Setup https for prod

.dockerignore

@@ -59,4 +59,5 @@ bower_components
 
 
 # Specific items
-docker-compose.yml
+docker-compose-dev.yml
+docker-compose-prod.yml

.gitignore

@@ -1,5 +1,6 @@
 # SECURITY SENSITIVE FILES
 secrets/
+cert/
 
 # External distributions
 rsconcept/backend/import/*.whl

README.md

@@ -9,6 +9,8 @@ This readme file is used mostly to document project dependencies
 - run rsconcept\backend\LocalEnvSetup.ps1
 - run 'npm install' in rsconcept\frontend
 - use VSCode configs in root folder to start developement
+- production: create secrets secrets\db_password.txt and django_key.txt
+- production: provide TLS certificate nginx\cert\portal-cert.pem and nginx\cert\portal-key.pem
 
 # Frontend stack & Tooling [Vite + React + Typescript]
 <details>

docker-compose-dev.yml

@@ -1,47 +0,0 @@
-volumes:
-  postgres_volume:
-    name: "postgres-db"
-  django_static_volume:
-    name: "static"
-  django_media_volume:
-    name: "media"
-
-networks:
-  default:
-    name: concept-api-net
-
-services:
-  frontend:
-    restart: always
-    depends_on:
-      - backend
-    build: 
-      context: ./rsconcept/frontend
-    ports:
-      - 3000:3000
-    command: serve -s /home/node -l 3000
-
-
-  backend:
-    restart: always
-    depends_on:
-      - postgresql-db
-    build:
-      context: ./rsconcept/backend
-    env_file: ./rsconcept/backend/.env.dev
-    ports:
-      - 8000:8000
-    volumes:
-      - django_static_volume:/home/app/web/static
-      - django_media_volume:/home/app/web/media
-    command:
-      gunicorn -w 3 project.wsgi --bind 0.0.0.0:8000
-
-
-  postgresql-db:
-    restart: always
-    image: postgres:alpine
-    env_file: ./postgresql/.env.dev
-    volumes:
-      - postgres_volume:/var/lib/postgresql/data
-

docker-compose-prod.yml

@@ -23,8 +23,8 @@ services:
       - backend
     build: 
       context: ./rsconcept/frontend
-    ports:
-      - 3000:3000
+    expose:
+      - 3000
     command: serve -s /home/node -l 3000
 
 
@@ -67,11 +67,11 @@ services:
     build:
       context: ./nginx
     ports:
-      - 8000:80
+      - 8000:8000
+      - 3000:3000
     depends_on:
       - backend
     command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
     volumes:
       - django_static_volume:/var/www/static
       - django_media_volume:/var/www/media
-

nginx/Dockerfile

@@ -1,4 +1,5 @@
 FROM nginx:stable-alpine3.17-slim
 
 # Сopу nginx configuration to the proxy-server
-COPY ./default.conf /etc/nginx/conf.d/default.conf 
+COPY ./default.conf /etc/nginx/conf.d/default.conf
+COPY ./cert/* /etc/ssl/private/

nginx/default.conf

@@ -1,12 +1,17 @@
 upstream innerdjango {
     server backend:8000;
-    # `backend` is the service's name in docker-compose.yml,
-    # The `innerdjango` is the name of upstream, used by nginx below. 
+}
+
+upstream innerreact {
+    server frontend:3000;
 }
 
 server {
-    listen 80;
+    listen 8000 ssl;
+    ssl_certificate /etc/ssl/private/portal-cert.pem;
+    ssl_certificate_key /etc/ssl/private/portal-key.pem;
     server_name dev.concept.ru www.dev.concept.ru portal.acconcept.ru www.portal.acconcept.ru;
+
     location / {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header Host $host;
@@ -19,4 +24,18 @@ server {
     location /media/ {
         alias /var/www/media/;
    }
+}
+
+server {
+    listen 3000 ssl;
+    ssl_certificate /etc/ssl/private/portal-cert.pem;
+    ssl_certificate_key /etc/ssl/private/portal-key.pem;
+    server_name dev.concept.ru www.dev.concept.ru portal.acconcept.ru www.portal.acconcept.ru;
+    
+    location / {
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $host;
+        proxy_pass http://innerreact;
+        proxy_redirect default;
+    }
 }

postgresql/.env.dev

@@ -1,3 +0,0 @@
-POSTGRES_USER=dev-test-user
-POSTGRES_PASSWORD=02BD82EE0D
-POSTGRES_DB=dev-db

rsconcept/backend/.env.dev

@@ -1,28 +0,0 @@
-# !! THIS IS NOT THE FINAL PRODUCTION SETTINGS !!
-# PLEASE MAKE SURE TO SETUP A PROPER ENV FILE OUTSIDE SOURCE CONTROL SYSTEM
-
-# Application settings
-SECRET_KEY=django-insecure-)rq@!&v7l2r%2%q#n!uq+zk@=&yc0^&ql^7%2!%9u)vt1x&j=d
-ALLOWED_HOSTS=rs.acconcept.ru;localhost;portal.acconcept.ru
-CSRF_TRUSTED_ORIGINS=http://rs.acconcept.ru:3000;http://localhost:3000
-CORS_ALLOWED_ORIGINS=http://rs.acconcept.ru:3000;http://localhost:3000
-
-
-# File locations
-STATIC_ROOT=/home/app/web/static
-MEDIA_ROOT=/home/app/web/media
-
-
-# Database settings
-DB_ENGINE=django.db.backends.postgresql_psycopg2
-DB_NAME=dev-db
-DB_USER=dev-test-user
-DB_PASSWORD=02BD82EE0D
-DB_HOST=postgresql-db
-DB_PORT=5432
-
-
-# Debug settings
-DEBUG=1
-PYTHONDEVMODE=1
-PYTHONTRACEMALLOC=1

rsconcept/backend/.env.prod

@@ -1,8 +1,8 @@
 # Application settings
 
 ALLOWED_HOSTS=localhost;portal.acconcept.ru;dev.concept.ru
-CSRF_TRUSTED_ORIGINS=http://dev.concept.ru:3000;http://localhost:3000;http://portal.acconcept.ru:3000
-CORS_ALLOWED_ORIGINS=http://dev.concept.ru:3000;http://localhost:3000;http://portal.acconcept.ru:3000
+CSRF_TRUSTED_ORIGINS=https://dev.concept.ru:3000;https://localhost:3000;https://portal.acconcept.ru:3000
+CORS_ALLOWED_ORIGINS=https://dev.concept.ru:3000;https://localhost:3000;https://portal.acconcept.ru:3000
 
 
 # File locations

rsconcept/frontend/.gitignore

@@ -1,24 +0,0 @@
-# Logs
-logs
-*.log
-npm-debug.log*
-yarn-debug.log*
-yarn-error.log*
-pnpm-debug.log*
-lerna-debug.log*
-
-node_modules
-dist
-dist-ssr
-*.local
-
-# Editor directories and files
-.vscode/*
-!.vscode/extensions.json
-.idea
-.DS_Store
-*.suo
-*.ntvs*
-*.njsproj
-*.sln
-*.sw?

rsconcept/frontend/package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "frontend",
-  "version": "0.1.0",
+  "version": "1.0.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "frontend",
-      "version": "0.1.0",
+      "version": "1.0.0",
       "dependencies": {
         "axios": "^1.4.0",
         "js-file-download": "^0.4.12",

rsconcept/frontend/package.json

@@ -1,7 +1,7 @@
 {
   "name": "frontend",
   "private": true,
-  "version": "0.1.0",
+  "version": "1.0.0",
   "type": "module",
   "scripts": {
     "test": "jest",

rsconcept/frontend/vite.config.ts

@@ -1,14 +1,10 @@
-import react from '@vitejs/plugin-react'
-import { defineConfig } from 'vite'
+import react from '@vitejs/plugin-react';
+import { defineConfig } from 'vite';
 
 // https://vitejs.dev/config/
 export default defineConfig({
   plugins: [react()],
   server: {
-    port: 3000,
-    // https: {
-    //   key: fs.readFileSync('cert/portal-key.pem'),
-    //   cert: fs.readFileSync('cert/portal-cert.pem'),
-    // }
+    port: 3000
   }
 })