本番デプロイ設定: SSL, Kamal, API環境変数化, テスト修正

This commit is contained in:
2026-02-21 23:45:12 +09:00
parent e90ea88758
commit 9626db3dcf
21 changed files with 226 additions and 78 deletions

View File

@@ -7,34 +7,25 @@ image: dip_front
# Deploy to these servers.
servers:
web:
- 192.168.0.1
- 153.127.48.108
# job:
# hosts:
# - 192.168.0.1
# - 153.127.48.108
# cmd: bin/jobs
# Enable SSL auto certification via Let's Encrypt and allow for multiple apps on a single web server.
# If used with Cloudflare, set encryption mode in SSL/TLS setting to "Full" to enable CF-to-app encryption.
#
# Using an SSL proxy like this requires turning on config.assume_ssl and config.force_ssl in production.rb!
#
# Don't use this when deploying to multiple web servers (then you have to terminate SSL at your load balancer).
#
# proxy:
# ssl: true
# host: app.example.com
# Kamal Proxy will automatically obtain and renew SSL certificates.
proxy:
ssl: true
host: diplo.kontei.net
# Where you keep your container images.
# Using a local registry on the VPS server.
registry:
# Alternatives: hub.docker.com / registry.digitalocean.com / ghcr.io / ...
server: localhost:5555
# Needed for authenticated registries.
# username: your-user
# Always use an access token rather than real password when possible.
# password:
# - KAMAL_REGISTRY_PASSWORD
username: kamal
password:
- KAMAL_REGISTRY_PASSWORD
# Inject ENV variables into containers (secrets come from .kamal/secrets).
env:
@@ -51,9 +42,8 @@ env:
# Set number of cores available to the application on each server (default: 1).
# WEB_CONCURRENCY: 2
# Match this to any external database server to configure Active Record correctly
# Use dip_front-db for a db accessory server on same machine via local kamal docker network.
# DB_HOST: 192.168.0.2
# Diplomacy API URL (dip_api container accessible via Docker host network)
DIPLOMACY_API_URL: http://172.17.0.1:8000
# Log everything from Rails
# RAILS_LOG_LEVEL: debug
@@ -77,28 +67,20 @@ volumes:
asset_path: /rails/public/assets
# Configure the image builder.
# Build on the remote VPS server to avoid insecure registry issues.
builder:
arch: amd64
remote: ssh://kontei@153.127.48.108
# # Build image via remote server (useful for faster amd64 builds on arm64 computers)
# remote: ssh://docker@docker-builder-server
#
# # Pass arguments and secrets to the Docker build process
# args:
# RUBY_VERSION: 4.0.1
# secrets:
# - GITHUB_TOKEN
# - RAILS_MASTER_KEY
# Use a different ssh user than root
# ssh:
# user: app
# Use a non-root ssh user
ssh:
user: kontei
# Use accessory services (secrets come from .kamal/secrets).
# accessories:
# db:
# image: mysql:8.0
# host: 192.168.0.2
# host: 153.127.48.108
# # Change to 3306 to expose port to the world instead of just local network.
# port: "127.0.0.1:3306:3306"
# env:
@@ -113,7 +95,7 @@ builder:
# - data:/var/lib/mysql
# redis:
# image: valkey/valkey:8
# host: 192.168.0.2
# host: 153.127.48.108
# port: 6379
# directories:
# - data:/data