dockerfiles

Dockerfile

+# syntax=docker/dockerfile:3
+
+# https://sourcery.ai/blog/python-docker/
+# Thanks to Brendan Maginnis!
+
+FROM python:3.10 as base
+
+# Setup env
+ENV LANG C.UTF-8
+ENV LC_ALL C.UTF-8
+ENV PYTHONDONTWRITEBYTECODE 1
+ENV PYTHONFAULTHANDLER 1
+ENV DEBIAN_FRONTEND noninteractive
+
+FROM base AS python-deps
+
+# Install pipenv and compilation dependencies
+RUN pip install -U virtualenv pipenv
+RUN apt-get update
+RUN apt-get install -yq --no-install-recommends gcc
+
+# Install python dependencies in /.venv
+COPY Pipfile .
+COPY Pipfile.lock .
+RUN PIPENV_VENV_IN_PROJECT=1 pipenv install --deploy
+RUN PIPENV_VENV_IN_PROJECT=1 pipenv install gunicorn
+
+FROM base AS runtime
+
+# Install Postgres
+RUN apt-get update
+RUN apt-get install -yq --no-install-recommends postgresql
+
+# Copy virtual env from python-deps stage
+COPY --from=python-deps /.venv /.venv
+ENV PATH="/.venv/bin:$PATH"
+
+# Create and switch to a new user
+RUN useradd --create-home appuser
+WORKDIR /home/appuser
+USER appuser
+
+# Install application into container
+COPY . .
+
+# Expose API port
+EXPOSE 5009

Dockerfile.nginx

+FROM nginx:1.23
+EXPOSE 8080
+ADD nginx.conf /etc/nginx/conf.d/measurer.conf

Pipfile

@@ -9,6 +9,7 @@ sqlalchemy = "*"
 cerberus = "*"
 argon2-cffi = "*"
 validators = "*"
+psycopg2-binary = "*"
 
 [dev-packages]
 

docker-compose.yml

+version: "3"
+
+services:
+  database:
+    image: "postgres:latest"
+
+    environment:
+      POSTGRES_DB: measurer
+      POSTGRES_PASSWORD: measurer
+      POSTGRES_USER: measurer
+
+    expose:
+      - "5432"
+
+    restart: always
+  measurer:
+    build: "."
+
+    environment:
+      FLASK_APP: measurer
+      FLASK_ENV: production
+      DATABASE_URL: postgresql://measurer:measurer@database/measurer
+
+    depends_on:
+      - database
+
+    ports:
+      - "5009:5009"
+
+    restart: always
+
+    command: ["/bin/bash", "./run.sh"]

measurer/utils/__init__.py

@@ -35,7 +35,9 @@ def get_ip_hash() -> str:
 
 	return base64.b64encode(
 		argon2.low_level.hash_secret_raw(
-			flask.request.remote_addr.encode("utf-8"),
+			# Support reverse proxy
+			flask.request.headers.get("X-Forwarded-For", flask.request.remote_addr),
+			
 			salt=flask.current_app.config["IDENTIFIER_HASH_PEPPER"].encode("utf-8"),
 			time_cost=flask.current_app.config["IDENTIFIER_HASH_TIME_COST"],
 			memory_cost=flask.current_app.config["IDENTIFIER_HASH_MEMORY_COST"],

nginx.conf

+upstream measurer {
+	ip_hash;
+	server measurer:5009
+}
+
+server {
+	server_name measurer;
+	listen 8080;
+	
+	client_max_body_size 10M;
+	
+	proxy_connect_timeout 60;
+	proxy_send_timeout 60;
+	proxy_read_timeout 60;
+	send_timeout 60;
+	
+	location / {
+		proxy_pass http://measurer/;
+		proxy_set_header Host $host;
+		proxy_set_header X-Forwarded-Proto https;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	}
+}

run.sh

+#!/bin/bash
+
+##
+# Reflects database models to the postgres database if this script is run for
+# the first time and runs the app in a Gunicorn server, optimized for a 4-core
+# system. (4 cores * 2 + 1)
+#
+# Gunicorn documentation: https://docs.gunicorn.org/en/latest/index.html
+# Flask documentation, more options and information: https://flask.palletsprojects.com/en/2.0.x/patterns/appfactories/
+##
+
+# https://www.geeksforgeeks.org/bash-scripting-how-to-check-if-file-exists/
+
+# Check if this script has already been run. If not, reflect database models
+# and save that information for next time by creating an ``already_run.lock``
+# file.
+if [ ! -f already_run.lock ];
+then
+	FLASK_APP=measurer python -m flask reflect &&
+	touch already_run.lock
+fi
+
+# https://stackoverflow.com/a/13864829
+# Thanks to Lionel and BSMP!
+
+# If unset, do ``INFO`` by default
+if [[ -z "${LOGGING_LEVEL+set}" ]]; then
+	export LOGGING_LEVEL="INFO";
+fi
+
+# Run the Gunicorn server in another
+python -m gunicorn -w 9 -b :5009 measurer:"create_app()" &
+
+# https://docs.docker.com/config/containers/multi-service_container/
+
+wait -n
+
+# Exit with status of process that exited first
+exit $?