Commit 9c8e2412 authored by Odair M.'s avatar Odair M. Committed by bhmeyer

Closes #172: faz deploy do projeto e adiciona ssl

parent 3bf084ac
token=token
pg_user=db_user
pg_password=db_pass
pg_database=db_name
version: '3'
services:
db:
restart: always
image: postgres
environment:
- POSTGRES_USER=adega
- POSTGRES_PASSWORD=adega
- POSTGRES_DB=adega
- POSTGRES_USER=${pg_user}
- POSTGRES_PASSWORD=${pg_password}
- POSTGRES_DB=${pg_database}
web:
restart: always
build:
context: .
dockerfile: ./docker_scripts/Dockerfile
......@@ -20,20 +22,23 @@ services:
depends_on:
- db
environment:
- POSTGRES_USER=adega
- POSTGRES_PASSWORD=adega
- POSTGRES_DB=adega
- POSTGRES_HOST=adega_db
- POSTGRES_USER=${pg_user}
- POSTGRES_PASSWORD=${pg_password}
- POSTGRES_DB=${pg_database}
- POSTGRES_HOST=adega_db_1
#- SECRET_KEY=${token}
- VERSION=PRODUCTION
nginx:
restart: always
build: ./nginx/
ports:
- "8000:80"
- "80:80"
- "443:443"
depends_on:
- web
links:
- web:web
volumes:
- ./static:/adega/static
- /etc/ssl:/ssl
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
upstream adega {
server unix:/var/www/adega/adega.sock fail_timeout=10;
}
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
charset utf-8;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /etc/ssl/adega/adega.crt;
ssl_certificate_key /etc/ssl/adega/adega.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# modern configuration. tweak to your needs.
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
# resolver <IP DNS resolver>;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
autoindex on;
try_files $uri $uri/ =404;
disable_symlinks off;
}
location /adega {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
include proxy_params;
proxy_redirect off;
proxy_pass http://adega/;
}
location /adega/static {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
root /var/www;
autoindex on;
try_files $uri $uri/ =404;
disable_symlinks on;
}
location ~ /\.ht {
deny all;
}
}
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
upstream adega {
server unix:/var/www/adega/adega.sock fail_timeout=10;
}
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
charset utf-8;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /etc/ssl/adega/adega.crt;
ssl_certificate_key /etc/ssl/adega/adega.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# modern configuration. tweak to your needs.
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
# resolver <IP DNS resolver>;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
autoindex on;
try_files $uri $uri/ =404;
disable_symlinks off;
}
location /adega {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
include proxy_params;
proxy_redirect off;
proxy_pass http://adega/;
}
location /adega/static {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
root /var/www;
autoindex on;
try_files $uri $uri/ =404;
disable_symlinks on;
}
location ~ /\.ht {
deny all;
}
}
server {
listen 80 default_server;
server_name adega.c3sl.ufpr.br;
return 301 https://$host$request_uri;
}
server {
listen 443;
ssl on;
server_name adega.c3sl.ufpr.br;
ssl_certicate /ssl/certs/c3sl.pem;
ssl_certificate_key /ssl/private/c3sl.pem;
listen 80;
server_name localhost;
charset utf-8;
client_max_body_size 100M;
......
"""
Django settings for uploads project.
Django settings for submission project.
Generated by 'django-admin startproject' using Django 1.9.8.
......@@ -12,8 +12,6 @@ https://docs.djangoproject.com/en/1.9/ref/settings/
import os
from django.contrib import messages
# copy envioment variables to env
env = os.environ.copy()
......@@ -25,8 +23,7 @@ PROJECT_DIR = os.path.join(BASE_DIR, '..')
# See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'e#-^aknk(5k)ej6rh#h$i(%h(m9)-j*lwrc_1dxnk=a@-mixlt'
SECRET_KEY = env.get("SECRET_KEY", 'e#-^aknk(5k)ej6rh#h$i(%h(m9)-j*lwrc_1dxnk=a@-mixlt'),
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = os.environ['VERSION'] == "DEVELOPMENT"
......@@ -92,15 +89,22 @@ WSGI_APPLICATION = 'adega.wsgi.application'
# Database
# https://docs.djangoproject.com/en/1.9/ref/settings/#databases
# verifica se informação do banco de dados está definido em variavel de
# ambiente, caso não esteja setado usa se informações default.
#DATABASES = {
# 'default': {
# 'ENGINE': 'django.db.backends.sqlite3',
# 'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
# }
#}
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql_psycopg2',
'NAME': env.get("POSTGRES_DB", "adega"),
'USER': env.get("POSTGRES_USER", "adega"),
'PASSWORD': env.get("POSTGRES_PASSWORD", "adega"),
'HOST': env.get("POSTGRES_HOST", "adega_db"),
'HOST': env.get("POSTGRES_HOST", "adega_db_1"),
'PORT': env.get("POSTGRES_PORT", "5432")
}
}
......@@ -172,4 +176,4 @@ MEDIA_URL = '/script/base/'
MEDIA_ROOT = os.path.join(PROJECT_DIR, 'submission')
# MEDIA_URL = None # a gente não quer ninguem fazendo download disso
# MEDIA_ROOT = os.path.join(PROJECT_DIR, 'uploads')
# MEDIA_ROOT = os.path.join(PROJECT_DIR, 'submission')
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment