Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better examples in INSTALL.md and local_settings.py #528

Open
tabacha opened this issue Nov 23, 2023 · 0 comments
Open

Better examples in INSTALL.md and local_settings.py #528

tabacha opened this issue Nov 23, 2023 · 0 comments

Comments

@tabacha
Copy link

tabacha commented Nov 23, 2023
edited
Loading

We would suggest to mention EMAIL Settings:

# Mail Setting
EMAIL_FROM_NAME = "ScaleUp Patchman"
EMAIL_HOST = "mx01.example.com"
EMAIL_HOST_USER = "smtpout@example.com"
EMAIL_HOST_PASSWORD = "my-secret"
EMAIL_PORT = 587
EMAIL_USE_TLS = True

And URL Settings (if you do not want to https://host.example.com/patchman/ as a main url):

# Login Urls
LOGIN_REDIRECT_URL = '/'
LOGOUT_REDIRECT_URL = '/login/'
LOGIN_URL = '/login/'

# URL prefix for static files.
STATIC_URL = '/static/'
# Additional dirs where the media should be copied from
STATICFILES_DIRS = [os.path.abspath(os.path.join(BASE_DIR, 'static'))]

Here is also a SSL Site config, which can be used without /etc/apache2/conf-enabled/patchman.conf

Define patchman_pythonpath /usr/lib/python3/dist-packages
WSGIPythonPath ${patchman_pythonpath}


# generated 2023-11-22, Mozilla Guideline v5.7, Apache 2.4.52, OpenSSL 3.0.2, modern configuration
# https://ssl-config.mozilla.org/#server=apache&version=2.4.52&config=modern&openssl=3.0.2&guideline=5.7

# this configuration requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers
<VirtualHost *:80>
    RewriteEngine On
    RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile      /etc/letsencrypt/certs/patchman.example.com/fullchain.pem
    SSLCertificateKeyFile   /etc/letsencrypt/certs/patchman.example.com/privkey.key

    # enable HTTP/2, if available
    Protocols h2 http/1.1

    # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
    Header always set Strict-Transport-Security "max-age=63072000"

    WSGIScriptAlias / ${patchman_pythonpath}/patchman/wsgi.py

    <Directory ${patchman_pythonpath}>
        <Files wsgi.py>
            Require all granted
        </Files>
        AllowOverride All
    </Directory>

    Alias /static "/var/lib/patchman/static"
    <Location /static>
        SetHandler None
    </Location>

    <Directory /var/lib/patchman/static>
        Require all granted
    </Directory>

    #<Location /patchman/reports/upload>
    #    # Add the IP addresses of your client networks/hosts here
    #    # to allow uploading of reports
    #    Require ip 127.0.0.0/255.0.0.0
    #    Require ip ::1/128
    #</Location>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined


</VirtualHost>

# modern configuration
SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
SSLHonorCipherOrder     off
SSLSessionTickets       off

Benefit in not having a /etc/apache2/conf-enabled/patchman.conf is that you can add an other site on the same host, without any side-effects (for example if you add wiki and write a documentation about patchman under: https://wiki.example.com/patchman/ the conf file will change urls.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tabacha