Add documentation. Debugging and porting still missing. Initial setup explained
This commit is contained in:
parent
146c2da4f3
commit
cfb9970c26
36
README.md
36
README.md
@ -40,6 +40,10 @@ The following settings are required to be adapted:
|
||||
- `DJANGO_SECRET_KEY`: Provide a secret, and randomly generated key. Do not share this with anybody!
|
||||
- `DJANGO_ALLOWED_HOST`: Set this to the domain, the application will be reached at. E.g: `lab.example.com`
|
||||
- `DJANGO_MEDIA_URL`: Set this to the media URL at which your webserver serves the `DJANGO_MEDIA_VOL` diretory. E.g: `media.lab.example.com/` Note the **slash at the end**. It is important.
|
||||
- `DJANGO_USER_ID`: The user ID to run the application inside the docker container. This is the user id, that is used to write the to `DJANGO_STATIC_VOL` and `DJANGO_MEDIA_VOL`. Make sure the user has access.
|
||||
- `DJANGO_USER_GID`: The group ID to run the application inside the docker container. This is the group id, that is used to write the to `DJANGO_STATIC_VOL` and `DJANGO_MEDIA_VOL`.
|
||||
|
||||
> Note: It is not recommended to run the docker container without a set `DJANGO_USER_ID` and `DJANGO_USER_GID`. It will default to `0 (root)`.
|
||||
|
||||
Once the environment is set up, the docker containers can be built and started. Run
|
||||
```
|
||||
@ -96,18 +100,18 @@ server {
|
||||
|
||||
# Reverse Proxy for application
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
http2 on;
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
http2 on;
|
||||
|
||||
|
||||
# Add this for HTTP3. If your nginx is older than 2.25 this might not be available
|
||||
######################################################################################
|
||||
# listen 443 quic reuseport;
|
||||
# listen [::]:443 quic reuseport;
|
||||
# Enable QUIC and HTTP/3
|
||||
# ssl_early_data on;
|
||||
# add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
# listen 443 quic reuseport;
|
||||
# listen [::]:443 quic reuseport;
|
||||
# Enable QUIC and HTTP/3
|
||||
# ssl_early_data on;
|
||||
# add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
#######################################################################################
|
||||
|
||||
server_name lab.example.com; # Adapt domain
|
||||
@ -146,7 +150,7 @@ server {
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
# Add this for HTTP3. If your nginx is older than 2.25 this might not be available
|
||||
# Add this for HTTP3. If your nginx is older than 2.25 this might not be available
|
||||
######################################################################################
|
||||
# listen 443 quic reuseport;
|
||||
# listen [::]:443 quic reuseport;
|
||||
@ -158,15 +162,15 @@ server {
|
||||
|
||||
server_name media.lab.example.com; # Adapt according to DJANGO_MEDIA_URL
|
||||
|
||||
# Use letsencrypt as SSL certificate provider.
|
||||
ssl_certificate /etc/letsencrypt/live/media.lab.example.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/media.lab.example.com/privkey.pem;
|
||||
# Use letsencrypt as SSL certificate provider.
|
||||
ssl_certificate /etc/letsencrypt/live/media.lab.example.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/media.lab.example.com/privkey.pem;
|
||||
|
||||
ssl_protocols TLSv1.3;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_protocols TLSv1.3;
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
ssl_session_cache shared:SSL:1m;
|
||||
ssl_session_timeout 5m;
|
||||
ssl_session_cache shared:SSL:1m;
|
||||
ssl_ession_timeout 5m;
|
||||
|
||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
error_page 502 /lab_down.html;
|
||||
|
Loading…
Reference in New Issue
Block a user