Deployment simon

docker-compose.yml

@@ -6,25 +6,57 @@ services:
     build: ./nginx
     restart: always
     ports:
-      - 80:80
-    deploy:
-      resources:
-        limits:
-          cpus: '0.2'
-          memory: '0.1g'
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./data/certbot/www:/var/www/certbot
+      - ./data/certbot/conf:/etc/letsencrypt
+
+  certbot:
+    image: certbot/certbot
+    container_name: certbot
+    volumes:
+      - ./data/certbot/conf:/etc/letsencrypt
+      - ./data/certbot/www:/var/www/certbot
+# # Use the below command to create an initial certificate
+# #     entrypoint: ["/bin/sh", "-c"]
+# #     command: ["certbot certonly --webroot --webroot-path=/var/www/certbot --email ENTER_EMAIL_HERE --agree-tos --no-eff-em
+# # ail -d ligify.groov.bio --non-interactive"]
+    entrypoint: ["/bin/sh", "-c", "trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;"]
+
 
   ligify:
     container_name: ligify
-    build:
-      ./streamlit
+    build: ./streamlit
     restart: always
     entrypoint: ["streamlit", "run", "entry.py"]
     ports:
       - 8501:8501
     depends_on:
       - nginx
-    deploy:
-      resources:
-        limits:
-          cpus: '1.8'
-          memory: '0.9g'
+      - redis
+      - celery_worker
+
+  redis:
+    image: redis:5.0.4
+    container_name: redis
+    restart: always
+    ports:
+      - "6379:6379"
+    volumes:
+      - redis-data:/data
+
+  celery_worker:
+    container_name: celery_worker
+    build:
+      context: ./streamlit
+      dockerfile: Dockerfile.celery
+    command: celery -A celery_worker worker --loglevel=info --concurrency=1
+    depends_on:
+      - redis
+    environment:
+      - CELERY_BROKER_URL=redis://redis:6379/0
+      - CELERY_RESULT_BACKEND=redis://redis:6379/0
+
+volumes:
+  redis-data:

nginx/Dockerfile

@@ -1,6 +1,17 @@
 FROM nginx:latest
 
+# Set environment variable to disable IPv6 listener script
+ENV NGINX_DISABLE_IPV6=true
+
+# Remove the default Nginx configuration file
 RUN rm /etc/nginx/conf.d/default.conf
 
-COPY default.conf /etc/nginx/conf.d
+# Copy custom Nginx configurations
+COPY http.conf /etc/nginx/conf.d/http.conf
+COPY https.conf /etc/nginx/conf.d/https.conf
+
+# Create a directory for Certbot webroot
+RUN mkdir -p /var/www/certbot
 
+# Expose both the HTTP and HTTPS ports
+EXPOSE 80 443

nginx/http.conf

@@ -0,0 +1,14 @@
+server {
+    listen 80;
+    server_name ligify.groov.bio;  # Change to your actual domain
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+        try_files $uri =404;
+        allow all;
+    }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}

nginx/default.conf → nginx/https.conf

@@ -1,20 +1,34 @@
 server {
+    listen 443 ssl;
+    server_name ligify.groov.bio;  # Use your actual server name or domain
 
-    listen 80;
-    server_name ligify_server;
+    ssl_certificate /etc/letsencrypt/live/ligify.groov.bio/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/ligify.groov.bio/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
     location / {
         proxy_pass http://ligify:8501/;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
     }
+
     location ^~ /static {
         proxy_pass http://ligify:8501/static/;
     }
+
     location ^~ /healthz {
         proxy_pass http://ligify:8501/healthz;
     }
+
     location ^~ /vendor {
         proxy_pass http://ligify:8501/vendor;
     }
+
     location /stream {
         proxy_pass http://ligify:8501/stream;
         proxy_http_version 1.1;
@@ -24,6 +38,7 @@ server {
         proxy_set_header Connection "upgrade";
         proxy_read_timeout 86400;
     }
+
     location ^~ /_stcore {
         proxy_pass http://ligify:8501;
         proxy_set_header Upgrade $http_upgrade;
@@ -32,4 +47,4 @@ server {
         proxy_set_header Host $host;
         proxy_cache_bypass $http_upgrade;
     }
-}
+}

streamlit/.streamlit/config.toml

@@ -0,0 +1,186 @@
+# Below are all the sections and options you can have in ~/.streamlit/config.toml.
+
+[global]
+
+# By default, Streamlit checks if the Python watchdog module is available and, if not, prints a warning asking for you to install it. The watchdog module is not required, but highly recommended. It improves Streamlit's ability to detect changes to files in your filesystem.
+# If you'd like to turn off this warning, set this to True.
+# Default: false
+disableWatchdogWarning = true
+
+# If True, will show a warning when you run a Streamlit-enabled script via "python my_script.py".
+# Default: true
+showWarningOnDirectExecution = false
+
+
+[logger]
+
+# Level of logging: 'error', 'warning', 'info', or 'debug'.
+# Default: 'info'
+level = "info"
+
+# String format for logging messages. If logger.datetimeFormat is set, logger messages will default to `%(asctime)s.%(msecs)03d %(message)s`. See [Python's documentation](https://docs.python.org/2.6/library/logging.html#formatter-objects) for available attributes.
+# Default: None
+messageFormat = "%(asctime)s %(message)s"
+
+
+[client]
+
+# Whether to enable st.cache.
+# Default: true
+caching = true
+
+# If false, makes your Streamlit script not draw to a Streamlit app.
+# Default: true
+displayEnabled = true
+
+# Controls whether uncaught app exceptions are displayed in the browser. By default, this is set to True and Streamlit displays app exceptions and associated tracebacks in the browser.
+# If set to False, an exception will result in a generic message being shown in the browser, and exceptions and tracebacks will be printed to the console only.
+# Default: true
+showErrorDetails = false
+
+
+[runner]
+
+# Allows you to type a variable or string by itself in a single line of Python code to write it to the app.
+# Default: true
+magicEnabled = true
+
+# Install a Python tracer to allow you to stop or pause your script at any point and introspect it. As a side-effect, this slows down your script's execution.
+# Default: false
+installTracer = false
+
+# Sets the MPLBACKEND environment variable to Agg inside Streamlit to prevent Python crashing.
+# Default: true
+fixMatplotlib = true
+
+[theme]
+
+base="light"
+
+# Primary accent for interactive elements
+primaryColor = '#5c84fa'
+
+[server]
+
+# List of folders that should not be watched for changes. This impacts both "Run on Save" and @st.cache.
+# Relative paths will be taken as relative to the current working directory.
+# Example: ['/home/user1/env', 'relative/path/to/folder']
+# Default: []
+folderWatchBlacklist = []
+
+# Change the type of file watcher used by Streamlit, or turn it off completely.
+# Allowed values: * "auto" : Streamlit will attempt to use the watchdog module, and falls back to polling if watchdog is not available. * "watchdog" : Force Streamlit to use the watchdog module. * "poll" : Force Streamlit to always use polling. * "none" : Streamlit will not watch files.
+# Default: "auto"
+fileWatcherType = "auto"
+
+# Symmetric key used to produce signed cookies. If deploying on multiple replicas, this should be set to the same value across all replicas to ensure they all share the same secret.
+# Default: randomly generated secret key.
+cookieSecret = "e95070f37458bc01a700421e511d14f7452df3a1a3f428d434fd127517277629"
+
+# If false, will attempt to open a browser window on start.
+# Default: false unless (1) we are on a Linux box where DISPLAY is unset, or (2) server.liveSave is set.
+headless = true
+
+# Automatically rerun script when the file is modified on disk.
+# Default: false
+runOnSave = false
+
+# The address where the server will listen for client and browser connections. Use this if you want to bind the server to a specific address. If set, the server will only be accessible from this address, and not from any aliases (like localhost).
+# Default: (unset)
+#address =
+
+# The port where the server will listen for browser connections.
+# Default: 8501
+port = 8501
+
+# The base path for the URL where Streamlit should be served from.
+# Default: ""
+baseUrlPath = ""
+
+# Enables support for Cross-Origin Request Sharing (CORS) protection, for added security.
+# Due to conflicts between CORS and XSRF, if `server.enableXsrfProtection` is on and `server.enableCORS` is off at the same time, we will prioritize `server.enableXsrfProtection`.
+# Default: true
+enableCORS = true
+
+# Enables support for Cross-Site Request Forgery (XSRF) protection, for added security.
+# Due to conflicts between CORS and XSRF, if `server.enableXsrfProtection` is on and `server.enableCORS` is off at the same time, we will prioritize `server.enableXsrfProtection`.
+# Default: true
+enableXsrfProtection = true
+
+# Max size, in megabytes, for files uploaded with the file_uploader.
+# Default: 200
+maxUploadSize = 1
+
+# Enables support for websocket compression.
+# Default: true
+enableWebsocketCompression = true
+
+
+[browser]
+
+# Internet address where users should point their browsers in order to connect to the app. Can be IP address or DNS name and path.
+# This is used to: - Set the correct URL for CORS and XSRF protection purposes. - Show the URL on the terminal - Open the browser - Tell the browser where to connect to the server when in liveSave mode.
+# Default: 'localhost'
+serverAddress = "localhost"
+
+# Whether to send usage statistics to Streamlit.
+# Default: true
+gatherUsageStats = true
+
+# Port where users should point their browsers in order to connect to the app.
+# This is used to: - Set the correct URL for CORS and XSRF protection purposes. - Show the URL on the terminal - Open the browser - Tell the browser where to connect to the server when in liveSave mode.
+# Default: whatever value is set in server.port.
+serverPort = 8501
+
+
+[mapbox]
+
+# Configure Streamlit to use a custom Mapbox token for elements like st.pydeck_chart and st.map. To get a token for yourself, create an account at https://mapbox.com. It's free (for moderate usage levels)!
+# Default: ""
+token = ""
+
+
+[deprecation]
+
+# Set to false to disable the deprecation warning for the file uploader encoding.
+# Default: "True"
+showfileUploaderEncoding = "True"
+
+# Set to false to disable the deprecation warning for using the global pyplot instance.
+# Default: "True"
+showPyplotGlobalUse = "True"
+
+
+[s3]
+
+# Name of the AWS S3 bucket to save apps.
+# Default: (unset)
+#bucket =
+
+# URL root for external view of Streamlit apps.
+# Default: (unset)
+#url =
+
+# Access key to write to the S3 bucket.
+# Leave unset if you want to use an AWS profile.
+# Default: (unset)
+#accessKeyId =
+
+# Secret access key to write to the S3 bucket.
+# Leave unset if you want to use an AWS profile.
+# Default: (unset)
+#secretAccessKey =
+
+# The "subdirectory" within the S3 bucket where to save apps.
+# S3 calls paths "keys" which is why the keyPrefix is like a subdirectory. Use "" to mean the root directory.
+# Default: ""
+keyPrefix = ""
+
+# AWS region where the bucket is located, e.g. "us-west-2".
+# Default: (unset)
+#region =
+
+# AWS credentials profile to use.
+# Leave unset to use your default profile.
+# Default: (unset)
+#profile =

streamlit/Dockerfile

@@ -1,10 +1,19 @@
+# streamlit/Dockerfile
 FROM python:3.10
 
+# Create and set the working directory
 RUN mkdir /app
-
 WORKDIR /app
 
+# Copy requirements and install dependencies
 COPY requirements.txt .
-
 RUN pip install -r requirements.txt
-COPY . .
+
+# Copy the entire app
+COPY . .
+
+# Set PYTHONPATH to include both /app and /app/ligify
+ENV PYTHONPATH=/app:/app/ligify
+
+# Expose the default Streamlit port
+EXPOSE 8501

streamlit/Dockerfile.celery

@@ -0,0 +1,16 @@
+# streamlit/Dockerfile.celery
+FROM python:3.10
+
+# Create and set the working directory
+RUN mkdir /app
+WORKDIR /app
+
+# Copy requirements and install dependencies
+COPY requirements.txt .
+RUN pip install -r requirements.txt
+
+# Copy the entire app
+COPY . .
+
+# Set PYTHONPATH to include both /app and /app/ligify
+ENV PYTHONPATH=/app:/app/ligify