diff --git a/etc/crontab b/etc/crontab new file mode 100644 index 0000000..807200a --- /dev/null +++ b/etc/crontab @@ -0,0 +1 @@ +0 * * * * cd /home/vas3k/infomate.club/scripts && python3 update.py >/dev/null 2>&1 diff --git a/etc/nginx/infomate.club.conf b/etc/nginx/infomate.club.conf new file mode 100644 index 0000000..f9bb478 --- /dev/null +++ b/etc/nginx/infomate.club.conf @@ -0,0 +1,59 @@ +upstream infomate_club_uwsgi { + server unix:/home/vas3k/infomate.club.sock weight=1 max_fails=5 fail_timeout=30s; +} + +server { + listen 80; + listen 443 ssl http2; + server_name www.infomate.club; + + ssl_certificate /etc/letsencrypt/live/infomate.club/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/infomate.club/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/infomate.club/fullchain.pem; + include /etc/nginx/ssl.conf; + + rewrite ^(.*) https://infomate.club$1 permanent; +} + +server { + listen 80 default_server; + listen 443 ssl http2; + server_name infomate.club; + + charset utf-8; + client_max_body_size 30M; + index index.html index.htm; + + ssl_certificate /etc/letsencrypt/live/infomate.club/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/infomate.club/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/infomate.club/fullchain.pem; + include /etc/nginx/ssl.conf; + + set_real_ip_from 172.17.0.0/16; + real_ip_header X-Forwarded-For; + real_ip_recursive on; + + rewrite ^/favicon.ico$ https://infomate.club/static/images/favicon.ico; + rewrite ^/favicon.png$ https://infomate.club/static/images/favicon.png; + + access_log /home/vas3k/infomate.club/logs/access.log; + error_log /home/vas3k/infomate.club/logs/error.log; + + location /static/ { + root /home/vas3k/infomate.club/; + gzip_static on; + expires max; + add_header Cache-Control "public"; + } + + location ^~ /.well-known/acme-challenge/ { + default_type "text/plain"; + root /var/www/letsencrypt; + } + + location / { + uwsgi_pass infomate_club_uwsgi; + uwsgi_ignore_client_abort on; + include uwsgi_params; + } +} diff --git a/etc/nginx/ssl.conf b/etc/nginx/ssl.conf new file mode 100644 index 0000000..6fa59b0 --- /dev/null +++ b/etc/nginx/ssl.conf @@ -0,0 +1,15 @@ +ssl_session_timeout 1d; +ssl_session_cache shared:SSL:50m; +ssl_session_tickets off; + +ssl_protocols TLSv1.2; +ssl_ciphers EECDH+AESGCM:EECDH+AES; +ssl_ecdh_curve secp384r1; +ssl_prefer_server_ciphers on; + +ssl_stapling on; +ssl_stapling_verify on; + +add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload"; +add_header X-Frame-Options SAMEORIGIN; +add_header X-Content-Type-Options nosniff; diff --git a/etc/uwsgi/uwsgi.xml b/etc/uwsgi/uwsgi.xml new file mode 100644 index 0000000..a6f7f4f --- /dev/null +++ b/etc/uwsgi/uwsgi.xml @@ -0,0 +1,21 @@ + + python3,http + vas3k + vas3k + /home/vas3k/infomate.club.sock + 666 + /home/vas3k/infomate.club + DJANGO_SETTINGS_MODULE=infomate.settings + infomate.wsgi:application + /home/vas3k/infomate.club/infomate.club.log + 30 + 32768 + 8192 + 65536 + true + true + 5000 + + 3 + 2 + diff --git a/infomate/settings.py b/infomate/settings.py index 5a7e01e..dc1492b 100644 --- a/infomate/settings.py +++ b/infomate/settings.py @@ -10,7 +10,7 @@ DEBUG = True BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) SECRET_KEY = "wow so secret" -ALLOWED_HOSTS = ["127.0.0.1", "vas3k.ru"] +ALLOWED_HOSTS = ["127.0.0.1", "vas3k.ru", "infomate.club"] INSTALLED_APPS = [ "django.contrib.staticfiles", diff --git a/requirements.txt b/requirements.txt index 5f52d08..f5ad6dc 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,4 +5,4 @@ requests==2.22.0 beautifulsoup4==4.6.2 pyyaml==5.2 feedparser==5.2.1 -sentry-sdk==0.13.0 +sentry-sdk==0.13.5