Switched both static and api servers over to SSL connection-only. Added self-signed certificate for testing.
This commit is contained in:
kououken
parent
eee1bfb680
commit
2bdd44e1f6
6 changed files with 117 additions and 4 deletions
|
|
@ -118,3 +118,9 @@ USE_TZ = True
|
||||||
# https://docs.djangoproject.com/en/2.1/howto/static-files/
|
# https://docs.djangoproject.com/en/2.1/howto/static-files/
|
||||||
|
|
||||||
STATIC_URL = '/static/'
|
STATIC_URL = '/static/'
|
||||||
|
|
||||||
|
# SSL Configuration
|
||||||
|
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
||||||
|
SECURE_SSL_REDIRECT = True
|
||||||
|
SESSION_COOKIE_SECURE = True
|
||||||
|
CSRF_COOKIE_SECURE = True
|
||||||
|
|
|
||||||
22
config/default.conf
Normal file
22
config/default.conf
Normal file
|
|
@ -0,0 +1,22 @@
|
||||||
|
server {
|
||||||
|
server_name localhost;
|
||||||
|
|
||||||
|
listen 443;
|
||||||
|
|
||||||
|
ssl on;
|
||||||
|
ssl_certificate /etc/ssl/selfsigned.crt;
|
||||||
|
ssl_certificate_key /etc/ssl/selfsigned.key;
|
||||||
|
|
||||||
|
client_max_body_size 4G;
|
||||||
|
|
||||||
|
error_page 500 502 503 504 /50x.html;
|
||||||
|
|
||||||
|
location = /50x.html {
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
index index.html index.htm;
|
||||||
|
}
|
||||||
|
}
|
||||||
32
config/nginx.conf
Normal file
32
config/nginx.conf
Normal file
|
|
@ -0,0 +1,32 @@
|
||||||
|
|
||||||
|
user nginx;
|
||||||
|
worker_processes 1;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/error.log warn;
|
||||||
|
pid /var/run/nginx.pid;
|
||||||
|
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
http {
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
|
'$status $body_bytes_sent "$http_referer" '
|
||||||
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||||
|
|
||||||
|
access_log /var/log/nginx/access.log main;
|
||||||
|
|
||||||
|
sendfile on;
|
||||||
|
#tcp_nopush on;
|
||||||
|
|
||||||
|
keepalive_timeout 65;
|
||||||
|
|
||||||
|
#gzip on;
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/*.conf;
|
||||||
|
}
|
||||||
20
config/selfsigned.crt
Normal file
20
config/selfsigned.crt
Normal file
|
|
@ -0,0 +1,20 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDVDCCAjygAwIBAgIJANSXcVJxmIYNMA0GCSqGSIb3DQEBCwUAMD8xCzAJBgNV
|
||||||
|
BAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xETAPBgNVBAcMCFBvcnRsYW5kMQwwCgYD
|
||||||
|
VQQKDANQU1UwHhcNMTgxMjIyMTczMjMwWhcNMTkxMjIyMTczMjMwWjA/MQswCQYD
|
||||||
|
VQQGEwJVUzEPMA0GA1UECAwGT3JlZ29uMREwDwYDVQQHDAhQb3J0bGFuZDEMMAoG
|
||||||
|
A1UECgwDUFNVMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBLLMprD
|
||||||
|
v1BVODoKHrt+QAd1vDuw0UCR61ytWNQSjMWG+rl4MD+gHq/BK4r2RiuC4E+mLe0O
|
||||||
|
pEYdyVC2K5BBs5jS8XD+DML66rSNxMaSvBgRtmlWqBEbI14h2uReQmr0v/lKJlqS
|
||||||
|
i5UemkdfNZkMy3xPmnRPvbwu4raPbUpTlrKs/lpc6sNKxNWudbsfIocGFbOHTlGE
|
||||||
|
y9ii1L2z6Bsfla5yvVujttFw/QsZyImdThDruphI54jS40JG/BDxjwDB8MOAAmrB
|
||||||
|
KlvG+GlcdiTBRg0XSeVBp3kBg/O+ImZV4TOlEcdX4g0NzAMIQ3hokhr82H4JXE33
|
||||||
|
zcAHb0mVSXCkowIDAQABo1MwUTAdBgNVHQ4EFgQUX3KwNO6WuuYrUgaBvctCMolv
|
||||||
|
VH4wHwYDVR0jBBgwFoAUX3KwNO6WuuYrUgaBvctCMolvVH4wDwYDVR0TAQH/BAUw
|
||||||
|
AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAP20CbT+Nd+Z5VxW3jzjDRz6eKIQ6cwU0
|
||||||
|
9juOh2aTKe3dm3b2Y5Ddg8T6cDIaOjWIt0UeoxdueCC8nmGskrWU9aYHNrxgKff/
|
||||||
|
qrWv9hNseslkNyX52J0VhI7bFXs/UWro0ZXcpGhgZy51oFErGvLdpLp02pvaqP6B
|
||||||
|
SQOkHLiVGS50l9/GAyHcxFSQ4MCdqyhx3q9QiyFCvmpfCBoBVFjOBS9Ac2XBLoo8
|
||||||
|
7p8JplZ5NSazw4if1+ilz/sAzpUyYAgISUuzzFlAPI6tHgN1t6NrbWflKAsV75qc
|
||||||
|
/zYm9q2XIGQmr4QN0v8lU/AYavD3HgQ4Jgbxt3MTZRxpVFggKDqnJw==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
28
config/selfsigned.key
Normal file
28
config/selfsigned.key
Normal file
|
|
@ -0,0 +1,28 @@
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDMEssymsO/UFU4
|
||||||
|
Ogoeu35AB3W8O7DRQJHrXK1Y1BKMxYb6uXgwP6Aer8ErivZGK4LgT6Yt7Q6kRh3J
|
||||||
|
ULYrkEGzmNLxcP4MwvrqtI3ExpK8GBG2aVaoERsjXiHa5F5CavS/+UomWpKLlR6a
|
||||||
|
R181mQzLfE+adE+9vC7ito9tSlOWsqz+Wlzqw0rE1a51ux8ihwYVs4dOUYTL2KLU
|
||||||
|
vbPoGx+VrnK9W6O20XD9CxnIiZ1OEOu6mEjniNLjQkb8EPGPAMHww4ACasEqW8b4
|
||||||
|
aVx2JMFGDRdJ5UGneQGD874iZlXhM6URx1fiDQ3MAwhDeGiSGvzYfglcTffNwAdv
|
||||||
|
SZVJcKSjAgMBAAECggEBAI4NKvp/tnBOh/OKmw7Hbls9lhu/5RXTf3841MV3Ya4x
|
||||||
|
tQKD5gCX2Wpi5vDbWxB/Kyve5Yskb0O0NvmyQAxU7xcH8xXzlDPn6WdE5UYq/2sE
|
||||||
|
yheSfaqhtaVJ2gEXY/GRp+qVqaLG+ylEVLgJpGGXtstSLcsS2Yr2GiDf+TiXO1Yy
|
||||||
|
rW/jvxLn4svKhdnHdTyYjGvhLzVSkEOv7TJQy0o51l7ORZJI61oxLRMU4Y8qsoeq
|
||||||
|
zHv9ij0zgvetBwd2L6SmDYltnDkt8hvIOR0xYM/rkGSV4iaZnERiG+8EyBSIws4V
|
||||||
|
T56Nl87fbbmro1HozMStQz4+CqMqnPOU7ZD1v4xYZaECgYEA6Cga2NoqBPSQp8O+
|
||||||
|
eWaQGdxFU+rabmw2TmPO52HTLiaxxpKtJmLrPFYd2uF4blosFdOzXXLZaedTtjxl
|
||||||
|
mffBPMMfnGYes7Ovj8c/MIs+/7UDQSmXfHy8ButPESX8sCn3bQJ+6GUt25oMxk7H
|
||||||
|
UDuJNHS9pszM1yKpJd1aaYswQFMCgYEA4QhR+/MQiL7+uv3lBDZj+YnamfTPNc8T
|
||||||
|
Yj0rqmTilj7XNOuwAyqD/93zHhiq32Y1OlXtV3RQ8/wbG2wWZVoD1rr5vpGjt4cO
|
||||||
|
mEcWPSCBAIA61tjuEa1Gf1LKW5NIt0rfaha3nja5bQ5CH0oP1WNQPoTGVYX/LUhG
|
||||||
|
ED5AOS7CwHECgYBcsX6erOTwG5ISWfaYVFoe6TMJIZFbW3uHaxR2kDmYiLyck33t
|
||||||
|
ALv52EyNU08ZiIlnoaJRIoUqYsGq1oyeoCyYjTP251NE3u6vEpfpUv+xa13ES83/
|
||||||
|
V3JftN5Z83fkAq2W6dMwCQ35S5XkLBoqr8rFlgMPMWBsWZt90dbCo199nwKBgBNI
|
||||||
|
kz3z5kbRlyKO/0ENKCQKHCF1SQxjYlXYyBUh8AjP+cEfMUYULpuOeXbqxjm+mHEX
|
||||||
|
S+9imE1QHUKMUJ7+x7Vu8FfUQyNG/4ktDkrOrj9Mvb4LeNsq7g+bGJwgUuriD6MX
|
||||||
|
r0RvjBQ8VI452oF+sTGqTxSlFujaeKaLrxU3XJkBAoGBANrzsUqEOQoIv9/KW/ls
|
||||||
|
BjXxGyKqrsnIjB7x0GCmncQoeqB3ADPisyxf45Oiz39W/4s3mz9KKpy5EvJAynsZ
|
||||||
|
oiWhErOhJoGER/DnziBE4TPUPjibUf7tahIqNOIxd+FJzK4mbOwMmhbpxIfNkdDv
|
||||||
|
xyLJt4Bq0TJk5knLD+w9Q0+2
|
||||||
|
-----END PRIVATE KEY-----
|
||||||
|
|
@ -3,20 +3,25 @@ version: '3.6'
|
||||||
services:
|
services:
|
||||||
api:
|
api:
|
||||||
build: ./app
|
build: ./app
|
||||||
command: gunicorn reimbursinator.wsgi:application --bind 0.0.0.0:81
|
command: gunicorn reimbursinator.wsgi:application --bind 0.0.0.0:444 --keyfile /etc/ssl/selfsigned.key --certfile /etc/ssl/selfsigned.crt
|
||||||
volumes:
|
volumes:
|
||||||
- ./app/:/usr/src/app/
|
- ./app/:/usr/src/app/
|
||||||
|
- ./config/selfsigned.key:/etc/ssl/selfsigned.key
|
||||||
|
- ./config/selfsigned.crt:/etc/ssl/selfsigned.crt
|
||||||
ports:
|
ports:
|
||||||
- 8001:81
|
- "8444:444"
|
||||||
environment:
|
environment:
|
||||||
- SECRET_KEY=please_change
|
- SECRET_KEY=please_change
|
||||||
web:
|
web:
|
||||||
image: nginx:1.10.3
|
image: nginx:1.10.3
|
||||||
volumes:
|
volumes:
|
||||||
- ./static:/usr/share/nginx/html
|
- ./static:/usr/share/nginx/html
|
||||||
|
- ./config/default.conf:/etc/nginx/conf.d/default.conf
|
||||||
|
- ./config/selfsigned.key:/etc/ssl/selfsigned.key
|
||||||
|
- ./config/selfsigned.crt:/etc/ssl/selfsigned.crt
|
||||||
ports:
|
ports:
|
||||||
- "8000:80"
|
- "8443:443"
|
||||||
environment:
|
environment:
|
||||||
- NGINX_HOST=reimbursinator.com
|
- NGINX_HOST=reimbursinator.com
|
||||||
- NGINX_PORT=80
|
- NGINX_PORT=443
|
||||||
command: /bin/bash -c "exec nginx -g 'daemon off;'"
|
command: /bin/bash -c "exec nginx -g 'daemon off;'"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue