Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit 2a04f2c

Browse files
big changes, cf description of this commit
- add common parameters for containers, mem limits, no swap - create docker network inside this docker compose file - usage of docker secrets, delete .env file - add varnish with its configuration file - add sql_exporter container - update ghost configuration, bind volume instead of docker volume - update traefik configuration for varnish and QUIC - update readme with misc informations
1 parent 5cb7e1b commit 2a04f2c

File tree

10 files changed

+241
-59
lines changed

10 files changed

+241
-59
lines changed

‎traefik-ghost-sql/.env

Lines changed: 0 additions & 8 deletions
This file was deleted.

‎traefik-ghost-sql/.sql_root_password

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
sqlrootpassword

‎traefik-ghost-sql/.sql_user_password

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
sqlghostuserpassword

‎traefik-ghost-sql/README.md

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ A fast and prod oriented stack to have your own and easy hackable CMS with Ghost
77

88
## :factory: Requirements
99

10-
* linux host (tested successfully on Ubuntu 20.04 && 22.04, Debian 10 & 11)
10+
* linux host (tested successfully on Ubuntu 20.04 && 22.04, Debian 11 & 12)
1111
* docker >= 23.x
1212
* docker compose (plugin) >= 2.17.x
1313

@@ -29,6 +29,16 @@ After that when you're all set, press the red button to initiate :fire: !
2929
docker compose pull && docker compose up -d && docker compose logs -f
3030
```
3131

32+
## Informations about this stack
33+
34+
This is a production-ready stack for Ghost CMS. It's using Traefik and a docker proxy container. Traefik is used to be the reverse-proxy, in front of Ghost. Usage of docker secrets, bind mounts and docker volumes...
35+
36+
A SQL server is used (MySQL 8), but with a different flavour. To be robust and more secure, I'm using RapidFort container, which is a base of MySQL 8 from Bitnami (VMware). There's also an SQL exporter container for prometheus.
37+
38+
Ghost version is stock and works perfectly.
39+
40+
Varnish is used to cache static files nor the preview and admin pages. Be aware you can have some glitchs when updating your posts. Purge your navigator cache before.
41+
3242
## :star: Author
3343

3444
Made by Julien HOMMET :fr: for [my personnal website](https://j.hommet.net)
@@ -45,4 +55,3 @@ Pull requests are welcome. For major changes, please open an issue first to disc
4555
[CC BY-NC-SA](https://creativecommons.org/licenses/by-nc-sa/4.0)
4656

4757
## :anchor: Misc
48-
Lines changed: 31 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,27 +1,39 @@
11
{
2-
"url": "https://ghost.yourhome.local",
3-
"server": {
4-
"port": 2368,
5-
"host": "0.0.0.0"
6-
},
7-
"database": {
2+
"name": "My Ghost blog",
3+
"url": "https://www.your.url",
4+
"database": {
85
"client": "mysql",
96
"connection": {
10-
"host": "sqlghost",
11-
"user": "ghost",
12-
"port": "3306",
13-
"password": "sqlghostuserpassword",
14-
"database": "ghost"
15-
}
16-
},
17-
"privacy": {
7+
"host": "ghostdb",
8+
"user": "ghostuser",
9+
"port": "3306",
10+
"password": "sqluserpassword",
11+
"database": "ghostappdb"
12+
}
13+
},
14+
"server": {
15+
"port": 2368,
16+
"host": "0.0.0.0"
17+
},
18+
"privacy": {
1819
"useUpdateCheck": false,
1920
"useGravatar": false,
20-
"useRpcPing": false,
21+
"useRpcPing": true,
2122
"useStructuredData": true
22-
},
23-
"process": "systemd",
24-
"paths": {
23+
},
24+
"referrerPolicy": "strict-origin-when-cross-origin",
25+
"logging": {
26+
"path": "/var/lib/ghost/logs/",
27+
"useLocalTime": true,
28+
"level": "info",
29+
"rotation": {
30+
"enabled": true,
31+
"count": 15,
32+
"period": "1d"
33+
},
34+
"transports": ["stdout", "file"]
35+
},
36+
"paths": {
2537
"contentPath": "/var/lib/ghost/content"
26-
}
38+
}
2739
}

‎traefik-ghost-sql/conf/traefik.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,9 @@ providers:
2525
directory: "/etc/traefik/dynamic"
2626
watch: true
2727

28+
experimental:
29+
http3: true
30+
2831
entryPoints:
2932
web:
3033
address: ":80"
@@ -35,6 +38,8 @@ entryPoints:
3538
scheme: https
3639
websecure:
3740
address: ":443"
41+
http3:
42+
advertisedPort: 443
3843
metrics:
3944
address: ":9090"
4045
ping:

‎traefik-ghost-sql/conf/traefikdynamic/routers.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,8 @@ http:
1717
middlewares:
1818
- security
1919
- compression
20-
service: sc-ghost
20+
#service: sc-ghost # Fallback if needed. Maybe we need to loadbalance, if varnish is too long...
21+
service: sc-varnishGhost
2122
rule: Host (`ghost.yourhome.local`)
2223
tls:
2324
certResolver: letsencrypt

‎traefik-ghost-sql/conf/traefikdynamic/services.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,3 +5,8 @@ http:
55
loadBalancer:
66
servers:
77
- url: "http://ghost:2368"
8+
9+
sc-varnishGhost:
10+
loadBalancer:
11+
servers:
12+
- url: "http://varnish:80"
Lines changed: 82 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,82 @@
1+
vcl 4.1;
2+
3+
import std;
4+
5+
backend default {
6+
.host = "ghostapp";
7+
.port = "2368";
8+
.max_connections = 1000;
9+
}
10+
11+
sub vcl_recv {
12+
# Do not cache the admin and preview pages
13+
if (
14+
req.url ~ "^/p/" ||
15+
req.url ~ "^/ghost/"
16+
) {
17+
return (pass);
18+
}
19+
20+
# Non-RFC2616 or CONNECT which is weird.
21+
if (
22+
req.method != "GET" &&
23+
req.method != "HEAD" &&
24+
req.method != "PUT" &&
25+
req.method != "POST" &&
26+
req.method != "TRACE" &&
27+
req.method != "OPTIONS" &&
28+
req.method != "DELETE"
29+
) {
30+
return (pipe);
31+
}
32+
33+
# Strip hash, server doesn't need it.
34+
if (req.url ~ "\#") {
35+
set req.url = regsub(req.url, "\#.*$", "");
36+
}
37+
38+
# Remove all cookies for static files & deliver directly
39+
if (req.url ~ "^[^?]*\.(7z|avi|bmp|bz2|css|csv|doc|docx|eot|flac|flv|gif|gz|ico|jpeg|jpg|js|less|mka|mkv|mov|mp3|mp4|mpeg|mpg|odt|ogg|ogm|opus|otf|pdf|png|ppt|pptx|rar|rtf|svg|svgz|swf|tar|tbz|tgz|ttf|txt|txz|wav|webm|webp|woff|woff2|xls|xlsx|xml|xz|zip)(\?.*)?$") {
40+
unset req.http.Cookie;
41+
return (hash);
42+
}
43+
44+
return (hash);
45+
}
46+
47+
sub vcl_backend_response {
48+
# Don't cache 50x responses
49+
if (
50+
beresp.status == 500 ||
51+
beresp.status == 502 ||
52+
beresp.status == 503 ||
53+
beresp.status == 504
54+
) {
55+
return (abandon);
56+
}
57+
58+
if(
59+
bereq.url ~ "^/p/" ||
60+
bereq.url ~ "^/ghost/"
61+
) {
62+
set beresp.uncacheable = true;
63+
return (deliver);
64+
}
65+
66+
# Don't cache backend response to posted requests
67+
if (bereq.method == "POST") {
68+
set beresp.uncacheable = true;
69+
return (deliver);
70+
}
71+
72+
# Allow stale content, in case the backend goes down
73+
set beresp.grace = 12h;
74+
75+
# This is how long Varnish will keep cached content
76+
set beresp.ttl = 180s;
77+
78+
if (beresp.http.content-type ~ "text/plain|text/css|application/json|application/x-javascript|text/xml|application/xml|application/xml+rss|text/javascript") {
79+
set beresp.do_gzip = true;
80+
set beresp.http.cache-control = "public, max-age=1209600";
81+
}
82+
}

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /