diff --git a/README.md b/README.md index d500b36..0b1e1dc 100644 --- a/README.md +++ b/README.md @@ -84,10 +84,10 @@ sudo docker exec -itu django medwings-django Run database migrations inside the running container like so: ```bash -sudo docker exec -itu medwings-django python manage.py migrate +sudo docker exec -itu django medwings-django python manage.py migrate ``` To enter django's interactive shell, run: ```bash -sudo docker exec -itu medwings-django python manage.py shell +sudo docker exec -itu django medwings-django python manage.py shell ``` diff --git a/app/authentication/templates/authentication/register-init.html b/app/authentication/templates/authentication/register-init.html index b245439..f2b25a7 100644 --- a/app/authentication/templates/authentication/register-init.html +++ b/app/authentication/templates/authentication/register-init.html @@ -8,14 +8,18 @@

Register

- Something something glad you're signing up. + We're thrilled that you're taking the next step towards a healthier future by signing up for Medwings! + By linking your Withings account, we can seamlessly integrate your health data with Medwings.

To get started, please allow us to access your health data

Link Withings Account

- Something something why this is necessary. + The registration process will continue after you've linked your Withings account. + This step is essential as it allows Medwings to securely access your health data from the Withings cloud. + We use OAuth2, a standard and secure method, to ensure that your personal data remains private and under your control.+ + Once your accounts are linked, you'll be all set to start exploring your health data and insights through Medwings.

{% endblock content %} diff --git a/app/core/settings.py b/app/core/settings.py index 4f1962e..4d2b858 100644 --- a/app/core/settings.py +++ b/app/core/settings.py @@ -12,7 +12,7 @@ https://docs.djangoproject.com/en/4.2/ref/settings/ from pathlib import Path from os import getenv -from utils import parse_string_as_bool +from .utils import parse_string_as_bool # Build paths inside the project like this: BASE_DIR / 'subdir'. @@ -27,6 +27,13 @@ SECRET_KEY = getenv('DJANGO_SECRET_KEY') DEBUG = parse_string_as_bool(getenv('DJANGO_DEBUG_MODE', 'false')) ALLOWED_HOSTS = [ '*' ] +# Force HttpRequest.build_absolute_uri() to generate HTTPS links in production +# This is necessary when running behind a reverse proxy +#USE_X_FORWARDED_HOST = False if DEBUG else True +#SECURE_PROXY_SSL_HEADER = () if DEBUG else ('HTTP_X_FORWARDED_PROTO', 'https') +USE_X_FORWARDED_HOST = True +SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') + # Application definition INSTALLED_APPS = [ @@ -119,6 +126,7 @@ STATIC_URL = 'static/' STATICFILES_DIRS = [ BASE_DIR / 'static', ] +STATIC_ROOT = '/srv/static' # Default primary key field type diff --git a/development.Caddyfile b/development.Caddyfile new file mode 100644 index 0000000..f25042e --- /dev/null +++ b/development.Caddyfile @@ -0,0 +1,10 @@ +:8000 { + handle * { + reverse_proxy * medwings-django:8000 + } + + log { + output stderr + format console + } +} diff --git a/development.caddy.Dockerfile b/development.caddy.Dockerfile index d1d307f..b9529b0 100644 --- a/development.caddy.Dockerfile +++ b/development.caddy.Dockerfile @@ -16,7 +16,7 @@ RUN addgroup --gid ${CUSTOM_GID:-1000} ${CUSTOM_GROUPNAME} && \ # Copy caddy config WORKDIR /app -COPY --chown=${CUSTOM_USERNAME}:${CUSTOM_GROUPNAME} Caddyfile /app/ +COPY --chown=${CUSTOM_USERNAME}:${CUSTOM_GROUPNAME} development.Caddyfile /app/Caddyfile # Run Caddy in development mode USER ${CUSTOM_UID:-1000}:${CUSTOM_GID:-1000} diff --git a/production.Caddyfile b/production.Caddyfile new file mode 100644 index 0000000..079565c --- /dev/null +++ b/production.Caddyfile @@ -0,0 +1,21 @@ +{ + servers { + trusted_proxies static private_ranges + } +} + +:8000 { + handle_path /static/* { + root * /srv/static + file_server + } + + handle * { + reverse_proxy * medwings-django:8000 + } + + log { + output stderr + format console + } +} diff --git a/production.caddy.Dockerfile b/production.caddy.Dockerfile index 11370fe..0e00fb6 100644 --- a/production.caddy.Dockerfile +++ b/production.caddy.Dockerfile @@ -12,11 +12,12 @@ ENV CUSTOM_USERNAME=webserver ENV CUSTOM_GROUPNAME=webserver RUN addgroup --gid ${CUSTOM_GID:-1000} ${CUSTOM_GROUPNAME} && \ adduser --uid ${CUSTOM_UID:-1000} --shell /bin/ash ${CUSTOM_USERNAME} --ingroup ${CUSTOM_GROUPNAME} --disabled-password && \ - mkdir /app && chown ${CUSTOM_UID:-1000}:${CUSTOM_GID:-1000} /app && chmod 700 /app + mkdir /app && chown ${CUSTOM_UID:-1000}:${CUSTOM_GID:-1000} /app && chmod 700 /app && \ + mkdir -p /srv/static && chown ${CUSTOM_UID:-1000}:${CUSTOM_GID:-1000} /srv/static && chmod 700 /srv/static # Copy caddy config WORKDIR /app -COPY --chown=${CUSTOM_USERNAME}:${CUSTOM_GROUPNAME} Caddyfile /app/ +COPY --chown=${CUSTOM_USERNAME}:${CUSTOM_GROUPNAME} production.Caddyfile /app/Caddyfile # Run Caddy in development mode USER ${CUSTOM_UID:-1000}:${CUSTOM_GID:-1000} diff --git a/production.django.Dockerfile b/production.django.Dockerfile index d763ee2..8fc6622 100644 --- a/production.django.Dockerfile +++ b/production.django.Dockerfile @@ -12,7 +12,8 @@ ENV CUSTOM_USERNAME=django ENV CUSTOM_GROUPNAME=django RUN addgroup --gid ${CUSTOM_GID:-1000} ${CUSTOM_GROUPNAME} && \ adduser --uid ${CUSTOM_UID:-1000} --shell /bin/ash ${CUSTOM_USERNAME} --ingroup ${CUSTOM_GROUPNAME} --disabled-password && \ - mkdir /app && chown ${CUSTOM_UID:-1000}:${CUSTOM_GID:-1000} /app && chmod 700 /app + mkdir /app && chown ${CUSTOM_UID:-1000}:${CUSTOM_GID:-1000} /app && chmod 700 /app && \ + mkdir -p /srv/static && chown ${CUSTOM_UID:-1000}:${CUSTOM_GID:-1000} /srv/static && chmod 700 /srv/static ENV PATH "$PATH:/home/${CUSTOM_GROUPNAME}/.local/bin" # Add supervisord conf @@ -31,3 +32,4 @@ RUN pip install -r requirements.txt # Run supervisord EXPOSE 8000/tcp CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"] +#CMD ["uvicorn", "core.asgi:application", "--host", "0.0.0.0", "--port", "8000", "--access-log"] diff --git a/production.docker-compose.yml b/production.docker-compose.yml index 6194988..787dedf 100644 --- a/production.docker-compose.yml +++ b/production.docker-compose.yml @@ -19,11 +19,13 @@ services: - proxy environment: TZ: ${TIMEZONE} + volumes: + - /srv/medwings/static:/srv/static:ro labels: - "traefik.enable=true" - "traefik.http.routers.medwings.entrypoints=https" - "traefik.http.routers.medwings.rule=Host(`medwings.lobbes.dev`)" - - "traefik.http.routers.medwings-secure.middlewares=default@file" + - "traefik.http.routers.medwings.middlewares=default@file" - "traefik.http.routers.medwings.tls=true" - "traefik.http.services.medwings.loadbalancer.server.port=8000" - "traefik.docker.network=proxy" @@ -45,6 +47,8 @@ services: - medwings environment: TZ: ${TIMEZONE} + DJANGO_DEBUG_MODE: ${DJANGO_DEBUG_MODE} + DJANGO_SECRET_KEY: ${DJANGO_SECRET_KEY} PG_NAME: ${PG_NAME} PG_USER: ${PG_USER} PG_PASSWORD: ${PG_PASSWORD} @@ -56,6 +60,8 @@ services: GOTIFY_PASSWORD: ${GOTIFY_PASSWORD} GOTIFY_HOST: ${GOTIFY_HOST} GOTIFY_PUBLIC_URL: ${GOTIFY_PUBLIC_URL} + volumes: + - /srv/medwings/static:/srv/static medwings-postgres: image: postgres:alpine container_name: ${PG_HOST} @@ -94,7 +100,7 @@ services: - "traefik.enable=true" - "traefik.http.routers.medwings-notifications.entrypoints=https" - "traefik.http.routers.medwings-notifications.rule=Host(`medwings-notifications.lobbes.dev`)" - - "traefik.http.routers.medwings-notifications-secure.middlewares=default@file" + - "traefik.http.routers.medwings-notifications.middlewares=default@file" - "traefik.http.routers.medwings-notifications.tls=true" - "traefik.http.services.medwings-notifications.loadbalancer.server.port=80" - "traefik.docker.network=proxy"