![[배포해보기 (14)] Docker Secret](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fc8jpkS%2Fbtq9MEuttiq%2FC3cViJtjAJlyIs5oIguVR1%2Fimg.png)
728x90
반응형
루트 패스워드라던가 장고 시크릿키같은 보안 관련된 정보들을 파일에 적어두면 보안상 위험할 수도 있으니 도커 시스템내에서 따로 관리하도록 설정을 한다.
1. DJANGO_SECRET_KEY
도커파일에서 요렇게 넣었던것을
RUN echo "SECRET_KEY=엘렐렐렐렐렐레" > .env
엘렐렐렐렐렐레 만 떼어서 넣어주면 됨.
2. MYSQL_PASSWORD
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'django',
'USER': 'django',
'PASSWORD': 'password1234',
'HOST': 'mariadb',
'PORT': '3306',
}
}얘네들도 해줌.
3. MYSQL_ROOTPASSWORD
4. docker-compose.yml
version: "3.7"
services:
nginx:
image: nginx:1.19.5
networks:
- network
volumes:
- /home/django_course/nginx.conf:/etc/nginx/nginx.conf
- static-volume:/data/static
- media-volume:/data/media
ports:
- 80:80
django_container_gunicorn:
image: oconnect_image:5
networks:
- network
volumes:
- static-volume:/home/oconnect_vultr/staticfiles
- media-volume:/home/oconnect_vultr/media
secrets:
- MYSQL_PASSWORD
- DJANGO_SECRET_KEY
mariadb:
image: mariadb:10.5
networks:
- network
volumes:
- maria-database:/var/lib/mysql
secrets:
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
environment:
MYSQL_DATABASE: django
MYSQL_USER: django
MYSQL_PASSWORD_FILE: /run/secrets/MYSQL_PASSWORD
MYSQL_ROOT_PASSWORD_FILE: /run/secrets/MYSQL_ROOT_PASSWORD
networks:
network:
volumes:
static-volume:
media-volume:
maria-database:
secrets:
DJANGO_SECRET_KEY:
external: true
MYSQL_PASSWORD:
external: true
MYSQL_ROOT_PASSWORD:
external: true5. deploy.py
from .base import *
def read_secret(secret_name):
file = open('/run/secrets/' + secret_name)
secret = file.read()
secret = secret.rstrip().lstrip()
file.close()
return secret
env = environ.Env(
# set casting, default value
DEBUG=(bool, False)
)
# reading .env file
environ.Env.read_env(
env_file=os.path.join(BASE_DIR, '.env')
)
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/3.2/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = read_secret('DJANGO_SECRET_KEY')
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = False
ALLOWED_HOSTS = ['*']
# Database
# https://docs.djangoproject.com/en/3.2/ref/settings/#databases
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'django',
'USER': 'django',
'PASSWORD': read_secret('MYSQL_PASSWORD'),
'HOST': 'mariadb',
'PORT': '3306',
}
}원래 env 파일에서 시크릿키를 불러왔었는데 read_secret 함수를 만들었다.
6. dockerfile 수정
FROM python:3.9.0
WORKDIR /home/
RUN echo "delete cache3"
RUN git clone https://github.com/Aiden-Kwak/oconnect_vultr.git
WORKDIR /home/oconnect_vultr/
RUN pip install -r requirements.txt
RUN pip install gunicorn
RUN pip install mysqlclient
EXPOSE 8000
CMD ["bash", "-c", " python manage.py collectstatic --noinput --settings=oconnect.settings.deploy && python manage.py migrate --settings=oconnect.settings.deploy && gunicorn oconnect.wsgi --env DJANGO_SETTINGS_MODULE=oconnect.settings.deploy --bind 0.0.0.0:8000"]
728x90
반응형
'웹 프로그래밍' 카테고리의 다른 글
| [AWS (2)] AWS 도커 설치 (0) | 2021.07.17 |
|---|---|
| [AWS (1)] EC2 인스턴스 생성 (0) | 2021.07.17 |
| [배포해보기 (13)] Stack을 위한 yml파일 작성 (0) | 2021.07.17 |
| [배포해보기 (12)] Docker Stack, Docker Swarm 의 이해 (0) | 2021.07.16 |
| [배포해보기 (11)] MariaDB container를 이용한 DB분리 (0) | 2021.06.29 |