From cd96ad227465e019f2061815041a889d8581981c Mon Sep 17 00:00:00 2001
From: IRBorisov <8611739+IRBorisov@users.noreply.github.com>
Date: Wed, 9 Aug 2023 16:55:53 +0300
Subject: [PATCH] Setup https for prod

---
 .dockerignore                        |  3 +-
 .gitignore                           |  1 +
 README.md                            |  2 ++
 docker-compose-dev.yml               | 47 ----------------------------
 docker-compose-prod.yml              |  8 ++---
 nginx/Dockerfile                     |  3 +-
 nginx/default.conf                   | 25 +++++++++++++--
 postgresql/.env.dev                  |  3 --
 rsconcept/backend/.env.dev           | 28 -----------------
 rsconcept/backend/.env.prod          |  4 +--
 rsconcept/frontend/.gitignore        | 24 --------------
 rsconcept/frontend/package-lock.json |  4 +--
 rsconcept/frontend/package.json      |  2 +-
 rsconcept/frontend/vite.config.ts    | 10 ++----
 14 files changed, 41 insertions(+), 123 deletions(-)
 delete mode 100644 docker-compose-dev.yml
 delete mode 100644 postgresql/.env.dev
 delete mode 100644 rsconcept/backend/.env.dev
 delete mode 100644 rsconcept/frontend/.gitignore

diff --git a/.dockerignore b/.dockerignore
index 0f39bcc7..18710c85 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -59,4 +59,5 @@ bower_components
 
 
 # Specific items
-docker-compose.yml
\ No newline at end of file
+docker-compose-dev.yml
+docker-compose-prod.yml
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 90243dbb..4cedcb20 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
 # SECURITY SENSITIVE FILES
 secrets/
+cert/
 
 # External distributions
 rsconcept/backend/import/*.whl
diff --git a/README.md b/README.md
index 1f3bf9b7..d6b44c42 100644
--- a/README.md
+++ b/README.md
@@ -9,6 +9,8 @@ This readme file is used mostly to document project dependencies
 - run rsconcept\backend\LocalEnvSetup.ps1
 - run 'npm install' in rsconcept\frontend
 - use VSCode configs in root folder to start developement
+- production: create secrets secrets\db_password.txt and django_key.txt
+- production: provide TLS certificate nginx\cert\portal-cert.pem and nginx\cert\portal-key.pem
 
 # Frontend stack & Tooling [Vite + React + Typescript]
 <details>
diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml
deleted file mode 100644
index 416e9765..00000000
--- a/docker-compose-dev.yml
+++ /dev/null
@@ -1,47 +0,0 @@
-volumes:
-  postgres_volume:
-    name: "postgres-db"
-  django_static_volume:
-    name: "static"
-  django_media_volume:
-    name: "media"
-
-networks:
-  default:
-    name: concept-api-net
-
-services:
-  frontend:
-    restart: always
-    depends_on:
-      - backend
-    build: 
-      context: ./rsconcept/frontend
-    ports:
-      - 3000:3000
-    command: serve -s /home/node -l 3000
-
-
-  backend:
-    restart: always
-    depends_on:
-      - postgresql-db
-    build:
-      context: ./rsconcept/backend
-    env_file: ./rsconcept/backend/.env.dev
-    ports:
-      - 8000:8000
-    volumes:
-      - django_static_volume:/home/app/web/static
-      - django_media_volume:/home/app/web/media
-    command:
-      gunicorn -w 3 project.wsgi --bind 0.0.0.0:8000
-
-
-  postgresql-db:
-    restart: always
-    image: postgres:alpine
-    env_file: ./postgresql/.env.dev
-    volumes:
-      - postgres_volume:/var/lib/postgresql/data
-
diff --git a/docker-compose-prod.yml b/docker-compose-prod.yml
index 337d42c9..de83608b 100644
--- a/docker-compose-prod.yml
+++ b/docker-compose-prod.yml
@@ -23,8 +23,8 @@ services:
       - backend
     build: 
       context: ./rsconcept/frontend
-    ports:
-      - 3000:3000
+    expose:
+      - 3000
     command: serve -s /home/node -l 3000
 
 
@@ -67,11 +67,11 @@ services:
     build:
       context: ./nginx
     ports:
-      - 8000:80
+      - 8000:8000
+      - 3000:3000
     depends_on:
       - backend
     command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
     volumes:
       - django_static_volume:/var/www/static
       - django_media_volume:/var/www/media
-
diff --git a/nginx/Dockerfile b/nginx/Dockerfile
index 21caf485..52307f08 100644
--- a/nginx/Dockerfile
+++ b/nginx/Dockerfile
@@ -1,4 +1,5 @@
 FROM nginx:stable-alpine3.17-slim
 
 # Сopу nginx configuration to the proxy-server
-COPY ./default.conf /etc/nginx/conf.d/default.conf 
\ No newline at end of file
+COPY ./default.conf /etc/nginx/conf.d/default.conf
+COPY ./cert/* /etc/ssl/private/
\ No newline at end of file
diff --git a/nginx/default.conf b/nginx/default.conf
index 5d057192..958d36c3 100644
--- a/nginx/default.conf
+++ b/nginx/default.conf
@@ -1,12 +1,17 @@
 upstream innerdjango {
     server backend:8000;
-    # `backend` is the service's name in docker-compose.yml,
-    # The `innerdjango` is the name of upstream, used by nginx below. 
+}
+
+upstream innerreact {
+    server frontend:3000;
 }
 
 server {
-    listen 80;
+    listen 8000 ssl;
+    ssl_certificate /etc/ssl/private/portal-cert.pem;
+    ssl_certificate_key /etc/ssl/private/portal-key.pem;
     server_name dev.concept.ru www.dev.concept.ru portal.acconcept.ru www.portal.acconcept.ru;
+
     location / {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header Host $host;
@@ -19,4 +24,18 @@ server {
     location /media/ {
         alias /var/www/media/;
    }
+}
+
+server {
+    listen 3000 ssl;
+    ssl_certificate /etc/ssl/private/portal-cert.pem;
+    ssl_certificate_key /etc/ssl/private/portal-key.pem;
+    server_name dev.concept.ru www.dev.concept.ru portal.acconcept.ru www.portal.acconcept.ru;
+    
+    location / {
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $host;
+        proxy_pass http://innerreact;
+        proxy_redirect default;
+    }
 }
\ No newline at end of file
diff --git a/postgresql/.env.dev b/postgresql/.env.dev
deleted file mode 100644
index 96838fda..00000000
--- a/postgresql/.env.dev
+++ /dev/null
@@ -1,3 +0,0 @@
-POSTGRES_USER=dev-test-user
-POSTGRES_PASSWORD=02BD82EE0D
-POSTGRES_DB=dev-db
\ No newline at end of file
diff --git a/rsconcept/backend/.env.dev b/rsconcept/backend/.env.dev
deleted file mode 100644
index 94ee2d3f..00000000
--- a/rsconcept/backend/.env.dev
+++ /dev/null
@@ -1,28 +0,0 @@
-# !! THIS IS NOT THE FINAL PRODUCTION SETTINGS !!
-# PLEASE MAKE SURE TO SETUP A PROPER ENV FILE OUTSIDE SOURCE CONTROL SYSTEM
-
-# Application settings
-SECRET_KEY=django-insecure-)rq@!&v7l2r%2%q#n!uq+zk@=&yc0^&ql^7%2!%9u)vt1x&j=d
-ALLOWED_HOSTS=rs.acconcept.ru;localhost;portal.acconcept.ru
-CSRF_TRUSTED_ORIGINS=http://rs.acconcept.ru:3000;http://localhost:3000
-CORS_ALLOWED_ORIGINS=http://rs.acconcept.ru:3000;http://localhost:3000
-
-
-# File locations
-STATIC_ROOT=/home/app/web/static
-MEDIA_ROOT=/home/app/web/media
-
-
-# Database settings
-DB_ENGINE=django.db.backends.postgresql_psycopg2
-DB_NAME=dev-db
-DB_USER=dev-test-user
-DB_PASSWORD=02BD82EE0D
-DB_HOST=postgresql-db
-DB_PORT=5432
-
-
-# Debug settings
-DEBUG=1
-PYTHONDEVMODE=1
-PYTHONTRACEMALLOC=1
\ No newline at end of file
diff --git a/rsconcept/backend/.env.prod b/rsconcept/backend/.env.prod
index e0536adb..c8c8bfd2 100644
--- a/rsconcept/backend/.env.prod
+++ b/rsconcept/backend/.env.prod
@@ -1,8 +1,8 @@
 # Application settings
 
 ALLOWED_HOSTS=localhost;portal.acconcept.ru;dev.concept.ru
-CSRF_TRUSTED_ORIGINS=http://dev.concept.ru:3000;http://localhost:3000;http://portal.acconcept.ru:3000
-CORS_ALLOWED_ORIGINS=http://dev.concept.ru:3000;http://localhost:3000;http://portal.acconcept.ru:3000
+CSRF_TRUSTED_ORIGINS=https://dev.concept.ru:3000;https://localhost:3000;https://portal.acconcept.ru:3000
+CORS_ALLOWED_ORIGINS=https://dev.concept.ru:3000;https://localhost:3000;https://portal.acconcept.ru:3000
 
 
 # File locations
diff --git a/rsconcept/frontend/.gitignore b/rsconcept/frontend/.gitignore
deleted file mode 100644
index a547bf36..00000000
--- a/rsconcept/frontend/.gitignore
+++ /dev/null
@@ -1,24 +0,0 @@
-# Logs
-logs
-*.log
-npm-debug.log*
-yarn-debug.log*
-yarn-error.log*
-pnpm-debug.log*
-lerna-debug.log*
-
-node_modules
-dist
-dist-ssr
-*.local
-
-# Editor directories and files
-.vscode/*
-!.vscode/extensions.json
-.idea
-.DS_Store
-*.suo
-*.ntvs*
-*.njsproj
-*.sln
-*.sw?
diff --git a/rsconcept/frontend/package-lock.json b/rsconcept/frontend/package-lock.json
index 2ea75e51..62963227 100644
--- a/rsconcept/frontend/package-lock.json
+++ b/rsconcept/frontend/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "frontend",
-  "version": "0.1.0",
+  "version": "1.0.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "frontend",
-      "version": "0.1.0",
+      "version": "1.0.0",
       "dependencies": {
         "axios": "^1.4.0",
         "js-file-download": "^0.4.12",
diff --git a/rsconcept/frontend/package.json b/rsconcept/frontend/package.json
index 9b2665b2..90b2c691 100644
--- a/rsconcept/frontend/package.json
+++ b/rsconcept/frontend/package.json
@@ -1,7 +1,7 @@
 {
   "name": "frontend",
   "private": true,
-  "version": "0.1.0",
+  "version": "1.0.0",
   "type": "module",
   "scripts": {
     "test": "jest",
diff --git a/rsconcept/frontend/vite.config.ts b/rsconcept/frontend/vite.config.ts
index 11d54e88..aa93ddaa 100644
--- a/rsconcept/frontend/vite.config.ts
+++ b/rsconcept/frontend/vite.config.ts
@@ -1,14 +1,10 @@
-import react from '@vitejs/plugin-react'
-import { defineConfig } from 'vite'
+import react from '@vitejs/plugin-react';
+import { defineConfig } from 'vite';
 
 // https://vitejs.dev/config/
 export default defineConfig({
   plugins: [react()],
   server: {
-    port: 3000,
-    // https: {
-    //   key: fs.readFileSync('cert/portal-key.pem'),
-    //   cert: fs.readFileSync('cert/portal-cert.pem'),
-    // }
+    port: 3000
   }
 })