From 359682a0cdfe3bd0a2cff4787e1525ef7f656be8 Mon Sep 17 00:00:00 2001 From: Ross Date: Mon, 1 Dec 2025 10:36:58 +0000 Subject: [PATCH] start prod docker migration --- .env.prod.example | 20 ++ deploy/nginx/prod.conf | 128 ++++++++++ deploy/settings_local.py.example | 60 +++++ docker/docker-compose.prod.yml | 72 ++++++ docker/docker-compose.test.yml | 26 ++ entrypoint.sh | 25 ++ rad/Dockerfile.prod | 44 ++++ temp1/default | 402 +++++++++++++++++++++++++++++++ temp1/settings_local.py | 54 +++++ 9 files changed, 831 insertions(+) create mode 100644 .env.prod.example create mode 100644 deploy/nginx/prod.conf create mode 100644 deploy/settings_local.py.example create mode 100644 docker/docker-compose.prod.yml create mode 100644 docker/docker-compose.test.yml create mode 100644 entrypoint.sh create mode 100644 rad/Dockerfile.prod create mode 100644 temp1/default create mode 100644 temp1/settings_local.py diff --git a/.env.prod.example b/.env.prod.example new file mode 100644 index 00000000..ee1da750 --- /dev/null +++ b/.env.prod.example @@ -0,0 +1,20 @@ +# Copy this to .env.prod on the server and fill in production values (do NOT commit secrets). + +# Django +SECRET_KEY=replace-me-with-a-secure-random-string +DEBUG=0 +ALLOWED_HOSTS=example.com + +# External DB (you mentioned production uses an external DB) +DATABASE_HOST=your.db.host +DATABASE_PORT=5432 +DATABASE_NAME=rad +DATABASE_USER=django +DATABASE_PASSWORD=strong-db-password + +# Redis +REDIS_URL=redis://redis:6379/0 + +# Gunicorn tuning +GUNICORN_WORKERS=3 +GUNICORN_LOGLEVEL=info diff --git a/deploy/nginx/prod.conf b/deploy/nginx/prod.conf new file mode 100644 index 00000000..a4f0de41 --- /dev/null +++ b/deploy/nginx/prod.conf @@ -0,0 +1,128 @@ +upstream app_server { + # In production we proxy to the 'web' service (gunicorn) listening on 8000 + server web:8000; +} + +server { + listen 80; + listen [::]:80; + server_name _; + + client_max_body_size 100M; + + # Serve static files from the static volume + location /static/ { + alias /usr/src/app/static/; + expires 30d; + add_header Cache-Control "public, max-age=2592000"; + } + + # Serve media files from the media volume. CORS handling preserved. + set $cors ""; + if ($http_origin ~* (https?://(localhost:5173|viewer\.penracourses\.org\.uk))) { + set $cors $http_origin; + } + + location /media { + if ($request_method = OPTIONS ) { + add_header 'Access-Control-Allow-Origin' $cors always; + add_header 'Access-Control-Allow-Credentials' 'true' always; + add_header 'Access-Control-Allow-Headers' "Origin, X-Requested-With, Content-Type, Accept" always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain; charset=utf-8'; + add_header 'Content-Length' 0; + return 200; + } + add_header 'Access-Control-Allow-Origin' $cors always; + alias /usr/src/app/media; + } + + # Viewer / OHIF / other static frontends - mount these into the nginx container at deploy time + location /viewer { + alias /srv/www/viewer; + index index.html; + try_files $uri $uri/ /viewer/index.html; + add_header Cache-Control "no-store, no-cache, must-revalidate"; + add_header 'Cross-Origin-Resource-Policy' 'cross-origin'; + } + + location /ohif { + add_header 'Cross-Origin-Opener-Policy' 'same-origin' always; + add_header 'Cross-Origin-Embedder-Policy' 'require-corp' always; + add_header 'Cross-Origin-Resource-Policy' 'same-site' always; + alias /srv/www/ohif; + try_files $uri /ohif/index.html; + } + + # rts and other host-mounted folders + location /rts { + alias /srv/www/rts; + } + + location /rota { + alias /srv/proc/rota; + autoindex on; + } + + location /uploader { + alias /srv/uploader; + autoindex on; + } + + # Reporter proxy - if you run a reporter service, set it up on the 'reporter' network name + location ~ ^/reporter/(.*)$ { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Authorization $http_authorization; + proxy_pass_header Authorization; + + proxy_pass http://reporter:5129/$1?$args; + proxy_set_header X-Forwarded-Prefix /reporter; + proxy_redirect http://reporter:5129/ /reporter/; + } + + # Default proxy to the Django/gunicorn upstream + location / { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + proxy_redirect off; + proxy_buffering off; + add_header 'Cross-Origin-Embedder-Policy' 'require-corp' always; + add_header 'Cross-Origin-Resource-Policy' 'same-site' always; + + proxy_pass http://app_server; + } + + # Default dev / health server block; keep 443 managed outside of docker unless you mount certs + listen 80; +} + +# A minimal HTTPS server block that expects certs to be mounted at /etc/letsencrypt +server { + listen 443 ssl; + listen [::]:443 ssl; + server_name www.penracourses.org.uk penracourses.org.uk viewer.penracourses.org.uk; + + ssl_certificate /etc/letsencrypt/live/www.penracourses.org.uk/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.penracourses.org.uk/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + + client_max_body_size 4G; + + # Same static/media handling as above + location /static/ { alias /usr/src/app/static/; } + location /media { alias /usr/src/app/media; } + + location / { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + proxy_redirect off; + proxy_buffering off; + proxy_pass http://app_server; + } +} diff --git a/deploy/settings_local.py.example b/deploy/settings_local.py.example new file mode 100644 index 00000000..2d4204a0 --- /dev/null +++ b/deploy/settings_local.py.example @@ -0,0 +1,60 @@ +""" +Example `settings_local.py` derived from the production server file. +This file is a template only — DO NOT commit real secrets. Copy it to +`rad/deploy/settings_local.py` on your server (or provide your own) and +ensure the real file is excluded from git. +""" + +DEBUG = False + +INTERNAL_IPS = ["82.69.88.125", "217.155.198.96"] + +# Paths inside the nginx container / host-mounted deploy directories. +# On the server, these paths are mounted into nginx as described in the +# deployment README. Adjust as needed. +STATIC_ROOT = '/usr/src/app/static/' + +EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend" + +if not DEBUG: + LOGGING = { + 'version': 1, + 'disable_existing_loggers': False, + 'formatters': { + 'verbose': { + 'format': "[%(asctime)s] %(levelname)s [%(name)s:%(lineno)s] %(message)s", + 'datefmt': "%d/%b/%Y %H:%M:%S", + }, + 'simple': { + 'format': '%(levelname)s %(message)s', + }, + }, + 'handlers': { + 'file': { + 'level': 'DEBUG', + 'class': 'logging.FileHandler', + 'filename': 'log.txt', + 'formatter': 'verbose', + }, + }, + 'loggers': { + 'django': { + 'handlers': ['file'], + 'propagate': True, + 'level': 'DEBUG', + }, + 'atlas': { + 'handlers': ['file'], + 'level': 'DEBUG', + }, + } + } + +# External service credentials (placeholders) +CIMAR_USERNAME = "your.username@example.com" +CIMAR_PASSWORD = "" + +# Celery settings — when running in docker the redis service is +# reachable at the `redis` hostname provided by docker compose. +CELERY_BROKER_URL = "redis://redis:6379" +CELERY_RESULT_BACKEND = "redis://redis:6379" diff --git a/docker/docker-compose.prod.yml b/docker/docker-compose.prod.yml new file mode 100644 index 00000000..d715c98d --- /dev/null +++ b/docker/docker-compose.prod.yml @@ -0,0 +1,72 @@ +version: "3.8" + +services: + redis: + image: redis:7.4.2-alpine + restart: always + volumes: + - redis_data:/data + healthcheck: + test: ["CMD","redis-cli","ping"] + interval: 10s + timeout: 5s + retries: 5 + + web: + build: + # build context is the repository root (one level up from this file) + context: .. + dockerfile: rad/Dockerfile.prod + restart: always + env_file: + - ../.env.prod + environment: + - DJANGO_SETTINGS_MODULE=rad.settings.production + depends_on: + redis: + condition: service_healthy + volumes: + - static_volume:/usr/src/app/static + - media_volume:/usr/src/app/media + # Mount the server-specific local settings if present (DO NOT commit secrets). + # On the server create: rad/deploy/settings_local.py and it will be mounted into the container. + - ../deploy/settings_local.py:/usr/src/app/rad/settings_local.py:ro + expose: + - "8000" + command: ["/usr/src/app/entrypoint.sh"] + + nginx: + image: nginx:stable-alpine + restart: always + ports: + - "80:80" + - "443:443" + depends_on: + - web + volumes: + - ../deploy/nginx/prod.conf:/etc/nginx/conf.d/default.conf:ro + - static_volume:/usr/src/app/static:ro + - media_volume:/usr/src/app/media:ro + - ../deploy/nginx/certs:/etc/letsencrypt:ro + # Host-provided front-end bundles and static folders. Populate these under rad/deploy on the server + - ../deploy/www/viewer:/srv/www/viewer:ro + - ../deploy/www/ohif:/srv/www/ohif:ro + - ../deploy/www/rts:/srv/www/rts:ro + - ../deploy/nicereporter:/srv/nicereporter:rw + - ../deploy/proc-rota:/srv/proc/rota:ro + - ../deploy/uploader:/srv/uploader:ro + healthcheck: + test: ["CMD-SHELL","nginx -t" ] + interval: 30s + timeout: 10s + retries: 3 + +volumes: + postgres_data: + redis_data: + static_volume: + media_volume: + +networks: + default: + driver: bridge diff --git a/docker/docker-compose.test.yml b/docker/docker-compose.test.yml new file mode 100644 index 00000000..11ba476e --- /dev/null +++ b/docker/docker-compose.test.yml @@ -0,0 +1,26 @@ +version: "3.8" + +# Local test compose overlay — adds a Postgres service so you can run the +# full stack locally without an external DB. Use it together with +# docker-compose.prod.yml: +# +# docker compose -f rad/docker/docker-compose.prod.yml -f rad/docker/docker-compose.test.yml up -d --build + +services: + db: + image: postgres:14-alpine + restart: always + environment: + POSTGRES_USER: ${POSTGRES_USER:-django} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres} + POSTGRES_DB: ${POSTGRES_DB:-rad} + volumes: + - postgres_test_data:/var/lib/postgresql/data + healthcheck: + test: ["CMD-SHELL","pg_isready -U ${POSTGRES_USER:-django}" ] + interval: 10s + timeout: 5s + retries: 5 + +volumes: + postgres_test_data: diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 00000000..07db988d --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,25 @@ +#!/bin/sh +set -e + +# Lightweight wait-for-postgres using nc (expects DATABASE_HOST and DATABASE_PORT env vars) +if [ -n "${DATABASE_HOST}" ]; then + host="$DATABASE_HOST" + port="${DATABASE_PORT:-5432}" + echo "Waiting for database at ${host}:${port}..." + while ! nc -z "$host" "$port"; do + sleep 1 + done +fi + +echo "Applying database migrations..." +python manage.py migrate --noinput + +echo "Collecting static files..." +python manage.py collectstatic --noinput + +echo "Starting gunicorn..." +exec gunicorn rad.wsgi:application \ + --name rad_gunicorn \ + --bind 0.0.0.0:8000 \ + --workers ${GUNICORN_WORKERS:-3} \ + --log-level ${GUNICORN_LOGLEVEL:-info} diff --git a/rad/Dockerfile.prod b/rad/Dockerfile.prod new file mode 100644 index 00000000..1630c1ba --- /dev/null +++ b/rad/Dockerfile.prod @@ -0,0 +1,44 @@ +FROM python:3.14-slim + +# Copy uv helper binary from the uv image so we can manage venvs and pip +COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/ + +ENV PYTHONDONTWRITEBYTECODE=1 +ENV PYTHONUNBUFFERED=1 + +# Install build deps required for common Python packages and netcat for health wait +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + build-essential \ + gcc \ + git \ + libpq-dev \ + pkg-config \ + libcairo2-dev \ + libgdk-pixbuf2.0-0 \ + libgdk-pixbuf2.0-dev \ + libjpeg-dev \ + zlib1g-dev \ + wget \ + ca-certificates \ + netcat \ + && rm -rf /var/lib/apt/lists/* + +WORKDIR /usr/src/app + +# Install python deps into a uv-managed venv for reproducible builds +COPY requirements.txt /usr/src/app/ +RUN uv venv /opt/venv \ + && export VIRTUAL_ENV=/opt/venv \ + && export PATH="/opt/venv/bin:$PATH" \ + && uv pip install --upgrade pip setuptools wheel \ + && uv pip install --no-cache-dir -r requirements.txt + +# Copy project files into image +COPY . /usr/src/app + +# Create non-root user +RUN useradd -m appuser && chown -R appuser /usr/src/app /opt/venv +USER appuser + +ENTRYPOINT ["/usr/src/app/entrypoint.sh"] diff --git a/temp1/default b/temp1/default new file mode 100644 index 00000000..908c9e88 --- /dev/null +++ b/temp1/default @@ -0,0 +1,402 @@ +upstream app_server { + server unix:/run/gunicorn.sock fail_timeout=0; +} + +server { + #listen 80; + + root /home/ross/web/viewer; + #index index.html index.htm; + + + server_name viewer.penracourses.org.uk; + + location / { + + + #if ($request_method = 'OPTIONS') { + # add_header 'Access-Control-Allow-Origin' * always; + # add_header 'Access-Control-Allow-Credentials' 'true' always; + # add_header 'Access-Control-Allow-Headers' "Origin, X-Requested-With, Content-Type, Accept" always; + # add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + # add_header 'Access-Control-Max-Age' 1728000; + # add_header 'Content-Type' 'text/plain; charset=utf-8'; + # add_header 'Content-Length' 0; + # return 204; + #} + + #alias /home/ross/web/viewer; + + #add_header Cross-Origin-Opener-Policy same-origin; + #add_header Cross-Origin-Embedder-Policy require-corp; + + #add_header 'Cross-Origin-Opener-Policy' 'cross-origin' always; + #add_header 'Cross-Origin-Embedder-Policy' 'credentialless' always; + + index index.html; + + try_files $uri $uri/ /index.html; + add_header Cache-Control "no-store, no-cache, must-revalidate"; + add_header 'Cross-Origin-Resource-Policy' 'cross-origin'; + } + + + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/viewer.penracourses.org.uk/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/viewer.penracourses.org.uk/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + + +server { + listen 80; + server_name penracourses.org.uk; + + return 301 https://www.penracourses.org.uk$request_uri; +} + +server { + listen [::]:443 ssl; # managed by Certbot + server_name penracourses.org.uk; + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/penracourses.org.uk/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/penracourses.org.uk/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + return 301 https://www.penracourses.org.uk$request_uri; +} + + +server { + #listen 80; + + root /usr/share/nginx/html; + index index.html index.htm; + + client_max_body_size 4G; + #server_name _; + server_name www.penracourses.org.uk; + resolver 127.0.0.11; + + keepalive_timeout 20; + + set $cors ""; +if ($http_origin ~* (https?://(localhost:5173|viewer\.penracourses\.org\.uk))) { + set $cors $http_origin; +} + + + # Your Django project's media files - amend as required + location /media { + if ($request_method = OPTIONS ) { + add_header 'Access-Control-Allow-Origin' $cors always; + #add_header 'Access-Control-Allow-Origin' 'https://viewer.penracourses.org.uk' always; + add_header 'Access-Control-Allow-Credentials' 'true' always; + add_header 'Access-Control-Allow-Headers' "Origin, X-Requested-With, Content-Type, Accept" always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain; charset=utf-8'; + add_header 'Content-Length' 0; + return 200; + } + #add_header 'Access-Control-Allow-Origin' 'https://viewer.penracourses.org.uk' always; + add_header 'Access-Control-Allow-Origin' $cors always; + + + alias /home/ross/web/rad/media; + #add_header Access-Control-Allow-Origin *; + #add_header Access-Control-Allow-Origin http://localhost:8000; + #add_header Vary Origin; + } + + # your Django project's static files - amend as required + location /static { + alias /home/ross/web/static; + } + + # rts + location /rts { + alias /home/ross/web/rts; + } + # OHIF + location /viewer { + #add_header 'Cross-Origin-Opener-Policy' 'cross-origin' always; + #add_header 'Cross-Origin-Embedder-Policy' 'credentialless' always; + #add_header 'Cross-Origin-Resource-Policy' 'cross-origin' always; + alias /home/ross/web/viewer; + } + location /ohif { + add_header 'Cross-Origin-Opener-Policy' 'same-origin' always; + add_header 'Cross-Origin-Embedder-Policy' 'require-corp' always; + add_header 'Cross-Origin-Resource-Policy' 'same-site' always; + alias /home/ross/web/ohif; + try_files $uri /ohif/index.html; + #autoindex on; + } + + + # # Proxy the static assests for the Django Admin panel + # location /static/admin { + # alias /usr/lib/python3/dist-packages/django/contrib/admin/static/admin/; + # } + location /rota { + alias /home/ross/proc/proc-rota; + autoindex on; + } + + location /uploader { + alias /home/ross/uploader; + autoindex on; + } + + location ~ ^/reporter/(.*)$ { + alias /home/ross/web/nicereporter; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Authorization $http_authorization; + proxy_pass_header Authorization; + + proxy_pass http://127.0.0.1:5129/$1?$args; + proxy_set_header X-Forwarded-Prefix /reporter; + proxy_redirect http://127.0.0.1:5129/ /reporter/; + } + + location / { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + proxy_redirect off; + proxy_buffering off; + #add_header 'Cross-Origin-Opener-Policy' 'single-origin' always; + #add_header 'Cross-Origin-Embedder-Policy' 'require-corp' always; + #add_header 'Cross-Origin-Resource-Policy' 'same-site' always; + #add_header 'Cross-Origin-Opener-Policy' 'same-origin' always; + add_header 'Cross-Origin-Embedder-Policy' 'require-corp' always; + add_header 'Cross-Origin-Resource-Policy' 'same-site' always; + #add_header 'Access-Control-Allow-Origin' $cors always; + + proxy_pass http://app_server; + #add_header Access-Control-Allow-Origin *; + #add_header Vary Origin; + } + + #location ~* \.(jpg|jpeg|png|dicom)$ { + # add_header Access-Control-Allow-Origin *; + #} + # rota + + + listen [::]:443 ssl; # managed by Certbot + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/penracourses.org.uk/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/penracourses.org.uk/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +#server { +#server_name 161.35.163.87; +#add_header X-Frame-Options "SAMEORIGIN"; +# +#return 301 $scheme://penracourses.org.uk$request_uri; +#} + + +#server { +# #listen 80; +# #server_name penracoureses.org.uk www.penracourses.org.uk; +# +# root /usr/share/nginx/html; +# index index.html index.htm; +# +# client_max_body_size 4G; +# #server_name _; +# server_name penracourses.org.uk; # managed by Certbot +# +# keepalive_timeout 5; +# +# # Your Django project's media files - amend as required +# location /media { +# alias /home/ross/web/rad/media; +# #add_header Access-Control-Allow-Origin *; +# #add_header Access-Control-Allow-Origin http://localhost:8000; +# #add_header Vary Origin; +# } +# +# # your Django project's static files - amend as required +# location /static { +# alias /home/ross/web/rad/static; +# } +# +# # rts +# location /rts { +# alias /home/ross/web/rts; +# } +# +# # # Proxy the static assests for the Django Admin panel +# # location /static/admin { +# # alias /usr/lib/python3/dist-packages/django/contrib/admin/static/admin/; +# # } +# +# location / { +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_set_header Host $host; +# proxy_redirect off; +# proxy_buffering off; +# +# proxy_pass http://app_server; +# } +# +# #location ~* \.(jpg|jpeg|png|dicom)$ { +# # add_header Access-Control-Allow-Origin *; +# #} +# +# # rota +# location /rota { +# alias /home/ross/proc-rota; +# } +# +# location /rota2 { +# alias /home/ross/neos; +# } +# +# +# +# +# +# listen [::]:443 ssl ipv6only=on; # managed by Certbot +# listen 443 ssl; # managed by Certbot +# ssl_certificate /etc/letsencrypt/live/penracourses.org.uk/fullchain.pem; # managed by Certbot +# ssl_certificate_key /etc/letsencrypt/live/penracourses.org.uk/privkey.pem; # managed by Certbot +# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot +# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot +# +#} + + + +server { + root /home/ross/web/rts; + index index.html index.htm; + + client_max_body_size 4G; + #server_name _; + server_name dev.penracourses.org.uk www.dev.penracourses.org.uk; + + keepalive_timeout 5; + + # Your Django project's media files - amend as required + location /media { + # Simple requests + if ($request_method ~* "(GET|POST)") { + add_header "Access-Control-Allow-Origin" *; + } + + # Preflighted requests + if ($request_method = OPTIONS ) { + add_header "Access-Control-Allow-Origin" *; + add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD"; + add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept"; + return 200; + } + alias /home/ross/web/rad/media; + #add_header Access-Control-Allow-Origin *; + #add_header Access-Control-Allow-Origin http://localhost:8000; + #add_header Vary Origin; + } + + # your Django project's static files - amend as required + location /static { + alias /home/ross/web/rad/static; + } + + # rts + location /rts { + alias /home/ross/web/rts; + } + + # # Proxy the static assests for the Django Admin panel + # location /static/admin { + # alias /usr/lib/python3/dist-packages/django/contrib/admin/static/admin/; + # } + + location / { + add_header 'Access-Control-Allow-Origin' '*' always; + try_files $uri $uri/ =404; + #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + #proxy_set_header X-Forwarded-Proto $scheme; + #proxy_set_header Host $host; + #proxy_redirect off; + #proxy_buffering off; + + #proxy_pass http://app_server; + #add_header Access-Control-Allow-Origin *; + #add_header Vary Origin; + } + + #location ~* \.(jpg|jpeg|png|dicom)$ { + # add_header Access-Control-Allow-Origin *; + #} + + + + + #listen [::]:443 ssl; # managed by Certbot + #listen 443 ssl; # managed by Certbot + #ssl_certificate /etc/letsencrypt/live/penracourses.org.uk/fullchain.pem; # managed by Certbot + #ssl_certificate_key /etc/letsencrypt/live/penracourses.org.uk/privkey.pem; # managed by Certbot + #include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + + +server { + if ($host = penracourses.org.uk) { + return 301 https://www.$host$request_uri; + } # managed by Certbot + + + listen 80 ; + listen [::]:80 ; + server_name penracourses.org.uk; + return 404; # managed by Certbot + + +} + +server { + if ($host = www.penracourses.org.uk) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80 default_server; + listen [::]:80 default_server ipv6only=on; + server_name www.penracourses.org.uk; + return 404; # managed by Certbot + + +} + + + +server { + if ($host = viewer.penracourses.org.uk) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + + server_name viewer.penracourses.org.uk; + listen 80; + return 404; # managed by Certbot + + +} diff --git a/temp1/settings_local.py b/temp1/settings_local.py new file mode 100644 index 00000000..ef40fa06 --- /dev/null +++ b/temp1/settings_local.py @@ -0,0 +1,54 @@ +DEBUG = False +INTERNAL_IPS = ["82.69.88.125", "217.155.198.96"] +#SECURE_SSL_REDIRECT = False +#SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'http') +#REMOTE_URL = "http://46.101.13.46:8123" +# +#MEDIA_ROOT = '/home/django/rad/media/' +STATIC_ROOT = '/home/ross/web/static/' + +#EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' +EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend" + +if not DEBUG: + LOGGING = { + 'version': 1, + 'disable_existing_loggers': False, + 'formatters': { + 'verbose': { + 'format' : "[%(asctime)s] %(levelname)s [%(name)s:%(lineno)s] %(message)s", + 'datefmt' : "%d/%b/%Y %H:%M:%S" + }, + 'simple': { + 'format': '%(levelname)s %(message)s' + }, + }, + 'handlers': { + 'file': { + 'level': 'DEBUG', + 'class': 'logging.FileHandler', + 'filename': 'log.txt', + 'formatter': 'verbose' + }, + }, + 'loggers': { + 'django': { + 'handlers':['file'], + 'propagate': True, + 'level':'DEBUG', + }, + 'atlas': { + 'handlers': ['file'], + 'level': 'DEBUG', + }, + #"django.core.mail": {"handlers": ["console"], "level": "DEBUG", "propagate": False}, + #"smtplib": {"handlers": ["console"], "level": "DEBUG", "propagate": False}, + } + } + +CIMAR_USERNAME = "ross.kruger@nhs.net" +CIMAR_PASSWORD = "[prdr32@cimar]" + +# Celery settings +CELERY_BROKER_URL = "redis://localhost:6379" +CELERY_RESULT_BACKEND = "redis://localhost:6379"