Table of Contents
For this assignment, I've completed the following tasks:
- Set up a local Gitlab instance on your device using Docker and Docker Compose.
- Within this Gitlab instance, create a web project that builds a Docker container serving static content.
- Register a Gitlab runner instance on your device with your local Gitlab instance.
- Write a
gitlab-ci.yml
file to automate the build and deployment of your service using the Gitlab runner connected in the previous step.
All the following goals have been completed as well:
- Test your service after each build and deploy only if the tests are successful.
- Serve the web content not directly through a port but using a reverse proxy, making it accessible through the URL http://mywebapp.localtest.me/.
- Add a second static content service behind the proxy.
- Enable secure HTTPS communication.
- Provide detailed steps on how to automatically generate SSL certificates, as local generation is not possible.
- Connect your application to a Dockerized database and serve some content from it.
- Explain how you manage the state of the database.
- Describe your approach to running migrations.
- Implement a login mechanism for all your web services.
- You can use Basic Auth.
- Consider using a separate service.
- Implement both of the above options on individual services.
The project works with docker compose to spin up all the containers necessary to execute the services.
- Generating locally signed certificates for HTTPS using mkcert
cd nginx/certs mkcert "mywebapp.localtest.me" mkcert "auth.localtest.me" mkcert "go.localtest.me"
- Install Docker
- Configure an OAuth application on a suitable provider (GitHub, Google, Facebook, ...).
- Fill in the necessary environment variables in a .env file.
- Run the Docker compose stack.
export DATABASE_URL=postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@postgres/$POSTGRES_DB docker compose up -d --build
- mywebapp.localtest.me/docs : OpenAPI specification for a sample python FastAPI web service.
- auth.localtest.me : OAuth2 Proxy authentication provider.
- go.localtest.me : Basic go web server to test Basic HTTP Auth.
- For the SSL certificate generation we can add a certbot container to automatically create the SSL certificates using Let's Encrypt
- Create a Cron job in the container to trigger a re-creation of the certificates when they are close to expire.
- Reset the Nginx service once a certificate renewal is triggered by the Cron job.
- The provisioning of the Database is handled by the docker compose file configuration, using environment variables to set the necessary configuration options for the database.
- The connection and transactions to the database are handled by an ORM (SQLAlchemy) which acts as a repository interface to perform CRUD operations on the database.
- Docker also provisions a volume to store the data of the database service, the volume is transitory and will be deleted when the compose stack is taken down. For a persistent volume there's an option for named volumes in docker.
- When a change in the database schema is necessary we can use migrations to adapt to new schema requirements while also enabling rollbacks to a previous state.
- In Python the migrations can be done by modifying the ORM model objects and initializing a migration tool like Alembic for the SQLAlchemy case.
- Additional SQL code can be specified to deal with null values or data consistency issues.
Distributed under the MIT License. See LICENSE
for more information.
Milton Arango - @miltonarango - [email protected]