2023-08-17 19:18:14 +01:00
9 changed files with 63 additions and 11 deletions
--- a/README.md
+++ b/README.md
@ -84,10 +84,10 @@ sudo docker exec -itu django medwings-django <command>
 Run database migrations inside the running container like so:

 ```bash
-sudo docker exec -itu medwings-django python manage.py migrate
+sudo docker exec -itu django medwings-django python manage.py migrate
 ```

 To enter django's interactive shell, run:
 ```bash
-sudo docker exec -itu medwings-django python manage.py shell
+sudo docker exec -itu django medwings-django python manage.py shell
 ```
--- a/app/authentication/templates/authentication/register-init.html
+++ b/app/authentication/templates/authentication/register-init.html
@ -8,14 +8,18 @@
  <div class="flex flex-col justify-center items-center gap-2 py-4 mx-4 max-w-4xl">
    <h2>Register</h2>
    <p>
-      Something something glad you're signing up.
+      We're thrilled that you're taking the next step towards a healthier future by signing up for Medwings!
+      By linking your Withings account, we can seamlessly integrate your health data with Medwings.
    </p>
    <div class="flex flex-col gap-2 items-center call-to-action-box">
      <p class="font-semibold">To get started, please allow us to access your health data</p>
      <a class="btn text-lg" href="{{ auth_url }}">Link Withings Account</a>
    </div>
    <p>
-      Something something why this is necessary.
+      The registration process will continue after you've linked your Withings account.
+      This step is essential as it allows Medwings to securely access your health data from the Withings cloud.
+      We use OAuth2, a standard and secure method, to ensure that your personal data remains private and under your control.+
+      Once your accounts are linked, you'll be all set to start exploring your health data and insights through Medwings.
    </p>
  </div>
 {% endblock content %}
--- a/app/core/settings.py
+++ b/app/core/settings.py
@ -12,7 +12,7 @@ https://docs.djangoproject.com/en/4.2/ref/settings/

 from pathlib import Path
 from os import getenv
-from utils import parse_string_as_bool
+from .utils import parse_string_as_bool


 # Build paths inside the project like this: BASE_DIR / 'subdir'.
@ -27,6 +27,13 @@ SECRET_KEY = getenv('DJANGO_SECRET_KEY')
 DEBUG = parse_string_as_bool(getenv('DJANGO_DEBUG_MODE', 'false'))
 ALLOWED_HOSTS = [ '*' ]

+# Force HttpRequest.build_absolute_uri() to generate HTTPS links in production
+# This is necessary when running behind a reverse proxy
+#USE_X_FORWARDED_HOST = False if DEBUG else True
+#SECURE_PROXY_SSL_HEADER = () if DEBUG else ('HTTP_X_FORWARDED_PROTO', 'https')
+USE_X_FORWARDED_HOST = True
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+

 # Application definition
 INSTALLED_APPS = [
@ -119,6 +126,7 @@ STATIC_URL = 'static/'
 STATICFILES_DIRS = [
    BASE_DIR / 'static',
 ]
+STATIC_ROOT = '/srv/static'


 # Default primary key field type
--- a/development.Caddyfile
+++ b/development.Caddyfile
@ -0,0 +1,10 @@
+:8000 {
+	handle * {
+		reverse_proxy * medwings-django:8000
+	}
+
+	log {
+		output stderr
+		format console
+	}
+}
--- a/development.caddy.Dockerfile
+++ b/development.caddy.Dockerfile
@ -16,7 +16,7 @@ RUN addgroup --gid ${CUSTOM_GID:-1000} ${CUSTOM_GROUPNAME} && \

 # Copy caddy config
 WORKDIR /app
-COPY --chown=${CUSTOM_USERNAME}:${CUSTOM_GROUPNAME} Caddyfile /app/
+COPY --chown=${CUSTOM_USERNAME}:${CUSTOM_GROUPNAME} development.Caddyfile /app/Caddyfile

 # Run Caddy in development mode
 USER ${CUSTOM_UID:-1000}:${CUSTOM_GID:-1000}
--- a/production.Caddyfile
+++ b/production.Caddyfile
@ -0,0 +1,21 @@
+{
+	servers {
+		trusted_proxies static private_ranges
+	}
+}
+
+:8000 {
+	handle_path /static/* {
+		root * /srv/static
+		file_server
+	}
+
+	handle * {
+		reverse_proxy * medwings-django:8000
+	}
+
+	log {
+		output stderr
+		format console
+	}
+}
--- a/production.caddy.Dockerfile
+++ b/production.caddy.Dockerfile
@ -12,11 +12,12 @@ ENV CUSTOM_USERNAME=webserver
 ENV CUSTOM_GROUPNAME=webserver
 RUN addgroup --gid ${CUSTOM_GID:-1000} ${CUSTOM_GROUPNAME} && \
    adduser --uid ${CUSTOM_UID:-1000} --shell /bin/ash ${CUSTOM_USERNAME} --ingroup ${CUSTOM_GROUPNAME} --disabled-password && \
-    mkdir /app && chown ${CUSTOM_UID:-1000}:${CUSTOM_GID:-1000} /app && chmod 700 /app
+    mkdir /app && chown ${CUSTOM_UID:-1000}:${CUSTOM_GID:-1000} /app && chmod 700 /app && \
+    mkdir -p /srv/static && chown ${CUSTOM_UID:-1000}:${CUSTOM_GID:-1000} /srv/static && chmod 700 /srv/static

 # Copy caddy config
 WORKDIR /app
-COPY --chown=${CUSTOM_USERNAME}:${CUSTOM_GROUPNAME} Caddyfile /app/
+COPY --chown=${CUSTOM_USERNAME}:${CUSTOM_GROUPNAME} production.Caddyfile /app/Caddyfile

 # Run Caddy in development mode
 USER ${CUSTOM_UID:-1000}:${CUSTOM_GID:-1000}
--- a/production.django.Dockerfile
+++ b/production.django.Dockerfile
@ -12,7 +12,8 @@ ENV CUSTOM_USERNAME=django
 ENV CUSTOM_GROUPNAME=django
 RUN addgroup --gid ${CUSTOM_GID:-1000} ${CUSTOM_GROUPNAME} && \
    adduser --uid ${CUSTOM_UID:-1000} --shell /bin/ash ${CUSTOM_USERNAME} --ingroup ${CUSTOM_GROUPNAME} --disabled-password && \
-    mkdir /app && chown ${CUSTOM_UID:-1000}:${CUSTOM_GID:-1000} /app && chmod 700 /app
+    mkdir /app && chown ${CUSTOM_UID:-1000}:${CUSTOM_GID:-1000} /app && chmod 700 /app && \
+    mkdir -p /srv/static && chown ${CUSTOM_UID:-1000}:${CUSTOM_GID:-1000} /srv/static && chmod 700 /srv/static
 ENV PATH "$PATH:/home/${CUSTOM_GROUPNAME}/.local/bin"

 # Add supervisord conf
@ -31,3 +32,4 @@ RUN pip install -r requirements.txt
 # Run supervisord
 EXPOSE 8000/tcp
 CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+#CMD ["uvicorn", "core.asgi:application", "--host", "0.0.0.0", "--port", "8000", "--access-log"]
--- a/production.docker-compose.yml
+++ b/production.docker-compose.yml
@ -19,11 +19,13 @@ services:
      - proxy
    environment:
      TZ: ${TIMEZONE}
+    volumes:
+      - /srv/medwings/static:/srv/static:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.medwings.entrypoints=https"
      - "traefik.http.routers.medwings.rule=Host(`medwings.lobbes.dev`)"
-      - "traefik.http.routers.medwings-secure.middlewares=default@file"
+      - "traefik.http.routers.medwings.middlewares=default@file"
      - "traefik.http.routers.medwings.tls=true"
      - "traefik.http.services.medwings.loadbalancer.server.port=8000"
      - "traefik.docker.network=proxy"
@ -45,6 +47,8 @@ services:
      - medwings
    environment:
      TZ: ${TIMEZONE}
+      DJANGO_DEBUG_MODE: ${DJANGO_DEBUG_MODE}
+      DJANGO_SECRET_KEY: ${DJANGO_SECRET_KEY}
      PG_NAME: ${PG_NAME}
      PG_USER: ${PG_USER}
      PG_PASSWORD: ${PG_PASSWORD}
@ -56,6 +60,8 @@ services:
      GOTIFY_PASSWORD: ${GOTIFY_PASSWORD}
      GOTIFY_HOST: ${GOTIFY_HOST}
      GOTIFY_PUBLIC_URL: ${GOTIFY_PUBLIC_URL}
+    volumes:
+      - /srv/medwings/static:/srv/static
  medwings-postgres:
    image: postgres:alpine
    container_name: ${PG_HOST}
@ -94,7 +100,7 @@ services:
      - "traefik.enable=true"
      - "traefik.http.routers.medwings-notifications.entrypoints=https"
      - "traefik.http.routers.medwings-notifications.rule=Host(`medwings-notifications.lobbes.dev`)"
-      - "traefik.http.routers.medwings-notifications-secure.middlewares=default@file"
+      - "traefik.http.routers.medwings-notifications.middlewares=default@file"
      - "traefik.http.routers.medwings-notifications.tls=true"
      - "traefik.http.services.medwings-notifications.loadbalancer.server.port=80"
      - "traefik.docker.network=proxy"