Operational but incomplete

2025-07-02 23:58:37 -04:00 · 2025-07-02 23:58:37 -04:00 · c7f8d278fc
commit c7f8d278fc
parent 4f8b25c066
8 changed files with 2770 additions and 7 deletions
--- a/config/Caddyfile.example
+++ b/config/Caddyfile.example
@ -0,0 +1,54 @@
 # The Caddyfile is an easy way to configure your Caddy web server.
 #
 # Unless the file starts with a global options block, the first
 # uncommented line is always the address of your site.
 #
 # To use your own domain name (with automatic HTTPS), first make
 # sure your domain's A/AAAA DNS records are properly pointed to
 # this machine's public IP, then replace ":80" below with your
 # domain name.
 {
    servers {
        metrics
    }
    admin :2019
    log access-json {
        include http.log.access.wger
        output file /var/log/www/access.log
    }
    log access-console {
        include http.log.access.wger
    	format console
    }
 }
 #your.domain.example.com {
 localhost {
    log wger
    encode
    reverse_proxy web:8000 {
        header_up Host {host}
        header_up X-Real-IP {remote_host}
        header_up X-Forwarded-For {http.X-Forwarded-For} {remote_host}
        header_up X-Forwarded-Proto {scheme}
    }
    handle /static/* {
        root * /wger
        file_server
    }
    handle /media/* {
        root * /wger
        file_server
   }
 }
 # Refer to the Caddy docs for more information:
 # https://caddyserver.com/docs/caddyfile
--- a/config/dev-sqlite.env
+++ b/config/dev-sqlite.env
@ -0,0 +1,4 @@
 # Note: this is the path *within* the docker container
 DJANGO_DB_ENGINE=django.db.backends.sqlite3
 DJANGO_DB_DATABASE=/home/wger/src/database.sqlite
--- a/config/dev.env
+++ b/config/dev.env
@ -0,0 +1,5 @@
 DJANGO_DEBUG=True
 WGER_USE_GUNICORN=False
 EXERCISE_CACHE_TTL=30
 SYNC_EXERCISES_ON_STARTUP=False
 AXES_ENABLED=False
--- a/config/nginx.conf
+++ b/config/nginx.conf
@ -0,0 +1,28 @@
 upstream wger {
    server web:8000;
 }
 server {
    listen 80;
    location / {
        proxy_pass http://wger;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
        proxy_set_header X-Forwarded-Host $host:$server_port;
        proxy_redirect off;
    }
    location /static/ {
        alias /wger/static/;
    }
    location /media/ {
        alias /wger/media/;
    }
    # Increase max body size to allow for video uploads
    client_max_body_size 100M;
 }
--- a/config/prod.env
+++ b/config/prod.env
@ -0,0 +1,192 @@
 # Django's secret key, change to a 50 character random string if you are running
 # this instance publicly. For an online generator, see e.g. https://djecrety.ir/
 SECRET_KEY=wger-docker-supersecret-key-1234567890!@#$%^&*(-_)
 # Signing key used for JWT, use something different than the secret key
 SIGNING_KEY=wger-docker-secret-jwtkey-1234567890!@#$%^&*(-_=+)
 # The server's timezone, for a list of possible names:
 # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
 TIME_ZONE=Europe/Berlin
 TZ=Europe/Berlin
 #
 # If you get CSRF errors set your domain here
 # Consult the docs for more details:
 # https://wger.readthedocs.io/en/latest/production/docker.html#if-you-get-csrf-errors
 # CSRF_TRUSTED_ORIGINS=https://my.domain.example.com,https://118.999.881.119
 X_FORWARDED_PROTO_HEADER_SET=True
 #
 # Static files
 # If you are running the application behind a reverse proxy or changed the port, the
 # links for some images *might* break (specially in the mobile app). Also note that
 # the API response is cached and contains the host, if you change this setting, just run
 # docker compose exec web python3 manage.py warmup-exercise-api-cache --force
 # MEDIA_URL=https://your-domain.example.com/media/
 # STATIC_URL=https://your-domain.example.com/static/
 #
 # These settings usually don't need changing
 #
 #
 # Application
 WGER_INSTANCE=https://wger.de # Wger instance from which to sync exercises, images, etc.
 ALLOW_REGISTRATION=True
 ALLOW_GUEST_USERS=True
 ALLOW_UPLOAD_VIDEOS=True
 # Users won't be able to contribute to exercises if their account age is
 # lower than this amount in days.
 MIN_ACCOUNT_AGE_TO_TRUST=21
 # Synchronzing exercises
 # It is recommended to keep the local database synchronized with the wger
 # instance specified in WGER_INSTANCE since there are new added or translations
 # improved. For this you have different possibilities:
 # - Sync exercises on startup:
 # SYNC_EXERCISES_ON_STARTUP=True
 # DOWNLOAD_EXERCISE_IMAGES_ON_STARTUP=True
 # - Sync them in the background with celery. This will setup a job that will run
 #   once a week at a random time (this time is selected once when starting the server)
 SYNC_EXERCISES_CELERY=True
 SYNC_EXERCISE_IMAGES_CELERY=True
 SYNC_EXERCISE_VIDEOS_CELERY=True
 # - Manually trigger the process as needed:
 #   docker compose exec web python3 manage.py sync-exercises
 #   docker compose exec web python3 manage.py download-exercise-images
 #   docker compose exec web python3 manage.py download-exercise-videos
 # Synchronzing ingredients
 # You can also syncronize the ingredients from a remote wger instance, and have
 # basically the same options as for the ingredients:
 # - Sync them in the background with celery. This will setup a job that will run
 #   once a week at a random time (this time is selected once when starting the server)
 SYNC_INGREDIENTS_CELERY=True
 # - Manually trigger the process as needed:
 #   docker compose exec web python3 manage.py sync-ingredients
 # This option controls whether to download ingredients and their images from the
 # configured wger instance. When scanning products with the barcode scanner, it is
 # possible to dynamically fetch the ingredient if it is not known in the local database.
 # Possible values: WGER or None. Requires USE_CELERY to be set to true.
 DOWNLOAD_INGREDIENTS_FROM=WGER
 # Whether celery is configured and should be used. Can be left to true with
 # this setup but can be deactivated if you are using the app in some other way
 USE_CELERY=True
 #
 # Celery
 CELERY_BROKER=redis://cache:6379/2
 CELERY_BACKEND=redis://cache:6379/2
 CELERY_FLOWER_PASSWORD=adminadmin
 #
 # Database
 DJANGO_DB_ENGINE=django.db.backends.postgresql
 DJANGO_DB_DATABASE=wger
 DJANGO_DB_USER=wger
 DJANGO_DB_PASSWORD=wger
 DJANGO_DB_HOST=db
 DJANGO_DB_PORT=5432
 DJANGO_PERFORM_MIGRATIONS=True # Perform any new database migrations on startup
 #
 # Cache
 DJANGO_CACHE_BACKEND=django_redis.cache.RedisCache
 DJANGO_CACHE_LOCATION=redis://cache:6379/1
 DJANGO_CACHE_TIMEOUT=1296000 # in seconds - 60*60*24*15, 15 Days
 DJANGO_CACHE_CLIENT_CLASS=django_redis.client.DefaultClient
 # DJANGO_CACHE_CLIENT_PASSWORD=abcde... # Only if you changed the redis config
 # DJANGO_CACHE_CLIENT_SSL_KEYFILE=/path/to/ssl_keyfile # Path to an ssl private key.
 # DJANGO_CACHE_CLIENT_SSL_CERTFILE=/path/to/ssl_certfile # Path to an ssl certificate.
 # DJANGO_CACHE_CLIENT_SSL_CERT_REQS=<none | optional | required> # The string value for the verify_mode.
 # DJANGO_CACHE_CLIENT_SSL_CHECK_HOSTNAME=False # If set, match the hostname during the SSL handshake.
 #
 # Brute force login attacks
 # https://django-axes.readthedocs.io/en/latest/index.html
 AXES_ENABLED=True
 AXES_FAILURE_LIMIT=10
 AXES_COOLOFF_TIME=30 # in minutes
 AXES_HANDLER=axes.handlers.cache.AxesCacheHandler
 AXES_LOCKOUT_PARAMETERS=ip_address
 AXES_IPWARE_PROXY_COUNT=1
 AXES_IPWARE_META_PRECEDENCE_ORDER=HTTP_X_FORWARDED_FOR,REMOTE_ADDR
 #
 # Others
 DJANGO_DEBUG=False
 WGER_USE_GUNICORN=True
 EXERCISE_CACHE_TTL=18000 # in seconds - 5*60*60, 5 hours
 SITE_URL=http://localhost
 #
 # JWT auth
 ACCESS_TOKEN_LIFETIME=10 # The lifetime duration of the access token, in minutes
 REFRESH_TOKEN_LIFETIME=24 # The lifetime duration of the refresh token, in hours
 #
 # Auth Proxy Authentication
 #
 # Please read the documentation before enabling this feature:
 # https://wger.readthedocs.io/en/latest/administration/auth_proxy.html
 AUTH_PROXY_HEADER=''
 AUTH_PROXY_TRUSTED_IPS=''
 AUTH_PROXY_CREATE_UNKNOWN_USER=False
 AUTH_PROXY_USER_EMAIL_HEADER=''
 AUTH_PROXY_USER_NAME_HEADER=''
 #
 # Other possible settings
 # Log level: possible values: DEBUG, INFO, WARNING, ERROR, CRITICAL
 LOG_LEVEL_PYTHON=INFO
 # Recaptcha keys. You will need to create an account and register your domain
 # https://www.google.com/recaptcha/
 # RECAPTCHA_PUBLIC_KEY=abcde...
 # RECAPTCHA_PRIVATE_KEY=abcde...
 USE_RECAPTCHA=False
 # Clears the static files before copying the new ones (i.e. just calls collectstatic
 # with the appropriate flag: "manage.py collectstatic --no-input --clear"). Usually
 # This can be left like this but if you have problems and new static files are not
 # being copied correctly, clearing everything might help
 DJANGO_CLEAR_STATIC_FIRST=False
 #
 # Email
 # https://docs.djangoproject.com/en/4.1/topics/email/#smtp-backend
 # ENABLE_EMAIL=False
 # EMAIL_HOST=email.example.com
 # EMAIL_PORT=587
 # EMAIL_HOST_USER=username
 # EMAIL_HOST_PASSWORD=password
 # EMAIL_USE_TLS=True
 # EMAIL_USE_SSL=False
 FROM_EMAIL='wger Workout Manager <wger@example.com>'
 # Set your name and email to be notified if an internal server error occurs.
 # Needs a working email configuration
 # DJANGO_ADMINS=your name,email@example.com
 # Whether to compress css and js files into one (of each)
 # COMPRESS_ENABLED=True
 #
 # Django Rest Framework
 # The number of proxies in front of the application. In the default configuration
 # only nginx is. Change as approtriate if your setup differs. Also note that this
 # is only used when throttling API requests.
 NUMBER_OF_PROXIES=1
 #
 # Gunicorn
 #
 # Additional gunicorn options, change as needed.
 # For the number of workers to spawn, a usually recommended value is (2 x $num_cores) + 1
 # see:
 #   - https://docs.gunicorn.org/en/stable/settings.html
 #   - https://github.com/wger-project/wger/blob/master/extras/docker/production/entrypoint.sh#L95
 GUNICORN_CMD_ARGS="--workers 3 --threads 2 --worker-class gthread --proxy-protocol True --timeout 240"
--- a/config/redis.conf
+++ b/config/redis.conf
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,8 +1,8 @@
 services:
-  {{service}}-ts:
+  wger-ts:
    image: tailscale/tailscale:latest
-    hostname: {{service}}
+    hostname: wger
-    container_name: {{service}}-ts
+    container_name: wger-ts
    environment:
      - TS_AUTHKEY={{YOUR_TAILSCALE_AUTHKEY}}
      - TS_STATE_DIR=/var/lib/tailscale
@ -15,7 +15,128 @@ services:
      - net_admin
      - sys_module
    restart: unless-stopped
-  {{service-compose}}
+  web:
-    network_mode: service:{{service}}-ts
+    image: wger/server:latest
    depends_on:
-      - {{service}}-ts
+      db:
        condition: service_healthy
      cache:
        condition: service_healthy
    env_file:
      - ./config/prod.env
    volumes:
      - static:/home/wger/static
      - media:/home/wger/media
    expose:
      - 8000
    healthcheck:
      test: wget --no-verbose --tries=1 --spider http://localhost:8000
      interval: 10s
      timeout: 5s
      start_period: 300s
      retries: 5
    restart: unless-stopped
  nginx:
    network_mode: service:wger-ts
    depends_on: 
      - wger-ts
      - web
    image: nginx:stable
    volumes:
      - ./config/nginx.conf:/etc/nginx/conf.d/default.conf
      - static:/wger/static:ro
      - media:/wger/media:ro
    # ports:
      # - "80:80"
    healthcheck:
      test: service nginx status
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 30s
    restart: unless-stopped
  db:
    image: postgres:15-alpine
    environment:
      - POSTGRES_USER=wger
      - POSTGRES_PASSWORD=wger
      - POSTGRES_DB=wger
      - TZ=Europe/Berlin
    volumes:
      - postgres-data:/var/lib/postgresql/data/
    expose:
      - 5432
    healthcheck:
      test: pg_isready -U wger
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 30s
    restart: unless-stopped
  cache:
    image: redis
    expose:
      - 6379
    volumes:
      - ./config/redis.conf:/usr/local/etc/redis/redis.conf
      - redis-data:/data
    command: [ "redis-server", "/usr/local/etc/redis/redis.conf"]
    healthcheck:
      test: redis-cli ping
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 30s
    restart: unless-stopped
    # You probably want to limit the memory usage of the cache, otherwise it might
    # hog all the available memory. Remove or change according to your needs.
    #mem_limit: 5gb
  celery_worker:
    image: wger/server:latest
    command: /start-worker
    env_file:
      - ./config/prod.env
    volumes:
      - media:/home/wger/media
    depends_on:
      web:
        condition: service_healthy
    healthcheck:
      test: celery -A wger inspect ping
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 30s
  celery_beat:
    image: wger/server:latest
    command: /start-beat
    volumes:
      - celery-beat:/home/wger/beat/
    env_file:
      - ./config/prod.env
    depends_on:
      celery_worker:
        condition: service_healthy
 volumes:
  postgres-data:
  celery-beat:
  redis-data:
  # Heads up, if you remove these volumes and use folders directly you need to chown them
  # to the UID and GID 1000 even if it doesn't exist on your system. Also, they should
  # be readable by everyone.
  #
  # https://wger.readthedocs.io/en/latest/production/docker.html#missing-static-files
  media:
  static:
 networks:
  default:
    name: wger_network
--- a/tailscale/config/serve.json
+++ b/tailscale/config/serve.json
@ -8,7 +8,7 @@
      "${TS_CERT_DOMAIN}:443": {
        "Handlers": {
          "/": {
-            "Proxy": "http://127.0.0.1:3000"
+            "Proxy": "http://127.0.0.1:80"
          }
        }
      }