Merge pull request #6 from flemk/development

Args and nginx cleanup
flemk · May 16, 2024 · 837f562 · 837f562
2 parents a41620b + 907037f
commit 837f562
Show file tree

Hide file tree

Showing 7 changed files with 56 additions and 57 deletions.
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -24,4 +24,4 @@ jobs:
         with:
           context: ./server
           push: true
-          tags: ghcr.io/${{ github.repository }}:latest
+          tags: ghcr.io/pl-server:latest
diff --git a/.github/workflows/pylint.yml b/.github/workflows/pylint.yml
@@ -18,7 +18,7 @@ jobs:
       run: |
         python -m pip install --upgrade pip
         pip install -r ./server/requirements.txt
-        pip install -r ./python-licensing/requirements.txt
+        pip install -r ./python_licensing/requirements.txt
         pip install pylint
     - name: Analysing the code with pylint
       run: |

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,15 @@
+# Security Policy
+
+## Supported Versions
+These versions are currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.1.1   | :heavy_check_mark: |
+
+## Reporting a Vulnerability
+Please use the github Security Advisories function in the "Security" tab:
+
+[https://github.com/flemk/python-licensing/security](https://github.com/flemk/python-licensing/security)
+
+The frequency of updates on vulnerabilities and the time-to-fix depends on the availability of maintainers.
diff --git a/server/Dockerfile b/server/Dockerfile
@@ -1,24 +1,7 @@
 FROM python:3.9.18-slim-bullseye
 
-ARG DB_NAME
-ENV DB_NAME=$DB_NAME
-ARG DB_USER
-ENV DB_USER=$DB_USER
-ARG DB_PASS
-ENV DB_PASS=$DB_PASS
-ARG DB_HOST
-ENV DB_HOST=$DB_HOST
-ARG DB_PORT
-ENV DB_PORT=$DB_PORT
-
-ARG ENVIRONMENT
-ENV ENVIRONMENT=$ENVIRONMENT
-
-ARG LICENSE_PORT
-ENV LICENSE_PORT=$LICENSE_PORT
-
-ARG LICENSE_PORT_EXTERNAL
-ENV LICENSE_PORT_EXTERNAL=$LICENSE_PORT_EXTERNAL
+ENV LICENSE_PORT=5000
+ENV LICENSE_PORT_EXTERNAL=5001
 EXPOSE $LICENSE_PORT_EXTERNAL
 
 WORKDIR /app
@@ -27,11 +10,11 @@ RUN pip install --no-cache-dir -r requirements.txt
 
 RUN openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj '/CN=localhost'
 RUN apt-get update && apt-get install -y nginx && rm -rf /var/lib/apt/lists/*
+RUN sed -i "s/%LICENSE_PORT_EXTERNAL%/${LICENSE_PORT_EXTERNAL}/g" nginx.conf
+RUN sed -i "s/%LICENSE_PORT%/${LICENSE_PORT}/g" nginx.conf
 COPY nginx.conf /etc/nginx/sites-available/default
-RUN sed -i "s/%LICENSE_PORT_EXTERNAL%/${LICENSE_PORT_EXTERNAL}/g" /etc/nginx/sites-available/default
-RUN sed -i "s/%LICENSE_PORT%/${LICENSE_PORT}/g" /etc/nginx/sites-available/default
 
 # DEV: CMD ["python", "server.py"]
 
 # PROD:
-CMD service nginx start && python server.py
+CMD nginx -c /app/nginx.conf && python server.py
diff --git a/server/docker-compose.yml b/server/docker-compose.yml
@@ -1,26 +1,21 @@
 version: '3.8'
 services:
   web:
-    build:
-      context: .
-      args:
-          - DB_NAME=${DB_NAME}
-          - DB_USER=${DB_USER}
-          - DB_PASS=${DB_PASS}
-          - DB_HOST=${DB_HOST}
-          - DB_PORT=${DB_PORT}
-          - LICENSE_PORT=${LICENSE_PORT}
-          - LICENSE_PORT_EXTERNAL=${LICENSE_PORT_EXTERNAL}
-          - ENVIRONMENT=${ENVIRONMENT}
-    ports:
-      - "${LICENSE_PORT_EXTERNAL}:${LICENSE_PORT_EXTERNAL}"
+    image: pl-server:latest
     environment:
       - DB_NAME=${DB_NAME}
       - DB_USER=${DB_USER}
       - DB_PASS=${DB_PASS}
       - DB_HOST=${DB_HOST}
+      - DB_PORT=${DB_PORT}
+      - LICENSE_PORT=${LICENSE_PORT}
+      - LICENSE_PORT_EXTERNAL=${LICENSE_PORT_EXTERNAL}
+      - ENVIRONMENT=${ENVIRONMENT}
+    ports:
+      - "${LICENSE_PORT_EXTERNAL}:${LICENSE_PORT_EXTERNAL}"
     depends_on:
       - db
+
   db:
     image: postgres:13
     ports:

diff --git a/server/nginx.conf b/server/nginx.conf
@@ -1,23 +1,29 @@
-server {
-    listen 80;
-    server_name localhost;
-    return 301 https://$host$request_uri;
+events {
+    worker_connections 1024;
 }
 
-server {
-    listen %LICENSE_PORT_EXTERNAL% ssl;
-    server_name localhost;
+http {
+    server {
+        listen 80;
+        server_name localhost;
+        return 301 https://$host$request_uri;
+    }
 
-    ssl_certificate /app/cert.pem;
-    ssl_certificate_key /app/key.pem;
+    server {
+        listen %LICENSE_PORT_EXTERNAL% ssl;
+        server_name localhost;
 
-    location /check_license {
-        proxy_pass http://localhost:%LICENSE_PORT%/check_license;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    }
+        ssl_certificate /app/cert.pem;
+        ssl_certificate_key /app/key.pem;
 
-    error_page 404 /404.html;
-    error_page 500 502 503 504 /50x.html;
+        location /check_license {
+            proxy_pass http://localhost:%LICENSE_PORT%/check_license;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+
+        error_page 404 /404.html;
+        error_page 500 502 503 504 /50x.html;
+    }
 }
diff --git a/server/requirements.txt b/server/requirements.txt
@@ -1,7 +1,7 @@
 Flask>=2.2.5
 psycopg2-binary==2.8.6
-jinja2==3.1.3
+Jinja2>=3.1.4
 markupsafe==2.1.1
 itsdangerous>=2.0
-Werkzeug==2.3.8
-waitress==3.0.0
+Werkzeug>=3.0.3
+waitress==3.0.0