Other setups
Community Contributed
The examples in this section were contributed by members of the community. This page especially contains some setups that might help you if you really want to go down a certain path but none of the examples are supported (as I simply am not able to give you support for them).
Apache + Traefik + Sub-Path
This guide was contributes by incaseoftrouble in Issue #266
My setup is docker-compose / traefik / apache / recipes. Swapping out apache for nginx should be straightforward.
Relevant parts:
docker-compose:
apache:
# omitting other config
volumes:
- ./recipes/static:/var/www/recipes/static:ro
- ./recipes/media:/var/www/recipes/media:ro
labels:
traefik.enable: true
traefik.http.routers.apache-recipes.rule: Host(`<host>`) && PathPrefix(`/<www path>`)
traefik.http.routers.apache-recipes.entrypoints: http
traefik.http.routers.apache-recipes.service: apache
traefik.http.services.apache.loadbalancer.server.port: 80
traefik.http.services.apache.loadbalancer.server.scheme: http
...
recipes:
volumes:
- ./recipes/static:/opt/recipes/staticfiles:rw
- ./recipes/media:/opt/recipes/mediafiles:rw
environment:
# all the other env
- SCRIPT_NAME=/<sub path>
- JS_REVERSE_SCRIPT_PREFIX=/<sub path>/
- STATIC_URL=/<www path>/static/
- MEDIA_URL=/<www path>/media/
labels:
traefik.enable: true
traefik.http.routers.recipes.rule: Host(`<host>`) && PathPrefix(`/<sub path>`)
traefik.http.routers.recipes.entrypoints: http
traefik.http.services.recipes.loadbalancer.server.port: 8080
traefik.http.services.recipes.loadbalancer.server.scheme: http
apache:
Alias /<www path>/static/ /var/www/recipes/static/
Alias /<www path>/media/ /var/www/recipes/media/
<Directory "/var/www/recipes/">
Require all granted
</Directory>
I used two paths <sub path> and <www path> for simplicity. In my case I have <sub path> = recipes and <www path> = serve/recipes. One could also change the matching rules of traefik to have everything under one path.
I left out the TLS config in this example for simplicity.
Docker + Apache + Sub-Path
The following could prove to be useful if you are not using Traefik, but instead run Apache as your reverse proxy to route all calls for a shared (sub)domain to a sub path, e.g. https://mydomain.tld/tandoor
As a side note, I am using Blocky + Consul + Registrator as a DNS solution.
The relevant Apache config:
<Location /tandoor>
# in case you want to restrict access to specific IP addresses:
Require local
Require forward-dns [myhomedomain.useyourdomain.com]
Require ip [anylocalorremoteipyouwanttowhitelist]
# The following assumes that tandoor.service.consul.local resolves to the IP address of the Docker container.
ProxyPass http://tandoor.service.consul.local:8080/tandoor
ProxyPassReverse http://tandoor.service.consul.local:8080/tandoor
RequestHeader add X-Script-Name /tandoor
RequestHeader set X-Forwarded-Proto "https"
ProxyPreserveHost On
</Location>
<Location /tandoor/static>
Require local
Require forward-dns [myhomedomain.useyourdomain.com]
Require ip [anylocalorremoteipyouwanttowhitelist]
ProxyPass http://tandoor.service.consul.local:8080/tandoor/tandoor/static
ProxyPassReverse http://tandoor.service.consul.local:8080/tandoor/static
RequestHeader add X-Script-Name /tandoor
RequestHeader set X-Forwarded-Proto "https"
ProxyPreserveHost On
</Location>
tandoor:
restart: always
container_name: tandoor
image: vabene1111/recipes
environment:
- SCRIPT_NAME=/tandoor
- JS_REVERSE_SCRIPT_PREFIX=/tandoor
- STATIC_URL=/tandoor/static/
- MEDIA_URL=/tandoor/media/
- GUNICORN_MEDIA=0
- SECRET_KEY=${YOUR_TANDOOR_SECRET_KEY}
- POSTGRES_HOST=postgres.service.consul.local
- POSTGRES_PORT=${POSTGRES_PORT}
- POSTGRES_USER=${YOUR_TANDOOR_POSTGRES_USER}
- POSTGRES_PASSWORD=${YOUR_TANDOOR_POSTGRES_PASSWORD}
- POSTGRES_DB=${YOUR_TANDOOR_POSTGRES_DB}
labels:
# The following is relevant only if you are using Registrator and Consul
- "SERVICE_NAME=tandoor"
volumes:
- ${YOUR_DOCKER_VOLUME_BASE_DIR}/tandoor/static:/opt/recipes/staticfiles:rw
# Do not make this a bind mount, see https://docs.tandoor.dev/install/docker/#volumes- vs-bind-mounts
- tandoor_nginx_config:/opt/recipes/nginx/conf.d
- ${YOUR_DOCKER_VOLUME_BASE_DIR}}/tandoor/media:/opt/recipes/mediafiles:rw
depends_on:
# You will have to set up postgres accordingly
- postgres
The relevant docker-compose.yml for Registrator, Consul, and Blocky, and Autoheal:
consul:
image: hashicorp/consul
container_name: consul
command: >
agent -server
-domain consul.local
-advertise=${YOUR_DOCKER_HOST_IP_ON_THE_LAN}
-client=0.0.0.0
-encrypt=${SOME_SECRET_KEY}
-datacenter=${YOUR_DC_NAME}
-bootstrap-expect=1
-ui
-log-level=info
environment:
- "CONSUL_LOCAL_CONFIG={\"skip_leave_on_interrupt\": true, \"dns_config\": { \"service_ttl\": { \"*\": \"0s\" } } }"
network_mode: "host"
restart: always
registrator:
image: gliderlabs/registrator:latest
container_name: registrator
extra_hosts:
- "host.docker.internal:host-gateway"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
command: >
-internal
-cleanup=true
-deregister="always"
-resync=60
consul://host.docker.internal:8500
restart: always
blocky:
image: spx01/blocky
container_name: blocky
restart: unless-stopped
healthcheck:
interval: 30s
timeout: 5s
start_period: 1m
labels:
# The following is only relevant if you use autoheal
autoheal: true
# Optional the instance hostname for logging purpose
hostname: blocky
extra_hosts:
- "host.docker.internal:host-gateway"
ports:
- "1153:53/tcp"
- "1153:53/udp"
- 4000:4000
environment:
- TZ=YOUR_TIMEZONE # Optional to synchronize the log timestamp with host
volumes:
# Optional to synchronize the log timestamp with host
- /etc/localtime:/etc/localtime:ro
# config file
- ${YOUR_DOCKER_VOLUME_BASE_DIR}/blocky/config.yml:/app/config.yml
networks:
# in case you want to bind Blocky to an IP address
your-docker-network-name:
ipv4_address: 'some-ip-address-in-the-docker-network-subnet'
autoheal:
image: willfarrell/autoheal
volumes:
- '/var/run/docker.sock:/var/run/docker.sock'
environment:
- AUTOHEAL_CONTAINER_LABEL=autoheal
restart: always
container_name: autoheal
conditional:
fallbackUpstream: false
mapping:
consul.local: tcp+udp:host.docker.internal:8600
WSL
If you want to install Tandoor on the Windows Subsystem for Linux you can find a detailed post here: https://github.com/TandoorRecipes/recipes/issues/1733.