wayfinderak/geeksbot_web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Change env variables to Dockerfile

Browse Source 
Move sensitive info to redis settings cache
This commit is contained in:
Dustin Pianalto 2019-12-25 17:39:48 -09:00
parent 1af256d8c0
commit 5778ddd850
3 changed files with 35 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
Dockerfile
View File

@ -3,8 +3,8 @@ FROM python:3.8-alpine AS geeksbot-web
ENV DEBIAN_FRONTEND noninteractive ENV DEBIAN_FRONTEND noninteractive
ENV PYTHONUNBUFFERED 1 ENV PYTHONUNBUFFERED 1
RUN adduser --disabled-password --home=/home/geeksbot --gecos "" geeksbot RUN adduser --disabled-password --home /home/geeksbot --gecos "" geeksbot
RUN echo "geeksbot ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers RUN echo "geeksbot ALL (ALL) NOPASSWD: ALL" >> /etc/sudoers
RUN echo "geeksbot:docker" | chpasswd RUN echo "geeksbot:docker" | chpasswd
RUN apk update && \ RUN apk update && \
@ -32,9 +32,10 @@ RUN apk update && apk add nginx && apk add supervisor
COPY requirements/base.txt . COPY requirements/base.txt .
COPY requirements/production.txt . COPY requirements/production.txt .
COPY requirements/web.txt .
RUN pip install -r production.txt RUN pip install -r production.txt
COPY requirements/web.txt .
RUN pip install -r web.txt RUN pip install -r web.txt
RUN rm -f /etc/nginx/sites-enabled/default RUN rm -f /etc/nginx/sites-enabled/default
@ -60,6 +61,31 @@ WORKDIR /code/geeksbot_web
# RUN sed -i 's/\r$//g' ./entrypoint # RUN sed -i 's/\r$//g' ./entrypoint
# RUN chmod +x ./entrypoint # RUN chmod +x ./entrypoint
# PostgreSQL DB Connection Info
ENV POSTGRES_HOST geeksbot-db.c3omjx35ryzn.us-east-1.rds.amazonaws.com
ENV POSTGRES_DB geeksbot
ENV POSTGRES_PORT 5432
ENV POSTGRES_USER postgres
ENV CONN_MAX_AGE 0
# Redis Connection Info
ENV REDIS_DB 0
ENV REDIS_ENABLED true
ENV REDIS_HOST geeksbot-redis
ENV REDIS_PORT 6379
ENV USE_DOCKER yes
# Django
ENV DJANGO_SETTINGS_MODULE config.settings.production
ENV DJANGO_ALLOWED_HOSTS .geeksbot.app,localhost
ENV DJANGO_SECURE_SSL_REDIRECT False
ENV DJANGO_ACCOUNT_ALLOW_REGISTRATION True
# Email
ENV DJANGO_SERVER_EMAIL geeksbot@geeksbot.app
ENV MAILGUN_DOMAIN mail.geeksbot.app
# Gunicorn
ENV WEB_CONCURRENCY 4
EXPOSE 80 8000 443 EXPOSE 80 8000 443
ENTRYPOINT [ "./entrypoint" ] ENTRYPOINT [ "./entrypoint" ]

12
geeksbot_web/config/settings/base.py
View File

@ -4,22 +4,16 @@ Base settings to build other settings files upon.
import environ import environ
import sys import sys
import redis
ROOT_DIR = ( ROOT_DIR = (
environ.Path(__file__) - 3 environ.Path(__file__) - 3
) # (config/settings/base.py - 3 = ) ) # (config/settings/base.py - 3 = )
APPS_DIR = ROOT_DIR APPS_DIR = ROOT_DIR
#CODE_DIR = ( environ.Path(__file__) - 4 )
#sys.path.append(str(CODE_DIR))
print(sys.path)
env = environ.Env() env = environ.Env()
READ_DOT_ENV_FILE = env.bool("DJANGO_READ_DOT_ENV_FILE", default=False) settings_cache = redis.Redis(host=env.str('REDIS_HOST'), port=env.str('REDIS_PORT'), db=1, charset="utf-8", decode_responses=True)
if READ_DOT_ENV_FILE:
# OS environment variables take precedence over variables from .env
env.read_env(str(CODE_DIR.path(".env")))
# GENERAL # GENERAL
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
@ -51,7 +45,7 @@ DATABASES = {
'ENGINE': 'django.db.backends.postgresql', 'ENGINE': 'django.db.backends.postgresql',
'NAME': env.str("POSTGRES_DB"), 'NAME': env.str("POSTGRES_DB"),
'USER': env.str('POSTGRES_USER'), 'USER': env.str('POSTGRES_USER'),
'PASSWORD': env.str('POSTGRES_PASSWORD'), 'PASSWORD': settings_cache.get('POSTGRES_PASSWORD'),
'HOST': env.str('POSTGRES_HOST'), 'HOST': env.str('POSTGRES_HOST'),
'PORT': env.str('POSTGRES_PORT') 'PORT': env.str('POSTGRES_PORT')
} }

6
geeksbot_web/config/settings/production.py
View File

@ -4,7 +4,7 @@ from .base import env
# GENERAL # GENERAL
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# https://docs.djangoproject.com/en/dev/ref/settings/#secret-key # https://docs.djangoproject.com/en/dev/ref/settings/#secret-key
SECRET_KEY = env("DJANGO_SECRET_KEY") SECRET_KEY = settings_cache.get('DJANGO_SECRET_KEY')
# https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts # https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
ALLOWED_HOSTS = env.list("DJANGO_ALLOWED_HOSTS", default=["geeksbot.app"]) ALLOWED_HOSTS = env.list("DJANGO_ALLOWED_HOSTS", default=["geeksbot.app"])
@ -86,7 +86,7 @@ EMAIL_SUBJECT_PREFIX = env(
# ADMIN # ADMIN
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Django Admin URL regex. # Django Admin URL regex.
ADMIN_URL = env("DJANGO_ADMIN_URL") ADMIN_URL = settings_cache.get('DJANGO_ADMIN_URL')
# Anymail (Mailgun) # Anymail (Mailgun)
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
@ -95,7 +95,7 @@ INSTALLED_APPS += ["anymail"] # noqa F405
EMAIL_BACKEND = "anymail.backends.mailgun.EmailBackend" EMAIL_BACKEND = "anymail.backends.mailgun.EmailBackend"
# https://anymail.readthedocs.io/en/stable/installation/#anymail-settings-reference # https://anymail.readthedocs.io/en/stable/installation/#anymail-settings-reference
ANYMAIL = { ANYMAIL = {
"MAILGUN_API_KEY": env("MAILGUN_API_KEY"), "MAILGUN_API_KEY": settings_cache.get('MAILGUN_API_KEY'),
"MAILGUN_SENDER_DOMAIN": env("MAILGUN_DOMAIN"), "MAILGUN_SENDER_DOMAIN": env("MAILGUN_DOMAIN"),
"MAILGUN_API_URL": env("MAILGUN_API_URL", default="https://api.mailgun.net/v3"), "MAILGUN_API_URL": env("MAILGUN_API_URL", default="https://api.mailgun.net/v3"),
} }