_CELERY_SHORT: 'no'
ENABLE_CELERY_LONG: 'no'
ENABLE_MIGRATIONS: 'no'
depends_on:
- redis
celery_worker:
image: mediacms/mediacms:latest
deploy:
replicas: 1
volumes:
- ./:/home/mediacms.io/mediacms/
environment:
ENABLE_UWSGI: 'no'
ENABLE_NGINX: 'no'
ENABLE_CELERY_BEAT: 'no'
ENABLE_MIGRATIONS: 'no'
depends_on:
- migrations
db:
image: postgres:17.2-alpine
volumes:
- ../postgres_data:/var/lib/postgresql/data/
restart: always
environment:
POSTGRES_USER: mediacms
POSTGRES_PASSWORD: mediacms
POSTGRES_DB: mediacms
TZ: Europe/London
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
interval: 10s
timeout: 5s
retries: 5
redis:
image: "redis:alpine"
restart: always
healthcheck:
test: ["CMD", "redis-cli","ping"]
interval: 10s
timeout: 5s
retries: 3

254
DOCKER_RESTRUCTURE_SUMMARY.md Normal file
View File

@@ -0,0 +1,254 @@
# MediaCMS Docker Restructure Summary
## Overview
This document summarizes the complete Docker architecture restructure for MediaCMS 7.3, eliminating supervisord and implementing modern Docker best practices.
## What Was Created
### New Files
#### Dockerfiles
- `Dockerfile` - Multi-stage Dockerfile with targets (replaced old Dockerfile):
- `build-image` - FFmpeg and Bento4 builder
- `base` - Python/Django base image
- `web` - uWSGI web server
- `worker` - Celery worker (standard)
- `worker-full` - Celery worker with extra codecs
- `Dockerfile.nginx` - Vanilla nginx with MediaCMS configs baked in
#### Docker Compose Files
- `docker-compose.yaml` - Production deployment (no file mounts) - REPLACED
- `docker-compose-cert.yaml` - Production with HTTPS (Let's Encrypt) - REPLACED
- `docker-compose-dev.yaml` - Development with file mounts and hot reload - REPLACED
#### Scripts
- `scripts/entrypoint-web.sh` - Web container entrypoint
- `scripts/entrypoint-worker.sh` - Worker container entrypoint
- `scripts/run-migrations.sh` - Migration runner script
#### Configuration
- `config/nginx/nginx.conf` - Main nginx config (from deploy/docker/)
- `config/nginx/site.conf` - Virtual host config (from deploy/docker/nginx_http_only.conf)
- `config/nginx/uwsgi_params` - uWSGI params (from deploy/docker/)
- `config/nginx-proxy/client_max_body_size.conf` - For nginx-proxy (from deploy/docker/reverse_proxy/)
- `config/uwsgi/uwsgi.ini` - uWSGI configuration (from deploy/docker/)
- `config/imagemagick/policy.xml` - ImageMagick policy (from deploy/docker/)
#### Documentation
- `docs/DOCKER_V7.3_MIGRATION.md` - Complete migration guide
- Updated `docs/admins_docs.md` - Sections 4 and 5
## Architecture Changes
### Before (Old Architecture)
```
Single Container (supervisord managing multiple processes)
├── nginx (port 80)
├── uwsgi (port 9000)
├── celery beat
├── celery short workers
└── celery long workers
Controlled by ENABLE_* environment variables
```
### After (New Architecture)
```
Dedicated Containers (one process per container)
├── nginx (port 80) → web:9000
├── web (uwsgi on port 9000)
├── celery_beat
├── celery_short (scalable)
├── celery_long (scalable, optional :full image)
├── migrations (runs on startup)
├── db (PostgreSQL)
└── redis
Volumes:
- static_files (nginx ← web)
- media_files (nginx ← web, workers)
- postgres_data
```
## Key Improvements
### 1. **Removed Components**
- ❌ supervisord and all configs in `deploy/docker/supervisord/`
-`deploy/docker/start.sh`
-`deploy/docker/entrypoint.sh`
- ❌ All `ENABLE_*` environment variables
### 2. **Separated Services**
- Nginx runs in its own container
- Django/uWSGI in dedicated web container
- Celery workers split by task duration
- Migrations run automatically on every startup
### 3. **Production Ready**
- No file mounts in production (immutable images)
- Named volumes for data persistence
- Proper health checks
- Individual service scaling
### 4. **Development Friendly**
- Separate `-dev` compose file with file mounts
- Django debug mode
- Frontend hot reload
- Live code editing
## Images to Build
For production, these images need to be built and pushed to Docker Hub:
```bash
# Build base and web image
docker build --target web -t mediacms/mediacms:7.3 .
# Build worker image
docker build --target worker -t mediacms/mediacms-worker:7.3 .
# Build worker-full image
docker build --target worker-full -t mediacms/mediacms-worker:7.3-full .
# Build nginx image
docker build -f Dockerfile.nginx -t mediacms/mediacms-nginx:7.3 .
```
## Deployment Options
### 1. Development
```bash
docker compose -f docker-compose-dev.yaml up
```
- File mounts for live editing
- Django runserver
- Frontend dev server
### 2. Production (HTTP)
```bash
# Rename .new files first
mv docker-compose.yaml.new docker-compose.yaml
docker compose up -d
```
- Immutable images
- No file mounts
- Port 80
### 3. Production (HTTPS)
```bash
# Rename .new files first
mv docker-compose-cert.yaml.new docker-compose-cert.yaml
# Edit and set your domain/email
docker compose -f docker-compose-cert.yaml up -d
```
- Automatic Let's Encrypt certificates
- Auto-renewal
## Migration Path for Existing Systems
### For Production Systems Currently Running
1. **Backup first**
```bash
docker exec <db_container> pg_dump -U mediacms mediacms > backup.sql
```
2. **Update compose file**
- Replace old docker-compose files with new ones
- Update domain settings in cert file if using HTTPS
3. **Pull new images**
```bash
docker pull mediacms/mediacms:7.3
docker pull mediacms/mediacms-worker:7.3
docker pull mediacms/mediacms-nginx:7.3
```
4. **Restart**
```bash
docker compose down
docker compose up -d
```
### Breaking Changes
1. **No more ENABLE_* variables** - Remove from any custom configs
2. **deploy/docker/local_settings.py** - Now use environment variables or custom image
3. **Service names changed**:
- `celery_worker` → `celery_short` + `celery_long`
- Added `nginx` service
## Testing Checklist
Before deploying to production, test:
- [ ] Migrations run successfully
- [ ] Static files served correctly
- [ ] Media files served correctly
- [ ] Django admin accessible
- [ ] Video upload works
- [ ] Video transcoding works (celery_long)
- [ ] Thumbnail generation works (celery_short)
- [ ] HTTPS redirects work (if using cert file)
- [ ] Database persistence across restarts
- [ ] Media files persistence across restarts
## Configuration Examples
### Use Full Worker Image
```yaml
celery_long:
image: mediacms/mediacms-worker:7.3-full
```
### Set Custom Domain
```yaml
environment:
FRONTEND_HOST: 'https://videos.example.com'
PORTAL_NAME: 'My Video Portal'
```
### Scale Workers
```bash
docker compose up -d --scale celery_short=3 --scale celery_long=2
```
## Files to Review Before Finalizing
1. **Dockerfile** - Review Python/Django/uWSGI configuration
2. **config/nginx/site.conf** - Review nginx paths and proxy settings
3. **docker-compose.yaml** - Review volume mounts and service dependencies
4. **scripts/run-migrations.sh** - Review migration logic
## Next Steps
To finalize this restructure:
1. **Test locally** with docker-compose-dev.yaml
2. **Build images** and push to Docker Hub
3. **Update CI/CD** to build new images
4. **Test in staging environment**
5. **Create release notes** referencing migration guide
## Backup
Old Docker files have been backed up to `.docker-backup/` directory.
## Rollback Plan
If issues arise, rollback by:
1. Reverting to old docker-compose files
2. Using old image tags
3. Restoring database from backup if needed
Old files are preserved in `.docker-backup/` directory.
## Support
- Migration Guide: `docs/DOCKER_V7.3_MIGRATION.md`
- Admin Docs: `docs/admins_docs.md` (updated sections 4, 5)
- Issues: https://github.com/mediacms-io/mediacms/issues

76
Dockerfile
View File

@@ -26,20 +26,22 @@ RUN mkdir -p /home/mediacms.io/bento4 && \
############ BASE RUNTIME IMAGE ############ ############ BASE RUNTIME IMAGE ############
FROM python:3.13.5-slim-bookworm AS base FROM python:3.13.5-slim-bookworm AS base
LABEL org.opencontainers.image.version="7.3"
LABEL org.opencontainers.image.title="MediaCMS"
LABEL org.opencontainers.image.description="Modern, scalable and open source video platform"
SHELL ["/bin/bash", "-c"] SHELL ["/bin/bash", "-c"]
ENV PYTHONUNBUFFERED=1 ENV PYTHONUNBUFFERED=1 \
ENV PYTHONDONTWRITEBYTECODE=1 PYTHONDONTWRITEBYTECODE=1 \
ENV CELERY_APP='cms' CELERY_APP='cms' \
ENV VIRTUAL_ENV=/home/mediacms.io VIRTUAL_ENV=/home/mediacms.io \
ENV PATH="$VIRTUAL_ENV/bin:$PATH" PATH="$VIRTUAL_ENV/bin:$PATH"
# Install system dependencies first # Install system dependencies (no nginx, no supervisor)
RUN apt-get update -y && \ RUN apt-get update -y && \
apt-get -y upgrade && \ apt-get -y upgrade && \
apt-get install --no-install-recommends -y \ apt-get install --no-install-recommends -y \
supervisor \
nginx \
imagemagick \ imagemagick \
procps \ procps \
build-essential \ build-essential \
@@ -53,8 +55,8 @@ RUN apt-get update -y && \
&& apt-get clean \ && apt-get clean \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
# Set up virtualenv first # Set up virtualenv
RUN mkdir -p /home/mediacms.io/mediacms/{logs} && \ RUN mkdir -p /home/mediacms.io/mediacms/{logs,media_files,static_files} && \
cd /home/mediacms.io && \ cd /home/mediacms.io && \
python3 -m venv $VIRTUAL_ENV python3 -m venv $VIRTUAL_ENV
@@ -86,28 +88,48 @@ COPY --from=build-image /home/mediacms.io/bento4 /home/mediacms.io/bento4
COPY . /home/mediacms.io/mediacms COPY . /home/mediacms.io/mediacms
WORKDIR /home/mediacms.io/mediacms WORKDIR /home/mediacms.io/mediacms
# required for sprite thumbnail generation for large video files # Copy imagemagick policy for sprite thumbnail generation
COPY deploy/docker/policy.xml /etc/ImageMagick-6/policy.xml COPY config/imagemagick/policy.xml /etc/ImageMagick-6/policy.xml
# Set process control environment variables # Copy local_settings.py from deploy/docker to cms/ for default Docker config
ENV ENABLE_UWSGI='yes' \ RUN cp deploy/docker/local_settings.py cms/local_settings.py
ENABLE_NGINX='yes' \
ENABLE_CELERY_BEAT='yes' \
ENABLE_CELERY_SHORT='yes' \
ENABLE_CELERY_LONG='yes' \
ENABLE_MIGRATIONS='yes'
EXPOSE 9000 80 # Create www-data user directories and set permissions
RUN mkdir -p /var/run/mediacms && \
chown -R www-data:www-data /home/mediacms.io/mediacms && \
chown -R www-data:www-data /var/run/mediacms
RUN chmod +x ./deploy/docker/entrypoint.sh ############ WEB IMAGE (Django/uWSGI) ############
FROM base AS web
ENTRYPOINT ["./deploy/docker/entrypoint.sh"] # Install uWSGI
CMD ["./deploy/docker/start.sh"] RUN uv pip install uwsgi
# Copy uWSGI configuration
COPY config/uwsgi/uwsgi.ini /home/mediacms.io/mediacms/uwsgi.ini
USER www-data
EXPOSE 9000
CMD ["/home/mediacms.io/bin/uwsgi", "--ini", "/home/mediacms.io/mediacms/uwsgi.ini"]
############ WORKER IMAGE (Celery) ############
FROM base AS worker
USER www-data
# CMD will be overridden in docker-compose for different worker types
############ FULL WORKER IMAGE (Celery with extra codecs) ############
FROM worker AS worker-full
USER root
############ FULL IMAGE ############
FROM base AS full
COPY requirements-full.txt ./ COPY requirements-full.txt ./
RUN mkdir -p /root/.cache/ && \ RUN mkdir -p /root/.cache/ && \
chmod go+rwx /root/ && \ chmod go+rwx /root/ && \
chmod go+rwx /root/.cache/ chmod go+rwx /root/.cache/ && \
RUN uv pip install -r requirements-full.txt uv pip install -r requirements-full.txt
USER www-data

18
Dockerfile.nginx Normal file
View File

@@ -0,0 +1,18 @@
FROM nginx:alpine
LABEL org.opencontainers.image.version="7.3"
LABEL org.opencontainers.image.title="MediaCMS Nginx"
LABEL org.opencontainers.image.description="Nginx server for MediaCMS"
# Copy nginx configurations
COPY config/nginx/nginx.conf /etc/nginx/nginx.conf
COPY config/nginx/site.conf /etc/nginx/conf.d/default.conf
COPY config/nginx/uwsgi_params /etc/nginx/uwsgi_params
# Create directories for static and media files (will be volumes)
RUN mkdir -p /var/www/media /var/www/static && \
chown -R nginx:nginx /var/www
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]

99
config/imagemagick/policy.xml Normal file
View File

@@ -0,0 +1,99 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policymap [
<!ELEMENT policymap (policy)*>
<!ATTLIST policymap xmlns CDATA #FIXED ''>
<!ELEMENT policy EMPTY>
<!ATTLIST policy xmlns CDATA #FIXED '' domain NMTOKEN #REQUIRED
name NMTOKEN #IMPLIED pattern CDATA #IMPLIED rights NMTOKEN #IMPLIED
stealth NMTOKEN #IMPLIED value CDATA #IMPLIED>
]>
<!--
Configure ImageMagick policies.
Domains include system, delegate, coder, filter, path, or resource.
Rights include none, read, write, execute and all. Use | to combine them,
for example: "read | write" to permit read from, or write to, a path.
Use a glob expression as a pattern.
Suppose we do not want users to process MPEG video images:
<policy domain="delegate" rights="none" pattern="mpeg:decode" />
Here we do not want users reading images from HTTP:
<policy domain="coder" rights="none" pattern="HTTP" />
The /repository file system is restricted to read only. We use a glob
expression to match all paths that start with /repository:
<policy domain="path" rights="read" pattern="/repository/*" />
Lets prevent users from executing any image filters:
<policy domain="filter" rights="none" pattern="*" />
Any large image is cached to disk rather than memory:
<policy domain="resource" name="area" value="1GP"/>
Use the default system font unless overwridden by the application:
<policy domain="system" name="font" value="/usr/share/fonts/favorite.ttf"/>
Define arguments for the memory, map, area, width, height and disk resources
with SI prefixes (.e.g 100MB). In addition, resource policies are maximums
for each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB
exceeds policy maximum so memory limit is 1GB).
Rules are processed in order. Here we want to restrict ImageMagick to only
read or write a small subset of proven web-safe image types:
<policy domain="delegate" rights="none" pattern="*" />
<policy domain="filter" rights="none" pattern="*" />
<policy domain="coder" rights="none" pattern="*" />
<policy domain="coder" rights="read|write" pattern="{GIF,JPEG,PNG,WEBP}" />
-->
<policymap>
<!-- <policy domain="resource" name="temporary-path" value="/tmp"/> -->
<policy domain="resource" name="memory" value="1GiB"/>
<policy domain="resource" name="map" value="30GiB"/>
<policy domain="resource" name="width" value="16MP"/>
<policy domain="resource" name="height" value="16MP"/>
<!-- <policy domain="resource" name="list-length" value="128"/> -->
<policy domain="resource" name="area" value="40GP"/>
<policy domain="resource" name="disk" value="100GiB"/>
<!-- <policy domain="resource" name="file" value="768"/> -->
<!-- <policy domain="resource" name="thread" value="4"/> -->
<!-- <policy domain="resource" name="throttle" value="0"/> -->
<!-- <policy domain="resource" name="time" value="3600"/> -->
<!-- <policy domain="coder" rights="none" pattern="MVG" /> -->
<!-- <policy domain="module" rights="none" pattern="{PS,PDF,XPS}" /> -->
<!-- <policy domain="path" rights="none" pattern="@*" /> -->
<!-- <policy domain="cache" name="memory-map" value="anonymous"/> -->
<!-- <policy domain="cache" name="synchronize" value="True"/> -->
<!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/>
<!-- <policy domain="system" name="max-memory-request" value="256MiB"/> -->
<!-- <policy domain="system" name="shred" value="2"/> -->
<!-- <policy domain="system" name="precision" value="6"/> -->
<!-- <policy domain="system" name="font" value="/path/to/font.ttf"/> -->
<!-- <policy domain="system" name="pixel-cache-memory" value="anonymous"/> -->
<!-- <policy domain="system" name="shred" value="2"/> -->
<!-- <policy domain="system" name="precision" value="6"/> -->
<!-- not needed due to the need to use explicitly by mvg: -->
<!-- <policy domain="delegate" rights="none" pattern="MVG" /> -->
<!-- use curl -->
<policy domain="delegate" rights="none" pattern="URL" />
<policy domain="delegate" rights="none" pattern="HTTPS" />
<policy domain="delegate" rights="none" pattern="HTTP" />
<!-- in order to avoid to get image with password text -->
<policy domain="path" rights="none" pattern="@*"/>
<!-- disable ghostscript format types -->
<policy domain="coder" rights="none" pattern="PS" />
<policy domain="coder" rights="none" pattern="PS2" />
<policy domain="coder" rights="none" pattern="PS3" />
<policy domain="coder" rights="none" pattern="EPS" />
<policy domain="coder" rights="none" pattern="PDF" />
<policy domain="coder" rights="none" pattern="XPS" />
</policymap>

1
config/nginx-proxy/client_max_body_size.conf Normal file
View File

@@ -0,0 +1 @@
client_max_body_size 5800M;

41
config/nginx/nginx.conf Normal file
View File

@@ -0,0 +1,41 @@
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 10240;
}
worker_rlimit_nofile 20000; #each connection needs a filehandle (or 2 if you are proxying)
http {
proxy_connect_timeout 75;
proxy_read_timeout 12000;
client_max_body_size 5800M;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 10;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/mediacms/nginx-main.access.log;
error_log /var/log/mediacms/nginx-main.error.log;
gzip on;
gzip_disable "msie6";
log_format compression '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" "$gzip_ratio"';
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

34
config/nginx/site.conf Normal file
View File

@@ -0,0 +1,34 @@
server {
listen 80 ;
gzip on;
access_log /var/log/mediacms/nginx.access.log;
error_log /var/log/mediacms/nginx.error.log warn;
location /static {
alias /var/www/static ;
}
location /media/original {
alias /var/www/media/original;
}
location /media {
alias /var/www/media ;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
location / {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
include /etc/nginx/uwsgi_params;
uwsgi_pass web:9000;
}
}

16
config/nginx/uwsgi_params Normal file
View File

@@ -0,0 +1,16 @@
uwsgi_param QUERY_STRING $query_string;
uwsgi_param REQUEST_METHOD $request_method;
uwsgi_param CONTENT_TYPE $content_type;
uwsgi_param CONTENT_LENGTH $content_length;
uwsgi_param REQUEST_URI $request_uri;
uwsgi_param PATH_INFO $document_uri;
uwsgi_param DOCUMENT_ROOT $document_root;
uwsgi_param SERVER_PROTOCOL $server_protocol;
uwsgi_param REQUEST_SCHEME $scheme;
uwsgi_param HTTPS $https if_not_empty;
uwsgi_param REMOTE_ADDR $remote_addr;
uwsgi_param REMOTE_PORT $remote_port;
uwsgi_param SERVER_PORT $server_port;
uwsgi_param SERVER_NAME $server_name;

24
config/uwsgi/uwsgi.ini Normal file
View File

@@ -0,0 +1,24 @@
[uwsgi]
chdir = /home/mediacms.io/mediacms/
virtualenv = /home/mediacms.io
module = cms.wsgi
uid=www-data
gid=www-data
processes = 2
threads = 2
master = true
socket = 127.0.0.1:9000
workers = 2
vacuum = true
hook-master-start = unix_signal:15 gracefully_kill_them_all
need-app = true
die-on-term = true
buffer-size=32768

161
docker-compose-cert.yaml Normal file
View File

@@ -0,0 +1,161 @@
version: "3.8"
# Production setup with automatic HTTPS via Let's Encrypt
# Uses https://github.com/nginx-proxy/acme-companion
services:
nginx-proxy:
image: nginxproxy/nginx-proxy
container_name: nginx-proxy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- conf:/etc/nginx/conf.d
- vhost:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- dhparam:/etc/nginx/dhparam
- certs:/etc/nginx/certs:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./config/nginx-proxy/client_max_body_size.conf:/etc/nginx/conf.d/client_max_body_size.conf:ro
acme-companion:
image: nginxproxy/acme-companion
container_name: nginx-proxy-acme
restart: unless-stopped
volumes_from:
- nginx-proxy
volumes:
- certs:/etc/nginx/certs:rw
- acme:/etc/acme.sh
- /var/run/docker.sock:/var/run/docker.sock:ro
migrations:
image: mediacms/mediacms:7.3
command: ["/bin/bash", "/home/mediacms.io/mediacms/scripts/run-migrations.sh"]
environment:
ADMIN_USER: 'admin'
ADMIN_EMAIL: 'admin@localhost'
# ADMIN_PASSWORD: 'uncomment_and_set_password_here'
restart: "no"
depends_on:
redis:
condition: service_healthy
db:
condition: service_healthy
volumes:
- static_files:/home/mediacms.io/mediacms/static_files
- media_files:/home/mediacms.io/mediacms/media_files
- logs:/home/mediacms.io/mediacms/logs
web:
image: mediacms/mediacms:7.3
restart: unless-stopped
expose:
- "9000"
depends_on:
migrations:
condition: service_completed_successfully
redis:
condition: service_healthy
db:
condition: service_healthy
volumes:
- static_files:/home/mediacms.io/mediacms/static_files
- media_files:/home/mediacms.io/mediacms/media_files
- logs:/home/mediacms.io/mediacms/logs
nginx:
image: mediacms/mediacms-nginx:7.3
restart: unless-stopped
expose:
- "80"
environment:
# These are required for nginx-proxy to route traffic correctly
VIRTUAL_HOST: 'mediacms.example.com' # CHANGE THIS to your domain
LETSENCRYPT_HOST: 'mediacms.example.com' # CHANGE THIS to your domain
LETSENCRYPT_EMAIL: 'admin@example.com' # CHANGE THIS to your email
depends_on:
- web
volumes:
- static_files:/var/www/static:ro
- media_files:/var/www/media:ro
- logs:/var/log/mediacms
celery_beat:
image: mediacms/mediacms-worker:7.3
restart: unless-stopped
command: ["/home/mediacms.io/bin/celery", "-A", "cms", "beat", "--loglevel=INFO"]
depends_on:
migrations:
condition: service_completed_successfully
redis:
condition: service_healthy
volumes:
- media_files:/home/mediacms.io/mediacms/media_files
- logs:/home/mediacms.io/mediacms/logs
celery_short:
image: mediacms/mediacms-worker:7.3
restart: unless-stopped
command: ["/home/mediacms.io/bin/celery", "-A", "cms", "worker", "-Q", "short_tasks", "-c", "10", "--soft-time-limit=300", "--loglevel=INFO", "-n", "short@%h"]
depends_on:
migrations:
condition: service_completed_successfully
redis:
condition: service_healthy
volumes:
- media_files:/home/mediacms.io/mediacms/media_files
- logs:/home/mediacms.io/mediacms/logs
celery_long:
image: mediacms/mediacms-worker:7.3
# To use extra codecs, change image to: mediacms/mediacms-worker:7.3-full
restart: unless-stopped
command: ["/home/mediacms.io/bin/celery", "-A", "cms", "worker", "-Q", "long_tasks", "-c", "1", "-Ofair", "--prefetch-multiplier=1", "--loglevel=INFO", "-n", "long@%h"]
depends_on:
migrations:
condition: service_completed_successfully
redis:
condition: service_healthy
volumes:
- media_files:/home/mediacms.io/mediacms/media_files
- logs:/home/mediacms.io/mediacms/logs
db:
image: postgres:17.2-alpine
restart: unless-stopped
environment:
POSTGRES_USER: mediacms
POSTGRES_PASSWORD: mediacms
POSTGRES_DB: mediacms
TZ: Europe/London
volumes:
- postgres_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
interval: 10s
timeout: 5s
retries: 5
redis:
image: redis:alpine
restart: unless-stopped
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 3
volumes:
conf:
vhost:
html:
dhparam:
certs:
acme:
postgres_data:
static_files:
media_files:
logs:

153
docker-compose-dev.yaml
View File

@@ -1,4 +1,7 @@
version: "3" version: "3.8"
# Development setup with hot-reload and file mounts
# This is the ONLY compose file that mounts the source code
services: services:
migrations: migrations:
@@ -8,82 +11,126 @@ services:
target: base target: base
args: args:
- DEVELOPMENT_MODE=True - DEVELOPMENT_MODE=True
image: mediacms/mediacms-dev:latest image: mediacms/mediacms-dev:7.3
volumes: command: ["/bin/bash", "/home/mediacms.io/mediacms/scripts/run-migrations.sh"]
- ./:/home/mediacms.io/mediacms/
command: "./deploy/docker/prestart.sh"
environment: environment:
DEVELOPMENT_MODE: True DEVELOPMENT_MODE: 'True'
ENABLE_UWSGI: 'no' DEBUG: 'True'
ENABLE_NGINX: 'no'
ENABLE_CELERY_SHORT: 'no'
ENABLE_CELERY_LONG: 'no'
ENABLE_CELERY_BEAT: 'no'
ADMIN_USER: 'admin' ADMIN_USER: 'admin'
ADMIN_EMAIL: 'admin@localhost' ADMIN_EMAIL: 'admin@localhost'
ADMIN_PASSWORD: 'admin' ADMIN_PASSWORD: 'admin'
restart: on-failure restart: "no"
depends_on: depends_on:
redis: redis:
condition: service_healthy condition: service_healthy
db: db:
condition: service_healthy condition: service_healthy
frontend:
image: node:20
volumes:
- ${PWD}/frontend:/home/mediacms.io/mediacms/frontend/
working_dir: /home/mediacms.io/mediacms/frontend/
command: bash -c "npm install && npm run start"
env_file:
- ${PWD}/frontend/.env
ports:
- "8088:8088"
depends_on:
- web
web:
image: mediacms/mediacms-dev:latest
command: "python manage.py runserver 0.0.0.0:80"
environment:
DEVELOPMENT_MODE: True
ports:
- "80:80"
volumes: volumes:
- ./:/home/mediacms.io/mediacms/ - ./:/home/mediacms.io/mediacms/
web:
image: mediacms/mediacms-dev:7.3
restart: unless-stopped
ports:
- "80:8000"
command: ["python", "manage.py", "runserver", "0.0.0.0:8000"]
environment:
DEVELOPMENT_MODE: 'True'
DEBUG: 'True'
depends_on: depends_on:
- migrations migrations:
condition: service_completed_successfully
redis:
condition: service_healthy
db:
condition: service_healthy
volumes:
- ./:/home/mediacms.io/mediacms/
frontend:
image: node:20-alpine
working_dir: /home/mediacms.io/mediacms/frontend/
command: sh -c "npm install && npm run start"
ports:
- "8088:8088"
environment:
- NODE_ENV=development
env_file:
- ./frontend/.env
volumes:
- ./frontend:/home/mediacms.io/mediacms/frontend/
depends_on:
- web
celery_beat:
image: mediacms/mediacms-dev:7.3
restart: unless-stopped
command: ["/home/mediacms.io/bin/celery", "-A", "cms", "beat", "--loglevel=INFO"]
environment:
DEVELOPMENT_MODE: 'True'
DEBUG: 'True'
depends_on:
migrations:
condition: service_completed_successfully
redis:
condition: service_healthy
volumes:
- ./:/home/mediacms.io/mediacms/
celery_short:
image: mediacms/mediacms-dev:7.3
restart: unless-stopped
command: ["/home/mediacms.io/bin/celery", "-A", "cms", "worker", "-Q", "short_tasks", "-c", "10", "--soft-time-limit=300", "--loglevel=INFO", "-n", "short@%h"]
environment:
DEVELOPMENT_MODE: 'True'
DEBUG: 'True'
depends_on:
migrations:
condition: service_completed_successfully
redis:
condition: service_healthy
volumes:
- ./:/home/mediacms.io/mediacms/
celery_long:
image: mediacms/mediacms-dev:7.3
restart: unless-stopped
command: ["/home/mediacms.io/bin/celery", "-A", "cms", "worker", "-Q", "long_tasks", "-c", "1", "-Ofair", "--prefetch-multiplier=1", "--loglevel=INFO", "-n", "long@%h"]
environment:
DEVELOPMENT_MODE: 'True'
DEBUG: 'True'
depends_on:
migrations:
condition: service_completed_successfully
redis:
condition: service_healthy
volumes:
- ./:/home/mediacms.io/mediacms/
db: db:
image: postgres:17.2-alpine image: postgres:17.2-alpine
volumes: restart: unless-stopped
- ../postgres_data:/var/lib/postgresql/data/
restart: always
environment: environment:
POSTGRES_USER: mediacms POSTGRES_USER: mediacms
POSTGRES_PASSWORD: mediacms POSTGRES_PASSWORD: mediacms
POSTGRES_DB: mediacms POSTGRES_DB: mediacms
TZ: Europe/London TZ: Europe/London
volumes:
- postgres_data:/var/lib/postgresql/data
healthcheck: healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}", "--host=db", "--dbname=$POSTGRES_DB", "--username=$POSTGRES_USER"] test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
interval: 10s interval: 10s
timeout: 5s timeout: 5s
retries: 5 retries: 5
redis: redis:
image: "redis:alpine" image: redis:alpine
restart: always restart: unless-stopped
healthcheck: healthcheck:
test: ["CMD", "redis-cli", "ping"] test: ["CMD", "redis-cli", "ping"]
interval: 30s interval: 10s
timeout: 10s timeout: 5s
retries: 3 retries: 3
celery_worker:
image: mediacms/mediacms-dev:latest volumes:
deploy: postgres_data:
replicas: 1
volumes:
- ./:/home/mediacms.io/mediacms/
environment:
ENABLE_UWSGI: 'no'
ENABLE_NGINX: 'no'
ENABLE_CELERY_BEAT: 'no'
ENABLE_MIGRATIONS: 'no'
depends_on:
- web

132
docker-compose.yaml
View File

@@ -1,86 +1,120 @@
version: "3" version: "3.8"
services: services:
migrations: migrations:
image: mediacms/mediacms:latest image: mediacms/mediacms:7.3
volumes: command: ["/bin/bash", "/home/mediacms.io/mediacms/scripts/run-migrations.sh"]
- ./:/home/mediacms.io/mediacms/
environment: environment:
ENABLE_UWSGI: 'no'
ENABLE_NGINX: 'no'
ENABLE_CELERY_SHORT: 'no'
ENABLE_CELERY_LONG: 'no'
ENABLE_CELERY_BEAT: 'no'
ADMIN_USER: 'admin' ADMIN_USER: 'admin'
ADMIN_EMAIL: 'admin@localhost' ADMIN_EMAIL: 'admin@localhost'
# ADMIN_PASSWORD: 'uncomment_and_set_password_here' # ADMIN_PASSWORD: 'uncomment_and_set_password_here'
command: "./deploy/docker/prestart.sh" restart: "no"
restart: on-failure
depends_on: depends_on:
redis: redis:
condition: service_healthy condition: service_healthy
db: db:
condition: service_healthy condition: service_healthy
volumes:
- static_files:/home/mediacms.io/mediacms/static_files
- media_files:/home/mediacms.io/mediacms/media_files
- logs:/home/mediacms.io/mediacms/logs
web: web:
image: mediacms/mediacms:latest image: mediacms/mediacms:7.3
deploy: restart: unless-stopped
replicas: 1 expose:
- "9000"
depends_on:
migrations:
condition: service_completed_successfully
redis:
condition: service_healthy
db:
condition: service_healthy
volumes:
- static_files:/home/mediacms.io/mediacms/static_files
- media_files:/home/mediacms.io/mediacms/media_files
- logs:/home/mediacms.io/mediacms/logs
nginx:
image: mediacms/mediacms-nginx:7.3
restart: unless-stopped
ports: ports:
- "80:80" - "80:80"
volumes:
- ./:/home/mediacms.io/mediacms/
environment:
ENABLE_CELERY_BEAT: 'no'
ENABLE_CELERY_SHORT: 'no'
ENABLE_CELERY_LONG: 'no'
ENABLE_MIGRATIONS: 'no'
depends_on: depends_on:
- migrations - web
volumes:
- static_files:/var/www/static:ro
- media_files:/var/www/media:ro
- logs:/var/log/mediacms
celery_beat: celery_beat:
image: mediacms/mediacms:latest image: mediacms/mediacms-worker:7.3
volumes: restart: unless-stopped
- ./:/home/mediacms.io/mediacms/ command: ["/home/mediacms.io/bin/celery", "-A", "cms", "beat", "--loglevel=INFO"]
environment:
ENABLE_UWSGI: 'no'
ENABLE_NGINX: 'no'
ENABLE_CELERY_SHORT: 'no'
ENABLE_CELERY_LONG: 'no'
ENABLE_MIGRATIONS: 'no'
depends_on: depends_on:
- redis migrations:
celery_worker: condition: service_completed_successfully
image: mediacms/mediacms:latest redis:
deploy: condition: service_healthy
replicas: 1
volumes: volumes:
- ./:/home/mediacms.io/mediacms/ - media_files:/home/mediacms.io/mediacms/media_files
environment: - logs:/home/mediacms.io/mediacms/logs
ENABLE_UWSGI: 'no'
ENABLE_NGINX: 'no' celery_short:
ENABLE_CELERY_BEAT: 'no' image: mediacms/mediacms-worker:7.3
ENABLE_MIGRATIONS: 'no' restart: unless-stopped
command: ["/home/mediacms.io/bin/celery", "-A", "cms", "worker", "-Q", "short_tasks", "-c", "10", "--soft-time-limit=300", "--loglevel=INFO", "-n", "short@%h"]
depends_on: depends_on:
- migrations migrations:
condition: service_completed_successfully
redis:
condition: service_healthy
volumes:
- media_files:/home/mediacms.io/mediacms/media_files
- logs:/home/mediacms.io/mediacms/logs
celery_long:
image: mediacms/mediacms-worker:7.3
# To use extra codecs, change image to: mediacms/mediacms-worker:7.3-full
restart: unless-stopped
command: ["/home/mediacms.io/bin/celery", "-A", "cms", "worker", "-Q", "long_tasks", "-c", "1", "-Ofair", "--prefetch-multiplier=1", "--loglevel=INFO", "-n", "long@%h"]
depends_on:
migrations:
condition: service_completed_successfully
redis:
condition: service_healthy
volumes:
- media_files:/home/mediacms.io/mediacms/media_files
- logs:/home/mediacms.io/mediacms/logs
db: db:
image: postgres:17.2-alpine image: postgres:17.2-alpine
volumes: restart: unless-stopped
- ../postgres_data:/var/lib/postgresql/data/
restart: always
environment: environment:
POSTGRES_USER: mediacms POSTGRES_USER: mediacms
POSTGRES_PASSWORD: mediacms POSTGRES_PASSWORD: mediacms
POSTGRES_DB: mediacms POSTGRES_DB: mediacms
TZ: Europe/London TZ: Europe/London
volumes:
- postgres_data:/var/lib/postgresql/data
healthcheck: healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
interval: 10s interval: 10s
timeout: 5s timeout: 5s
retries: 5 retries: 5
redis: redis:
image: "redis:alpine" image: redis:alpine
restart: always restart: unless-stopped
healthcheck: healthcheck:
test: ["CMD", "redis-cli","ping"] test: ["CMD", "redis-cli", "ping"]
interval: 10s interval: 10s
timeout: 5s timeout: 5s
retries: 3 retries: 3
volumes:
postgres_data:
static_files:
media_files:
logs:

367
docs/DOCKER_V7.3_MIGRATION.md Normal file
View File

@@ -0,0 +1,367 @@
# MediaCMS 7.3 Docker Architecture Migration Guide
## Overview
MediaCMS 7.3 introduces a modernized Docker architecture that removes supervisord and implements Docker best practices with one process per container.
## What Changed
### Old Architecture (pre-7.3)
- Single multi-purpose image with supervisord
- Environment variables (`ENABLE_UWSGI`, `ENABLE_NGINX`, etc.) to control services
- All services bundled in `deploy/docker/` folder
- File mounts required for all deployments
### New Architecture (7.3+)
- **Dedicated images** for each service:
- `mediacms/mediacms:7.3` - Django/uWSGI application
- `mediacms/mediacms-worker:7.3` - Celery workers
- `mediacms/mediacms-worker:7.3-full` - Celery workers with extra codecs
- `mediacms/mediacms-nginx:7.3` - Nginx web server
- **No supervisord** - Native Docker process management
- **Separated services**:
- `migrations` - Runs database migrations on every startup
- `nginx` - Serves static/media files and proxies to Django
- `web` - Django application (uWSGI)
- `celery_short` - Short-running tasks (thumbnails, etc.)
- `celery_long` - Long-running tasks (video encoding)
- `celery_beat` - Task scheduler
- **No ENABLE_* environment variables**
- **Config centralized** in `config/` directory
- **File mounts only for development** (`docker-compose-dev.yaml`)
## Directory Structure
```
config/
├── nginx/
│ ├── nginx.conf # Main nginx config
│ ├── site.conf # Virtual host config
│ └── uwsgi_params # uWSGI parameters
├── nginx-proxy/
│ └── client_max_body_size.conf # For production HTTPS proxy
├── uwsgi/
│ └── uwsgi.ini # uWSGI configuration
└── imagemagick/
└── policy.xml # ImageMagick policy
scripts/
├── entrypoint-web.sh # Web container entrypoint
├── entrypoint-worker.sh # Worker container entrypoint
└── run-migrations.sh # Migration script
Dockerfile.new # Main Dockerfile (base, web, worker, worker-full)
Dockerfile.nginx # Nginx Dockerfile
docker-compose.yaml # Production deployment
docker-compose-cert.yaml # Production with HTTPS
docker-compose-dev.yaml # Development with file mounts
```
## Migration Steps
### For Existing Production Systems
#### Step 1: Backup your data
```bash
# Backup database
docker exec mediacms_db_1 pg_dump -U mediacms mediacms > backup.sql
# Backup media files
cp -r media_files media_files.backup
```
#### Step 2: Update configuration location
```bash
# The client_max_body_size.conf has moved
# No action needed if you haven't customized it
```
#### Step 3: Pull latest images
```bash
docker pull mediacms/mediacms:7.3
docker pull mediacms/mediacms-worker:7.3
docker pull mediacms/mediacms-nginx:7.3
```
#### Step 4: Update docker-compose file
If using **docker-compose.yaml**:
- No changes needed, just use the new version
If using **docker-compose-cert.yaml** (HTTPS):
- Update `VIRTUAL_HOST`, `LETSENCRYPT_HOST`, and `LETSENCRYPT_EMAIL` in the nginx service
- Update the path to client_max_body_size.conf:
```yaml
- ./config/nginx-proxy/client_max_body_size.conf:/etc/nginx/conf.d/client_max_body_size.conf:ro
```
#### Step 5: Restart services
```bash
docker compose down
docker compose up -d
```
### For Development Systems
Development now requires the `-dev` compose file:
```bash
# Old way (no longer works)
docker compose up
# New way (development)
docker compose -f docker-compose-dev.yaml up
```
## Deployment Options
### Standard Deployment (HTTP)
**File**: `docker-compose.yaml`
**Command**:
```bash
docker compose up -d
```
**Features**:
- Self-contained images (no file mounts)
- Nginx serves on port 80
- Separate containers for each service
- Named volumes for persistence
**Architecture**:
```
Client → nginx:80 → web:9000 (uWSGI)
static_files (volume)
media_files (volume)
```
### Production Deployment (HTTPS with Let's Encrypt)
**File**: `docker-compose-cert.yaml`
**Prerequisites**:
1. Domain name pointing to your server
2. Ports 80 and 443 open
**Setup**:
```bash
# 1. Edit docker-compose-cert.yaml
# Update these values in the nginx service:
# VIRTUAL_HOST: 'your-domain.com'
# LETSENCRYPT_HOST: 'your-domain.com'
# LETSENCRYPT_EMAIL: 'your-email@example.com'
# 2. Start services
docker compose -f docker-compose-cert.yaml up -d
# 3. Check logs
docker compose -f docker-compose-cert.yaml logs -f nginx-proxy acme-companion
```
**Features**:
- Automatic HTTPS via Let's Encrypt
- Certificate auto-renewal
- Reverse proxy handles SSL termination
**Architecture**:
```
Client → nginx-proxy:443 (HTTPS) → nginx:80 → web:9000 (uWSGI)
```
### Development Deployment
**File**: `docker-compose-dev.yaml`
**Command**:
```bash
docker compose -f docker-compose-dev.yaml up
```
**Features**:
- Source code mounted for live editing
- Django debug mode enabled
- Django's `runserver` instead of uWSGI
- Frontend hot-reload on port 8088
- No nginx (direct Django access on port 80)
**Ports**:
- `80` - Django API
- `8088` - Frontend dev server
## Configuration
### Environment Variables
All configuration is done via environment variables or `cms/local_settings.py`.
**Key Variables**:
- `FRONTEND_HOST` - Your domain (e.g., `https://mediacms.example.com`)
- `PORTAL_NAME` - Your portal name
- `SECRET_KEY` - Django secret key
- `POSTGRES_*` - Database credentials
- `REDIS_LOCATION` - Redis connection string
- `DEBUG` - Enable debug mode (development only)
**Setting variables**:
Option 1: In docker-compose file:
```yaml
environment:
FRONTEND_HOST: 'https://mediacms.example.com'
PORTAL_NAME: 'My MediaCMS'
```
Option 2: Using .env file (recommended):
```bash
# Create .env file
cat > .env << EOF
FRONTEND_HOST=https://mediacms.example.com
PORTAL_NAME=My MediaCMS
SECRET_KEY=your-secret-key-here
EOF
```
### Customizing Settings
For advanced customization, you can build a custom image:
```dockerfile
# Dockerfile.custom
FROM mediacms/mediacms:7.3
COPY my_local_settings.py /home/mediacms.io/mediacms/cms/local_settings.py
```
## Celery Workers
### Standard Workers
By default, `celery_long` uses the standard image:
```yaml
celery_long:
image: mediacms/mediacms-worker:7.3
```
### Full Workers (Extra Codecs)
To enable extra codecs for better transcoding (including Whisper for subtitles):
**Edit docker-compose file**:
```yaml
celery_long:
image: mediacms/mediacms-worker:7.3-full # Changed from :7.3
```
**Then restart**:
```bash
docker compose up -d celery_long
```
### Scaling Workers
You can scale workers independently:
```bash
# Scale short task workers
docker compose up -d --scale celery_short=3
# Scale long task workers
docker compose up -d --scale celery_long=2
```
## Troubleshooting
### Migrations not running
```bash
# Check migrations container logs
docker compose logs migrations
# Manually run migrations
docker compose run --rm migrations
```
### Static files not loading
```bash
# Ensure migrations completed (it runs collectstatic)
docker compose logs migrations
# Check nginx can access volumes
docker compose exec nginx ls -la /var/www/static
```
### Permission issues
```bash
# Check volume ownership
docker compose exec web ls -la /home/mediacms.io/mediacms/media_files
# If needed, rebuild images
docker compose build --no-cache
```
### Celery workers not processing tasks
```bash
# Check worker logs
docker compose logs celery_short celery_long
# Check Redis connection
docker compose exec redis redis-cli ping
# Restart workers
docker compose restart celery_short celery_long celery_beat
```
## Removed Components
The following are **no longer used** in 7.3:
- ❌ `deploy/docker/supervisord/` - Supervisord configs
- ❌ `deploy/docker/start.sh` - Start script
- ❌ `deploy/docker/entrypoint.sh` - Old entrypoint
- ❌ Environment variables: `ENABLE_UWSGI`, `ENABLE_NGINX`, `ENABLE_CELERY_BEAT`, `ENABLE_CELERY_SHORT`, `ENABLE_CELERY_LONG`, `ENABLE_MIGRATIONS`
**These are still available but moved**:
- ✅ `config/nginx/` - Nginx configs (moved from `deploy/docker/`)
- ✅ `config/uwsgi/` - uWSGI config (moved from `deploy/docker/`)
- ✅ `config/nginx-proxy/` - Reverse proxy config (moved from `deploy/docker/reverse_proxy/`)
## Persistent Volumes
MediaCMS 7.3 uses Docker named volumes for data persistence:
- **`media_files`** - All uploaded media (videos, images, thumbnails, HLS streams)
- Mounted on: migrations, web, nginx, celery_beat, celery_short, celery_long
- Persists across container restarts, updates, and image removals
- **`logs`** - Application and nginx logs
- Mounted on: migrations, web, nginx, celery_beat, celery_short, celery_long
- Nginx logs: `/var/log/mediacms/nginx.access.log`, `/var/log/mediacms/nginx.error.log`
- Django/Celery logs: `/home/mediacms.io/mediacms/logs/`
- Persists across container restarts, updates, and image removals
- **`static_files`** - Django static files (CSS, JS, images)
- Mounted on: migrations, web, nginx
- Regenerated during migrations via `collectstatic`
- **`postgres_data`** - PostgreSQL database
- Mounted on: db
- Persists across container restarts, updates, and image removals
**Important**: Use `docker compose down -v` to remove volumes (⚠️ causes data loss!)
## Benefits of New Architecture
1. **Better resource management** - Scale services independently
2. **Easier debugging** - Clear separation of concerns
3. **Faster restarts** - Restart only affected services
4. **Production-ready** - No file mounts, immutable images
5. **Standard Docker practices** - One process per container
6. **Clearer logs** - Each service has isolated logs, persistent storage
7. **Better health checks** - Per-service monitoring
8. **Data persistence** - media_files and logs survive all container operations
## Support
For issues or questions:
- GitHub Issues: https://github.com/mediacms-io/mediacms/issues
- Documentation: https://docs.mediacms.io

156
docs/admins_docs.md
View File

@@ -164,53 +164,123 @@ Database is stored on ../postgres_data/ and media_files on media_files/
## 4. Docker Deployment options ## 4. Docker Deployment options
The mediacms image is built to use supervisord as the main process, which manages one or more services required to run mediacms. We can toggle which services are run in a given container by setting the environment variables below to `yes` or `no`: **⚠️ IMPORTANT**: MediaCMS 7.3 introduces a new Docker architecture. If you're upgrading from an earlier version, please see the [Migration Guide](DOCKER_V7.3_MIGRATION.md).
* ENABLE_UWSGI ### Architecture Overview
* ENABLE_NGINX
* ENABLE_CELERY_BEAT
* ENABLE_CELERY_SHORT
* ENABLE_CELERY_LONG
* ENABLE_MIGRATIONS
By default, all these services are enabled, but in order to create a scaleable deployment, some of them can be disabled, splitting the service up into smaller services. MediaCMS 7.3+ uses a modern microservices architecture with dedicated containers:
Also see the `Dockerfile` for other environment variables which you may wish to override. Application settings, eg. `FRONTEND_HOST` can also be overridden by updating the `deploy/docker/local_settings.py` file. - **nginx** - Web server for static/media files and reverse proxy
- **web** - Django application (uWSGI)
- **celery_short** - Short-running background tasks
- **celery_long** - Long-running tasks (video encoding)
- **celery_beat** - Task scheduler
- **migrations** - Database migrations (runs on startup)
- **db** - PostgreSQL database
- **redis** - Cache and message broker
To run, update the configs above if necessary, build the image by running `docker compose build`, then run `docker compose run` ### Key Changes from Previous Versions
### Simple Deployment, accessed as http://localhost -**No supervisord** - Native Docker process management
-**Dedicated images** per service
-**No ENABLE_* environment variables** - Services are separated into individual containers
-**Production images** don't mount source code (immutable)
-**config/** directory for centralized configuration
-**Separate celery workers** for short and long tasks
The main container runs migrations, mediacms_web, celery_beat, celery_workers (celery_short and celery_long services), exposed on port 80 supported by redis and postgres database. ### Configuration
The FRONTEND_HOST in `deploy/docker/local_settings.py` is configured as http://localhost, on the docker host machine. Application settings can be overridden using environment variables in your docker-compose file or by building a custom image with a modified `cms/local_settings.py` file.
### Server with ssl certificate through letsencrypt service, accessed as https://my_domain.com Key environment variables:
Before trying this out make sure the ip points to my_domain.com. - `FRONTEND_HOST` - Your domain (e.g., `https://mediacms.example.com`)
- `PORTAL_NAME` - Portal name
- `SECRET_KEY` - Django secret key
- `DEBUG` - Enable debug mode (development only)
- Database and Redis connection settings
With this method [this deployment](../docker-compose-letsencrypt.yaml) is used. See the [Migration Guide](DOCKER_V7.3_MIGRATION.md) for detailed configuration options
Edit this file and set `VIRTUAL_HOST` as my_domain.com, `LETSENCRYPT_HOST` as my_domain.com, and your email on `LETSENCRYPT_EMAIL` ### Simple Deployment (HTTP)
Edit `deploy/docker/local_settings.py` and set https://my_domain.com as `FRONTEND_HOST` Use `docker-compose.yaml` for a standard HTTP deployment on port 80:
Now run `docker compose -f docker-compose-letsencrypt.yaml up`, when installation finishes you will be able to access https://my_domain.com using a valid Letsencrypt certificate! ```bash
docker compose up -d
```
### Advanced Deployment, accessed as http://localhost:8000 This starts all services (nginx, web, celery workers, database, redis) with the nginx container exposed on port 80. Access at http://localhost or http://your-server-ip.
Here we can run 1 mediacms_web instance, with the FRONTEND_HOST in `deploy/docker/local_settings.py` configured as http://localhost:8000. This is bootstrapped by a single migrations instance and supported by a single celery_beat instance and 1 or more celery_worker instances. Redis and postgres containers are also used for persistence. Clients can access the service on http://localhost:8000, on the docker host machine. This is similar to [this deployment](../docker-compose.yaml), with a `port` defined in FRONTEND_HOST. **Features:**
- Production-ready with immutable images
- Named volumes for data persistence
- Separate containers for each service
### Advanced Deployment, with reverse proxy, accessed as http://mediacms.io ### Production Deployment with HTTPS (Let's Encrypt)
Here we can use `jwilder/nginx-proxy` to reverse proxy to 1 or more instances of mediacms_web supported by other services as mentioned in the previous deployment. The FRONTEND_HOST in `deploy/docker/local_settings.py` is configured as http://mediacms.io, nginx-proxy has port 80 exposed. Clients can access the service on http://mediacms.io (Assuming DNS or the hosts file is setup correctly to point to the IP of the nginx-proxy instance). This is similar to [this deployment](../docker-compose-http-proxy.yaml). Use `docker-compose-cert.yaml` for automatic HTTPS with Let's Encrypt:
### Advanced Deployment, with reverse proxy, accessed as https://localhost **Prerequisites:**
- Domain name pointing to your server
- Ports 80 and 443 open
The reverse proxy (`jwilder/nginx-proxy`) can be configured to provide SSL termination using self-signed certificates, letsencrypt or CA signed certificates (see: https://hub.docker.com/r/jwilder/nginx-proxy or [LetsEncrypt Example](https://www.singularaspect.com/use-nginx-proxy-and-letsencrypt-companion-to-host-multiple-websites/) ). In this case the FRONTEND_HOST should be set to https://mediacms.io. This is similar to [this deployment](../docker-compose-http-proxy.yaml). **Setup:**
1. Edit `docker-compose-cert.yaml` and update:
- `VIRTUAL_HOST` - Your domain
- `LETSENCRYPT_HOST` - Your domain
- `LETSENCRYPT_EMAIL` - Your email
2. Run:
```bash
docker compose -f docker-compose-cert.yaml up -d
```
This uses `nginxproxy/nginx-proxy` with `acme-companion` for automatic HTTPS certificate management. Access at https://your-domain.com.
### Development Deployment
Use `docker-compose-dev.yaml` for development with live code reloading:
```bash
docker compose -f docker-compose-dev.yaml up
```
**Features:**
- Source code mounted for live editing
- Django debug mode enabled
- Frontend dev server on port 8088
- Direct Django access (no nginx) on port 80
### Scaling Workers
Scale celery workers independently based on load:
```bash
# Scale short task workers to 3 instances
docker compose up -d --scale celery_short=3
# Scale long task workers to 2 instances
docker compose up -d --scale celery_long=2
```
### Using Extra Codecs (Full Image)
For advanced transcoding features (including Whisper for automatic subtitles), use the full worker image:
Edit your docker-compose file:
```yaml
celery_long:
image: mediacms/mediacms-worker:7.3-full # Changed from :7.3
```
Then restart:
```bash
docker compose up -d celery_long
```
### A Scaleable Deployment Architecture (Docker, Swarm, Kubernetes) ### A Scaleable Deployment Architecture (Docker, Swarm, Kubernetes)
The architecture below generalises all the deployment scenarios above, and provides a conceptual design for other deployments based on kubernetes and docker swarm. It allows for horizontal scaleability through the use of multiple mediacms_web instances and celery_workers. For large deployments, managed postgres, redis and storage may be adopted. The architecture below provides a conceptual design for deployments based on kubernetes and docker swarm. It allows for horizontal scaleability through the use of multiple web instances and celery workers. For large deployments, managed postgres, redis and storage may be adopted.
![MediaCMS](images/architecture.png) ![MediaCMS](images/architecture.png)
@@ -218,24 +288,36 @@ The architecture below generalises all the deployment scenarios above, and provi
## 5. Configuration ## 5. Configuration
Several options are available on `cms/settings.py`, most of the things that are allowed or should be disallowed are described there. Several options are available on `cms/settings.py`, most of the things that are allowed or should be disallowed are described there.
It is advisable to override any of them by adding it to `local_settings.py` . It is advisable to override any of them by adding it to `local_settings.py`.
In case of a the single server installation, add to `cms/local_settings.py` . **Single server installation:** edit `cms/local_settings.py`, make changes and restart MediaCMS:
In case of a docker compose installation, add to `deploy/docker/local_settings.py` . This will automatically overwrite `cms/local_settings.py` .
Any change needs restart of MediaCMS in order to take effect.
Single server installation: edit `cms/local_settings.py`, make a change and restart MediaCMS
```bash ```bash
#systemctl restart mediacms systemctl restart mediacms celery_beat celery_short celery_long
``` ```
Docker Compose installation: edit `deploy/docker/local_settings.py`, make a change and restart MediaCMS containers **Docker installation:** Configuration can be done in two ways:
1. **Environment variables** (recommended for simple changes):
Add to your docker-compose file:
```yaml
environment:
FRONTEND_HOST: 'https://mediacms.example.com'
PORTAL_NAME: 'My MediaCMS'
```
2. **Custom image with local_settings.py** (for complex changes):
- Create a custom Dockerfile:
```dockerfile
FROM mediacms/mediacms:7.3
COPY my_custom_settings.py /home/mediacms.io/mediacms/cms/local_settings.py
```
- Build and use your custom image
After changes, restart the affected containers:
```bash ```bash
#docker compose restart web celery_worker celery_beat docker compose restart web celery_short celery_long celery_beat
``` ```
### 5.1 Change portal logo ### 5.1 Change portal logo

51
scripts/run-migrations.sh Executable file
View File

@@ -0,0 +1,51 @@
#!/bin/bash
set -e
echo "========================================="
echo "MediaCMS Migrations Starting..."
echo "========================================="
# Wait for database to be ready
until python manage.py migrate --check 2>/dev/null; do
echo "Waiting for database to be ready..."
sleep 2
done
# Run migrations
echo "Running database migrations..."
python manage.py migrate
# Check if this is a new installation
EXISTING_INSTALLATION=$(echo "from users.models import User; print(User.objects.exists())" | python manage.py shell)
if [ "$EXISTING_INSTALLATION" = "True" ]; then
echo "Existing installation detected, skipping initial data load"
else
echo "New installation detected, loading initial data..."
# Load fixtures
python manage.py loaddata fixtures/encoding_profiles.json
python manage.py loaddata fixtures/categories.json
# Create admin user
RANDOM_ADMIN_PASS=$(python -c "import secrets;chars = 'abcdefghijklmnopqrstuvwxyz0123456789';print(''.join(secrets.choice(chars) for i in range(10)))")
ADMIN_PASSWORD=${ADMIN_PASSWORD:-$RANDOM_ADMIN_PASS}
DJANGO_SUPERUSER_PASSWORD=$ADMIN_PASSWORD python manage.py createsuperuser \
--no-input \
--username=${ADMIN_USER:-admin} \
--email=${ADMIN_EMAIL:-admin@localhost} \
--database=default || true
echo "========================================="
echo "Admin user created with password: $ADMIN_PASSWORD"
echo "========================================="
fi
# Collect static files
echo "Collecting static files..."
python manage.py collectstatic --noinput
echo "========================================="
echo "Migrations completed successfully!"
echo "========================================="