Comments (6)
mjhea0
commented on July 22, 2024
Thanks for adding this comment. Intermittent 502s are difficult to troubleshoot. Curious - Why did you add 172.21.0.2:5432 to Nginx in the first place? Is that so you can access psql locally?
from django-on-docker.
banagale
commented on July 22, 2024
Curious - Why did you add
172.21.0.2:5432to Nginx in the first place? Is that so you can access psql locally?
Yes, in your tutorials you highly recommend letting DO manage the DB. I agree though for staging and "pre-production" production that would be an extra $30 a month per project.
I wanted to allow at least staging deployed instances to use a local psql dB because it is "free" and all of the services can run on a 1gb ram DO droplet.
Does the configuration I have there match up with that explanation in your mind?
edit: For added context, I also suggested mentioning how to choose cheaper droplets in a reply to the GA post on reddit. :)
from django-on-docker.
mjhea0
commented on July 22, 2024
It does. I just wouldn't add psql to the load balancer. Django can access it container to container. By exposing it to the world you open up a security issue along with the passive health check problem.
from django-on-docker.
banagale
commented on July 22, 2024
I see. Security is a major concern to me, so I definitely want to get that right.
Can you give a bit more information about the proper way to containerize the database, perhaps point me at an example? This may not be the forum for this question, but I can share the docker-compose.prod.yml if it would be helpful.
from django-on-docker.
mjhea0
commented on July 22, 2024
Right now the entire Internet can access it. Just remove it from Nginx so that only Django can access it.
from django-on-docker.
banagale
commented on July 22, 2024
Thank you for that feedback. I have been somewhat guide-driven and in mashing together different examples but not spending enough time on the fundamentals of Docker networking, I did not see this exposure.
I was able to verify your assessment by scanning the port on the two deployed IPs. I removed the ports: - 5432:5432 from the db service, re-deployed and was able to see it was then filtered.
I think possibly what got me confused was I replaced your suggested entrypoint db healthcheck method with docker-compose-wait, which uses WAIT_HOSTS: db:5432 on the web container to make sure postgres is ready.
I hadn't realized that the port would still be available without doing that extra piece.
from django-on-docker.
Related Issues (20)
- Where is certbot and Lets Encrypt? HOT 1
- How to integrate https letsencript HOT 1
- Flake 8 in app/Dockerfile.prod HOT 1
- Entrypoint files break build (container start) when they have Win CR/LF EOLs
- nginx - docker - problem with adding add worker_connections. nginx - directive is not allowed here HOT 1
- Conflict between dev and prod HOT 1
- Getting stuck on "Media files"
- Not serving static files
- unable to create migration file HOT 2
- Dockerfile missing netcat dependency (apologies if wrong repo for django-tdd-docker) HOT 1
- Please mention the database flush in the Readme HOT 1
- Volumes attached, but no tables in hello_django_dev DB HOT 1
- Copy overrides entrypoint.sh HOT 5
- nginx does not start... HOT 8
- Debug Flag as bool HOT 1
- Entrypoint script not found HOT 1
- Not suitable for production without supervisor process?
- Making media files accessible from host HOT 1
- Entry point error HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-on-docker.