start prod docker migration
This commit is contained in:
@@ -0,0 +1,20 @@
|
||||
# Copy this to .env.prod on the server and fill in production values (do NOT commit secrets).
|
||||
|
||||
# Django
|
||||
SECRET_KEY=replace-me-with-a-secure-random-string
|
||||
DEBUG=0
|
||||
ALLOWED_HOSTS=example.com
|
||||
|
||||
# External DB (you mentioned production uses an external DB)
|
||||
DATABASE_HOST=your.db.host
|
||||
DATABASE_PORT=5432
|
||||
DATABASE_NAME=rad
|
||||
DATABASE_USER=django
|
||||
DATABASE_PASSWORD=strong-db-password
|
||||
|
||||
# Redis
|
||||
REDIS_URL=redis://redis:6379/0
|
||||
|
||||
# Gunicorn tuning
|
||||
GUNICORN_WORKERS=3
|
||||
GUNICORN_LOGLEVEL=info
|
||||
@@ -0,0 +1,128 @@
|
||||
upstream app_server {
|
||||
# In production we proxy to the 'web' service (gunicorn) listening on 8000
|
||||
server web:8000;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name _;
|
||||
|
||||
client_max_body_size 100M;
|
||||
|
||||
# Serve static files from the static volume
|
||||
location /static/ {
|
||||
alias /usr/src/app/static/;
|
||||
expires 30d;
|
||||
add_header Cache-Control "public, max-age=2592000";
|
||||
}
|
||||
|
||||
# Serve media files from the media volume. CORS handling preserved.
|
||||
set $cors "";
|
||||
if ($http_origin ~* (https?://(localhost:5173|viewer\.penracourses\.org\.uk))) {
|
||||
set $cors $http_origin;
|
||||
}
|
||||
|
||||
location /media {
|
||||
if ($request_method = OPTIONS ) {
|
||||
add_header 'Access-Control-Allow-Origin' $cors always;
|
||||
add_header 'Access-Control-Allow-Credentials' 'true' always;
|
||||
add_header 'Access-Control-Allow-Headers' "Origin, X-Requested-With, Content-Type, Accept" always;
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||
add_header 'Access-Control-Max-Age' 1728000;
|
||||
add_header 'Content-Type' 'text/plain; charset=utf-8';
|
||||
add_header 'Content-Length' 0;
|
||||
return 200;
|
||||
}
|
||||
add_header 'Access-Control-Allow-Origin' $cors always;
|
||||
alias /usr/src/app/media;
|
||||
}
|
||||
|
||||
# Viewer / OHIF / other static frontends - mount these into the nginx container at deploy time
|
||||
location /viewer {
|
||||
alias /srv/www/viewer;
|
||||
index index.html;
|
||||
try_files $uri $uri/ /viewer/index.html;
|
||||
add_header Cache-Control "no-store, no-cache, must-revalidate";
|
||||
add_header 'Cross-Origin-Resource-Policy' 'cross-origin';
|
||||
}
|
||||
|
||||
location /ohif {
|
||||
add_header 'Cross-Origin-Opener-Policy' 'same-origin' always;
|
||||
add_header 'Cross-Origin-Embedder-Policy' 'require-corp' always;
|
||||
add_header 'Cross-Origin-Resource-Policy' 'same-site' always;
|
||||
alias /srv/www/ohif;
|
||||
try_files $uri /ohif/index.html;
|
||||
}
|
||||
|
||||
# rts and other host-mounted folders
|
||||
location /rts {
|
||||
alias /srv/www/rts;
|
||||
}
|
||||
|
||||
location /rota {
|
||||
alias /srv/proc/rota;
|
||||
autoindex on;
|
||||
}
|
||||
|
||||
location /uploader {
|
||||
alias /srv/uploader;
|
||||
autoindex on;
|
||||
}
|
||||
|
||||
# Reporter proxy - if you run a reporter service, set it up on the 'reporter' network name
|
||||
location ~ ^/reporter/(.*)$ {
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_set_header Authorization $http_authorization;
|
||||
proxy_pass_header Authorization;
|
||||
|
||||
proxy_pass http://reporter:5129/$1?$args;
|
||||
proxy_set_header X-Forwarded-Prefix /reporter;
|
||||
proxy_redirect http://reporter:5129/ /reporter/;
|
||||
}
|
||||
|
||||
# Default proxy to the Django/gunicorn upstream
|
||||
location / {
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Host $host;
|
||||
proxy_redirect off;
|
||||
proxy_buffering off;
|
||||
add_header 'Cross-Origin-Embedder-Policy' 'require-corp' always;
|
||||
add_header 'Cross-Origin-Resource-Policy' 'same-site' always;
|
||||
|
||||
proxy_pass http://app_server;
|
||||
}
|
||||
|
||||
# Default dev / health server block; keep 443 managed outside of docker unless you mount certs
|
||||
listen 80;
|
||||
}
|
||||
|
||||
# A minimal HTTPS server block that expects certs to be mounted at /etc/letsencrypt
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name www.penracourses.org.uk penracourses.org.uk viewer.penracourses.org.uk;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/www.penracourses.org.uk/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/www.penracourses.org.uk/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
client_max_body_size 4G;
|
||||
|
||||
# Same static/media handling as above
|
||||
location /static/ { alias /usr/src/app/static/; }
|
||||
location /media { alias /usr/src/app/media; }
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Host $host;
|
||||
proxy_redirect off;
|
||||
proxy_buffering off;
|
||||
proxy_pass http://app_server;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,60 @@
|
||||
"""
|
||||
Example `settings_local.py` derived from the production server file.
|
||||
This file is a template only — DO NOT commit real secrets. Copy it to
|
||||
`rad/deploy/settings_local.py` on your server (or provide your own) and
|
||||
ensure the real file is excluded from git.
|
||||
"""
|
||||
|
||||
DEBUG = False
|
||||
|
||||
INTERNAL_IPS = ["82.69.88.125", "217.155.198.96"]
|
||||
|
||||
# Paths inside the nginx container / host-mounted deploy directories.
|
||||
# On the server, these paths are mounted into nginx as described in the
|
||||
# deployment README. Adjust as needed.
|
||||
STATIC_ROOT = '/usr/src/app/static/'
|
||||
|
||||
EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"
|
||||
|
||||
if not DEBUG:
|
||||
LOGGING = {
|
||||
'version': 1,
|
||||
'disable_existing_loggers': False,
|
||||
'formatters': {
|
||||
'verbose': {
|
||||
'format': "[%(asctime)s] %(levelname)s [%(name)s:%(lineno)s] %(message)s",
|
||||
'datefmt': "%d/%b/%Y %H:%M:%S",
|
||||
},
|
||||
'simple': {
|
||||
'format': '%(levelname)s %(message)s',
|
||||
},
|
||||
},
|
||||
'handlers': {
|
||||
'file': {
|
||||
'level': 'DEBUG',
|
||||
'class': 'logging.FileHandler',
|
||||
'filename': 'log.txt',
|
||||
'formatter': 'verbose',
|
||||
},
|
||||
},
|
||||
'loggers': {
|
||||
'django': {
|
||||
'handlers': ['file'],
|
||||
'propagate': True,
|
||||
'level': 'DEBUG',
|
||||
},
|
||||
'atlas': {
|
||||
'handlers': ['file'],
|
||||
'level': 'DEBUG',
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
# External service credentials (placeholders)
|
||||
CIMAR_USERNAME = "your.username@example.com"
|
||||
CIMAR_PASSWORD = "<REPLACE-WITH-SECRET>"
|
||||
|
||||
# Celery settings — when running in docker the redis service is
|
||||
# reachable at the `redis` hostname provided by docker compose.
|
||||
CELERY_BROKER_URL = "redis://redis:6379"
|
||||
CELERY_RESULT_BACKEND = "redis://redis:6379"
|
||||
@@ -0,0 +1,72 @@
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
redis:
|
||||
image: redis:7.4.2-alpine
|
||||
restart: always
|
||||
volumes:
|
||||
- redis_data:/data
|
||||
healthcheck:
|
||||
test: ["CMD","redis-cli","ping"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
|
||||
web:
|
||||
build:
|
||||
# build context is the repository root (one level up from this file)
|
||||
context: ..
|
||||
dockerfile: rad/Dockerfile.prod
|
||||
restart: always
|
||||
env_file:
|
||||
- ../.env.prod
|
||||
environment:
|
||||
- DJANGO_SETTINGS_MODULE=rad.settings.production
|
||||
depends_on:
|
||||
redis:
|
||||
condition: service_healthy
|
||||
volumes:
|
||||
- static_volume:/usr/src/app/static
|
||||
- media_volume:/usr/src/app/media
|
||||
# Mount the server-specific local settings if present (DO NOT commit secrets).
|
||||
# On the server create: rad/deploy/settings_local.py and it will be mounted into the container.
|
||||
- ../deploy/settings_local.py:/usr/src/app/rad/settings_local.py:ro
|
||||
expose:
|
||||
- "8000"
|
||||
command: ["/usr/src/app/entrypoint.sh"]
|
||||
|
||||
nginx:
|
||||
image: nginx:stable-alpine
|
||||
restart: always
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
depends_on:
|
||||
- web
|
||||
volumes:
|
||||
- ../deploy/nginx/prod.conf:/etc/nginx/conf.d/default.conf:ro
|
||||
- static_volume:/usr/src/app/static:ro
|
||||
- media_volume:/usr/src/app/media:ro
|
||||
- ../deploy/nginx/certs:/etc/letsencrypt:ro
|
||||
# Host-provided front-end bundles and static folders. Populate these under rad/deploy on the server
|
||||
- ../deploy/www/viewer:/srv/www/viewer:ro
|
||||
- ../deploy/www/ohif:/srv/www/ohif:ro
|
||||
- ../deploy/www/rts:/srv/www/rts:ro
|
||||
- ../deploy/nicereporter:/srv/nicereporter:rw
|
||||
- ../deploy/proc-rota:/srv/proc/rota:ro
|
||||
- ../deploy/uploader:/srv/uploader:ro
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL","nginx -t" ]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
|
||||
volumes:
|
||||
postgres_data:
|
||||
redis_data:
|
||||
static_volume:
|
||||
media_volume:
|
||||
|
||||
networks:
|
||||
default:
|
||||
driver: bridge
|
||||
@@ -0,0 +1,26 @@
|
||||
version: "3.8"
|
||||
|
||||
# Local test compose overlay — adds a Postgres service so you can run the
|
||||
# full stack locally without an external DB. Use it together with
|
||||
# docker-compose.prod.yml:
|
||||
#
|
||||
# docker compose -f rad/docker/docker-compose.prod.yml -f rad/docker/docker-compose.test.yml up -d --build
|
||||
|
||||
services:
|
||||
db:
|
||||
image: postgres:14-alpine
|
||||
restart: always
|
||||
environment:
|
||||
POSTGRES_USER: ${POSTGRES_USER:-django}
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
|
||||
POSTGRES_DB: ${POSTGRES_DB:-rad}
|
||||
volumes:
|
||||
- postgres_test_data:/var/lib/postgresql/data
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL","pg_isready -U ${POSTGRES_USER:-django}" ]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
|
||||
volumes:
|
||||
postgres_test_data:
|
||||
@@ -0,0 +1,25 @@
|
||||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
# Lightweight wait-for-postgres using nc (expects DATABASE_HOST and DATABASE_PORT env vars)
|
||||
if [ -n "${DATABASE_HOST}" ]; then
|
||||
host="$DATABASE_HOST"
|
||||
port="${DATABASE_PORT:-5432}"
|
||||
echo "Waiting for database at ${host}:${port}..."
|
||||
while ! nc -z "$host" "$port"; do
|
||||
sleep 1
|
||||
done
|
||||
fi
|
||||
|
||||
echo "Applying database migrations..."
|
||||
python manage.py migrate --noinput
|
||||
|
||||
echo "Collecting static files..."
|
||||
python manage.py collectstatic --noinput
|
||||
|
||||
echo "Starting gunicorn..."
|
||||
exec gunicorn rad.wsgi:application \
|
||||
--name rad_gunicorn \
|
||||
--bind 0.0.0.0:8000 \
|
||||
--workers ${GUNICORN_WORKERS:-3} \
|
||||
--log-level ${GUNICORN_LOGLEVEL:-info}
|
||||
@@ -0,0 +1,44 @@
|
||||
FROM python:3.14-slim
|
||||
|
||||
# Copy uv helper binary from the uv image so we can manage venvs and pip
|
||||
COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
|
||||
|
||||
ENV PYTHONDONTWRITEBYTECODE=1
|
||||
ENV PYTHONUNBUFFERED=1
|
||||
|
||||
# Install build deps required for common Python packages and netcat for health wait
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y --no-install-recommends \
|
||||
build-essential \
|
||||
gcc \
|
||||
git \
|
||||
libpq-dev \
|
||||
pkg-config \
|
||||
libcairo2-dev \
|
||||
libgdk-pixbuf2.0-0 \
|
||||
libgdk-pixbuf2.0-dev \
|
||||
libjpeg-dev \
|
||||
zlib1g-dev \
|
||||
wget \
|
||||
ca-certificates \
|
||||
netcat \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
WORKDIR /usr/src/app
|
||||
|
||||
# Install python deps into a uv-managed venv for reproducible builds
|
||||
COPY requirements.txt /usr/src/app/
|
||||
RUN uv venv /opt/venv \
|
||||
&& export VIRTUAL_ENV=/opt/venv \
|
||||
&& export PATH="/opt/venv/bin:$PATH" \
|
||||
&& uv pip install --upgrade pip setuptools wheel \
|
||||
&& uv pip install --no-cache-dir -r requirements.txt
|
||||
|
||||
# Copy project files into image
|
||||
COPY . /usr/src/app
|
||||
|
||||
# Create non-root user
|
||||
RUN useradd -m appuser && chown -R appuser /usr/src/app /opt/venv
|
||||
USER appuser
|
||||
|
||||
ENTRYPOINT ["/usr/src/app/entrypoint.sh"]
|
||||
+402
@@ -0,0 +1,402 @@
|
||||
upstream app_server {
|
||||
server unix:/run/gunicorn.sock fail_timeout=0;
|
||||
}
|
||||
|
||||
server {
|
||||
#listen 80;
|
||||
|
||||
root /home/ross/web/viewer;
|
||||
#index index.html index.htm;
|
||||
|
||||
|
||||
server_name viewer.penracourses.org.uk;
|
||||
|
||||
location / {
|
||||
|
||||
|
||||
#if ($request_method = 'OPTIONS') {
|
||||
# add_header 'Access-Control-Allow-Origin' * always;
|
||||
# add_header 'Access-Control-Allow-Credentials' 'true' always;
|
||||
# add_header 'Access-Control-Allow-Headers' "Origin, X-Requested-With, Content-Type, Accept" always;
|
||||
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||
# add_header 'Access-Control-Max-Age' 1728000;
|
||||
# add_header 'Content-Type' 'text/plain; charset=utf-8';
|
||||
# add_header 'Content-Length' 0;
|
||||
# return 204;
|
||||
#}
|
||||
|
||||
#alias /home/ross/web/viewer;
|
||||
|
||||
#add_header Cross-Origin-Opener-Policy same-origin;
|
||||
#add_header Cross-Origin-Embedder-Policy require-corp;
|
||||
|
||||
#add_header 'Cross-Origin-Opener-Policy' 'cross-origin' always;
|
||||
#add_header 'Cross-Origin-Embedder-Policy' 'credentialless' always;
|
||||
|
||||
index index.html;
|
||||
|
||||
try_files $uri $uri/ /index.html;
|
||||
add_header Cache-Control "no-store, no-cache, must-revalidate";
|
||||
add_header 'Cross-Origin-Resource-Policy' 'cross-origin';
|
||||
}
|
||||
|
||||
|
||||
|
||||
listen 443 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/viewer.penracourses.org.uk/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/viewer.penracourses.org.uk/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}
|
||||
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name penracourses.org.uk;
|
||||
|
||||
return 301 https://www.penracourses.org.uk$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen [::]:443 ssl; # managed by Certbot
|
||||
server_name penracourses.org.uk;
|
||||
listen 443 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/penracourses.org.uk/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/penracourses.org.uk/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
return 301 https://www.penracourses.org.uk$request_uri;
|
||||
}
|
||||
|
||||
|
||||
server {
|
||||
#listen 80;
|
||||
|
||||
root /usr/share/nginx/html;
|
||||
index index.html index.htm;
|
||||
|
||||
client_max_body_size 4G;
|
||||
#server_name _;
|
||||
server_name www.penracourses.org.uk;
|
||||
resolver 127.0.0.11;
|
||||
|
||||
keepalive_timeout 20;
|
||||
|
||||
set $cors "";
|
||||
if ($http_origin ~* (https?://(localhost:5173|viewer\.penracourses\.org\.uk))) {
|
||||
set $cors $http_origin;
|
||||
}
|
||||
|
||||
|
||||
# Your Django project's media files - amend as required
|
||||
location /media {
|
||||
if ($request_method = OPTIONS ) {
|
||||
add_header 'Access-Control-Allow-Origin' $cors always;
|
||||
#add_header 'Access-Control-Allow-Origin' 'https://viewer.penracourses.org.uk' always;
|
||||
add_header 'Access-Control-Allow-Credentials' 'true' always;
|
||||
add_header 'Access-Control-Allow-Headers' "Origin, X-Requested-With, Content-Type, Accept" always;
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||
add_header 'Access-Control-Max-Age' 1728000;
|
||||
add_header 'Content-Type' 'text/plain; charset=utf-8';
|
||||
add_header 'Content-Length' 0;
|
||||
return 200;
|
||||
}
|
||||
#add_header 'Access-Control-Allow-Origin' 'https://viewer.penracourses.org.uk' always;
|
||||
add_header 'Access-Control-Allow-Origin' $cors always;
|
||||
|
||||
|
||||
alias /home/ross/web/rad/media;
|
||||
#add_header Access-Control-Allow-Origin *;
|
||||
#add_header Access-Control-Allow-Origin http://localhost:8000;
|
||||
#add_header Vary Origin;
|
||||
}
|
||||
|
||||
# your Django project's static files - amend as required
|
||||
location /static {
|
||||
alias /home/ross/web/static;
|
||||
}
|
||||
|
||||
# rts
|
||||
location /rts {
|
||||
alias /home/ross/web/rts;
|
||||
}
|
||||
# OHIF
|
||||
location /viewer {
|
||||
#add_header 'Cross-Origin-Opener-Policy' 'cross-origin' always;
|
||||
#add_header 'Cross-Origin-Embedder-Policy' 'credentialless' always;
|
||||
#add_header 'Cross-Origin-Resource-Policy' 'cross-origin' always;
|
||||
alias /home/ross/web/viewer;
|
||||
}
|
||||
location /ohif {
|
||||
add_header 'Cross-Origin-Opener-Policy' 'same-origin' always;
|
||||
add_header 'Cross-Origin-Embedder-Policy' 'require-corp' always;
|
||||
add_header 'Cross-Origin-Resource-Policy' 'same-site' always;
|
||||
alias /home/ross/web/ohif;
|
||||
try_files $uri /ohif/index.html;
|
||||
#autoindex on;
|
||||
}
|
||||
|
||||
|
||||
# # Proxy the static assests for the Django Admin panel
|
||||
# location /static/admin {
|
||||
# alias /usr/lib/python3/dist-packages/django/contrib/admin/static/admin/;
|
||||
# }
|
||||
location /rota {
|
||||
alias /home/ross/proc/proc-rota;
|
||||
autoindex on;
|
||||
}
|
||||
|
||||
location /uploader {
|
||||
alias /home/ross/uploader;
|
||||
autoindex on;
|
||||
}
|
||||
|
||||
location ~ ^/reporter/(.*)$ {
|
||||
alias /home/ross/web/nicereporter;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_set_header Authorization $http_authorization;
|
||||
proxy_pass_header Authorization;
|
||||
|
||||
proxy_pass http://127.0.0.1:5129/$1?$args;
|
||||
proxy_set_header X-Forwarded-Prefix /reporter;
|
||||
proxy_redirect http://127.0.0.1:5129/ /reporter/;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Host $host;
|
||||
proxy_redirect off;
|
||||
proxy_buffering off;
|
||||
#add_header 'Cross-Origin-Opener-Policy' 'single-origin' always;
|
||||
#add_header 'Cross-Origin-Embedder-Policy' 'require-corp' always;
|
||||
#add_header 'Cross-Origin-Resource-Policy' 'same-site' always;
|
||||
#add_header 'Cross-Origin-Opener-Policy' 'same-origin' always;
|
||||
add_header 'Cross-Origin-Embedder-Policy' 'require-corp' always;
|
||||
add_header 'Cross-Origin-Resource-Policy' 'same-site' always;
|
||||
#add_header 'Access-Control-Allow-Origin' $cors always;
|
||||
|
||||
proxy_pass http://app_server;
|
||||
#add_header Access-Control-Allow-Origin *;
|
||||
#add_header Vary Origin;
|
||||
}
|
||||
|
||||
#location ~* \.(jpg|jpeg|png|dicom)$ {
|
||||
# add_header Access-Control-Allow-Origin *;
|
||||
#}
|
||||
# rota
|
||||
|
||||
|
||||
listen [::]:443 ssl; # managed by Certbot
|
||||
listen 443 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/penracourses.org.uk/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/penracourses.org.uk/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}
|
||||
|
||||
#server {
|
||||
#server_name 161.35.163.87;
|
||||
#add_header X-Frame-Options "SAMEORIGIN";
|
||||
#
|
||||
#return 301 $scheme://penracourses.org.uk$request_uri;
|
||||
#}
|
||||
|
||||
|
||||
#server {
|
||||
# #listen 80;
|
||||
# #server_name penracoureses.org.uk www.penracourses.org.uk;
|
||||
#
|
||||
# root /usr/share/nginx/html;
|
||||
# index index.html index.htm;
|
||||
#
|
||||
# client_max_body_size 4G;
|
||||
# #server_name _;
|
||||
# server_name penracourses.org.uk; # managed by Certbot
|
||||
#
|
||||
# keepalive_timeout 5;
|
||||
#
|
||||
# # Your Django project's media files - amend as required
|
||||
# location /media {
|
||||
# alias /home/ross/web/rad/media;
|
||||
# #add_header Access-Control-Allow-Origin *;
|
||||
# #add_header Access-Control-Allow-Origin http://localhost:8000;
|
||||
# #add_header Vary Origin;
|
||||
# }
|
||||
#
|
||||
# # your Django project's static files - amend as required
|
||||
# location /static {
|
||||
# alias /home/ross/web/rad/static;
|
||||
# }
|
||||
#
|
||||
# # rts
|
||||
# location /rts {
|
||||
# alias /home/ross/web/rts;
|
||||
# }
|
||||
#
|
||||
# # # Proxy the static assests for the Django Admin panel
|
||||
# # location /static/admin {
|
||||
# # alias /usr/lib/python3/dist-packages/django/contrib/admin/static/admin/;
|
||||
# # }
|
||||
#
|
||||
# location / {
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_redirect off;
|
||||
# proxy_buffering off;
|
||||
#
|
||||
# proxy_pass http://app_server;
|
||||
# }
|
||||
#
|
||||
# #location ~* \.(jpg|jpeg|png|dicom)$ {
|
||||
# # add_header Access-Control-Allow-Origin *;
|
||||
# #}
|
||||
#
|
||||
# # rota
|
||||
# location /rota {
|
||||
# alias /home/ross/proc-rota;
|
||||
# }
|
||||
#
|
||||
# location /rota2 {
|
||||
# alias /home/ross/neos;
|
||||
# }
|
||||
#
|
||||
#
|
||||
#
|
||||
#
|
||||
#
|
||||
# listen [::]:443 ssl ipv6only=on; # managed by Certbot
|
||||
# listen 443 ssl; # managed by Certbot
|
||||
# ssl_certificate /etc/letsencrypt/live/penracourses.org.uk/fullchain.pem; # managed by Certbot
|
||||
# ssl_certificate_key /etc/letsencrypt/live/penracourses.org.uk/privkey.pem; # managed by Certbot
|
||||
# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
#
|
||||
#}
|
||||
|
||||
|
||||
|
||||
server {
|
||||
root /home/ross/web/rts;
|
||||
index index.html index.htm;
|
||||
|
||||
client_max_body_size 4G;
|
||||
#server_name _;
|
||||
server_name dev.penracourses.org.uk www.dev.penracourses.org.uk;
|
||||
|
||||
keepalive_timeout 5;
|
||||
|
||||
# Your Django project's media files - amend as required
|
||||
location /media {
|
||||
# Simple requests
|
||||
if ($request_method ~* "(GET|POST)") {
|
||||
add_header "Access-Control-Allow-Origin" *;
|
||||
}
|
||||
|
||||
# Preflighted requests
|
||||
if ($request_method = OPTIONS ) {
|
||||
add_header "Access-Control-Allow-Origin" *;
|
||||
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD";
|
||||
add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
|
||||
return 200;
|
||||
}
|
||||
alias /home/ross/web/rad/media;
|
||||
#add_header Access-Control-Allow-Origin *;
|
||||
#add_header Access-Control-Allow-Origin http://localhost:8000;
|
||||
#add_header Vary Origin;
|
||||
}
|
||||
|
||||
# your Django project's static files - amend as required
|
||||
location /static {
|
||||
alias /home/ross/web/rad/static;
|
||||
}
|
||||
|
||||
# rts
|
||||
location /rts {
|
||||
alias /home/ross/web/rts;
|
||||
}
|
||||
|
||||
# # Proxy the static assests for the Django Admin panel
|
||||
# location /static/admin {
|
||||
# alias /usr/lib/python3/dist-packages/django/contrib/admin/static/admin/;
|
||||
# }
|
||||
|
||||
location / {
|
||||
add_header 'Access-Control-Allow-Origin' '*' always;
|
||||
try_files $uri $uri/ =404;
|
||||
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
#proxy_set_header X-Forwarded-Proto $scheme;
|
||||
#proxy_set_header Host $host;
|
||||
#proxy_redirect off;
|
||||
#proxy_buffering off;
|
||||
|
||||
#proxy_pass http://app_server;
|
||||
#add_header Access-Control-Allow-Origin *;
|
||||
#add_header Vary Origin;
|
||||
}
|
||||
|
||||
#location ~* \.(jpg|jpeg|png|dicom)$ {
|
||||
# add_header Access-Control-Allow-Origin *;
|
||||
#}
|
||||
|
||||
|
||||
|
||||
|
||||
#listen [::]:443 ssl; # managed by Certbot
|
||||
#listen 443 ssl; # managed by Certbot
|
||||
#ssl_certificate /etc/letsencrypt/live/penracourses.org.uk/fullchain.pem; # managed by Certbot
|
||||
#ssl_certificate_key /etc/letsencrypt/live/penracourses.org.uk/privkey.pem; # managed by Certbot
|
||||
#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}
|
||||
|
||||
|
||||
server {
|
||||
if ($host = penracourses.org.uk) {
|
||||
return 301 https://www.$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80 ;
|
||||
listen [::]:80 ;
|
||||
server_name penracourses.org.uk;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = www.penracourses.org.uk) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server ipv6only=on;
|
||||
server_name www.penracourses.org.uk;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
server {
|
||||
if ($host = viewer.penracourses.org.uk) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
|
||||
server_name viewer.penracourses.org.uk;
|
||||
listen 80;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
@@ -0,0 +1,54 @@
|
||||
DEBUG = False
|
||||
INTERNAL_IPS = ["82.69.88.125", "217.155.198.96"]
|
||||
#SECURE_SSL_REDIRECT = False
|
||||
#SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'http')
|
||||
#REMOTE_URL = "http://46.101.13.46:8123"
|
||||
#
|
||||
#MEDIA_ROOT = '/home/django/rad/media/'
|
||||
STATIC_ROOT = '/home/ross/web/static/'
|
||||
|
||||
#EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
|
||||
EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"
|
||||
|
||||
if not DEBUG:
|
||||
LOGGING = {
|
||||
'version': 1,
|
||||
'disable_existing_loggers': False,
|
||||
'formatters': {
|
||||
'verbose': {
|
||||
'format' : "[%(asctime)s] %(levelname)s [%(name)s:%(lineno)s] %(message)s",
|
||||
'datefmt' : "%d/%b/%Y %H:%M:%S"
|
||||
},
|
||||
'simple': {
|
||||
'format': '%(levelname)s %(message)s'
|
||||
},
|
||||
},
|
||||
'handlers': {
|
||||
'file': {
|
||||
'level': 'DEBUG',
|
||||
'class': 'logging.FileHandler',
|
||||
'filename': 'log.txt',
|
||||
'formatter': 'verbose'
|
||||
},
|
||||
},
|
||||
'loggers': {
|
||||
'django': {
|
||||
'handlers':['file'],
|
||||
'propagate': True,
|
||||
'level':'DEBUG',
|
||||
},
|
||||
'atlas': {
|
||||
'handlers': ['file'],
|
||||
'level': 'DEBUG',
|
||||
},
|
||||
#"django.core.mail": {"handlers": ["console"], "level": "DEBUG", "propagate": False},
|
||||
#"smtplib": {"handlers": ["console"], "level": "DEBUG", "propagate": False},
|
||||
}
|
||||
}
|
||||
|
||||
CIMAR_USERNAME = "ross.kruger@nhs.net"
|
||||
CIMAR_PASSWORD = "[prdr32@cimar]"
|
||||
|
||||
# Celery settings
|
||||
CELERY_BROKER_URL = "redis://localhost:6379"
|
||||
CELERY_RESULT_BACKEND = "redis://localhost:6379"
|
||||
Reference in New Issue
Block a user