-
Notifications
You must be signed in to change notification settings - Fork 43
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
974dd2a
commit 4d69322
Showing
14 changed files
with
132 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
""" | ||
ASGI config for testproject project. | ||
It exposes the ASGI callable as a module-level variable named ``application``. | ||
For more information on this file, see | ||
https://docs.djangoproject.com/en/5.1/howto/deployment/asgi/ | ||
""" | ||
|
||
import os | ||
|
||
from django.core.asgi import get_asgi_application | ||
|
||
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "ca.settings") | ||
|
||
application = get_asgi_application() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,3 @@ | ||
location /${DJANGO_CA_CA_URL_PATH}acme/ { | ||
uwsgi_pass django_ca_frontend; | ||
include /etc/nginx/uwsgi_params; | ||
try_files $uri @proxy_to_app;g | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,3 @@ | ||
location /${DJANGO_CA_CA_URL_PATH}api/ { | ||
uwsgi_pass django_ca_frontend; | ||
include /etc/nginx/uwsgi_params; | ||
try_files $uri @proxy_to_app; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,12 +1,9 @@ | ||
location /${DJANGO_CA_CA_URL_PATH}issuer/ { | ||
uwsgi_pass django_ca_frontend; | ||
include /etc/nginx/uwsgi_params; | ||
try_files $uri @proxy_to_app; | ||
} | ||
location /${DJANGO_CA_CA_URL_PATH}crl/ { | ||
uwsgi_pass django_ca_frontend; | ||
include /etc/nginx/uwsgi_params; | ||
try_files $uri @proxy_to_app; | ||
} | ||
location /${DJANGO_CA_CA_URL_PATH}ocsp/ { | ||
uwsgi_pass django_ca_frontend; | ||
include /etc/nginx/uwsgi_params; | ||
try_files $uri @proxy_to_app; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,3 @@ | ||
upstream django_ca_frontend { | ||
server frontend:8000; | ||
server frontend:8000 fail_timeout=0; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,3 @@ | ||
uWSGI==2.0.28 | ||
uvicorn==0.34.0 | ||
gunicorn==23.0.0 | ||
uvicorn-worker==0.3.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
#!/bin/sh -e | ||
|
||
#DJANGO_CA_UWSGI_INI=${DJANGO_CA_UWSGI_INI:-/usr/src/django-ca/uwsgi/uwsgi.ini} | ||
#DJANGO_CA_UWSGI_PARAMS=${DJANGO_CA_UWSGI_PARAMS:-} | ||
DJANGO_CA_LIB_DIR=${DJANGO_CA_LIB_DIR:-/var/lib/django-ca} | ||
|
||
#if [ ! -e ${DJANGO_CA_UWSGI_INI} ]; then | ||
# echo "${DJANGO_CA_UWSGI_INI}: No such file or directory." | ||
# exit 1 | ||
#fi | ||
|
||
DJANGO_CA_SECRET_KEY=${DJANGO_CA_SECRET_KEY:-} | ||
|
||
# Default path to the file holding the secret key. Note that the default here matches the default set in the | ||
# Dockerfile. docker-compose.yml will override this with a path shared between backend and frontend. | ||
DJANGO_CA_SECRET_KEY_FILE=${DJANGO_CA_SECRET_KEY_FILE:-/var/lib/django-ca/certs/ca/shared/secret_key} | ||
|
||
if [ -z "${DJANGO_CA_SECRET_KEY}" ]; then | ||
KEY_DIR=`dirname $DJANGO_CA_SECRET_KEY_FILE` | ||
if [ ! -e "${KEY_DIR}" ]; then | ||
mkdir -p ${KEY_DIR} | ||
chmod go-rwx ${KEY_DIR} | ||
fi | ||
|
||
if [ ! -e "${DJANGO_CA_SECRET_KEY_FILE}" ]; then | ||
echo "Create secret key at ${DJANGO_CA_SECRET_KEY_FILE}..." | ||
python <<EOF | ||
import random, string | ||
key = ''.join(random.SystemRandom().choice(string.ascii_letters + string.digits + string.punctuation) for _ in range(64)) | ||
with open('${DJANGO_CA_SECRET_KEY_FILE}', 'w') as stream: | ||
stream.write(key) | ||
EOF | ||
fi | ||
chmod go-rwx ${DJANGO_CA_SECRET_KEY_FILE} | ||
|
||
# Export DJANGO_CA_SECRET_KEY_FILE so that django-ca itself will pick it up. | ||
export DJANGO_CA_SECRET_KEY_FILE | ||
else | ||
export DJANGO_CA_SECRET_KEY | ||
fi | ||
|
||
# Synchronize NGINX configuration to ${NGINX_TEMPLATES_DIR} (used by Docker Compose to update configuration). | ||
if [ -n "${NGINX_TEMPLATE}" ]; then | ||
# This directory is a Docker volume mapped to /etc/nginx/templates/ in Docker Compose | ||
NGINX_TEMPLATE_DIR=/var/lib/django-ca/nginx/templates/ | ||
|
||
NGINX_TEMPLATE_SOURCE="/usr/src/django-ca/nginx/${NGINX_TEMPLATE}.template" | ||
|
||
if [ -r "${NGINX_TEMPLATE_SOURCE}" ]; then | ||
mkdir -p ${NGINX_TEMPLATE_DIR}/include.d/ | ||
cp -pf "${NGINX_TEMPLATE_SOURCE}" ${NGINX_TEMPLATE_DIR}default.conf.template | ||
cp -pf /usr/src/django-ca/nginx/include.d/*.conf ${NGINX_TEMPLATE_DIR}/include.d/ | ||
cp -pf /usr/src/django-ca/nginx/include.d/*.conf.template ${NGINX_TEMPLATE_DIR}/include.d/ | ||
else | ||
echo "${NGINX_TEMPLATE}: NGINX template not found." | ||
exit 1 | ||
fi | ||
fi | ||
|
||
# Wait for connections to be up (in this case the database), as the subsequent commands require access to it | ||
if [ -n "${WAIT_FOR_CONNECTIONS}" ]; then | ||
for conn in ${WAIT_FOR_CONNECTIONS}; do | ||
conn=$(echo $conn | sed 's/:/ /') | ||
while ! nc -z $conn; do | ||
echo "Wait for $conn..." | ||
sleep 0.1 # wait for 1/10 of the second before check again | ||
done | ||
done | ||
fi | ||
|
||
set -x | ||
python manage.py check --deploy | ||
python manage.py migrate --noinput | ||
python manage.py collectstatic --no-input & | ||
python manage.py cache_crls & | ||
python manage.py regenerate_ocsp_keys & | ||
python -m gunicorn ca.asgi:application -k uvicorn_worker.UvicornWorker --bind 0.0.0.0:8000 |