Operational but incomplete

config/Caddyfile.example

@@ -0,0 +1,54 @@
+# The Caddyfile is an easy way to configure your Caddy web server.
+#
+# Unless the file starts with a global options block, the first
+# uncommented line is always the address of your site.
+#
+# To use your own domain name (with automatic HTTPS), first make
+# sure your domain's A/AAAA DNS records are properly pointed to
+# this machine's public IP, then replace ":80" below with your
+# domain name.
+
+{
+    servers {
+        metrics
+    }
+
+    admin :2019
+
+    log access-json {
+        include http.log.access.wger
+        output file /var/log/www/access.log
+    }
+
+    log access-console {
+        include http.log.access.wger
+    	format console
+    }
+}
+
+#your.domain.example.com {
+localhost {
+    log wger
+
+    encode
+
+    reverse_proxy web:8000 {
+        header_up Host {host}
+        header_up X-Real-IP {remote_host}
+        header_up X-Forwarded-For {http.X-Forwarded-For} {remote_host}
+        header_up X-Forwarded-Proto {scheme}
+    }
+
+    handle /static/* {
+        root * /wger
+        file_server
+    }
+
+    handle /media/* {
+        root * /wger
+        file_server
+   }
+}
+
+# Refer to the Caddy docs for more information:
+# https://caddyserver.com/docs/caddyfile

config/dev-sqlite.env

@@ -0,0 +1,4 @@
+# Note: this is the path *within* the docker container
+DJANGO_DB_ENGINE=django.db.backends.sqlite3
+DJANGO_DB_DATABASE=/home/wger/src/database.sqlite
+

config/dev.env

@@ -0,0 +1,5 @@
+DJANGO_DEBUG=True
+WGER_USE_GUNICORN=False
+EXERCISE_CACHE_TTL=30
+SYNC_EXERCISES_ON_STARTUP=False
+AXES_ENABLED=False

config/nginx.conf

@@ -0,0 +1,28 @@
+upstream wger {
+    server web:8000;
+}
+
+server {
+
+    listen 80;
+
+    location / {
+        proxy_pass http://wger;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+        proxy_set_header X-Forwarded-Host $host:$server_port;
+        proxy_redirect off;
+    }
+
+    location /static/ {
+        alias /wger/static/;
+    }
+
+    location /media/ {
+        alias /wger/media/;
+    }
+
+    # Increase max body size to allow for video uploads
+    client_max_body_size 100M;
+}

config/prod.env

@@ -0,0 +1,192 @@
+# Django's secret key, change to a 50 character random string if you are running
+# this instance publicly. For an online generator, see e.g. https://djecrety.ir/
+SECRET_KEY=wger-docker-supersecret-key-1234567890!@#$%^&*(-_)
+
+# Signing key used for JWT, use something different than the secret key
+SIGNING_KEY=wger-docker-secret-jwtkey-1234567890!@#$%^&*(-_=+)
+
+# The server's timezone, for a list of possible names:
+# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
+TIME_ZONE=Europe/Berlin
+TZ=Europe/Berlin
+
+#
+# If you get CSRF errors set your domain here
+# Consult the docs for more details:
+# https://wger.readthedocs.io/en/latest/production/docker.html#if-you-get-csrf-errors
+
+# CSRF_TRUSTED_ORIGINS=https://my.domain.example.com,https://118.999.881.119
+X_FORWARDED_PROTO_HEADER_SET=True
+
+#
+# Static files
+# If you are running the application behind a reverse proxy or changed the port, the
+# links for some images *might* break (specially in the mobile app). Also note that
+# the API response is cached and contains the host, if you change this setting, just run
+# docker compose exec web python3 manage.py warmup-exercise-api-cache --force
+# MEDIA_URL=https://your-domain.example.com/media/
+# STATIC_URL=https://your-domain.example.com/static/
+
+#
+# These settings usually don't need changing
+#
+
+#
+# Application
+WGER_INSTANCE=https://wger.de # Wger instance from which to sync exercises, images, etc.
+ALLOW_REGISTRATION=True
+ALLOW_GUEST_USERS=True
+ALLOW_UPLOAD_VIDEOS=True
+# Users won't be able to contribute to exercises if their account age is
+# lower than this amount in days.
+MIN_ACCOUNT_AGE_TO_TRUST=21
+# Synchronzing exercises
+# It is recommended to keep the local database synchronized with the wger
+# instance specified in WGER_INSTANCE since there are new added or translations
+# improved. For this you have different possibilities:
+# - Sync exercises on startup:
+# SYNC_EXERCISES_ON_STARTUP=True
+# DOWNLOAD_EXERCISE_IMAGES_ON_STARTUP=True
+# - Sync them in the background with celery. This will setup a job that will run
+#   once a week at a random time (this time is selected once when starting the server)
+SYNC_EXERCISES_CELERY=True
+SYNC_EXERCISE_IMAGES_CELERY=True
+SYNC_EXERCISE_VIDEOS_CELERY=True
+# - Manually trigger the process as needed:
+#   docker compose exec web python3 manage.py sync-exercises
+#   docker compose exec web python3 manage.py download-exercise-images
+#   docker compose exec web python3 manage.py download-exercise-videos
+
+# Synchronzing ingredients
+# You can also syncronize the ingredients from a remote wger instance, and have
+# basically the same options as for the ingredients:
+# - Sync them in the background with celery. This will setup a job that will run
+#   once a week at a random time (this time is selected once when starting the server)
+SYNC_INGREDIENTS_CELERY=True
+# - Manually trigger the process as needed:
+#   docker compose exec web python3 manage.py sync-ingredients
+
+# This option controls whether to download ingredients and their images from the
+# configured wger instance. When scanning products with the barcode scanner, it is
+# possible to dynamically fetch the ingredient if it is not known in the local database.
+# Possible values: WGER or None. Requires USE_CELERY to be set to true.
+DOWNLOAD_INGREDIENTS_FROM=WGER
+
+# Whether celery is configured and should be used. Can be left to true with
+# this setup but can be deactivated if you are using the app in some other way
+USE_CELERY=True
+
+#
+# Celery
+CELERY_BROKER=redis://cache:6379/2
+CELERY_BACKEND=redis://cache:6379/2
+CELERY_FLOWER_PASSWORD=adminadmin
+
+#
+# Database
+DJANGO_DB_ENGINE=django.db.backends.postgresql
+DJANGO_DB_DATABASE=wger
+DJANGO_DB_USER=wger
+DJANGO_DB_PASSWORD=wger
+DJANGO_DB_HOST=db
+DJANGO_DB_PORT=5432
+DJANGO_PERFORM_MIGRATIONS=True # Perform any new database migrations on startup
+
+#
+# Cache
+DJANGO_CACHE_BACKEND=django_redis.cache.RedisCache
+DJANGO_CACHE_LOCATION=redis://cache:6379/1
+DJANGO_CACHE_TIMEOUT=1296000 # in seconds - 60*60*24*15, 15 Days
+DJANGO_CACHE_CLIENT_CLASS=django_redis.client.DefaultClient
+# DJANGO_CACHE_CLIENT_PASSWORD=abcde... # Only if you changed the redis config
+# DJANGO_CACHE_CLIENT_SSL_KEYFILE=/path/to/ssl_keyfile # Path to an ssl private key.
+# DJANGO_CACHE_CLIENT_SSL_CERTFILE=/path/to/ssl_certfile # Path to an ssl certificate.
+# DJANGO_CACHE_CLIENT_SSL_CERT_REQS=<none | optional | required> # The string value for the verify_mode.
+# DJANGO_CACHE_CLIENT_SSL_CHECK_HOSTNAME=False # If set, match the hostname during the SSL handshake.
+
+#
+# Brute force login attacks
+# https://django-axes.readthedocs.io/en/latest/index.html
+AXES_ENABLED=True
+AXES_FAILURE_LIMIT=10
+AXES_COOLOFF_TIME=30 # in minutes
+AXES_HANDLER=axes.handlers.cache.AxesCacheHandler
+AXES_LOCKOUT_PARAMETERS=ip_address
+AXES_IPWARE_PROXY_COUNT=1
+AXES_IPWARE_META_PRECEDENCE_ORDER=HTTP_X_FORWARDED_FOR,REMOTE_ADDR
+#
+# Others
+DJANGO_DEBUG=False
+WGER_USE_GUNICORN=True
+EXERCISE_CACHE_TTL=18000 # in seconds - 5*60*60, 5 hours
+SITE_URL=http://localhost
+
+#
+# JWT auth
+ACCESS_TOKEN_LIFETIME=10 # The lifetime duration of the access token, in minutes
+REFRESH_TOKEN_LIFETIME=24 # The lifetime duration of the refresh token, in hours
+
+#
+# Auth Proxy Authentication
+#
+# Please read the documentation before enabling this feature:
+# https://wger.readthedocs.io/en/latest/administration/auth_proxy.html
+AUTH_PROXY_HEADER=''
+AUTH_PROXY_TRUSTED_IPS=''
+AUTH_PROXY_CREATE_UNKNOWN_USER=False
+AUTH_PROXY_USER_EMAIL_HEADER=''
+AUTH_PROXY_USER_NAME_HEADER=''
+
+#
+# Other possible settings
+
+# Log level: possible values: DEBUG, INFO, WARNING, ERROR, CRITICAL
+LOG_LEVEL_PYTHON=INFO
+
+# Recaptcha keys. You will need to create an account and register your domain
+# https://www.google.com/recaptcha/
+# RECAPTCHA_PUBLIC_KEY=abcde...
+# RECAPTCHA_PRIVATE_KEY=abcde...
+USE_RECAPTCHA=False
+
+# Clears the static files before copying the new ones (i.e. just calls collectstatic
+# with the appropriate flag: "manage.py collectstatic --no-input --clear"). Usually
+# This can be left like this but if you have problems and new static files are not
+# being copied correctly, clearing everything might help
+DJANGO_CLEAR_STATIC_FIRST=False
+
+#
+# Email
+# https://docs.djangoproject.com/en/4.1/topics/email/#smtp-backend
+# ENABLE_EMAIL=False
+# EMAIL_HOST=email.example.com
+# EMAIL_PORT=587
+# EMAIL_HOST_USER=username
+# EMAIL_HOST_PASSWORD=password
+# EMAIL_USE_TLS=True
+# EMAIL_USE_SSL=False
+FROM_EMAIL='wger Workout Manager <wger@example.com>'
+
+# Set your name and email to be notified if an internal server error occurs.
+# Needs a working email configuration
+# DJANGO_ADMINS=your name,email@example.com
+
+# Whether to compress css and js files into one (of each)
+# COMPRESS_ENABLED=True
+
+#
+# Django Rest Framework
+# The number of proxies in front of the application. In the default configuration
+# only nginx is. Change as approtriate if your setup differs. Also note that this
+# is only used when throttling API requests.
+NUMBER_OF_PROXIES=1
+
+#
+# Gunicorn
+#
+# Additional gunicorn options, change as needed.
+# For the number of workers to spawn, a usually recommended value is (2 x $num_cores) + 1
+# see:
+#   - https://docs.gunicorn.org/en/stable/settings.html
+#   - https://github.com/wger-project/wger/blob/master/extras/docker/production/entrypoint.sh#L95
+GUNICORN_CMD_ARGS="--workers 3 --threads 2 --worker-class gthread --proxy-protocol True --timeout 240"

docker-compose.yml

@@ -1,8 +1,8 @@
 services:
-  {{service}}-ts:
+  wger-ts:
     image: tailscale/tailscale:latest
-    hostname: {{service}}
-    container_name: {{service}}-ts
+    hostname: wger
+    container_name: wger-ts
     environment:
       - TS_AUTHKEY={{YOUR_TAILSCALE_AUTHKEY}}
       - TS_STATE_DIR=/var/lib/tailscale
@@ -15,7 +15,128 @@ services:
       - net_admin
       - sys_module
     restart: unless-stopped
-  {{service-compose}}
-    network_mode: service:{{service}}-ts
+  web:
+    image: wger/server:latest
+    depends_on:
+      db:
+        condition: service_healthy
+      cache:
+        condition: service_healthy
+    env_file:
+      - ./config/prod.env
+    volumes:
+      - static:/home/wger/static
+      - media:/home/wger/media
+    expose:
+      - 8000
+    healthcheck:
+      test: wget --no-verbose --tries=1 --spider http://localhost:8000
+      interval: 10s
+      timeout: 5s
+      start_period: 300s
+      retries: 5
+    restart: unless-stopped
+
+  nginx:
+    network_mode: service:wger-ts
     depends_on: 
-      - {{service}}-ts
+      - wger-ts
+      - web
+    image: nginx:stable
+    volumes:
+      - ./config/nginx.conf:/etc/nginx/conf.d/default.conf
+      - static:/wger/static:ro
+      - media:/wger/media:ro
+    # ports:
+      # - "80:80"
+    healthcheck:
+      test: service nginx status
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 30s
+    restart: unless-stopped
+
+  db:
+    image: postgres:15-alpine
+    environment:
+      - POSTGRES_USER=wger
+      - POSTGRES_PASSWORD=wger
+      - POSTGRES_DB=wger
+      - TZ=Europe/Berlin
+    volumes:
+      - postgres-data:/var/lib/postgresql/data/
+    expose:
+      - 5432
+    healthcheck:
+      test: pg_isready -U wger
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 30s
+    restart: unless-stopped
+
+  cache:
+    image: redis
+    expose:
+      - 6379
+    volumes:
+      - ./config/redis.conf:/usr/local/etc/redis/redis.conf
+      - redis-data:/data
+    command: [ "redis-server", "/usr/local/etc/redis/redis.conf"]
+    healthcheck:
+      test: redis-cli ping
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 30s
+    restart: unless-stopped
+
+    # You probably want to limit the memory usage of the cache, otherwise it might
+    # hog all the available memory. Remove or change according to your needs.
+    #mem_limit: 5gb
+
+  celery_worker:
+    image: wger/server:latest
+    command: /start-worker
+    env_file:
+      - ./config/prod.env
+    volumes:
+      - media:/home/wger/media
+    depends_on:
+      web:
+        condition: service_healthy
+    healthcheck:
+      test: celery -A wger inspect ping
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 30s
+
+  celery_beat:
+    image: wger/server:latest
+    command: /start-beat
+    volumes:
+      - celery-beat:/home/wger/beat/
+    env_file:
+      - ./config/prod.env
+    depends_on:
+      celery_worker:
+        condition: service_healthy
+
+volumes:
+  postgres-data:
+  celery-beat:
+  redis-data:
+
+  # Heads up, if you remove these volumes and use folders directly you need to chown them
+  # to the UID and GID 1000 even if it doesn't exist on your system. Also, they should
+  # be readable by everyone.
+  #
+  # https://wger.readthedocs.io/en/latest/production/docker.html#missing-static-files
+  media:
+  static:
+
+networks:
+  default:
+    name: wger_network

tailscale/config/serve.json

@@ -8,7 +8,7 @@
       "${TS_CERT_DOMAIN}:443": {
         "Handlers": {
           "/": {
-            "Proxy": "http://127.0.0.1:3000"
+            "Proxy": "http://127.0.0.1:80"
           }
         }
       }