From 0f19917bd8643eb5664b6ada874b82e35b6f830a Mon Sep 17 00:00:00 2001 From: Daniel Bernstein Date: Wed, 23 Oct 2024 11:15:58 -0700 Subject: [PATCH] [PP-1775] Ensure that application to talk to postgres when SSL is required. Additional updates: * upgrades image to python 3.12 * upgrades postgres to 16 (to match latest RDS deployment) --- Dockerfile | 7 ++++++- docker-compose.yml | 6 +++++- virtual_library_card/settings/dev.py | 1 + 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index d42559f..639f212 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.10-slim +FROM python:3.12-slim ENV APP_DIR=/virtual_library_card/ \ DJANGO_SETTINGS_MODULE=virtual_library_card.settings.prod \ @@ -22,6 +22,11 @@ ENV UWSGI_MASTER=1 \ UWSGI_POST_BUFFERING=1 \ UWSGI_LOGFORMAT="[pid: %(pid)|app: -|req: -/-] %(addr) (%(user)) {%(vars) vars in %(pktsize) bytes} [%(ctime)] %(method) %(clean_uri) => generated %(rsize) bytes in %(msecs) msecs (%(proto) %(status)) %(headers) headers in %(hsize) bytes (%(switches) switches on core %(core))" +# required for postgres ssl: the crt file doesn't exist +# but the path must point to a visible directory otherwise we +# get a permissions error +ENV PGSSLCERT /tmp/postgresql.crt + ARG POETRY_VERSION=1.7.1 ARG REPO=ThePalaceProject/virtual-library-card diff --git a/docker-compose.yml b/docker-compose.yml index 87a8ce4..e8f53b2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -23,11 +23,15 @@ services: SUPERUSER_PASSWORD: "test" pg: - image: "postgres:12" + image: "postgres:16" environment: POSTGRES_USER: vlc POSTGRES_PASSWORD: test POSTGRES_DB: virtual_library_card_dev + command: > + -c ssl=on + -c ssl_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem + -c ssl_key_file=/etc/ssl/private/ssl-cert-snakeoil.key minio: image: "bitnami/minio:2023.2.27" diff --git a/virtual_library_card/settings/dev.py b/virtual_library_card/settings/dev.py index 4ac66dd..ff07581 100644 --- a/virtual_library_card/settings/dev.py +++ b/virtual_library_card/settings/dev.py @@ -22,6 +22,7 @@ "PASSWORD": "test", "HOST": os.environ.get("VLC_DEV_DB_HOST", "pg"), "PORT": os.environ.get("VLC_DEV_DB_PORT", "5432"), + "OPTIONS": {"sslmode": "require"}, } }