feat: draft of dockerscripts

.dockerignore

+env*
+**/*.pyc
+.vscode/*
+Dockerfile
+docker-compose.yml
+**/__pycache__/*
+smash/__pycache__/*

Dockerfile

+FROM python:3.6.9-buster
+
+RUN mkdir /code
+WORKDIR /code
+RUN apt-get update && apt-get install -y --allow-unauthenticated libsasl2-dev libssl-dev locales locales-all 
+ADD requirements* /code/
+RUN pip install -r requirements.txt --default-timeout=180 -i https://pypi.lcsb.uni.lu/simple/ && pip install -r requirements-dev.txt --default-timeout=180 -i https://pypi.lcsb.uni.lu/simple/ # --use-feature=2020-resolver
+ADD . /code/
+RUN cp local_settings_ci.py smash/smash/local_settings.py
+WORKDIR /code/smash
+
+ENTRYPOINT [ "/bin/sh" ]
+CMD [ "manage.py runserver 0.0.0.0:8002" ]
+EXPOSE 8002

docker-compose.yml

+version: '3'
+
+services:
+    postgres:
+        image: postgres:13
+        restart: always
+        environment:
+            POSTGRES_DB: smash
+            POSTGRES_USER: runner
+            POSTGRES_PASSWORD: password
+        ports: 
+            - "5432:5432"
+    web:
+        build: .
+        expose: 
+            - '8002'
+        entrypoint: bash -c "sleep 5
+                          && python manage.py makemigrations web 
+                          && python manage.py migrate
+                          && python manage.py migrate sessions
+                          && python manage.py collectstatic --noinput
+                          && python manage.py runserver 0.0.0.0:8002 --verbosity 3"
+                          # && gunicorn -b 0.0.0.0:8002 smash.wsgi:application --access-logfile access.log --error-logfile error.log"
+                          # && python manage.py runserver 0.0.0.0:8002 --verbosity 3
+        command: ""
+        ports:
+            - "8002:8002"
+        volumes:
+            - static_files:/static/
+        depends_on:
+            - postgres
+    nginx:
+        command:
+            - nginx-debug
+            - "-g"
+            - "daemon off;"
+        image: "nginx:alpine"
+        ports:
+            - "80:80"
+            - "443:443"
+            - "8080:8080"
+        expose:
+            - "80"
+            - "443"
+            - "8080"
+        depends_on:
+            - web
+            - postgres
+        volumes:
+            - "./docker/nginx/nginx.conf:/etc/nginx/nginx.conf"
+            - "./docker/nginx/nginx-selfsigned.crt:/etc/ssl/certs/nginx-selfsigned.crt"
+            - "./docker/nginx/nginx-selfsigned.key:/etc/ssl/private/nginx-selfsigned.key"
+            - "./docker/nginx/dhparam.pem:/etc/ssl/certs/dhparam.pem"
+            - "./docker/nginx/smasch.conf:/etc/nginx/conf.d/smasch.conf"
+            - static_files:/var/www/shared/static/
+            - nginx_logs:/log
+volumes:
+    static_files:
+    nginx_logs:

docker/nginx/dhparam.pem

+-----BEGIN DH PARAMETERS-----
+MIIEDQKCAgEAk54StojmfMVm4IbMreiHzR7v167BIQwwJXBU/V7OAMxlrRx/DraQ
+JK7f1YSu3YOW44feFQAgKRO+D0+yJi4qGHN3y5mkiYWh3og+/owYsFP8hI7fKd8n
+ZpscVZpn9G8cIsMvw8VBhw0+gNf+Vf6WAOjpHZCm6HXHxOBUQiOW6IXHMcG0/FGu
+V3TZHV8xCM0gSbBSoWqv7to3dD6fGMM57NSXPg8NHAO1ijKkcOGx2LfYDEUEiK7S
+maDST5VSGU+uc4LC/otZ6S6FcTNKse9+DUWTnHy0Ji2j6rqHnZFfmC2vlPQxPx0G
+kAixDqqtYgI06u6u7WlgZm6ZiPEBosRyuFU6t3SWdLNZ9XJn4xNbZd4/SBXOOtfN
+Q4kGcc0kGIvreZ9pOSwRl9GOK/oP3aqUB3Aj6h6va9vB9Gg2dvmfyuOCpCcfNE1M
+00diRy2sb60ax6laL1ArY5/14t2m52vFbkmWSN9R8cjgZ24WLKdG8FWJzSG5i4UM
+h/Spq15XzaAI/TU2c71wHa8PkD245z0hsOHW16m7zJ+QcMVeMc6mc47gwf1axsgh
+fU0a2fVbJfiuha0Ck63ZPtSGTPuSD/vlp/ozlZAz/r2vhlW534kzMc0YV6HkIJgs
+MMIXIdxKR6g06aPVyzt1bIY5lo5QLYFSksted/GF6ludn2XvjD8wERMCggIAJIs5
+XN+sehp+lvQ3nrL/sdz/3P5WoSZ+8Gx5w84veF5JRLExxflpQM5qw+g0ouDb9Daq
+Crt/oEDBIF3+EngZHJImHSRwdXARma5MVMFf+ty8Nq1Zur5e1/ll4HLrFlEkkgFB
+t84x4iyypzoYqgj7Q51tkEd44AYhdCWal2UZJS+YPqcnAO2AiajOOS3kbS1F87h1
+ABYJ67S7HBU8lLwdSDS77jJe4Qpmfjgg8SyTc7oDkqxh05l0ZG8swrylSjk40hqT
+XEmQWeWwcd0QaxqhFoSKq8HdUohSN9kfgVGe+0WLY3+EKgQ2O2SD8/pWqmnn+yPv
+Xd7QeqonQ7K/Kqj7LTRJvGpBK6xtdBqWOAxcgd9R3fsKnofNt7o70bS8Oe2zyHkc
+1CA3qG27FIu/UeWwPlFlRlYMsnDJ8L7ZgnjD/yB0kBys25JGMY5OkyI10GItFdJV
+duVWoUX7AWxDpr84eiYAePHWosw+k3Ke3TRA8VFy2Iq0jup9WuQFcOJoVKxsDZ8F
+fSLR6mUP9HJeeLV4tmEuYHC8D1rsEHZThhgr0usUib15KcAI4tXVntPQtf6RiecP
+jLcmzjLDBwJ5SjMkh9EGGk86Uin6sUe1fr4EEcnolEKgxEvPWp1zKFJXf9PQ+J+C
+X4/zYUu53ymg5xi41BYwSqWsf+O54GOe4R3YchECAgEA
+-----END DH PARAMETERS-----

docker/nginx/generate_keys.sh

+# This will create diffie hellman group
+openssl dhparam -dsaparam -out dhparam.pem 4096
+
+# This will create the self-signed certificates
+openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout nginx-selfsigned.key -out nginx-selfsigned.crt

docker/nginx/nginx-selfsigned.crt

+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoYCCQCMhnBJPKSvjDANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMC
+bHUxGTAXBgNVBAgMEEVzY2gtc3VyLUFsemV0dGUxDzANBgNVBAcMBkJlbHZhbDEP
+MA0GA1UECgwGdW5pLmx1MQ0wCwYDVQQLDARMQ1NCMRAwDgYDVQQDDAdCaW9Db3Jl
+MSMwIQYJKoZIhvcNAQkBFhRqYWNlay5sZWJpb2RhQHVuaS5sdTAeFw0yMDEwMDYx
+MTE2MDlaFw0yMTEwMDYxMTE2MDlaMIGQMQswCQYDVQQGEwJsdTEZMBcGA1UECAwQ
+RXNjaC1zdXItQWx6ZXR0ZTEPMA0GA1UEBwwGQmVsdmFsMQ8wDQYDVQQKDAZ1bmku
+bHUxDTALBgNVBAsMBExDU0IxEDAOBgNVBAMMB0Jpb0NvcmUxIzAhBgkqhkiG9w0B
+CQEWFGphY2VrLmxlYmlvZGFAdW5pLmx1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEA2EmC0FnGf6dXw1sLUCksS86dWDSBgLi1aBQzYYNC2MztJmhMe+mO
+oP34eKbbId4bVWiOp3XDrSdWf10q/viwOk8ApdNsZ1WbaKG5rLl5QwXQ/RAoEYAb
+pws67FGw1zZynoYt/RwEgwme38d6TuiBhD5V8OF1Ri6dXC5hC0YoQ3lf4fqj+X9u
+RnsbWUP5Q+EOi9tcZ98PRvBL2wcQajl56AUCNP30d7fuyZPjRc0cx60w4veWASzz
+A2G4BFPYQww7VWbsWtts+1SXzgue+6yyCtD0R5iE4nlTWT9N5SwpBj2YURFKC5PM
+P+zyLrER8KeA9XC1nG+7obFRRtYnJVswYwIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
+AQAfUOMPaaf1Yzk/IYiuGw7VO7roNO8vaePnAP0UmxaHgbZrKnwj0y+GOxnco7D1
+Ty94MiyoCfS4BhdLoIwON+BTW7UgJMyMi7fJ6/+UbcWr2Rq6iAzB0lyU+rmreBGm
+FU4hdvqSRsiLtVuHbpURZNQeJoZ5VKYv8NqOJ7cYYtlJORCzIfTqVhoLoTalbn+n
+NsRLdHY2Edue50ilwt1IBToeRkn+fw9wNJSrxZoEHRVHL5UFwIqacr1i9eDR41N9
+PSnEei4y2uT4csfGqoRTmo++P3tzwOuGLpcmB0OD55/G6J3p2ZCVT7CT3b6ln1FJ
+urcT2wFIC9ay116JEB8J+3PB
+-----END CERTIFICATE-----

docker/nginx/nginx-selfsigned.key

+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDYSYLQWcZ/p1fD
+WwtQKSxLzp1YNIGAuLVoFDNhg0LYzO0maEx76Y6g/fh4ptsh3htVaI6ndcOtJ1Z/
+XSr++LA6TwCl02xnVZtoobmsuXlDBdD9ECgRgBunCzrsUbDXNnKehi39HASDCZ7f
+x3pO6IGEPlXw4XVGLp1cLmELRihDeV/h+qP5f25GextZQ/lD4Q6L21xn3w9G8Evb
+BxBqOXnoBQI0/fR3t+7Jk+NFzRzHrTDi95YBLPMDYbgEU9hDDDtVZuxa22z7VJfO
+C577rLIK0PRHmITieVNZP03lLCkGPZhREUoLk8w/7PIusRHwp4D1cLWcb7uhsVFG
+1iclWzBjAgMBAAECggEAMbwFpp9eM7BpT/S5jz9Ifk4OhF/ef5j5resnPX8Pegb1
+aWWGYN/9+issXaIQtaL7KhKW6w77Ze+rxjHIV0UcUOwlu/v363MV/2Ng7MThi3Xk
+7qwuaofI1AqTDBBk17gfdzBnltJAf1lQ/ShDia2RSrWC0ZcmfnLtoGrRyePiElGE
+bYqOgJE46A38abau+uz2gW3lJ6LtbbCjlLbUqSEZ+9fqSj65z3XtlcKRVLdyQIby
+xntH8dCTd64dULqe3oJH2M0mpv5QIbOdvmr1u+VqMJ0L8rud9D8K541pFlHPxMqz
+vVs7q+mRGUQKsbBsFp3MQmsgANw9uv0Yb8dpwskz0QKBgQDvGIh8ZYlBLpwGI468
+5b0OFEoNESQjmRXUGP7n8d4dY18IxKiOkJ9e7AFpue/6Y+7kZdm9IsjV5aku5GN7
+9YHOrnMoEfyPwDkJ8DWk4i3UYD5BbLRYcD2C9+rEGYJd8Zg+fSwpebzXbcV1S82z
+jKQiHfMjK9vRYs300vugcAHwxQKBgQDnlCgfcFxY5iaxmdAhzlw9YI9UV05ryZwR
+ie64uk5UhJ23WumG9P7+w7b6qaWAS99m7kkfsAGzcz4S2B4HjPO9fmdBnXxAEDOm
+1mIngmPjcQhgtS/KMYdatyUqowOfAU5mf9Mry77ij/O2AKGQNstu38pzJjPtHNTU
+ZxTnF2rfBwKBgA5A9SoNV5BmOfD3v7OtMocbWIrM4c2pe66oStIDDk3MNcctCitt
+ncKn6TGnXxIbUQuWstNetoBh76MXBINIUJPEvKK/58GeIQhhpKEOxtKpZiy6UUoQ
+bupW400LhEUbeQsIpVBXrJVfOu1SNpIkqUhLZspK/BDQhhy5UzzuUH9NAoGAdi0h
+HIoWVjd8330CvX21jIzOF9hF6LOFtV2SOSq59l+GrJ70NS6pQhFWOyx/jK0rYDeR
+kV4cQBs7PhqTmH7Rk44B23Ymhfq+oREeHdNobhSslc1gieokjKKRkOSHYIkmHSB1
+/w+GZc/YKrS/vfx4bChAA+sm7IWeBpZkEFne69kCgYAn6DVkQe3FoUuike01elND
+3cO85M38bCUgr6o1ZqMF5Jfe1lwciucS2T1NnH93W5/NC6bOvr51n89+C7DITx6U
+UQCrW7ZUUslWvSrbrPiV2ZqSBAba878zFiJD8fFW3TOjqJB7Zep7R3MBCg/Q960o
+3VF4xf+hLPWLr9A+ZgFaMQ==
+-----END PRIVATE KEY-----

docker/nginx/nginx.conf

+worker_processes auto;
+error_log /log/nginx_error.log;
+pid /run/nginx.pid;
+
+include /usr/share/nginx/modules/*.conf;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /log/nginx_access.log  main;
+
+    sendfile            on;
+    tcp_nopush          on;
+    tcp_nodelay         on;
+    keepalive_timeout   65;
+    types_hash_max_size 2048;
+
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    include /etc/nginx/conf.d/*.conf;
+
+    server {
+        listen       80 default_server;
+        listen       [::]:80 default_server;
+        server_name  _;
+
+        return 301 https://$host$request_uri;
+    }
+
+    server {
+        listen       8080 default_server;
+        listen       [::]:8080 default_server;
+        server_name  _;
+
+        location / {
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header Host $http_host;
+            proxy_redirect off;
+            proxy_pass http://web:8002;
+        }
+    }
+}

docker/nginx/smasch.conf

+server {
+    listen 443 http2 ssl;
+    listen [::]:443 http2 ssl;
+
+    server_name 127.0.0.1 localhost;
+
+    ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
+    ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
+    ssl_dhparam /etc/ssl/certs/dhparam.pem;
+
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+    ssl_ecdh_curve secp384r1;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 120m;
+    ssl_session_tickets off;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    resolver 8.8.8.8 8.8.4.4 valid=300s;
+    resolver_timeout 5s;
+
+    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
+    add_header X-Frame-Options DENY;
+    add_header X-Content-Type-Options nosniff;
+
+    root /var/www/shared;
+
+    gzip on;
+    gzip_disable "msie6";
+
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_buffers 16 8k;
+    gzip_http_version 1.1;
+    gzip_min_length 256;
+    gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
+
+    location /static/ {
+     	    include /etc/nginx/mime.types;
+     	    root /var/www/shared/;
+    }
+
+    location / {
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header Host $http_host;
+            proxy_redirect off;
+            proxy_pass http://web:8002;
+    }
+}