From 03d7bc0d2eed256908431af71a92c1cbb1039fd7 Mon Sep 17 00:00:00 2001 From: kououken Date: Sat, 22 Dec 2018 15:24:11 -0600 Subject: [PATCH] Revert "Switched both static and api servers over to SSL connection-only. Added self-signed certificate for testing." This reverts commit 2bdd44e1f6ca143861e3cf18d0c873f9f4c3819b. --- app/reimbursinator/settings.py | 6 ------ config/default.conf | 22 ---------------------- config/nginx.conf | 32 -------------------------------- config/selfsigned.crt | 20 -------------------- config/selfsigned.key | 28 ---------------------------- docker-compose.yml | 13 ++++--------- 6 files changed, 4 insertions(+), 117 deletions(-) delete mode 100644 config/default.conf delete mode 100644 config/nginx.conf delete mode 100644 config/selfsigned.crt delete mode 100644 config/selfsigned.key diff --git a/app/reimbursinator/settings.py b/app/reimbursinator/settings.py index 7f5c37c..fb4838a 100644 --- a/app/reimbursinator/settings.py +++ b/app/reimbursinator/settings.py @@ -118,9 +118,3 @@ USE_TZ = True # https://docs.djangoproject.com/en/2.1/howto/static-files/ STATIC_URL = '/static/' - -# SSL Configuration -SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') -SECURE_SSL_REDIRECT = True -SESSION_COOKIE_SECURE = True -CSRF_COOKIE_SECURE = True diff --git a/config/default.conf b/config/default.conf deleted file mode 100644 index afe9949..0000000 --- a/config/default.conf +++ /dev/null @@ -1,22 +0,0 @@ -server { - server_name localhost; - - listen 443; - - ssl on; - ssl_certificate /etc/ssl/selfsigned.crt; - ssl_certificate_key /etc/ssl/selfsigned.key; - - client_max_body_size 4G; - - error_page 500 502 503 504 /50x.html; - - location = /50x.html { - root /usr/share/nginx/html; - } - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } -} diff --git a/config/nginx.conf b/config/nginx.conf deleted file mode 100644 index e4bad8d..0000000 --- a/config/nginx.conf +++ /dev/null @@ -1,32 +0,0 @@ - -user nginx; -worker_processes 1; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; -} diff --git a/config/selfsigned.crt b/config/selfsigned.crt deleted file mode 100644 index 6ec4a31..0000000 --- a/config/selfsigned.crt +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDVDCCAjygAwIBAgIJANSXcVJxmIYNMA0GCSqGSIb3DQEBCwUAMD8xCzAJBgNV -BAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xETAPBgNVBAcMCFBvcnRsYW5kMQwwCgYD -VQQKDANQU1UwHhcNMTgxMjIyMTczMjMwWhcNMTkxMjIyMTczMjMwWjA/MQswCQYD -VQQGEwJVUzEPMA0GA1UECAwGT3JlZ29uMREwDwYDVQQHDAhQb3J0bGFuZDEMMAoG -A1UECgwDUFNVMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBLLMprD -v1BVODoKHrt+QAd1vDuw0UCR61ytWNQSjMWG+rl4MD+gHq/BK4r2RiuC4E+mLe0O -pEYdyVC2K5BBs5jS8XD+DML66rSNxMaSvBgRtmlWqBEbI14h2uReQmr0v/lKJlqS -i5UemkdfNZkMy3xPmnRPvbwu4raPbUpTlrKs/lpc6sNKxNWudbsfIocGFbOHTlGE -y9ii1L2z6Bsfla5yvVujttFw/QsZyImdThDruphI54jS40JG/BDxjwDB8MOAAmrB -KlvG+GlcdiTBRg0XSeVBp3kBg/O+ImZV4TOlEcdX4g0NzAMIQ3hokhr82H4JXE33 -zcAHb0mVSXCkowIDAQABo1MwUTAdBgNVHQ4EFgQUX3KwNO6WuuYrUgaBvctCMolv -VH4wHwYDVR0jBBgwFoAUX3KwNO6WuuYrUgaBvctCMolvVH4wDwYDVR0TAQH/BAUw -AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAP20CbT+Nd+Z5VxW3jzjDRz6eKIQ6cwU0 -9juOh2aTKe3dm3b2Y5Ddg8T6cDIaOjWIt0UeoxdueCC8nmGskrWU9aYHNrxgKff/ -qrWv9hNseslkNyX52J0VhI7bFXs/UWro0ZXcpGhgZy51oFErGvLdpLp02pvaqP6B -SQOkHLiVGS50l9/GAyHcxFSQ4MCdqyhx3q9QiyFCvmpfCBoBVFjOBS9Ac2XBLoo8 -7p8JplZ5NSazw4if1+ilz/sAzpUyYAgISUuzzFlAPI6tHgN1t6NrbWflKAsV75qc -/zYm9q2XIGQmr4QN0v8lU/AYavD3HgQ4Jgbxt3MTZRxpVFggKDqnJw== ------END CERTIFICATE----- diff --git a/config/selfsigned.key b/config/selfsigned.key deleted file mode 100644 index 93d74a0..0000000 --- a/config/selfsigned.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDMEssymsO/UFU4 -Ogoeu35AB3W8O7DRQJHrXK1Y1BKMxYb6uXgwP6Aer8ErivZGK4LgT6Yt7Q6kRh3J -ULYrkEGzmNLxcP4MwvrqtI3ExpK8GBG2aVaoERsjXiHa5F5CavS/+UomWpKLlR6a -R181mQzLfE+adE+9vC7ito9tSlOWsqz+Wlzqw0rE1a51ux8ihwYVs4dOUYTL2KLU -vbPoGx+VrnK9W6O20XD9CxnIiZ1OEOu6mEjniNLjQkb8EPGPAMHww4ACasEqW8b4 -aVx2JMFGDRdJ5UGneQGD874iZlXhM6URx1fiDQ3MAwhDeGiSGvzYfglcTffNwAdv -SZVJcKSjAgMBAAECggEBAI4NKvp/tnBOh/OKmw7Hbls9lhu/5RXTf3841MV3Ya4x -tQKD5gCX2Wpi5vDbWxB/Kyve5Yskb0O0NvmyQAxU7xcH8xXzlDPn6WdE5UYq/2sE -yheSfaqhtaVJ2gEXY/GRp+qVqaLG+ylEVLgJpGGXtstSLcsS2Yr2GiDf+TiXO1Yy -rW/jvxLn4svKhdnHdTyYjGvhLzVSkEOv7TJQy0o51l7ORZJI61oxLRMU4Y8qsoeq -zHv9ij0zgvetBwd2L6SmDYltnDkt8hvIOR0xYM/rkGSV4iaZnERiG+8EyBSIws4V -T56Nl87fbbmro1HozMStQz4+CqMqnPOU7ZD1v4xYZaECgYEA6Cga2NoqBPSQp8O+ -eWaQGdxFU+rabmw2TmPO52HTLiaxxpKtJmLrPFYd2uF4blosFdOzXXLZaedTtjxl -mffBPMMfnGYes7Ovj8c/MIs+/7UDQSmXfHy8ButPESX8sCn3bQJ+6GUt25oMxk7H -UDuJNHS9pszM1yKpJd1aaYswQFMCgYEA4QhR+/MQiL7+uv3lBDZj+YnamfTPNc8T -Yj0rqmTilj7XNOuwAyqD/93zHhiq32Y1OlXtV3RQ8/wbG2wWZVoD1rr5vpGjt4cO -mEcWPSCBAIA61tjuEa1Gf1LKW5NIt0rfaha3nja5bQ5CH0oP1WNQPoTGVYX/LUhG -ED5AOS7CwHECgYBcsX6erOTwG5ISWfaYVFoe6TMJIZFbW3uHaxR2kDmYiLyck33t -ALv52EyNU08ZiIlnoaJRIoUqYsGq1oyeoCyYjTP251NE3u6vEpfpUv+xa13ES83/ -V3JftN5Z83fkAq2W6dMwCQ35S5XkLBoqr8rFlgMPMWBsWZt90dbCo199nwKBgBNI -kz3z5kbRlyKO/0ENKCQKHCF1SQxjYlXYyBUh8AjP+cEfMUYULpuOeXbqxjm+mHEX -S+9imE1QHUKMUJ7+x7Vu8FfUQyNG/4ktDkrOrj9Mvb4LeNsq7g+bGJwgUuriD6MX -r0RvjBQ8VI452oF+sTGqTxSlFujaeKaLrxU3XJkBAoGBANrzsUqEOQoIv9/KW/ls -BjXxGyKqrsnIjB7x0GCmncQoeqB3ADPisyxf45Oiz39W/4s3mz9KKpy5EvJAynsZ -oiWhErOhJoGER/DnziBE4TPUPjibUf7tahIqNOIxd+FJzK4mbOwMmhbpxIfNkdDv -xyLJt4Bq0TJk5knLD+w9Q0+2 ------END PRIVATE KEY----- diff --git a/docker-compose.yml b/docker-compose.yml index 9b8a9e2..f9c5ffc 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,25 +3,20 @@ version: '3.6' services: api: build: ./app - command: gunicorn reimbursinator.wsgi:application --bind 0.0.0.0:444 --keyfile /etc/ssl/selfsigned.key --certfile /etc/ssl/selfsigned.crt + command: gunicorn reimbursinator.wsgi:application --bind 0.0.0.0:81 volumes: - ./app/:/usr/src/app/ - - ./config/selfsigned.key:/etc/ssl/selfsigned.key - - ./config/selfsigned.crt:/etc/ssl/selfsigned.crt ports: - - "8444:444" + - 8001:81 environment: - SECRET_KEY=please_change web: image: nginx:1.10.3 volumes: - ./static:/usr/share/nginx/html - - ./config/default.conf:/etc/nginx/conf.d/default.conf - - ./config/selfsigned.key:/etc/ssl/selfsigned.key - - ./config/selfsigned.crt:/etc/ssl/selfsigned.crt ports: - - "8443:443" + - "8000:80" environment: - NGINX_HOST=reimbursinator.com - - NGINX_PORT=443 + - NGINX_PORT=80 command: /bin/bash -c "exec nginx -g 'daemon off;'"