diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 81dcb4a0ea..27a7406107 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -11,15 +11,19 @@ jobs: steps: - name: Checkout Repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - - name: Create Image Tarball + - name: Create Image Tarball for explorer-frontend run: | - docker build --build-arg GIT_COMMIT_SHA=$(git rev-parse --short HEAD) --build-arg GIT_TAG=$(git describe --tags --abbrev=0) -t explorer-frontend . - docker save -o explorer-frontend.tar explorer-frontend mkdir -p artifacts - mv explorer-frontend.tar artifacts/ + docker build --build-arg GIT_COMMIT_SHA=$(git rev-parse --short HEAD) --build-arg GIT_TAG=$(git describe --tags --abbrev=0) --tag explorer-frontend . + docker save --output artifacts/explorer-frontend.tar explorer-frontend + - name: Create Image Tarball for nginx + run: | + docker build --tag nginx-explorer docker/nginx + docker save --output artifacts/nginx-explorer.tar nginx-explorer + - name: Set up SSH run: | mkdir -p ~/.ssh/ @@ -34,7 +38,6 @@ jobs: scp -r artifacts/* ${{ secrets.HOST_USER}}@${{ secrets.EXPLORER_HOST }}:/blockscout/ scp -r deploy/* ${{ secrets.HOST_USER}}@${{ secrets.EXPLORER_HOST }}:/blockscout/ - - name: SSH into Server and Deploy uses: appleboy/ssh-action@v1.0.0 with: @@ -43,7 +46,8 @@ jobs: key: ${{ secrets.SSH_PRIVATE_KEY }} script: | cd /blockscout - docker load -i explorer-frontend.tar + docker load --input explorer-frontend.tar + docker load --input nginx-explorer.tar docker compose down docker compose pull - docker compose up -d --build --remove-orphans + docker compose up --detach --build --remove-orphans diff --git a/deploy/services/certbot.yml b/deploy/services/certbot.yml index f6ce26edff..fb030f5e0a 100644 --- a/deploy/services/certbot.yml +++ b/deploy/services/certbot.yml @@ -3,6 +3,7 @@ version: '3.9' services: certbot: image: certbot/certbot + restart: always volumes: - /etc/letsencrypt:/etc/letsencrypt - ./certbot/www:/var/www/certbot diff --git a/deploy/services/nginx.yml b/deploy/services/nginx.yml index 298f121716..391afb78b5 100644 --- a/deploy/services/nginx.yml +++ b/deploy/services/nginx.yml @@ -2,8 +2,10 @@ version: '3.9' services: proxy: - image: nginx + image: nginx-explorer + pull_policy: never container_name: proxy + restart: unless-stopped extra_hosts: - 'host.docker.internal:host-gateway' volumes: @@ -17,3 +19,4 @@ services: - 443:443 - 8080:8080 - 8081:8081 + diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile new file mode 100644 index 0000000000..7856aedeb0 --- /dev/null +++ b/docker/nginx/Dockerfile @@ -0,0 +1,11 @@ +FROM nginx:stable-alpine + +COPY check_ssl.sh / + +ENTRYPOINT ["/bin/sh", "-c"] + +EXPOSE 80 + +STOPSIGNAL SIGQUIT + +CMD ["/check_ssl.sh & exec /docker-entrypoint.sh nginx -g 'daemon off;'"] \ No newline at end of file diff --git a/docker/nginx/check_ssl.sh b/docker/nginx/check_ssl.sh new file mode 100755 index 0000000000..41f50889c4 --- /dev/null +++ b/docker/nginx/check_ssl.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +CERT_DIR="/etc/letsencrypt/live/blockscout.atleta.network" +FULLCHAIN_PEM="$CERT_DIR/fullchain.pem" +PRIVKEY_PEM="$CERT_DIR/privkey.pem" +MD5SUM_FILE="/tmp/md5sum" + +while true; do + sleep 3600 + if [ "$(md5sum "$FULLCHAIN_PEM" "$PRIVKEY_PEM" | md5sum)" != "$(cat "$MD5SUM_FILE" || echo '')" ]; then + nginx -s reload + md5sum "$FULLCHAIN_PEM" "$PRIVKEY_PEM" | md5sum > "$MD5SUM_FILE" + fi +done