diff --git a/atdb/atdb/settings/dev.py b/atdb/atdb/settings/dev.py
index 785b6d74e72ebc748af74f8339b44441b800e894..55a670b6c175533d6f9815b6d062892826851c35 100644
--- a/atdb/atdb/settings/dev.py
+++ b/atdb/atdb/settings/dev.py
@@ -1,4 +1,6 @@
from atdb.settings.base import *
+import os
+
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
@@ -34,12 +36,10 @@ if SSL_ENABLED:
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql_psycopg2',
- 'USER': 'atdb_admin',
- 'PASSWORD': 'atdb123',
+ 'USER': os.environ['DATABASE_USER'],
+ 'PASSWORD': os.environ['DATABASE_PASSWORD'],
# database runs locally in postgres
- # 'NAME': 'atdb_trunk',
- #'NAME': 'atdb_04oct2019',
'NAME': 'atdb_ldv',
'HOST': 'localhost',
'PORT': '',
diff --git a/atdb/atdb/settings/docker_sdc.py b/atdb/atdb/settings/docker_sdc.py
index eb4601d12fddaf74e1c695796518d7860de2804a..826ff86308cfc8b5979e787ff33ad7aa1374ee51 100644
--- a/atdb/atdb/settings/docker_sdc.py
+++ b/atdb/atdb/settings/docker_sdc.py
@@ -1,4 +1,5 @@
from atdb.settings.base import *
+import os
# Import production setting must remain False.
DEBUG = True
@@ -6,29 +7,6 @@ DEBUG = True
ALLOWED_HOSTS = ["*"]
-#####################################################
-# These settings mainly deal with https.
-# See http://django-secure.readthedocs.io/en/latest/middleware.html
-# Check the warning and instructions with:
-# (.env) atdb@/var/.../atdb ./manage.py check --deploy --settings=atdb.settings.prod
-#####################################################
-# Assume SSL is correctly set up.
-SSL_ENABLED = False
-if SSL_ENABLED:
- # True: Django now checks that cookies are ONLY sent over SSL.
- # https://docs.djangoproject.com/en/1.11/ref/settings/#session-cookie-secure
- SESSION_COOKIE_SECURE = True
- # True: Django now checks that csrf tokens are ONLY sent over SSL.
- # https://docs.djangoproject.com/en/1.11/ref/settings/#csrf-cookie-secure
- CSRF_COOKIE_SECURE = True
- # True: Always redirect requests back to https (currently ignored as Nginx should enforces https).
- # Alternatively, enable and add set SECURE_PROXY_SSL_HEADER.
- SECURE_SSL_REDIRECT = False
- # Setting this to a non-zero value, will default the client UA always to connect over https.
- # Unclear how or if this possibly affects other *.astron.nl domains. Especially, if these do
- # not support https whether this option then breaks those http-only locations.
- # SECURE_HSTS_SECONDS = 31536000
-
# True: Enables a header that disables the UA from 'clever' automatic mime type sniffing.
# http://django-secure.readthedocs.io/en/latest/settings.html#secure-content-type-nosniff
# https://stackoverflow.com/questions/18337630/what-is-x-content-type-options-nosniff
@@ -46,21 +24,13 @@ X_FRAME_OPTIONS = 'DENY'
DATABASES = {
'default': {
- 'ENGINE': 'django.db.backends.postgresql_psycopg2',
- 'USER': 'dbadmin',
- 'PASSWORD': 'dbadmin123',
-
- # database runs locally in postgres
-# 'NAME': 'atdb',
-# 'HOST': 'sdc.astron.nl',
-# 'PORT': '5432',
+ 'ENGINE': 'django.db.backends.postgresql_psycopg2',
+ 'NAME': os.environ['DATABASE_NAME'],
+ 'HOST': os.environ['DATABASE_HOST'],
+ 'PORT': os.environ['DATABASE_PORT'],
+ 'USER' : os.environ['DATABASE_USER'],
+ 'PASSWORD' : os.environ['DATABASE_PASSWORD'],
- # database runs in docker container,
- # HOST is the service name as specified in the docker-compose file
- # 'NAME': 'atdb',
- 'NAME': 'atdbldv',
- 'HOST': 'atdb-ldv-db',
- 'PORT': '5432',
},
}
diff --git a/atdb/atdb/settings/prod.py b/atdb/atdb/settings/prod.py
new file mode 100644
index 0000000000000000000000000000000000000000..cc28c1e5742693e1fde2754692cdaf9a13fe5d52
--- /dev/null
+++ b/atdb/atdb/settings/prod.py
@@ -0,0 +1,40 @@
+from atdb.settings.base import *
+
+# Import production setting must remain False.
+DEBUG = False
+
+ALLOWED_HOSTS = ["*"]
+
+
+# True: Enables a header that disables the UA from 'clever' automatic mime type sniffing.
+# http://django-secure.readthedocs.io/en/latest/settings.html#secure-content-type-nosniff
+# https://stackoverflow.com/questions/18337630/what-is-x-content-type-options-nosniff
+SECURE_CONTENT_TYPE_NOSNIFF = True
+
+# True: Enables a header that tells the UA to switch on the XSS filter.
+# http://django-secure.readthedocs.io/en/latest/middleware.html#x-xss-protection-1-mode-block
+SECURE_BROWSER_XSS_FILTER = True
+
+# Prevents the site from being deployed within a iframe.
+# This prevent click-jacking attacks.
+# See; https://docs.djangoproject.com/en/1.11/ref/clickjacking/
+X_FRAME_OPTIONS = 'DENY'
+#####################################################
+DATABASE_PASSWORD = os.environ['DATABASE_PASSWORD']
+
+DATABASES = {
+ 'default': {
+ 'ENGINE': 'django.db.backends.postgresql_psycopg2',
+ 'NAME': 'atdbldv',
+ 'HOST': 'sdc-db.astron.nl',
+ 'PORT': '5432',
+ 'USER': 'atdb',
+ 'PASSWORD': 'atdb_ldv_2021',
+ },
+}
+
+# Password validation
+# https://docs.djangoproject.com/en/1.10/ref/settings/#auth-password-validators
+
+AUTH_PASSWORD_VALIDATORS = []
+
diff --git a/atdb/docker/docker-compose-dev-cd.yml b/atdb/docker/docker-compose-dev-cd.yml
index c512b0811af71e01f825746afb89271c51819a90..451d4c58c2e43d2b78719682c4d26bae102d9303 100644
--- a/atdb/docker/docker-compose-dev-cd.yml
+++ b/atdb/docker/docker-compose-dev-cd.yml
@@ -39,4 +39,6 @@ services:
depends_on:
- atdb-ldv-db
+ env_file:
+ - $HOME/shared/atdb_ldv.env
restart: always
diff --git a/atdb/docker/docker-compose-dev.yml b/atdb/docker/docker-compose-dev.yml
index 0dd72dd8416b712f42401f78396037fdf8165ebf..2fe0b551d8086ab0662519ad901750a8cff0b850 100644
--- a/atdb/docker/docker-compose-dev.yml
+++ b/atdb/docker/docker-compose-dev.yml
@@ -28,8 +28,6 @@ services:
atdb-backend:
container_name: atdb-ldv
image: atdb-ldv:latest
-# ports:
-# - "8010:8010"
expose:
- "8000"
networks:
@@ -42,7 +40,8 @@ services:
- "traefik.http.routers.atdb-backend.service=atdb-backend"
- "traefik.http.routers.atdb-backend.rule=Host(`sdc-dev.astron.nl`) && PathPrefix(`/atdb`)"
- "traefik.http.services.atdb-backend.loadbalancer.server.port=8000"
-
depends_on:
- atdb-ldv-db
+ env_file:
+ - $HOME/shared/atdb_ldv.env
restart: always
diff --git a/atdb/docker/docker-compose-production-cd.yml b/atdb/docker/docker-compose-production-cd.yml
new file mode 100644
index 0000000000000000000000000000000000000000..633eade5511aea06fbab6d44ebf10976d97874bc
--- /dev/null
+++ b/atdb/docker/docker-compose-production-cd.yml
@@ -0,0 +1,26 @@
+version: '3.4'
+networks:
+ atdb_network:
+ traefik_proxy:
+ external:
+ name: traefik_proxy
+ default:
+ driver: bridge
+
+services:
+ atdb-backend:
+ container_name: atdb-ldv
+ image: git.astron.nl:5000/astron-sdc/atdb-ldv:latest
+
+ expose:
+ - "8000"
+ networks:
+ - traefik_proxy
+ - atdb_network
+ labels:
+ - "traefik.enable=true"
+ - "traefik.http.routers.atdb-backend.entryPoints=atdb-ldv"
+ - "traefik.http.routers.atdb-backend.service=atdb-backend"
+ - "traefik.http.routers.atdb-backend.rule=Host(`sdc.astron.nl`) && PathPrefix(`/atdb`)"
+ - "traefik.http.services.atdb-backend.loadbalancer.server.port=8000"
+ restart: always
diff --git a/atdb/docker/docker-compose-production.yml b/atdb/docker/docker-compose-production.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5ce8c76265b9ad69689a4c8731d80c3d3eeac8bd
--- /dev/null
+++ b/atdb/docker/docker-compose-production.yml
@@ -0,0 +1,25 @@
+version: '3.4'
+networks:
+ atdb_network:
+ traefik_proxy:
+ external:
+ name: traefik_proxy
+ default:
+ driver: bridge
+
+services:
+ atdb-backend:
+ container_name: atdb-ldv
+ image: atdb-ldv:latest
+ expose:
+ - "8000"
+ networks:
+ - traefik_proxy
+ - atdb_network
+ labels:
+ - "traefik.enable=true"
+ - "traefik.http.routers.atdb-backend.entryPoints=atdb-ldv"
+ - "traefik.http.routers.atdb-backend.service=atdb-backend"
+ - "traefik.http.routers.atdb-backend.rule=Host(`sdc.astron.nl`) && PathPrefix(`/atdb`)"
+ - "traefik.http.services.atdb-backend.loadbalancer.server.port=8000"
+ restart: always
diff --git a/atdb/taskdatabase/templates/taskdatabase/index.html b/atdb/taskdatabase/templates/taskdatabase/index.html
index 63bbbef3e07f3c3e2614ec9116976015e55cf0d0..d344ed00b6ac8cabf55af183c300ff39eb59feea 100644
--- a/atdb/taskdatabase/templates/taskdatabase/index.html
+++ b/atdb/taskdatabase/templates/taskdatabase/index.html
@@ -44,7 +44,7 @@
</div>
{% include 'taskdatabase/pagination.html' %}
</div>
- <p class="footer"> Version 1.0.0 (8 feb 2021 - 13:00)
+ <p class="footer"> Version 1.0.0 (11 feb 2021 - 12:00)
<script type="text/javascript">
(function(seconds) {
var refresh,