diff --git a/.dockerignore b/.dockerignore
index 9bdbf6d..f206265 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1 +1,2 @@
-start_server.sh
\ No newline at end of file
+start_server.sh
+run/*
diff --git a/.env.example b/.env.example
index d92e9d3..cb5a0e9 100644
--- a/.env.example
+++ b/.env.example
@@ -2,6 +2,12 @@
# Example configuration. Must be edited and copied to ".env" next to the compose.yaml
####################################################################################################
+# User id to use for the web application. This determines the user id, the media and static files are written to the volumes.
+# Make sure the user has rw access to these directories.
+DJANGO_USER_ID=1000
+
+# Group id to use for the web application
+DJANGO_USER_GID=1000
# Path to to mount as the directory for static data. Must be served by a webserver on the /static path
DJANGO_STATIC_VOL=/path/to/static/root
@@ -29,4 +35,4 @@ DJANGO_MEDIA_URL=media.lab.example.com/
# Set this password if you want to use a custom postgres password. The db should be confined inside the docker network.
# Using the standard PW is therefore not a problem
-# DJANGO_POSTGRESQL_PW=myfancynewpassword123donotsharemewithanyone
\ No newline at end of file
+# DJANGO_POSTGRESQL_PW=myfancynewpassword123donotsharemewithanyone
diff --git a/compose.yaml b/compose.yaml
index 8182ea6..4d19477 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -1,6 +1,11 @@
+x-op-restart-policy: &restart_policy
+ restart: unless-stopped
+
services:
shimatta-kenkyusho-web:
+ <<: *restart_policy
build: .
+ user: "${DJANGO_USER_ID}:${DJANGO_USER_GID}"
volumes:
- "${DJANGO_STATIC_VOL:-./run/static}:/var/static"
- "${DJANGO_MEDIA_VOL:-./run/media}:/var/media"
@@ -30,6 +35,7 @@ services:
start_period: 30s
shimatta-kenkyusho-db:
+ <<: *restart_policy
image: postgres:16.5-alpine
environment:
POSTGRES_PASSWORD: "${DJANGO_POSTGRESQL_PW:-p4ssw0rd}"
diff --git a/entrypoint.sh b/entrypoint.sh
index 9295252..2051376 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -3,4 +3,6 @@ source /home/shimatta/kenkyusho/.venv/bin/activate
cd /home/shimatta/kenkyusho/shimatta_kenkyusho
python manage.py migrate --settings shimatta_kenkyusho.settings_production
python manage.py collectstatic --settings shimatta_kenkyusho.settings_production --noinput
+python manage.py create_kenkyusho_admin_user --settings shimatta_kenkyusho.settings_production
+
gunicorn -w 4 --bind 0.0.0.0:8000 shimatta_kenkyusho.wsgi:application
diff --git a/entrypoint_self_hosted.sh b/entrypoint_self_hosted.sh
index e78916d..ffb06b3 100755
--- a/entrypoint_self_hosted.sh
+++ b/entrypoint_self_hosted.sh
@@ -2,5 +2,6 @@
source /home/shimatta/kenkyusho/.venv/bin/activate
cd /home/shimatta/kenkyusho/shimatta_kenkyusho
python manage.py migrate --settings shimatta_kenkyusho.settings_production
+python manage.py create_kenkyusho_admin_user --settings shimatta_kenkyusho.settings_production
python manage.py runserver 0.0.0.0:8000 --settings shimatta_kenkyusho.settings_production
diff --git a/requirements.txt b/requirements.txt
index 6dd0753..e2ff01c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -31,5 +31,6 @@ setuptools==75.3.0
sqlparse==0.4.1
toml==0.10.2
typing_extensions==4.12.2
+tzdata==2024.2
urllib3==2.2.3
wrapt==1.12.1
diff --git a/shimatta_kenkyusho/parts/management/commands/create_kenkyusho_admin_user.py b/shimatta_kenkyusho/parts/management/commands/create_kenkyusho_admin_user.py
new file mode 100644
index 0000000..fdf6092
--- /dev/null
+++ b/shimatta_kenkyusho/parts/management/commands/create_kenkyusho_admin_user.py
@@ -0,0 +1,23 @@
+from django.core.management.base import BaseCommand, CommandParser
+from django.contrib.auth import get_user_model
+
+class Command(BaseCommand):
+ help = "Create a default superuser if no superuser is already present. This aids automatic deployment inside a container."
+
+ def add_arguments(self, parser: CommandParser):
+ parser.add_argument('--user',
+ help='Username to create if no admin account is present',
+ default='admin')
+ parser.add_argument('--password',
+ help='Password to set for newly created user. Ignored, if any admin user is already present',
+ default='admin')
+
+ def handle(self, *args, **options):
+ User = get_user_model()
+
+ # Query if there is any admin user
+ if not User.objects.filter(is_superuser=True).exists():
+ self.stdout.write(f'No superuser present. Creating {options['user']} with supplied password')
+ User.objects.create_superuser(username=options['user'], password=options['password'])
+ else:
+ self.stdout.write('At least one superuser already exists. Skipping superuser creation')
\ No newline at end of file
diff --git a/shimatta_kenkyusho/shimatta_kenkyusho/settings_production.py b/shimatta_kenkyusho/shimatta_kenkyusho/settings_production.py
index 2775540..e30907f 100644
--- a/shimatta_kenkyusho/shimatta_kenkyusho/settings_production.py
+++ b/shimatta_kenkyusho/shimatta_kenkyusho/settings_production.py
@@ -56,7 +56,6 @@ if get_env_value('DJANGO_FORCE_DEV_MODE', default=False) == 'True':
ALLOWED_HOSTS = ['127.0.0.1', 'localhost', get_env_value('DJANGO_ALLOWED_HOST')]
-
# Application definition
INSTALLED_APPS = [
@@ -239,4 +238,7 @@ CSRF_COOKIE_SECURE = True
SECURE_SSL_REDIRECT = False
+# allow detection of https behind "old" nginx
+SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
+
SECURE_HSTS_SECONDS = get_env_value('DJANGO_SECURE_HSTS_SECONDS', default=120)
diff --git a/shimatta_kenkyusho/static/js/kenyusho-api-v1.js b/shimatta_kenkyusho/static/js/kenkyusho-api-v1.js
similarity index 100%
rename from shimatta_kenkyusho/static/js/kenyusho-api-v1.js
rename to shimatta_kenkyusho/static/js/kenkyusho-api-v1.js
diff --git a/shimatta_kenkyusho/templates/base.html b/shimatta_kenkyusho/templates/base.html
index dd94693..ac6acad 100644
--- a/shimatta_kenkyusho/templates/base.html
+++ b/shimatta_kenkyusho/templates/base.html
@@ -75,7 +75,7 @@
'component-parameter-type-list': '{% url 'componentparametertype-list' %}',
};
-
+
@@ -95,4 +95,4 @@
{% endblock custom_scripts %}