mirror of
https://github.com/cookiecutter/cookiecutter-django.git
synced 2024-11-11 04:07:48 +03:00
e13f7afcb8
* Add option to serve media files locally using nginx * Fix nginx media location and storage issue * Fix traefik django-media typo * Add certresolver property to web-media-router * Add trailing slash in nginx configuration to avoid path traversal exploits * Remove autoindexing from nginx configuration so nginx uses its default off setting * Use nginx to serve media files if cloud provider is None * Add back warning about lack of media files without Docker or Cloud providers * Update documentation * Fix typos and rephrase Co-authored-by: Arkadiusz Ryś <arkadiusz.michal.rys@gmail.com> * Change Traefik media router rule generation to force priority The web-secure-router could end up having priority over the web-media-router when the www subdomain was used. This fix adds the www subdomain to the web-media-router if it's also present in the web-secure-router rule. Traefik looks at the length of rules to determine priority when no explicit priority is set. The web-media-router needs to always have priority over the web-secure-router in order for the media files to be served. * Add space to Traefik rule --------- Co-authored-by: Bruno Alla <alla.brunoo@gmail.com> Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>
109 lines
2.7 KiB
YAML
109 lines
2.7 KiB
YAML
log:
|
|
level: INFO
|
|
|
|
entryPoints:
|
|
web:
|
|
# http
|
|
address: ":80"
|
|
http:
|
|
# https://docs.traefik.io/routing/entrypoints/#entrypoint
|
|
redirections:
|
|
entryPoint:
|
|
to: web-secure
|
|
|
|
web-secure:
|
|
# https
|
|
address: ":443"
|
|
{%- if cookiecutter.use_celery == 'y' %}
|
|
|
|
flower:
|
|
address: ":5555"
|
|
{%- endif %}
|
|
|
|
certificatesResolvers:
|
|
letsencrypt:
|
|
# https://docs.traefik.io/master/https/acme/#lets-encrypt
|
|
acme:
|
|
email: "{{ cookiecutter.email }}"
|
|
storage: /etc/traefik/acme/acme.json
|
|
# https://docs.traefik.io/master/https/acme/#httpchallenge
|
|
httpChallenge:
|
|
entryPoint: web
|
|
|
|
http:
|
|
routers:
|
|
web-secure-router:
|
|
{%- if cookiecutter.domain_name.count('.') == 1 %}
|
|
rule: "Host(`{{ cookiecutter.domain_name }}`) || Host(`www.{{ cookiecutter.domain_name }}`)"
|
|
{%- else %}
|
|
rule: "Host(`{{ cookiecutter.domain_name }}`)"
|
|
{%- endif %}
|
|
entryPoints:
|
|
- web-secure
|
|
middlewares:
|
|
- csrf
|
|
service: django
|
|
tls:
|
|
# https://docs.traefik.io/master/routing/routers/#certresolver
|
|
certResolver: letsencrypt
|
|
{%- if cookiecutter.use_celery == 'y' %}
|
|
|
|
flower-secure-router:
|
|
rule: "Host(`{{ cookiecutter.domain_name }}`)"
|
|
entryPoints:
|
|
- flower
|
|
service: flower
|
|
tls:
|
|
# https://docs.traefik.io/master/routing/routers/#certresolver
|
|
certResolver: letsencrypt
|
|
{%- endif %}
|
|
{%- if cookiecutter.cloud_provider == 'None' %}
|
|
|
|
web-media-router:
|
|
{%- if cookiecutter.domain_name.count('.') == 1 %}
|
|
rule: "(Host(`{{ cookiecutter.domain_name }}`) || Host(`www.{{ cookiecutter.domain_name }}`)) && PathPrefix(`/media/`)"
|
|
{%- else %}
|
|
rule: "Host(`{{ cookiecutter.domain_name }}`) && PathPrefix(`/media/`)"
|
|
{%- endif %}
|
|
entryPoints:
|
|
- web-secure
|
|
middlewares:
|
|
- csrf
|
|
service: django-media
|
|
tls:
|
|
certResolver: letsencrypt
|
|
{%- endif %}
|
|
|
|
middlewares:
|
|
csrf:
|
|
# https://docs.traefik.io/master/middlewares/headers/#hostsproxyheaders
|
|
# https://docs.djangoproject.com/en/dev/ref/csrf/#ajax
|
|
headers:
|
|
hostsProxyHeaders: ["X-CSRFToken"]
|
|
|
|
services:
|
|
django:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://django:5000
|
|
{%- if cookiecutter.use_celery == 'y' %}
|
|
|
|
flower:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://flower:5555
|
|
{%- endif %}
|
|
{%- if cookiecutter.cloud_provider == 'None' %}
|
|
|
|
django-media:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://nginx:80
|
|
{%- endif %}
|
|
|
|
providers:
|
|
# https://docs.traefik.io/master/providers/file/
|
|
file:
|
|
filename: /etc/traefik/traefik.yml
|
|
watch: true
|