-
Notifications
You must be signed in to change notification settings - Fork 100
ChRIS backend production services secret configuration files
Jennings Zhang edited this page Jun 5, 2023
·
32 revisions
This page describes the configuration files required by the production deployment of the ChRIS backend services. Those files can contain secret variables such as API keys and authentication passwords as well as other configuration variables.
.chris.env
.chris_db.env
.chris_store.env
.chris_store_db.env
.pfcon.env
.pman.env
.swift_service.env
Those files should be copied within a secrets
folder created under the appropriate path inside the source of the repo, like:
git clone https://github.com/FNNDSC/ChRIS_ultron_backend
cd ChRIS_ultron_backend
mkdir swarm/prod/secrets
DJANGO_SETTINGS_MODULE=config.settings.production
CUBE_CELERY_POLL_INTERVAL=5.0
DJANGO_DB_MIGRATE=on
DJANGO_COLLECTSTATIC=on
DJANGO_ALLOWED_HOSTS=*
DJANGO_SECRET_KEY=key1
DJANGO_CORS_ALLOW_ALL_ORIGINS=true
DJANGO_CORS_ALLOWED_ORIGINS=https://babymri.org
DJANGO_SECURE_PROXY_SSL_HEADER=
DJANGO_USE_X_FORWARDED_HOST=false
STATIC_ROOT=/home/localuser/mod_wsgi-0.0.0.0:8000/htdocs/static/
DEFAULT_FILE_STORAGE=swift.storage.SwiftStorage
SWIFT_CONTAINER_NAME=users
POSTGRES_DB=chris
POSTGRES_USER=chris
POSTGRES_PASSWORD=password1
DJANGO_SETTINGS_MODULE=config.settings.production
DJANGO_DB_MIGRATE=on
DJANGO_ALLOWED_HOSTS=*
DJANGO_SECRET_KEY=key2
DJANGO_CORS_ALLOW_ALL_ORIGINS=true
DJANGO_CORS_ALLOWED_ORIGINS=https://babymri.org
DJANGO_SECURE_PROXY_SSL_HEADER=
DJANGO_USE_X_FORWARDED_HOST=false
SWIFT_CONTAINER_NAME=store_users
POSTGRES_DB=chris_store
POSTGRES_USER=chris
POSTGRES_PASSWORD=password2
SECRET_KEY=key3
SECRET_KEY=key4
SWIFT_USERNAME=chris:password3
SWIFT_KEY=key5
If the app is behind a reverse-proxy to enable HTTPS upgrade, in .chris.env
and .chris_store.env
set
DJANGO_SECURE_PROXY_SSL_HEADER=HTTP_X_FORWARDED_PROTO,https
DJANGO_USE_X_FORWARDED_HOST=true
See https://github.com/FNNDSC/ChRIS_ultron_backEnd/wiki/Deployment#fix
If you're using ./deploy.sh
and want things to "just work," use this script to set random values to all the required variables.
#!/bin/bash
# purpose: set up swarm/prod/secrets/*.env
# https://github.com/FNNDSC/ChRIS_ultron_backEnd/wiki/ChRIS-backend-production-services-secret-configuration-files
DJANGO_CORS_ALLOW_ALL_ORIGINS=${DJANGO_CORS_ALLOW_ALL_ORIGINS:-true}
DJANGO_CORS_ALLOWED_ORIGINS=${DJANGO_CORS_ALLOWED_ORIGINS:-"https://babymri.org"}
# Create a random mixed-case alphanumieric string of given length (default 60)
function generate_password () {
head /dev/urandom | tr -dc A-Za-z0-9 | head -c "${1:-60}"
}
secrets_dir=./swarm/prod/secrets
if [ -d "$secrets_dir" ]; then
echo $secrets_dir already exists
exit 1
fi
mkdir $secrets_dir
cd $secrets_dir
cat > .chris.env << EOF
DJANGO_SETTINGS_MODULE=config.settings.production
CUBE_CELERY_POLL_INTERVAL=5.0
DJANGO_ALLOWED_HOSTS=*
DJANGO_SECRET_KEY=$(generate_password)
DJANGO_CORS_ALLOW_ALL_ORIGINS=$DJANGO_CORS_ALLOW_ALL_ORIGINS
DJANGO_CORS_ALLOWED_ORIGINS=$DJANGO_CORS_ALLOWED_ORIGINS
STATIC_ROOT=/home/localuser/mod_wsgi-0.0.0.0:8000/htdocs/static/
DJANGO_SECURE_PROXY_SSL_HEADER=
DJANGO_USE_X_FORWARDED_HOST=false
SWIFT_CONTAINER_NAME=users
EOF
cat > .chris_db.env << EOF
POSTGRES_DB=chris
POSTGRES_USER=chris
POSTGRES_PASSWORD=$(generate_password)
EOF
cat > .chris_store.env << EOF
DJANGO_SETTINGS_MODULE=config.settings.production
DJANGO_ALLOWED_HOSTS=*
DJANGO_SECRET_KEY=$(generate_password)
DJANGO_CORS_ALLOW_ALL_ORIGINS=$DJANGO_CORS_ALLOW_ALL_ORIGINS
DJANGO_CORS_ALLOWED_ORIGINS=$DJANGO_CORS_ALLOWED_ORIGINS
SWIFT_CONTAINER_NAME=store_users
DJANGO_SECURE_PROXY_SSL_HEADER=
DJANGO_USE_X_FORWARDED_HOST=false
EOF
cat > .chris_store_db.env << EOF
POSTGRES_DB=chris_store
POSTGRES_USER=chris
POSTGRES_PASSWORD=$(generate_password)
EOF
# this is hard coded
cat > .swift_service.env << EOF
SWIFT_USERNAME=chris:chris1234
SWIFT_KEY=testing
EOF
cd -
# wrapper around generate_password to print a newline after the result
function print_password () {
generate_password $1
printf "\n"
}
echo "Here are some more passwords for you to use for when setting up superuser accounts"
print_password 8
print_password 8
print_password 8
print_password 8
print_password 12
print_password 12
print_password 12
print_password 12
print_password 60
print_password 60
print_password 60
print_password 60