From 5163834de40435d89ccba0763ad06c0170b9e58a Mon Sep 17 00:00:00 2001 From: stefan Date: Tue, 19 Nov 2024 23:09:53 +0100 Subject: [PATCH 1/9] added CSRF trusted origin config, added tzdata - needed in debug mode --- requirements.txt | 1 + shimatta_kenkyusho/shimatta_kenkyusho/settings_production.py | 1 + 2 files changed, 2 insertions(+) diff --git a/requirements.txt b/requirements.txt index 6dd0753..e2ff01c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -31,5 +31,6 @@ setuptools==75.3.0 sqlparse==0.4.1 toml==0.10.2 typing_extensions==4.12.2 +tzdata==2024.2 urllib3==2.2.3 wrapt==1.12.1 diff --git a/shimatta_kenkyusho/shimatta_kenkyusho/settings_production.py b/shimatta_kenkyusho/shimatta_kenkyusho/settings_production.py index 2775540..ebc7326 100644 --- a/shimatta_kenkyusho/shimatta_kenkyusho/settings_production.py +++ b/shimatta_kenkyusho/shimatta_kenkyusho/settings_production.py @@ -56,6 +56,7 @@ if get_env_value('DJANGO_FORCE_DEV_MODE', default=False) == 'True': ALLOWED_HOSTS = ['127.0.0.1', 'localhost', get_env_value('DJANGO_ALLOWED_HOST')] +CSRF_TRUSTED_ORIGINS =['https://' + get_env_value('DJANGO_ALLOWED_HOST')] # Application definition From 6e5108521029e84ff1104360522efaf811735a6d Mon Sep 17 00:00:00 2001 From: stefan Date: Tue, 19 Nov 2024 23:31:56 +0100 Subject: [PATCH 2/9] removed the trusted origin foo again - added proper detection of https --- shimatta_kenkyusho/shimatta_kenkyusho/settings_production.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/shimatta_kenkyusho/shimatta_kenkyusho/settings_production.py b/shimatta_kenkyusho/shimatta_kenkyusho/settings_production.py index ebc7326..e30907f 100644 --- a/shimatta_kenkyusho/shimatta_kenkyusho/settings_production.py +++ b/shimatta_kenkyusho/shimatta_kenkyusho/settings_production.py @@ -56,8 +56,6 @@ if get_env_value('DJANGO_FORCE_DEV_MODE', default=False) == 'True': ALLOWED_HOSTS = ['127.0.0.1', 'localhost', get_env_value('DJANGO_ALLOWED_HOST')] -CSRF_TRUSTED_ORIGINS =['https://' + get_env_value('DJANGO_ALLOWED_HOST')] - # Application definition INSTALLED_APPS = [ @@ -240,4 +238,7 @@ CSRF_COOKIE_SECURE = True SECURE_SSL_REDIRECT = False +# allow detection of https behind "old" nginx +SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") + SECURE_HSTS_SECONDS = get_env_value('DJANGO_SECURE_HSTS_SECONDS', default=120) From 0c4f1f9dba2fb3de9cde6828181052e22666e184 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20H=C3=BCttel?= Date: Sat, 23 Nov 2024 15:25:43 +0100 Subject: [PATCH 3/9] Exclude run folder from docker. It is used for local debugging of containers --- .dockerignore | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.dockerignore b/.dockerignore index 9bdbf6d..f206265 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1 +1,2 @@ -start_server.sh \ No newline at end of file +start_server.sh +run/* From 511dacf54aa9b6a3b7dbdd3b8e44b91607dc58f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20H=C3=BCttel?= Date: Sat, 23 Nov 2024 01:09:57 +0100 Subject: [PATCH 4/9] Add restart policy to autostart the containers after boot --- compose.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/compose.yaml b/compose.yaml index 8182ea6..6eea7c7 100644 --- a/compose.yaml +++ b/compose.yaml @@ -1,5 +1,9 @@ +x-op-restart-policy: &restart_policy + restart: unless-stopped + services: shimatta-kenkyusho-web: + <<: *restart_policy build: . volumes: - "${DJANGO_STATIC_VOL:-./run/static}:/var/static" @@ -30,6 +34,7 @@ services: start_period: 30s shimatta-kenkyusho-db: + <<: *restart_policy image: postgres:16.5-alpine environment: POSTGRES_PASSWORD: "${DJANGO_POSTGRESQL_PW:-p4ssw0rd}" From 08a5f97fd4315a5b20076572345fb60fe7fdd92f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20H=C3=BCttel?= Date: Sat, 23 Nov 2024 17:05:55 +0100 Subject: [PATCH 5/9] Add user ID and GID to example env file --- .env.example | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.env.example b/.env.example index d92e9d3..cb5a0e9 100644 --- a/.env.example +++ b/.env.example @@ -2,6 +2,12 @@ # Example configuration. Must be edited and copied to ".env" next to the compose.yaml #################################################################################################### +# User id to use for the web application. This determines the user id, the media and static files are written to the volumes. +# Make sure the user has rw access to these directories. +DJANGO_USER_ID=1000 + +# Group id to use for the web application +DJANGO_USER_GID=1000 # Path to to mount as the directory for static data. Must be served by a webserver on the /static path DJANGO_STATIC_VOL=/path/to/static/root @@ -29,4 +35,4 @@ DJANGO_MEDIA_URL=media.lab.example.com/ # Set this password if you want to use a custom postgres password. The db should be confined inside the docker network. # Using the standard PW is therefore not a problem -# DJANGO_POSTGRESQL_PW=myfancynewpassword123donotsharemewithanyone \ No newline at end of file +# DJANGO_POSTGRESQL_PW=myfancynewpassword123donotsharemewithanyone From 25b592ee3984c7ecb40ea4bd2b60edba98ab59a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20H=C3=BCttel?= Date: Sat, 23 Nov 2024 17:06:37 +0100 Subject: [PATCH 6/9] Let container run as user and set correct restart policy --- compose.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/compose.yaml b/compose.yaml index 6eea7c7..4d19477 100644 --- a/compose.yaml +++ b/compose.yaml @@ -5,6 +5,7 @@ services: shimatta-kenkyusho-web: <<: *restart_policy build: . + user: "${DJANGO_USER_ID}:${DJANGO_USER_GID}" volumes: - "${DJANGO_STATIC_VOL:-./run/static}:/var/static" - "${DJANGO_MEDIA_VOL:-./run/media}:/var/media" From 57b475cbe138ff3646d85301bcd44c24ed3b95f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20H=C3=BCttel?= Date: Sat, 23 Nov 2024 17:08:01 +0100 Subject: [PATCH 7/9] replace docker-compose with docker compose to make script corss compatible to non arch systems --- start_docker_compose_interactive.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/start_docker_compose_interactive.sh b/start_docker_compose_interactive.sh index eaf2076..b9762ae 100755 --- a/start_docker_compose_interactive.sh +++ b/start_docker_compose_interactive.sh @@ -1,7 +1,7 @@ #!/bin/bash # Startup the db container -docker-compose start shimatta-kenkyusho-db +docker compose start shimatta-kenkyusho-db # Override entrypoint to get interactive shell -docker-compose run --entrypoint="/bin/sh" -p 8000:8000 shimatta-kenkyusho-web \ No newline at end of file +docker compose run --entrypoint="/bin/sh" -p 8000:8000 shimatta-kenkyusho-web From 2d718c5e3a29e552f26e2ed4672bb5d3541912c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20H=C3=BCttel?= Date: Sat, 23 Nov 2024 17:08:38 +0100 Subject: [PATCH 8/9] Add new management command to create superuser if not present. Use that command in the entrypoint scripts --- entrypoint.sh | 2 ++ entrypoint_self_hosted.sh | 1 + .../commands/create_kenkyusho_admin_user.py | 23 +++++++++++++++++++ 3 files changed, 26 insertions(+) create mode 100644 shimatta_kenkyusho/parts/management/commands/create_kenkyusho_admin_user.py diff --git a/entrypoint.sh b/entrypoint.sh index 9295252..2051376 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -3,4 +3,6 @@ source /home/shimatta/kenkyusho/.venv/bin/activate cd /home/shimatta/kenkyusho/shimatta_kenkyusho python manage.py migrate --settings shimatta_kenkyusho.settings_production python manage.py collectstatic --settings shimatta_kenkyusho.settings_production --noinput +python manage.py create_kenkyusho_admin_user --settings shimatta_kenkyusho.settings_production + gunicorn -w 4 --bind 0.0.0.0:8000 shimatta_kenkyusho.wsgi:application diff --git a/entrypoint_self_hosted.sh b/entrypoint_self_hosted.sh index e78916d..ffb06b3 100755 --- a/entrypoint_self_hosted.sh +++ b/entrypoint_self_hosted.sh @@ -2,5 +2,6 @@ source /home/shimatta/kenkyusho/.venv/bin/activate cd /home/shimatta/kenkyusho/shimatta_kenkyusho python manage.py migrate --settings shimatta_kenkyusho.settings_production +python manage.py create_kenkyusho_admin_user --settings shimatta_kenkyusho.settings_production python manage.py runserver 0.0.0.0:8000 --settings shimatta_kenkyusho.settings_production diff --git a/shimatta_kenkyusho/parts/management/commands/create_kenkyusho_admin_user.py b/shimatta_kenkyusho/parts/management/commands/create_kenkyusho_admin_user.py new file mode 100644 index 0000000..fdf6092 --- /dev/null +++ b/shimatta_kenkyusho/parts/management/commands/create_kenkyusho_admin_user.py @@ -0,0 +1,23 @@ +from django.core.management.base import BaseCommand, CommandParser +from django.contrib.auth import get_user_model + +class Command(BaseCommand): + help = "Create a default superuser if no superuser is already present. This aids automatic deployment inside a container." + + def add_arguments(self, parser: CommandParser): + parser.add_argument('--user', + help='Username to create if no admin account is present', + default='admin') + parser.add_argument('--password', + help='Password to set for newly created user. Ignored, if any admin user is already present', + default='admin') + + def handle(self, *args, **options): + User = get_user_model() + + # Query if there is any admin user + if not User.objects.filter(is_superuser=True).exists(): + self.stdout.write(f'No superuser present. Creating {options['user']} with supplied password') + User.objects.create_superuser(username=options['user'], password=options['password']) + else: + self.stdout.write('At least one superuser already exists. Skipping superuser creation') \ No newline at end of file From 50cfe0a2c674807752452b4dba2082c68a0575cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20H=C3=BCttel?= Date: Sat, 23 Nov 2024 17:12:37 +0100 Subject: [PATCH 9/9] Fix filename typo in js file --- .../static/js/{kenyusho-api-v1.js => kenkyusho-api-v1.js} | 0 shimatta_kenkyusho/templates/base.html | 4 ++-- 2 files changed, 2 insertions(+), 2 deletions(-) rename shimatta_kenkyusho/static/js/{kenyusho-api-v1.js => kenkyusho-api-v1.js} (100%) diff --git a/shimatta_kenkyusho/static/js/kenyusho-api-v1.js b/shimatta_kenkyusho/static/js/kenkyusho-api-v1.js similarity index 100% rename from shimatta_kenkyusho/static/js/kenyusho-api-v1.js rename to shimatta_kenkyusho/static/js/kenkyusho-api-v1.js diff --git a/shimatta_kenkyusho/templates/base.html b/shimatta_kenkyusho/templates/base.html index dd94693..ac6acad 100644 --- a/shimatta_kenkyusho/templates/base.html +++ b/shimatta_kenkyusho/templates/base.html @@ -75,7 +75,7 @@ 'component-parameter-type-list': '{% url 'componentparametertype-list' %}', }; - + @@ -95,4 +95,4 @@ {% endblock custom_scripts %} - \ No newline at end of file +