settings and secrets to env.vars

787443e4 · Nico Vermaas · 4cf1bd6f · 787443e4 · 787443e4 · 787443e4
Commit 787443e4 authored 4 years ago by Nico Vermaas
--- a/atdb/atdb/settings/dev.py
+++ b/atdb/atdb/settings/dev.py
 from atdb.settings.base import *
+import os
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
@@ -34,12 +36,10 @@ if SSL_ENABLED:
 DATABASES = {
    'default': {
         'ENGINE': 'django.db.backends.postgresql_psycopg2',
-         'USER': 'atdb_admin',
+         'USER': os.environ['DATABASE_USER'],
-         'PASSWORD': 'atdb123',
+         'PASSWORD': os.environ['DATABASE_PASSWORD'],
         # database runs locally in postgres
-         # 'NAME': 'atdb_trunk',
-         #'NAME': 'atdb_04oct2019',
         'NAME': 'atdb_ldv',
         'HOST': 'localhost',
         'PORT': '',

--- a/atdb/atdb/settings/docker_sdc.py
+++ b/atdb/atdb/settings/docker_sdc.py
 from atdb.settings.base import *
+import os
 # Import production setting must remain False.
 DEBUG = True
@@ -6,29 +7,6 @@ DEBUG = True
 ALLOWED_HOSTS = ["*"]
-#####################################################
-# These settings mainly deal with https.
-# See http://django-secure.readthedocs.io/en/latest/middleware.html
-# Check the warning and instructions with:
-# (.env) atdb@/var/.../atdb ./manage.py check --deploy --settings=atdb.settings.prod
-#####################################################
-# Assume SSL is correctly set up.
-SSL_ENABLED = False
-if SSL_ENABLED:
-    # True: Django now checks that cookies are ONLY sent over SSL.
-    # https://docs.djangoproject.com/en/1.11/ref/settings/#session-cookie-secure
-    SESSION_COOKIE_SECURE = True
-    # True: Django now checks that csrf tokens are ONLY sent over SSL.
-    # https://docs.djangoproject.com/en/1.11/ref/settings/#csrf-cookie-secure
-    CSRF_COOKIE_SECURE = True
-    # True: Always redirect requests back to https (currently ignored as Nginx should enforces https).
-    #       Alternatively, enable and add set SECURE_PROXY_SSL_HEADER.
-    SECURE_SSL_REDIRECT = False
-    # Setting this to a non-zero value, will default the client UA always to connect over https.
-    # Unclear how or if this possibly affects other *.astron.nl domains. Especially, if these do
-    # not support https whether this option then breaks those http-only locations.
-    # SECURE_HSTS_SECONDS = 31536000
 # True: Enables a header that disables the UA from 'clever' automatic mime type sniffing.
 # http://django-secure.readthedocs.io/en/latest/settings.html#secure-content-type-nosniff
 # https://stackoverflow.com/questions/18337630/what-is-x-content-type-options-nosniff
@@ -46,21 +24,13 @@ X_FRAME_OPTIONS = 'DENY'
 DATABASES = {
    'default': {
-         'ENGINE': 'django.db.backends.postgresql_psycopg2',
+        'ENGINE': 'django.db.backends.postgresql_psycopg2',
-         'USER': 'dbadmin',
+        'NAME': os.environ['DATABASE_NAME'],
-         'PASSWORD': 'dbadmin123',
+        'HOST': os.environ['DATABASE_HOST'],
+        'PORT': os.environ['DATABASE_PORT'],
-         # database runs locally in postgres
+        'USER' : os.environ['DATABASE_USER'],
-#         'NAME': 'atdb',
+        'PASSWORD' : os.environ['DATABASE_PASSWORD'],
-#         'HOST': 'sdc.astron.nl',
-#         'PORT': '5432',
-        # database runs in docker container,
-        # HOST is the service name as specified in the docker-compose file
-        # 'NAME': 'atdb',
-        'NAME': 'atdbldv',
-        'HOST': 'atdb-ldv-db',
-        'PORT': '5432',
    },
 }

--- a/atdb/atdb/settings/prod.py
+++ b/atdb/atdb/settings/prod.py
+from atdb.settings.base import *
+# Import production setting must remain False.
+DEBUG = False
+ALLOWED_HOSTS = ["*"]
+# True: Enables a header that disables the UA from 'clever' automatic mime type sniffing.
+# http://django-secure.readthedocs.io/en/latest/settings.html#secure-content-type-nosniff
+# https://stackoverflow.com/questions/18337630/what-is-x-content-type-options-nosniff
+SECURE_CONTENT_TYPE_NOSNIFF = True
+# True: Enables a header that tells the UA to switch on the XSS filter.
+# http://django-secure.readthedocs.io/en/latest/middleware.html#x-xss-protection-1-mode-block
+SECURE_BROWSER_XSS_FILTER = True
+# Prevents the site from being deployed within a iframe.
+# This prevent click-jacking attacks.
+# See; https://docs.djangoproject.com/en/1.11/ref/clickjacking/
+X_FRAME_OPTIONS = 'DENY'
+#####################################################
+DATABASE_PASSWORD = os.environ['DATABASE_PASSWORD']
+DATABASES = {
+    'default': {
+         'ENGINE': 'django.db.backends.postgresql_psycopg2',
+         'NAME': 'atdbldv',
+         'HOST': 'sdc-db.astron.nl',
+         'PORT': '5432',
+         'USER': 'atdb',
+         'PASSWORD': 'atdb_ldv_2021',
+    },
+}
+# Password validation
+# https://docs.djangoproject.com/en/1.10/ref/settings/#auth-password-validators
+AUTH_PASSWORD_VALIDATORS = []
--- a/atdb/docker/docker-compose-dev-cd.yml
+++ b/atdb/docker/docker-compose-dev-cd.yml
@@ -39,4 +39,6 @@ services:
    depends_on:
      - atdb-ldv-db
+    env_file:
+    - $HOME/shared/atdb_ldv.env
    restart: always
--- a/atdb/docker/docker-compose-dev.yml
+++ b/atdb/docker/docker-compose-dev.yml
@@ -28,8 +28,6 @@ services:
  atdb-backend:
    container_name: atdb-ldv
    image: atdb-ldv:latest
-#    ports:
-#      - "8010:8010"
    expose:
      - "8000"
    networks:
@@ -42,7 +40,8 @@ services:
      - "traefik.http.routers.atdb-backend.service=atdb-backend"
      - "traefik.http.routers.atdb-backend.rule=Host(`sdc-dev.astron.nl`) && PathPrefix(`/atdb`)"
      - "traefik.http.services.atdb-backend.loadbalancer.server.port=8000"
    depends_on:
      - atdb-ldv-db
+    env_file:
+    - $HOME/shared/atdb_ldv.env
    restart: always
--- a/atdb/docker/docker-compose-production-cd.yml
+++ b/atdb/docker/docker-compose-production-cd.yml
+version: '3.4'
+networks:
+  atdb_network:
+  traefik_proxy:
+    external:
+      name: traefik_proxy
+  default:
+    driver: bridge
+services:
+   atdb-backend:
+    container_name: atdb-ldv
+    image: git.astron.nl:5000/astron-sdc/atdb-ldv:latest
+    expose:
+      - "8000"
+    networks:
+      - traefik_proxy
+      - atdb_network
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.atdb-backend.entryPoints=atdb-ldv"
+      - "traefik.http.routers.atdb-backend.service=atdb-backend"
+      - "traefik.http.routers.atdb-backend.rule=Host(`sdc.astron.nl`) && PathPrefix(`/atdb`)"
+      - "traefik.http.services.atdb-backend.loadbalancer.server.port=8000"
+    restart: always
--- a/atdb/docker/docker-compose-production.yml
+++ b/atdb/docker/docker-compose-production.yml
+version: '3.4'
+networks:
+  atdb_network:
+  traefik_proxy:
+    external:
+      name: traefik_proxy
+  default:
+    driver: bridge
+services:
+  atdb-backend:
+    container_name: atdb-ldv
+    image: atdb-ldv:latest
+    expose:
+      - "8000"
+    networks:
+      - traefik_proxy
+      - atdb_network
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.atdb-backend.entryPoints=atdb-ldv"
+      - "traefik.http.routers.atdb-backend.service=atdb-backend"
+      - "traefik.http.routers.atdb-backend.rule=Host(`sdc.astron.nl`) && PathPrefix(`/atdb`)"
+      - "traefik.http.services.atdb-backend.loadbalancer.server.port=8000"
+    restart: always
--- a/atdb/taskdatabase/templates/taskdatabase/index.html
+++ b/atdb/taskdatabase/templates/taskdatabase/index.html
@@ -44,7 +44,7 @@
    </div>
    {% include 'taskdatabase/pagination.html' %}
 </div>
-    <p class="footer"> Version 1.0.0 (8 feb 2021 - 13:00)
+    <p class="footer"> Version 1.0.0 (11 feb 2021 - 12:00)
    <script type="text/javascript">
        (function(seconds) {
            var refresh,