downtoworld / laravel-devops
Laravel Cloudflare-Tunnels Ready Production Docker-Compose
v0.7.6
2024-02-02 18:55 UTC
Requires
- php: >=7.4
- hedii/laravel-gelf-logger: *
- laravel/framework: ^8.0|^9.0|^10.0
- spatie/laravel-backup: ^8.5
README
Installation
composer require "downtoworld/laravel-devops:*"
Publish the required files:
php artisan vendor:publish --tag=laravel-devops
Example with Portainer and Cloudflare Tunnels
- Create the Docker network
cloudflared
(bridge) - Deploy the Docker container as specified @ Cloudflare -> Zero Trust -> Access -> Tunnels -> Create a tunnel (Additionally: attach the container to the previously created network by specifying
--network cloudflared
) - Create a Git-repo based Stack @ Portainer webUI
- At Compose path specify:
docker-compose-prod.yml
- Enable GitOps updates
- Fill the required environment variables:
APP_NAME
: several Laravel configurations use it for prefixingAPP_KEY
: can be generated on your local environmentAPP_DOMAIN
: domain of the app in production Example: yourdomain.comAPP_DOCKER_STACK
: the name of the stack you are configuring @ Portainer. Example: mystack- [You can also configure here any Laravel env variables like
APP_NAME
orAPP_DEBUG
]
- Deploy the stack
- At Compose path specify:
- Add public hostnames to the tunnel @ Cloudflare:
- Webpage (Nginx): yourdomain.com HTTP mystack-nginx-1:80
- S3 Storage (Minio): cdn.yourdomain.com HTTP mystack-minio-1:9000
- Websocket server (Soketi): ws.yourdomain.com HTTPS (tls-check-disabled and ws-enabled options) mystack-soketi-1:6001
Accessing private services (MySQL, Redis, etc) locally
- Run
docker run -d --name cloudflare-docker-dns --restart always --network cloudflared -e DNS_FORWARDER=127.0.0.11 cytopia/bind
and copy it's assigned IP (your-assigned-ip) from Portainer UI. - Go to Portainer networks and copy
cloudflared
assigned IPV4 IPAM Subnet (your-network-ip-range) - Go to Cloudflare -> Zero Trust -> Access -> Tunnels and configure a new
Private network
at your tunnel withCIDR
: your-network-ip-range - Go to Cloudflare Zero Trust Settings -> WARP Client -> Configure "Default" Device Settings:
- Add a Local Domain Fallback:
domain
: cloudflaredDNS Servers
: your-assigned-ip - Set Split Tunnels to
Include IPs and domains
and addSelector
: IP AddressValue
: your-network-ip-range
- Add a Local Domain Fallback:
- Give your email access at Cloudflare Zero Trust Settings -> WARP Client -> Device enrollment permissions.
- Install Cloudflare WARP on your computer, connect it to your Zero Trust org and enable it.
- Now you can access all your cloudflared-network-connected docker containers locally as
mystack-service-1.cloudflared:port
The list of services you can access:
- mystack-mysql-1.cloudflared:3306
User
: rootPassword
: secret - mystack-redis-1.cloudflared:6379 no-password
- http://mystack-seq-1.cloudflared
- http://mystack-minio-1.cloudflared:8900
- http://mystack-mailpit-1.cloudflared:8025
- http://mystack-meilisearch-1.cloudflared:7700
Environment variables
Application environment variables can be managed at docker-compose-prod.env
file.
Queue and Scheduler
Scheduler and Horizon supervisors are running separately on their containers.
PHP Versions, Extensions and INI files
8.2 version is running by default but can be switched to 8.1
or 7.4
using the APP_PHP_VERSION
environment variable.
Thank yous
- Big one for Cloudflare Team for making this possible for free.
- Portainer project made it possible with their GitOps updates.
- ServerSideUp team made it possible with their PHP Docker images.