diff --git a/.dockerignore b/.dockerignore index 9bdbf6d..f206265 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1 +1,2 @@ -start_server.sh \ No newline at end of file +start_server.sh +run/* diff --git a/.env.example b/.env.example index d92e9d3..cb5a0e9 100644 --- a/.env.example +++ b/.env.example @@ -2,6 +2,12 @@ # Example configuration. Must be edited and copied to ".env" next to the compose.yaml #################################################################################################### +# User id to use for the web application. This determines the user id, the media and static files are written to the volumes. +# Make sure the user has rw access to these directories. +DJANGO_USER_ID=1000 + +# Group id to use for the web application +DJANGO_USER_GID=1000 # Path to to mount as the directory for static data. Must be served by a webserver on the /static path DJANGO_STATIC_VOL=/path/to/static/root @@ -29,4 +35,4 @@ DJANGO_MEDIA_URL=media.lab.example.com/ # Set this password if you want to use a custom postgres password. The db should be confined inside the docker network. # Using the standard PW is therefore not a problem -# DJANGO_POSTGRESQL_PW=myfancynewpassword123donotsharemewithanyone \ No newline at end of file +# DJANGO_POSTGRESQL_PW=myfancynewpassword123donotsharemewithanyone diff --git a/compose.yaml b/compose.yaml index 8182ea6..4d19477 100644 --- a/compose.yaml +++ b/compose.yaml @@ -1,6 +1,11 @@ +x-op-restart-policy: &restart_policy + restart: unless-stopped + services: shimatta-kenkyusho-web: + <<: *restart_policy build: . + user: "${DJANGO_USER_ID}:${DJANGO_USER_GID}" volumes: - "${DJANGO_STATIC_VOL:-./run/static}:/var/static" - "${DJANGO_MEDIA_VOL:-./run/media}:/var/media" @@ -30,6 +35,7 @@ services: start_period: 30s shimatta-kenkyusho-db: + <<: *restart_policy image: postgres:16.5-alpine environment: POSTGRES_PASSWORD: "${DJANGO_POSTGRESQL_PW:-p4ssw0rd}" diff --git a/entrypoint.sh b/entrypoint.sh index 9295252..2051376 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -3,4 +3,6 @@ source /home/shimatta/kenkyusho/.venv/bin/activate cd /home/shimatta/kenkyusho/shimatta_kenkyusho python manage.py migrate --settings shimatta_kenkyusho.settings_production python manage.py collectstatic --settings shimatta_kenkyusho.settings_production --noinput +python manage.py create_kenkyusho_admin_user --settings shimatta_kenkyusho.settings_production + gunicorn -w 4 --bind 0.0.0.0:8000 shimatta_kenkyusho.wsgi:application diff --git a/entrypoint_self_hosted.sh b/entrypoint_self_hosted.sh index e78916d..ffb06b3 100755 --- a/entrypoint_self_hosted.sh +++ b/entrypoint_self_hosted.sh @@ -2,5 +2,6 @@ source /home/shimatta/kenkyusho/.venv/bin/activate cd /home/shimatta/kenkyusho/shimatta_kenkyusho python manage.py migrate --settings shimatta_kenkyusho.settings_production +python manage.py create_kenkyusho_admin_user --settings shimatta_kenkyusho.settings_production python manage.py runserver 0.0.0.0:8000 --settings shimatta_kenkyusho.settings_production diff --git a/requirements.txt b/requirements.txt index 6dd0753..e2ff01c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -31,5 +31,6 @@ setuptools==75.3.0 sqlparse==0.4.1 toml==0.10.2 typing_extensions==4.12.2 +tzdata==2024.2 urllib3==2.2.3 wrapt==1.12.1 diff --git a/shimatta_kenkyusho/parts/management/commands/create_kenkyusho_admin_user.py b/shimatta_kenkyusho/parts/management/commands/create_kenkyusho_admin_user.py new file mode 100644 index 0000000..fdf6092 --- /dev/null +++ b/shimatta_kenkyusho/parts/management/commands/create_kenkyusho_admin_user.py @@ -0,0 +1,23 @@ +from django.core.management.base import BaseCommand, CommandParser +from django.contrib.auth import get_user_model + +class Command(BaseCommand): + help = "Create a default superuser if no superuser is already present. This aids automatic deployment inside a container." + + def add_arguments(self, parser: CommandParser): + parser.add_argument('--user', + help='Username to create if no admin account is present', + default='admin') + parser.add_argument('--password', + help='Password to set for newly created user. Ignored, if any admin user is already present', + default='admin') + + def handle(self, *args, **options): + User = get_user_model() + + # Query if there is any admin user + if not User.objects.filter(is_superuser=True).exists(): + self.stdout.write(f'No superuser present. Creating {options['user']} with supplied password') + User.objects.create_superuser(username=options['user'], password=options['password']) + else: + self.stdout.write('At least one superuser already exists. Skipping superuser creation') \ No newline at end of file diff --git a/shimatta_kenkyusho/shimatta_kenkyusho/settings_production.py b/shimatta_kenkyusho/shimatta_kenkyusho/settings_production.py index 2775540..e30907f 100644 --- a/shimatta_kenkyusho/shimatta_kenkyusho/settings_production.py +++ b/shimatta_kenkyusho/shimatta_kenkyusho/settings_production.py @@ -56,7 +56,6 @@ if get_env_value('DJANGO_FORCE_DEV_MODE', default=False) == 'True': ALLOWED_HOSTS = ['127.0.0.1', 'localhost', get_env_value('DJANGO_ALLOWED_HOST')] - # Application definition INSTALLED_APPS = [ @@ -239,4 +238,7 @@ CSRF_COOKIE_SECURE = True SECURE_SSL_REDIRECT = False +# allow detection of https behind "old" nginx +SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") + SECURE_HSTS_SECONDS = get_env_value('DJANGO_SECURE_HSTS_SECONDS', default=120) diff --git a/shimatta_kenkyusho/static/js/kenyusho-api-v1.js b/shimatta_kenkyusho/static/js/kenkyusho-api-v1.js similarity index 100% rename from shimatta_kenkyusho/static/js/kenyusho-api-v1.js rename to shimatta_kenkyusho/static/js/kenkyusho-api-v1.js diff --git a/shimatta_kenkyusho/templates/base.html b/shimatta_kenkyusho/templates/base.html index dd94693..ac6acad 100644 --- a/shimatta_kenkyusho/templates/base.html +++ b/shimatta_kenkyusho/templates/base.html @@ -75,7 +75,7 @@ 'component-parameter-type-list': '{% url 'componentparametertype-list' %}', }; - + @@ -95,4 +95,4 @@ {% endblock custom_scripts %} - \ No newline at end of file + diff --git a/start_docker_compose_interactive.sh b/start_docker_compose_interactive.sh index eaf2076..b9762ae 100755 --- a/start_docker_compose_interactive.sh +++ b/start_docker_compose_interactive.sh @@ -1,7 +1,7 @@ #!/bin/bash # Startup the db container -docker-compose start shimatta-kenkyusho-db +docker compose start shimatta-kenkyusho-db # Override entrypoint to get interactive shell -docker-compose run --entrypoint="/bin/sh" -p 8000:8000 shimatta-kenkyusho-web \ No newline at end of file +docker compose run --entrypoint="/bin/sh" -p 8000:8000 shimatta-kenkyusho-web