Prepare to migrate production server

docker-compose-prod.yml

@@ -7,6 +7,10 @@ volumes:
     name: "portal-static"
   django_media_volume:
     name: "portal-media"
+  cerbot_www_volume:
+    name: "portal-certbot-serve"
+  cerbot_conf_volume:
+    name: "portal-certbot-config"
 
 networks:
   default:
@@ -69,6 +73,14 @@ services:
       - postgres_volume:/var/lib/postgresql/data
 
 
+  certbot:
+    container_name: portal-certbot
+    image: certbot/certbot:latest
+    volumes:
+      - cerbot_www_volume:/var/www/certbot/:rw
+      - cerbot_conf_volume:/etc/letsencrypt/:rw
+
+
   nginx:
     container_name: portal-router
     restart: always
@@ -77,11 +89,13 @@ services:
       args:
         BUILD_TYPE: production
     ports:
-      - 8000:8000
+      - 80:80
-      - 3000:3000
+      - 443:443
     depends_on:
       - backend
     command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
     volumes:
       - django_static_volume:/var/www/static
       - django_media_volume:/var/www/media
+      - cerbot_www_volume:/var/www/certbot/:ro
+      - cerbot_conf_volume:/etc/nginx/ssl/:ro

nginx/production.conf

@@ -7,10 +7,28 @@ upstream innerreact {
 }
 
 server {
-    listen 8000 ssl;
+    listen 80;
-    ssl_certificate /etc/ssl/private/front-cert.pem;
+    listen [::]:80;
-    ssl_certificate_key /etc/ssl/private/front-key.pem;
+
-    server_name dev.concept.ru www.dev.concept.ru portal.acconcept.ru www.portal.acconcept.ru api.portal.acconcept.ru www.api.portal.acconcept.ru;
+    server_name cportal.acconcept.ru api.cportal.acconcept.ru;
+    server_tokens off;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://example.org$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    ssl_certificate /etc/nginx/ssl/live/api.cportal.acconcept.ru/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/api.cportal.acconcept.ru/privkey.pem;
+    server_name api.cportal.acconcept.ru www.api.cportal.acconcept.ru;
 
     location / {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -27,10 +45,12 @@ server {
 }
 
 server {
-    listen 3000 ssl;
+    listen 443 ssl http2;
-    ssl_certificate /etc/ssl/private/front-cert.pem;
+    listen [::]:443 ssl http2;
-    ssl_certificate_key /etc/ssl/private/front-key.pem;
+
-    server_name dev.concept.ru www.dev.concept.ru portal.acconcept.ru www.portal.acconcept.ru;
+    ssl_certificate /etc/nginx/ssl/live/cportal.acconcept.ru/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/cportal.acconcept.ru/privkey.pem;
+    server_name cportal.acconcept.ru www.cportal.acconcept.ru;
     
     location / {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

rsconcept/backend/.env.prod

@@ -1,9 +1,9 @@
 # Application settings
 
 # SECRET_KEY=
-ALLOWED_HOSTS=portal.acconcept.ru;dev.concept.ru
+ALLOWED_HOSTS=cportal.acconcept.ru
-CSRF_TRUSTED_ORIGINS=https://dev.concept.ru:3000;https://dev.concept.ru:8000;https://portal.acconcept.ru;https://portal.acconcept.ru:8081;https://portal.acconcept.ru:8082
+CSRF_TRUSTED_ORIGINS=https://cportal.acconcept.ru;https://api.cportal.acconcept.ru
-CORS_ALLOWED_ORIGINS=https://dev.concept.ru:3000;https://portal.acconcept.ru;https://portal.acconcept.ru:8081
+CORS_ALLOWED_ORIGINS=https://cportal.acconcept.ru
 
 
 # File locations

rsconcept/frontend/env/.env.production

@@ -1,5 +1,5 @@
 # Frontend public settings: Production
 
-VITE_PORTAL_BACKEND=https://portal.acconcept.ru:8082
+VITE_PORTAL_BACKEND=https://cportal.acconcept.ru
-VITE_PORTAL_FRONT_PORT=3000
+VITE_PORTAL_FRONT_PORT=443
 VITE_PORTAL_FRONT_HTTPS=true

rsconcept/frontend/src/utils/constants.ts

@@ -21,7 +21,7 @@ export const urls = {
 
   gitrepo: 'https://github.com/IRBorisov/ConceptPortal',
   mailportal: 'mailto:portal@acconcept.ru',
-  restapi: 'https://portal.acconcept.ru:8082/docs/'
+  restapi: 'https://api.cportal.acconcept.ru/docs/'
 };
 
 export const resources = {