-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
15 changed files
with
206 additions
and
64 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
# Use an official Python runtime as a parent image | ||
FROM python:3.7-buster | ||
ENV PYTHONUNBUFFERED 1 | ||
|
||
MAINTAINER Luis Zarate @luisza | ||
|
||
RUN mkdir -p /dfva_app/ | ||
RUN mkdir -p /logs/ | ||
RUN mkdir -p /certs/ | ||
# Set the working directory to /app | ||
WORKDIR /dfva_app | ||
|
||
RUN apt-get update && \ | ||
apt-get install -y build-essential libssl1.1 libnss3 libssl-dev libffi-dev libnss3-dev apache2 nano | ||
RUN apt-get --no-install-recommends install cron | ||
RUN pip install --trusted-host pypi.python.org --no-cache-dir --upgrade pip && \ | ||
pip install soapfish2==0.7.0 | ||
# Copy the current directory contents into the container at /app | ||
|
||
COPY requirements.txt /dfva_app | ||
COPY dogtag_requirements.txt /dfva_app | ||
|
||
RUN mkdir -p /etc/nginx/certs/ | ||
RUN openssl dhparam -out /etc/nginx/certs/dhparam.pem 2048 | ||
|
||
# Install any needed packages specified in requirements.txt | ||
|
||
RUN pip install --trusted-host pypi.python.org --no-cache-dir -r requirements.txt && \ | ||
pip install --trusted-host pypi.python.org --no-cache-dir -r dogtag_requirements.txt && \ | ||
pip install python-logstash django-elasticsearch-dsl 'elasticsearch-dsl>=5.0,<6.0' | ||
RUN apt-get remove -y build-essential libssl-dev libffi-dev libnss3-dev && \ | ||
apt-get -y autoremove && \ | ||
apt-get -y clean | ||
|
||
ADD src /dfva_app | ||
RUN python manage.py collectstatic --settings=dfva.settings | ||
COPY deploy/receptor_entrypoint.sh /entrypoint.sh | ||
COPY deploy/apache.conf /etc/apache2/sites-enabled/dfva.conf | ||
COPY deploy/update_crl.sh /usr/bin/update_crl.sh | ||
|
||
RUN rm /etc/apache2/sites-enabled/000-default.conf | ||
RUN chmod +x /usr/bin/update_crl.sh | ||
RUN sed -i 's/nginx/apache2/g' /usr/bin/update_crl.sh | ||
RUN cp /usr/bin/update_crl.sh /etc/cron.daily/update_crl | ||
RUN sed -i 's/nginx/apache2/g' /entrypoint.sh | ||
RUN mkdir -p /internal_ca | ||
RUN a2enmod ssl && a2enmod proxy && a2enmod proxy_http | ||
RUN sed -i 's/Listen 443/Listen 8443/g' /etc/apache2/ports.conf | ||
|
||
VOLUME /internal_ca | ||
STOPSIGNAL SIGQUIT | ||
EXPOSE 8443 | ||
|
||
ENTRYPOINT ["/entrypoint.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
SSLStaplingCache shmcb:/tmp/stapling_cache(128000) | ||
|
||
<VirtualHost *:8443> | ||
ServerAdmin sitio@solvosoft.com | ||
|
||
ServerName www.firmadigital.solvosoft.com | ||
# ServerAlias www.example.com | ||
|
||
LogFormat "%h %{SSL_PROTOCOL}x %{SSL_CIPHER}x %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" \"%{SSL_CLIENT_S_DN}x\"" combined | ||
ErrorLog /logs/apache_error.log | ||
CustomLog /logs/apache_access.log combined | ||
|
||
SSLEngine on | ||
SSLCertificateFile /certs/bccr_agent.pem | ||
SSLCertificateKeyFile /certs/bccr_agent_key.pem | ||
|
||
SSLVerifyClient on | ||
SSLVerifyDepth 3 | ||
SSLCACertificateFile /certs/ca_nacional_de_CR.pem | ||
SSLCARevocationCheck chain | ||
SSLCARevocationFile /certs/ca_politica_juridica_crl.pem | ||
|
||
SSLOCSPEnable leaf | ||
SSLOCSPUseRequestNonce off | ||
SSLOCSPDefaultResponder "http://ocsp.sinpe.fi.cr/ocsp" | ||
SSLOCSPOverrideResponder on | ||
SSLUseStapling on | ||
|
||
|
||
<location /> | ||
Order allow,deny | ||
allow from all | ||
SSLRequire (%{SSL_CLIENT_S_DN} eq "CN=BANCO CENTRAL DE COSTA RICA (AGENTE ELECTRONICO),O=PERSONA JURIDICA,C=CR,serialNumber=CPJ-4-000-004017") | ||
</location> | ||
ProxyPass / http://127.0.0.1:8000/ | ||
ProxyPassReverse / http://127.0.0.1:8000/ | ||
</VirtualHost> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# Copy in /lib/systemd/system | ||
[Unit] | ||
Description=UCR FVA unicorn Servers | ||
After=network.target | ||
After=systemd-user-sessions.service | ||
After=network-online.target | ||
|
||
[Service] | ||
User=spark | ||
Type=forking | ||
# change in production and set full path | ||
ExecStart=deploy/gunicorn_start | ||
ExecStop=deploy/gunicorn_stop | ||
TimeoutSec=360 | ||
Restart=on-failure | ||
RestartSec=30 | ||
StartLimitInterval=350 | ||
StartLimitBurst=10 | ||
|
||
[Install] | ||
WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
defaultEntryPoints = ["http", "https"] | ||
|
||
[entryPoints] | ||
[entryPoints.http] | ||
address = ":80" | ||
[entryPoints.http.redirect] | ||
entryPoint = "https" | ||
[entryPoints.https] | ||
address = ":443" | ||
[entryPoints.https.tls] | ||
[[entryPoints.https.tls.certificates]] | ||
certFile = "/certs/ucrbccr.core.ucr.ac.cr.cert" | ||
keyFile = "/certs/ucrbccr.core.ucr.ac.cr.key" | ||
[[entryPoints.https.tls.certificates]] | ||
certFile = "/certs/firmadigital-dev.ucr.ac.cr.cert" | ||
keyFile = "/certs/firmadigital-dev.ucr.ac.cr.key" | ||
[[entryPoints.https.tls.certificates]] | ||
certFile = "/certs/pki-dbmanager.ucr.ac.cr.cert" | ||
keyFile = "/certs/pki-dbmanager.ucr.ac.cr.key" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
# Generated by Django 3.1.2 on 2021-05-21 17:41 | ||
|
||
from django.db import migrations, models | ||
|
||
|
||
class Migration(migrations.Migration): | ||
|
||
dependencies = [ | ||
('institution', '0002_auto_20210408_0816'), | ||
] | ||
|
||
operations = [ | ||
migrations.RemoveField( | ||
model_name='validatedocumentdatarequest', | ||
name='code', | ||
), | ||
migrations.RemoveField( | ||
model_name='validatedocumentdatarequest', | ||
name='errors', | ||
), | ||
migrations.RemoveField( | ||
model_name='validatedocumentdatarequest', | ||
name='signers', | ||
), | ||
migrations.RemoveField( | ||
model_name='validatedocumentdatarequest', | ||
name='warnings', | ||
), | ||
migrations.AddField( | ||
model_name='validatedocumentdatarequest', | ||
name='validation_data', | ||
field=models.JSONField(blank=True, null=True), | ||
), | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters