From aec4ef4e03abed8da35c0e1c0c9b266b2ffbf999 Mon Sep 17 00:00:00 2001 From: Abhilash Raj Date: Fri, 7 Apr 2017 18:22:43 -0700 Subject: [PATCH] Disable some security options in django settings. --- .gitignore | 1 + docker-compose.yaml | 2 ++ web/README.md | 3 +++ web/assets/run.sh | 4 ++-- web/mailman-web/settings.py | 13 +++++++------ 5 files changed, 15 insertions(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index ace0bea..2f4a19f 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ *.log *.log *.sass-cache/ +/web/mailman-web/settings_local.py diff --git a/docker-compose.yaml b/docker-compose.yaml index c9e79ea..a80c874 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -15,6 +15,7 @@ services: - database environment: - DATABASE_URL=postgres://mailman:mailmanpass@database/mailmandb + - HYPERKITTY_API_KEY=someapikey networks: mailman: ipv4_address: 172.19.199.2 @@ -38,6 +39,7 @@ services: - UWSGI_WORKERS=2 - UWSGI_THREADS=4 - DATABASE_URL=postgres://mailman:mailmanpass@database/mailmandb + - HYPERKITTY_API_KEY=someapikey networks: mailman: ipv4_address: 172.19.199.3 diff --git a/web/README.md b/web/README.md index e228deb..809fc06 100644 --- a/web/README.md +++ b/web/README.md @@ -43,6 +43,9 @@ change them unless you know what you want. - `SMTP_PORT`: Port used for SMTP. Default is `25`. +- `DJANGO_LOG_URL`: Path to the django's log file. Defaults to + `/opt/mailman-web-data/logs/mailmanweb.log`. + Running ======= diff --git a/web/assets/run.sh b/web/assets/run.sh index 12e2f39..697b569 100755 --- a/web/assets/run.sh +++ b/web/assets/run.sh @@ -94,7 +94,7 @@ python manage.py migrate # to /opt/mailman-web/logs/uwsgi.log # It can also point to a logging daemon accessible at a URL. if [[ -z "$UWSGI_LOG_URL" ]]; then - echo "No $UWSGI_LOG_URL defined, logging uwsgi to /opt/mailman-web-data/logs/uwsgi.log ..." + echo "No UWSGI_LOG_URL defined, logging uwsgi to /opt/mailman-web-data/logs/uwsgi.log ..." export UWSGI_LOG_URL='/opt/mailman-web-data/logs/uwsgi.log' if [[ ! -e "$UWSGI_LOG_URL" ]]; then touch "$UWSGI_LOG_URL" @@ -103,7 +103,7 @@ fi if [[ -z "$UWSGI_WSGI_FILE" ]]; then export UWSGI_WSGI_FILE="wsgi.py" - export UWSGI_HTTP=":8000" + export UWSGI_HTTP=:8000 export UWSGI_WORKERS=2 export UWSGI_THREADS=4 fi diff --git a/web/mailman-web/settings.py b/web/mailman-web/settings.py index 3c697d4..e2f730c 100644 --- a/web/mailman-web/settings.py +++ b/web/mailman-web/settings.py @@ -48,9 +48,10 @@ SITE_ID = 1 ALLOWED_HOSTS = [ "localhost", # Archiving API from Mailman, keep it. # "lists.your-domain.org", - os.environ.get('SERVE_FROM_DOMAIN'), # Add here all production URLs you may have. "mailman-web", + "172.19.199.3", + os.environ.get('SERVE_FROM_DOMAIN'), ] # Mailman API credentials @@ -168,12 +169,12 @@ SECURE_REDIRECT_EXEMPT = [ # Request from Mailman. "archives/api/mailman/.*", ] -SESSION_COOKIE_SECURE = True +# SESSION_COOKIE_SECURE = True # SECURE_CONTENT_TYPE_NOSNIFF = True -SECURE_BROWSER_XSS_FILTER = True -CSRF_COOKIE_SECURE = True +# SECURE_BROWSER_XSS_FILTER = True +# CSRF_COOKIE_SECURE = True # CSRF_COOKIE_HTTPONLY = True -X_FRAME_OPTIONS = 'DENY' +# X_FRAME_OPTIONS = 'DENY' # Password validation @@ -401,7 +402,7 @@ LOGGING = { 'level': 'INFO', 'class': 'logging.handlers.RotatingFileHandler', #'class': 'logging.handlers.WatchedFileHandler', - 'filename': '/opt/mailman-web-data/logs/mailmanweb.log', + 'filename': os.environ.get('DJANGO_LOG_URL','/opt/mailman-web-data/logs/mailmanweb.log'), 'formatter': 'verbose', }, 'console': {