diff --git a/config/nginx.conf b/config/nginx.conf
index d4e04bf..69b2600 100644
--- a/config/nginx.conf
+++ b/config/nginx.conf
@@ -1,9 +1,11 @@
server {
listen 80;
- #server_name yourdomain.com;
+ server_name localhost;
# Redirect HTTP to HTTPS
- return 301 https://$host$request_uri;
+ location / {
+ return 301 https://localhost:1443$request_uri;
+ }
}
server {
@@ -14,17 +16,14 @@ server {
ssl_certificate_key /etc/nginx/ssl/private.key;
ssl_protocols TLSv1.2 TLSv1.3;
- ssl_prefer_server_ciphers on;
-
- root /usr/share/nginx/html;
- index index.html;
+ ssl_prefer_server_ciphers on;
# Proxy normal HTTP requests to Django
- location / {
- proxy_pass http://backend:8080;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- }
+ location / {
+ proxy_pass http://backend:8080/;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ }
}
diff --git a/config/ssl.conf b/config/ssl.conf
new file mode 100644
index 0000000..f21ca78
--- /dev/null
+++ b/config/ssl.conf
@@ -0,0 +1,28 @@
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = req_ext
+x509_extensions = req_ext
+
+[req_distinguished_name]
+countryName = FR
+countryName_default = FR
+stateOrProvinceName = Pyrénées Orientales
+stateOrProvinceName_default = Pyrénées Orientales
+localityName = Perpignan
+localityName_default = Perpignan
+organizationName = 42Perpignan
+organizationName_default = 42Perpignan
+commonName = www.ft_transcendence.com
+commonName_default = localhost
+
+[req_ext]
+subjectAltName = @alt_names
+basicConstraints = CA:FALSE
+keyUsage = digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+
+[alt_names]
+DNS.1 = localhost
+DNS.2 = www.ft_transcendence.com
+DNS.3 = ft_transcendence.com
+IP.1 = 127.0.0.1
diff --git a/docker-compose.yml b/docker-compose.yml
index bcc7946..d247437 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,8 +3,8 @@ services:
image: nginx:latest
container_name: nginx
ports:
- - "80:80"
- - "443:443"
+ - "1080:80"
+ - "1443:443"
volumes:
- ./config/nginx.conf:/etc/nginx/conf.d/default.conf
- ./certs/ssl:/etc/nginx/ssl
@@ -24,7 +24,7 @@ services:
venv/bin/python manage.py makemigrations --noinput &&
venv/bin/python manage.py migrate --noinput &&
venv/bin/python manage.py collectstatic --noinput &&
- venv/bin/daphne -e ssl:8080:privateKey=./certs/ssl/backend-key.pem:certKey=./certs/ssl/backend-cert.pem pong.asgi:application"
+ venv/bin/daphne -b 0.0.0.0 -p 8080 pong.asgi:application"
volumes:
- pong:/transcendence/pong
- pong_django_logs:/transcendence/logs
@@ -38,7 +38,7 @@ services:
DB_NAME: ${POSTGRES_DB}
DB_USER: ${POSTGRES_USER}
DB_PASSWORD: ${POSTGRES_PASSWORD}
- SECURE_SSL_REDIRECT: True
+ SECURE_SSL_REDIRECT: False
SECURE_HSTS_SECONDS: 31536000
SECURE_HSTS_INCLUDE_SUBDOMAINS: True
SECURE_HSTS_PRELOAD: True
diff --git a/makefile b/makefile
index 3d815be..34554b5 100644
--- a/makefile
+++ b/makefile
@@ -22,7 +22,10 @@ down:
destroy:
$(COMPOSE) down -v --rmi all
-re : down destroy up
+ssl-certs:
+ openssl req -x509 -nodes -days 365 -newkey rsa:4096 \
+ -keyout certs/ssl/private.key -out certs/ssl/certificate.crt \
+ -config config/ssl.conf
# Manage ELK stack
@@ -42,9 +45,6 @@ kill-pid:
sudo lsof -i :8080 | awk 'NR>1 {print $$2}' | xargs sudo kill -9 || true
sudo lsof -i :5044 | awk 'NR>1 {print $$2}' | xargs sudo kill -9 || true
-ps:
- $(COMPOSE) ps
-
db-shell:
$(COMPOSE) exec db psql -U 42student players_db
@@ -57,7 +57,7 @@ help:
@echo " make destroy # Stop and remove containers and volumes"
@echo " make stop [c=service] # Stop containers"
@echo " make logs [c=service] # Tail logs of containers"
- @echo " make ps # List containers"
+ @echo " make ssl-certs # create ssl certificate"
@echo " make help # Show this help"
.PHONY: up build start stop down destroy logs ps db-shell help
diff --git a/pong/settings.py b/pong/settings.py
index 5ba3863..462d6b1 100644
--- a/pong/settings.py
+++ b/pong/settings.py
@@ -13,18 +13,6 @@ from pathlib import Path
# Build paths inside the project like this: BASE_DIR / 'subdir'.
BASE_DIR = Path(__file__).resolve().parent.parent
-# Force HTTPS by redirecting HTTP traffic to HTTPS
-#SECURE_SSL_REDIRECT = True
-
-# Set secure cookie flags to ensure they are only sent over HTTPS
-SESSION_COOKIE_SECURE = True
-CSRF_COOKIE_SECURE = True
-
-# Enforce HTTP Strict Transport Security (HSTS)
-SECURE_HSTS_SECONDS = 31536000 # One year
-SECURE_HSTS_INCLUDE_SUBDOMAINS = True
-SECURE_HSTS_PRELOAD = True
-
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/3.2/howto/deployment/checklist/
diff --git a/pong/static/favicon.ico b/pong/static/favicon.ico
new file mode 100644
index 0000000..4ac57b5
Binary files /dev/null and b/pong/static/favicon.ico differ
diff --git a/pong/static/index.html b/pong/static/index.html
index 3588d07..8068526 100644
--- a/pong/static/index.html
+++ b/pong/static/index.html
@@ -7,9 +7,10 @@
Pong Game
-
-
-
+
+
@@ -204,4 +205,4 @@
-