wger

wger/docker-compose.caddy.yml

@@ -0,0 +1,15 @@
+version: "3.7"
+
+services:
+  nginx:
+    networks:
+      - proxy
+    labels:
+      - caddy="${FQDN}"
+      - caddy.reverse_proxy="{{upstreams 80}}"
+
+networks:
+  proxy:
+    external: true
+
+

wger/docker-compose.traefik.yml

@@ -0,0 +1,17 @@
+version: "3.7"
+
+services:
+  nginx:
+    networks:
+      - proxy
+    labels:
+      - traefik.enable=true
+      - traefik.http.services.wger.loadbalancer.server.port=80
+      - traefik.http.routers.wger-secure.entrypoints=websecure
+      - traefik.http.routers.wger-secure.rule=Host(`${FQDN}`)
+      - traefik.http.routers.wger-secure.tls=true
+      - traefik.http.routers.wger-secure.tls.certresolver=letsencrypt
+
+networks:
+  proxy:
+    external: true

wger/docker-compose.yml

@@ -0,0 +1,115 @@
+version: "3.7"
+
+services:
+  web:
+    image: wger/server:latest
+    container_name: wger_server
+    init: true
+    depends_on:
+      db:
+        condition: service_healthy
+      cache:
+        condition: service_healthy
+    env_file:
+      - ./config/prod.env
+    volumes:
+      - static:/home/wger/static
+      - media:/home/wger/media
+    healthcheck:
+      test: wget --no-verbose --tries=1 --spider http://localhost:8000
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    restart: unless-stopped
+
+  nginx:
+    image: nginx:stable
+    container_name: wger_nginx
+    init: true
+    depends_on:
+      - web
+    volumes:
+      - ./config/nginx.conf:/etc/nginx/conf.d/default.conf
+      - static:/wger/static:ro
+      - media:/wger/media:ro
+    ports:
+      - "80:80"
+    healthcheck:
+      test: service nginx status
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    restart: unless-stopped
+
+  db:
+    image: postgres:15-alpine
+    container_name: wger_db
+    init: true
+    environment:
+      - POSTGRES_USER=wger
+      - POSTGRES_PASSWORD=wger
+      - POSTGRES_DB=wger
+    volumes:
+      - postgres-data:/var/lib/postgresql/data/
+    expose:
+      - 5432
+    healthcheck:
+      test: pg_isready -U wger
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    restart: unless-stopped
+
+  cache:
+    image: redis
+    container_name: wger_cache
+    init: true
+    expose:
+      - 6379
+    healthcheck:
+      test: redis-cli ping
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    restart: unless-stopped
+
+  celery_worker:
+    image: wger/server:latest
+    container_name: wger_celery_worker
+    init: true
+    command: /start-worker
+    env_file:
+      - ./config/prod.env
+    volumes:
+      - media:/home/wger/media
+    depends_on:
+      web:
+        condition: service_healthy
+    healthcheck:
+      test: celery -A wger inspect ping
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  celery_beat:
+    image: wger/server:latest
+    container_name: wger_celery_beat
+    init: true
+    command: /start-beat
+    volumes:
+      - celery-beat:/home/wger/beat/
+    env_file:
+      - ./config/prod.env
+    depends_on:
+      celery_worker:
+        condition: service_healthy
+
+volumes:
+  postgres-data:
+  celery-beat:
+  static:
+  media:
+
+networks:
+  default:
+    name: wger_network

wger/nginx.conf

@@ -0,0 +1,27 @@
+upstream wger {
+    server web:8000;
+}
+
+server {
+
+    listen 80;
+
+    location / {
+        proxy_pass http://wger;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+        proxy_redirect off;
+    }
+
+    location /static/ {
+        alias /wger/static/;
+    }
+
+    location /media/ {
+        alias /wger/media/;
+    }
+
+    # Increase max body size to allow for video uploads
+    client_max_body_size 100M;
+}

wger/prod.env

@@ -0,0 +1,127 @@
+# Django's secret key, change to a 50 character random string if you are running
+# this instance publicly. For an online generator, see e.g. https://djecrety.ir/
+SECRET_KEY=wger-docker-supersecret-key-1234567890!@#$%^&*(-_)
+
+# Signing key used for JWT, use something different than the secret key
+SIGNING_KEY=wger-docker-secret-jwtkey-1234567890!@#$%^&*(-_=+)
+
+# The server's timezone, for a list of possible names:
+# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
+TIME_ZONE=Europe/Berlin
+
+#
+# Consult the deployment section in the readme if you are running this behind a
+# reverse proxy with HTTPS enabled
+
+# CSRF_TRUSTED_ORIGINS=https://my.domain.example.com,https://118.999.881.119
+# X_FORWARDED_PROTO_HEADER_SET=True
+
+#
+# Static files
+# If you are running the application behind a reverse proxy, put the URL of the
+# domain or IP here, otherwise some image links *might* break (specially in the
+# mobile app)
+# MEDIA_URL=https://your-domain.example.com/media/
+# STATIC_URL=https://your-domain.example.com/static/
+
+#
+# These settings usually don't need changing
+#
+
+#
+# Application
+WGER_INSTANCE=https://wger.de # Wger instance from which to sync exercises, images, etc.
+ALLOW_REGISTRATION=True
+ALLOW_GUEST_USERS=True
+ALLOW_UPLOAD_VIDEOS=True
+# Users won't be able to contribute to exercises if their account age is
+# lower than this amount in days.
+MIN_ACCOUNT_AGE_TO_TRUST=21
+# Synchronzing exercises
+# It is recommended to keep the local database synchronized with the wger
+# instance specified in WGER_INSTANCE since there are new added or translations
+# improved. For this you have different possibilities:
+# - Sync exercises on startup:
+# SYNC_EXERCISES_ON_STARTUP=True
+# DOWNLOAD_EXERCISE_IMAGES_ON_STARTUP=True
+# - Sync them in the background with celery. This will setup a job that will run
+#   once a week at a random time (this time is selected once when starting the server)
+SYNC_EXERCISES_CELERY=True
+SYNC_EXERCISE_IMAGES_CELERY=True
+SYNC_EXERCISE_VIDEOS_CELERY=True
+# - Manually trigger the process as needed:
+#   docker compose exec web python3 manage.py sync-exercises
+#   docker compose exec web python3 manage.py download-exercise-images
+#   docker compose exec web python3 manage.py download-exercise-videos
+
+# Where to download ingredient and their images if they are not known locally.
+# Possible values OFF, WGER. Note that it is recommended to keep this as WGER
+# so that we don't overwhelm the Open Food Facts servers. Needs to have USE_CELERY
+# set to true
+DOWNLOAD_INGREDIENTS_FROM=WGER
+
+# Whether celery is configured and should be used. Can be left to true with
+# this setup but can be deactivated if you are using the app in some other way
+USE_CELERY=True
+
+#
+# Celery
+CELERY_BROKER=redis://cache:6379/2
+CELERY_BACKEND=redis://cache:6379/2
+CELERY_FLOWER_PASSWORD=adminadmin
+
+#
+# Database
+DJANGO_DB_ENGINE=django.db.backends.postgresql
+DJANGO_DB_DATABASE=wger
+DJANGO_DB_USER=wger
+DJANGO_DB_PASSWORD=wger
+DJANGO_DB_HOST=db
+DJANGO_DB_PORT=5432
+DJANGO_PERFORM_MIGRATIONS=True # Perform any new database migrations on startup
+
+#
+# Cache
+DJANGO_CACHE_BACKEND=django_redis.cache.RedisCache
+DJANGO_CACHE_LOCATION=redis://cache:6379/1
+DJANGO_CACHE_TIMEOUT=1296000 # in seconds - 60*60*24*15, 15 Days
+DJANGO_CACHE_CLIENT_CLASS=django_redis.client.DefaultClient
+
+#
+# Brute force login attacks
+# https://django-axes.readthedocs.io/en/latest/index.html
+AXES_ENABLED=True
+AXES_FAILURE_LIMIT=10
+AXES_COOLOFF_TIME=30 # in minutes
+AXES_HANDLER=axes.handlers.cache.AxesCacheHandler
+
+#
+# Others
+DJANGO_DEBUG=False
+WGER_USE_GUNICORN=True
+EXERCISE_CACHE_TTL=18000 # in seconds - 5*60*60, 5 hours
+SITE_URL=http://localhost
+
+#
+# JWT auth
+ACCESS_TOKEN_LIFETIME=10 # The lifetime duration of the access token, in minutes
+REFRESH_TOKEN_LIFETIME=24 # The lifetime duration of the refresh token, in hours
+
+#
+# Other possible settings
+
+# RECAPTCHA_PUBLIC_KEY
+# RECAPTCHA_PRIVATE_KEY
+# NOCAPTCHA
+
+#
+# Email
+# https://docs.djangoproject.com/en/4.1/topics/email/#smtp-backend
+# ENABLE_EMAIL
+# EMAIL_HOST
+# EMAIL_PORT
+# EMAIL_HOST_USER
+# EMAIL_HOST_PASSWORD
+# EMAIL_USE_TLS
+# EMAIL_USE_SSL
+FROM_EMAIL='wger Workout Manager <wger@example.com>'