Refactor

defaults/gunicorn.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=gunicorn daemon
+After=network.target
+
+[Service]
+User=www-updash
+Group=www-data
+WorkingDirectory=<PROJECT PATH>
+ExecStart=<VIRTUAL ENV PATH>/bin/gunicorn --workers 3 --timeout 300 --error-logfile <LOG PATH>/gunicorn.log --bind unix:<PROJECT PATH>updatesdashboard.sock updatesdashboard.wsgi:application
+ExecReload=/bin/kill -s HUP $MAINPID
+ExecStop=/bin/kill -s TERM $MAINPID
+
+[Install]
+WantedBy=multi-user.target

defaults/settings_local.py

@@ -0,0 +1,73 @@
+import os
+
+BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+
+# SECURITY WARNING: keep the secret key used in production secret!
+SECRET_KEY = 'long random key'
+
+# SECURITY WARNING: don't run with debug turned on in production!
+#DEBUG = True
+
+ALLOWED_HOSTS = ['127.0.0.1', ]
+CSRF_TRUSTED_ORIGINS ['127.0.0.1']
+
+# for debug_toolbar
+INTERNAL_IPS = ['127.0.0.1', ]
+DEBUG_TOOLBAR = True
+
+# Database
+# https://docs.djangoproject.com/en/1.10/ref/settings/#databases
+
+DATABASES = {
+    'default': {
+        #'ENGINE': 'django.db.backends.sqlite3',
+        #'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
+        'ENGINE': 'django.db.backends.mysql',
+        'NAME': '<DB NAME>',
+        'USER': '<DB USER>',
+        'PASSWORD': '<DB PASSWORD>',
+        'HOST': '<DB HOST>',
+    }
+}
+
+INSTALLED_APPS_LOCAL = [
+    'debug_toolbar',
+    'django_python3_ldap',
+]
+
+# LDAP AUTH
+AUTHENTICATION_BACKENDS = (
+    'django_python3_ldap.auth.LDAPBackend',
+    'django.contrib.auth.backends.ModelBackend',
+)
+LDAP_AUTH_URL               = "ldaps://SERVER:PORT"
+LDAP_AUTH_USE_TLS           = True
+LDAP_AUTH_SEARCH_BASE       = "ou=USERS,dc=MY,dc=ORG"
+LDAP_AUTH_OBJECT_CLASS      = "inetOrgPerson"
+LDAP_AUTH_USER_FIELDS       = {
+    "username": "uid",
+    "first_name": "givenName",
+    "last_name": "sn",
+    "email": "mail",
+}
+LDAP_AUTH_FORMAT_SEARCH_FILTERS = "dashboard.module.custom_format_search_filters"
+LDAP_AUTH_CUSTOM_OBJECT_CLASS   = "ACLASS"
+LDAP_AUTH_CUSTOM_FILTERS        = "(SOMEFIELD=SOMEVALUE)"
+
+MIDDLEWARE_LOCAL = [
+    'debug_toolbar.middleware.DebugToolbarMiddleware',
+]
+
+# Static files (CSS, JavaScript, Images)
+# https://docs.djangoproject.com/en/1.10/howto/static-files/
+
+STATIC_URL = '/static/'
+STATIC_ROOT = os.path.join(BASE_DIR, './static')
+
+# custom
+RESULT_DIR    = os.path.join(BASE_DIR, 'results')
+RESULT_PACKAGES_DIR    = os.path.join(BASE_DIR, 'results-packages')
+INVENTORY_DIR = os.path.join(BASE_DIR, 'inventory')
+
+LOGIN_URL          = '/login'
+LOGIN_REDIRECT_URL = 'index'

defaults/updates-dashboard.conf

@@ -0,0 +1,46 @@
+server {
+    listen 80;
+    server_name <DOMAIN NAME>;
+
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443;
+    server_name <DOMAIN NAME>;
+
+    # remove trailing slash
+
+    # css, js…
+    location /static {
+        alias <PROJECT PATH>/static;
+    }
+
+    # letsencrypt
+    location '/.well-known/acme-challenge/' {
+        default_type "text/plain";
+        root         /data/services/web/default/certbot;
+    }
+
+    if ($request_uri !~ "^/admin.*") {
+        # don't rewrite admin
+        rewrite ^/(.*)/$ /$1 permanent;
+    }
+
+    location / {
+        include               proxy_params;
+        proxy_pass            http://unix:<PROJECT PATH>/updatesdashboard.sock;
+        proxy_connect_timeout 120s;
+        proxy_read_timeout    300s;
+
+        auth_basic           "Restricted";
+        auth_basic_user_file <PROJECT PATH>/htpasswd;
+    }
+
+    include includes/ssl.conf;
+    ssl_certificate     /etc/letsencrypt/live/updatesdashboard.accelance.net/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/updatesdashboard.accelance.net/privkey.pem;
+
+    error_log  /data/log/web/updatesdashboard-ssl-error.log;
+    access_log /data/log/web/updatesdashboard-ssl-access.log;
+}