mirror.MikroTik/eduardogsilva.routerfleet
1
1
Fork 0
mirror of https://github.com/eduardogsilva/routerfleet.git synced 2025-08-01 00:34:34 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

add HTTPS_REDIRECT_POLICY. Now it's possible to serve in http without forced redirect to https

Browse source
This commit is contained in:
Eduardo Silva 2024-04-10 15:17:56 -03:00
parent a74d43cf3f
commit ed07ffb2fb
10 changed files with 60 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.env.example
View file

@ -15,3 +15,7 @@ POSTGRES_DB=routerfleet
POSTGRES_USER=routerfleet POSTGRES_USER=routerfleet
POSTGRES_PASSWORD=your_database_password POSTGRES_PASSWORD=your_database_password
# If you need to serve the app using HTTP and HTTPS, change the following variable to 'never'
# Using HTTP is not recommended, as it is less secure and your passwords will be sent in plain text.
# Use with caution.
# HTTPS_REDIRECT_POLICY=always

3
.gitignore vendored
View file

@ -8,4 +8,5 @@ routerfleet/production_settings.py
.idea/ .idea/
db.sqlite3 db.sqlite3
backups/ backups/
containers/*/.venv containers/*/.venv
.env

3
containers/nginx/Dockerfile-nginx
View file

@ -1,7 +1,8 @@
FROM nginx:alpine FROM nginx:alpine
RUN apk --no-cache add openssl RUN apk --no-cache add openssl
COPY nginx_entrypoint.sh /nginx_entrypoint.sh COPY nginx_entrypoint.sh /nginx_entrypoint.sh
COPY virtualhost.conf /etc/nginx/conf.d/default.conf COPY virtualhost.conf /etc/nginx/virtualhost.conf.disabled
COPY virtualhost_noredirect.conf /etc/nginx/virtualhost_noredirect.conf.disabled
RUN chmod +x /nginx_entrypoint.sh RUN chmod +x /nginx_entrypoint.sh
ENTRYPOINT ["/nginx_entrypoint.sh"] ENTRYPOINT ["/nginx_entrypoint.sh"]
CMD ["nginx", "-g", "daemon off;"] CMD ["nginx", "-g", "daemon off;"]

9
containers/nginx/nginx_entrypoint.sh
View file

@ -9,4 +9,13 @@ else
echo "Skipping self signed certificate creation, files already exist." echo "Skipping self signed certificate creation, files already exist."
fi fi
if [ "$HTTPS_REDIRECT_POLICY" = "never" ]; then
echo "Copying /etc/nginx/virtualhost_noredirect.conf to /etc/nginx/conf.d/default.conf..."
cp /etc/nginx/virtualhost_noredirect.conf.disabled /etc/nginx/conf.d/default.conf
else
echo "Copying /etc/nginx/virtualhost.conf to /etc/nginx/conf.d/default.conf..."
cp /etc/nginx/virtualhost.conf.disabled /etc/nginx/conf.d/default.conf
fi
exec "$@" exec "$@"

35
containers/nginx/virtualhost_noredirect.conf Normal file
View file

@ -0,0 +1,35 @@
server {
listen 80;
location /static/ {
alias /static/;
}
location / {
proxy_pass http://routerfleet:8001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 443 ssl;
ssl_certificate /certificate/nginx.pem;
ssl_certificate_key /certificate/nginx.key;
# if you are using cloudflare, you can use this enable authenticated origin pull. Dont forget to activate it in cloudflare
#ssl_client_certificate /certificate/cloudflare_authenticated_origin_pull_ca.pem;
#ssl_verify_client on;
location /static/ {
alias /static/;
}
location / {
proxy_pass http://routerfleet:8001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

2
docker-compose-dev.yml
View file

@ -60,6 +60,8 @@ services:
build: build:
context: ./containers/nginx context: ./containers/nginx
dockerfile: Dockerfile-nginx dockerfile: Dockerfile-nginx
environment:
- HTTPS_REDIRECT_POLICY=${HTTPS_REDIRECT_POLICY}
volumes: volumes:
- static_volume:/static - static_volume:/static
- https_cert:/certificate - https_cert:/certificate

2
docker-compose-no-postgres.yml
View file

@ -38,6 +38,8 @@ services:
container_name: routerfleet-nginx container_name: routerfleet-nginx
restart: unless-stopped restart: unless-stopped
image: eduardosilva/routerfleet-nginx:latest image: eduardosilva/routerfleet-nginx:latest
environment:
- HTTPS_REDIRECT_POLICY=${HTTPS_REDIRECT_POLICY}
volumes: volumes:
- static_volume:/static - static_volume:/static
- https_cert:/certificate - https_cert:/certificate

2
docker-compose.yml
View file

@ -51,6 +51,8 @@ services:
container_name: routerfleet-nginx container_name: routerfleet-nginx
restart: unless-stopped restart: unless-stopped
image: eduardosilva/routerfleet-nginx:latest image: eduardosilva/routerfleet-nginx:latest
environment:
- HTTPS_REDIRECT_POLICY=${HTTPS_REDIRECT_POLICY}
volumes: volumes:
- static_volume:/static - static_volume:/static
- https_cert:/certificate - https_cert:/certificate

2
entrypoint.sh
View file

@ -64,7 +64,7 @@ fi
cat > $PRODUCTION_SETTINGS_FILE <<EOL cat > $PRODUCTION_SETTINGS_FILE <<EOL
DEBUG = $DEBUG_VALUE DEBUG = $DEBUG_VALUE
ALLOWED_HOSTS = ['routerfleet', '$SERVER_ADDRESS'] ALLOWED_HOSTS = ['routerfleet', '$SERVER_ADDRESS']
CSRF_TRUSTED_ORIGINS = ['http://routerfleet', 'https://$SERVER_ADDRESS'] CSRF_TRUSTED_ORIGINS = ['http://routerfleet', 'https://$SERVER_ADDRESS', 'http://$SERVER_ADDRESS']
SECRET_KEY = '$(openssl rand -base64 32)' SECRET_KEY = '$(openssl rand -base64 32)'
$DATABASES_CONFIG $DATABASES_CONFIG
EOL EOL

2
routerfleet/settings.py
View file

@ -140,6 +140,6 @@ STATICFILES_DIRS = [
DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField' DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
MEDIA_ROOT = '/var/lib/routerfleet/' MEDIA_ROOT = '/var/lib/routerfleet/'
ROUTERFLEET_VERSION = 7005 ROUTERFLEET_VERSION = 7006
from routerfleet.production_settings import * from routerfleet.production_settings import *