From a099c3137fac33c60d92e9084e33eb09cb4015dd Mon Sep 17 00:00:00 2001 From: Adrien Audebert Date: Wed, 11 Sep 2024 17:03:10 +0200 Subject: [PATCH] add ssl to the project --- Dockerfile | 2 +- certs/ssl/backend-cert.pem | 31 +++++++++++++++++++++++ certs/ssl/backend-key.pem | 52 ++++++++++++++++++++++++++++++++++++++ docker-compose.yml | 6 ++++- makefile | 3 --- pong/static/game.js | 2 +- 6 files changed, 90 insertions(+), 6 deletions(-) create mode 100644 certs/ssl/backend-cert.pem create mode 100644 certs/ssl/backend-key.pem diff --git a/Dockerfile b/Dockerfile index 42ff94d..d4278cf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,5 @@ FROM python:latest -# Set environment variables ENV PYTHONDONTWRITEBYTECODE 1 ENV PYTHONUNBUFFERED 1 @@ -10,6 +9,7 @@ RUN apt update && apt upgrade -y COPY requirements.txt . COPY manage.py . +COPY certs/ certs/ RUN python3 -m venv venv RUN venv/bin/pip3 install --upgrade pip diff --git a/certs/ssl/backend-cert.pem b/certs/ssl/backend-cert.pem new file mode 100644 index 0000000..4ebf8eb --- /dev/null +++ b/certs/ssl/backend-cert.pem @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFazCCA1OgAwIBAgIUOD9IAcHJzD9Me6OP7fbTThgZHUAwDQYJKoZIhvcNAQEL +BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM +GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDA5MTExNDEwMzJaFw0yNTA5 +MTExNDEwMzJaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw +HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQDGwtY16ighyAqcLI+uci4oJovChHN1I61aPqATcTNC +L98ydVF+dkPMlgS+No1tjBthFQKJ54U733AxgauJ2UDoc27oQpJQiuALf0ui9AjH ++82v5thtWrQBUgsOQGGqu7lmFncIH3cZ5AiwVHu3O7JSYEm4l+P4uyJaRzIwi9ab +dSRJ9hjaa1UydEUlMWhpICc2U8r/BVTt8W1mc3eMu6rB429NuKrL0mQ2tgwqKdMV +904PlAF4dPKeEwl8VkXq/IJd9qr/97GfCJYPw+bJS3vnjD5JfBJoSh6o+BSck/ps +GnThf79kZtc29FoWmgtT7K5s5bDOuM6YzqPNGEkNxWh4D5Qtb5J6HIhea92U5/QN +/4PsBOAP1GrPpXkssMIPQEButK/qx1mtPHNaVC+wNRGH1kbaqbVVSiH0akidArhv +2BRP0Ajg8wNUZkCgDKoM60ZgHpchwYQ6GcKZ9IvRZFCuvl/8/Nuw2RzesIAoaxWn +G5CVZFsPvbHd80weeCisBSdDXN140iwru/h9vBrNQRo+1M+Q3gy1odsZqth3ip6B +PNdqUU/tgcPZzHRdE7YSP1UnSCGu45aMYAKHPngDJ6N08m25iSW0Dc0yVnRpgAeD +6q0K1IQQZYIr+W+UtJX8u4I1eW0kthRY7dLXTjYSgcDKHZaoUkT9/qyAeTHsLv0c +xwIDAQABo1MwUTAdBgNVHQ4EFgQUOr0WUb3fJYxL62kdhryTUmXwHCMwHwYDVR0j +BBgwFoAUOr0WUb3fJYxL62kdhryTUmXwHCMwDwYDVR0TAQH/BAUwAwEB/zANBgkq +hkiG9w0BAQsFAAOCAgEAkJlH857I2PkUja57cWEvEh2gsNKi74oxz5RH7psPPUma +kY4SImuGkFTdCYFHxD5Qvjag4kpeT8XXq4jBBqHR41cA1cyvK0K4F4ln5bhqVCQk +hFI7UBnZjRRa6hl5367YR3I4A45E+TAIzBhBo5W7dBJ+hJNyrADB/nQ3J1skbZ5b +pdsMfAWZ44VoHJE4evg2V5BS374UDiqdyCR3suauxmhedipNXu6r9nO1Q9Wij1+h +7rawHLgKXBR9/mJ4UWLkBswb8kptpcrm2cpqWprGFdGAeNCspSXmotYRya5tNu7W +wm25NJyni1O86dvMxiWuRY+sap8nqe7Hz83goQ2Yd1YgT1G2UwQx2e64SGjt0AaV +/bt9pya+W0FHB++w4wJVZcJRZt4LynufjHkqNLiSbB8XM+hIr9M/LDjx8xWHjiKD +oSFNj1K6Fr9TcvObIn//LXM1P1aegKBsOylYFFqKh3RVtSjOZXhJQm98gdERT2CZ +sD1fY6KvsGGVEKk1eSZKeJJowO6k4cZH4wrlIK7W8dnCmlhPmvXEDX1KiV7dSeFC +7lynyjyZihukuMYBYxBhT7mDZLMiy1of319SPOlY0GlZdoXJ7lcvWdFgXLSi6MIk +Y+yhMG4nTRIGGEWQP5EONkIp30i488csL/ivK8OxULZyrn6ZNByY/EPEFllWfqI= +-----END CERTIFICATE----- diff --git a/certs/ssl/backend-key.pem b/certs/ssl/backend-key.pem new file mode 100644 index 0000000..3f010cd --- /dev/null +++ b/certs/ssl/backend-key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDGwtY16ighyAqc +LI+uci4oJovChHN1I61aPqATcTNCL98ydVF+dkPMlgS+No1tjBthFQKJ54U733Ax +gauJ2UDoc27oQpJQiuALf0ui9AjH+82v5thtWrQBUgsOQGGqu7lmFncIH3cZ5Aiw +VHu3O7JSYEm4l+P4uyJaRzIwi9abdSRJ9hjaa1UydEUlMWhpICc2U8r/BVTt8W1m +c3eMu6rB429NuKrL0mQ2tgwqKdMV904PlAF4dPKeEwl8VkXq/IJd9qr/97GfCJYP +w+bJS3vnjD5JfBJoSh6o+BSck/psGnThf79kZtc29FoWmgtT7K5s5bDOuM6YzqPN +GEkNxWh4D5Qtb5J6HIhea92U5/QN/4PsBOAP1GrPpXkssMIPQEButK/qx1mtPHNa +VC+wNRGH1kbaqbVVSiH0akidArhv2BRP0Ajg8wNUZkCgDKoM60ZgHpchwYQ6GcKZ +9IvRZFCuvl/8/Nuw2RzesIAoaxWnG5CVZFsPvbHd80weeCisBSdDXN140iwru/h9 +vBrNQRo+1M+Q3gy1odsZqth3ip6BPNdqUU/tgcPZzHRdE7YSP1UnSCGu45aMYAKH +PngDJ6N08m25iSW0Dc0yVnRpgAeD6q0K1IQQZYIr+W+UtJX8u4I1eW0kthRY7dLX +TjYSgcDKHZaoUkT9/qyAeTHsLv0cxwIDAQABAoICAEKtH7EMcRQMCEslw7lwgj1j +2OSTDCxSoJeyhH6hLeHZL1W8926l+86I0OSCZmVGZ/TkWGqsqQxRw1BIQKRIpjaU +arMtienM/KW+uT/b/4oe1XxZw2bD07jRrfXE8T6WJPazOJEYBRtBXQzR+oKYWxS5 +SmHLSmWpWTfRxGt2rbKO1HKfRO0YrobzbDKy5WTGrYDTETkFr9z2bY291G/4kKrk +QfVfqqQfWxDjdyc5yp8GzD/7lZa0HKOcnUUBqAjRVmZxFiIyFHrWJYj6XdRPJyyg +5lA+d+pWWvyx5DA2j/5tzaHL+geTXEUKKaKFYKFxt32+e9aNNnkacOafa/pbq9Rr +cytWQhswgj5VUHrvb06Ncm7ZBkIfUy1PjiRGzpfsASz8WsKSSBA5DNmaXRbT2/2n +NVe0BnPheghshg9jtOi9TT7IUbbT+pEVetaalAp7+uiTVXIOD6WeV7gcbWDZF2/N +ipKiRAerIP+TmJ18u6TV57zQoCT9+JokTKvKVC+HC2JCGOkbqOCEc5hwpVCCtaiI +o/dNYZiqN0pzieit3QOOrYSfP+wz5rPlNFHxnnAOA45VpJ+Z2q1st9Z/6Rlp6OL5 +/BuZ0/tnCql/jNTuXl7F7BWw/6DuuO91D1lUTr1zkJ/lwN211Os9gBUKoCEJAfUQ +lMigpFCSU/3ELbrO8BNRAoIBAQDopzVf+6ijbXo1M0ZQPvpnCxCMHRIvas3b3dw9 +hh9vXiUzCyIX8XiSY/BllKyPbNomXYeg9/pmmTgu5WPXFkpES+ZIo76+VrYyfaJx +aYR+1smeGVbI1QQwUXylq8LbXZvmEktC2RIuHW99Qa3yXidbvzwZze/GOHFj5yMk +a5d0HoCEcHF1dhMyF8BWRVy43IFbSsGhTtfwLl8ayRdcvwaxqytTyNx9P7ja08bI +zKYEH8G4lZKFzYp4t9sXZs6JT13MTPNUj8rAN/WR7YIfcfW2bDt5So8ATKyUDuOj +dE8Rb1lHIWo5uSlzP/bDQGoHUtg/70zusxpc7HvOX7rdB5KfAoIBAQDatPNi9Qnq +4GF0AnaOjVWuDJXMbL1fcfNi+u12ZyPq0I2PqphlUZA14le9vOuUMMnUQNsJCmUU +EY6XayR4NujBsk9zYmU+3r73/gyxT36/Ne40OJAdftsEPjw41qgYNL+rgORnjJgK +XlbAeb83KGg+pA5DQy0ljjgvaaNvl5BmqWENC2aJOkeoxNdik4H5nqobUnvHTGRH +9ORzA9Vqq+O39Lj3lSmW0/DsgFSki5LQs+J9edCUZMsW0hfai6c7tZnkheXv16z5 +QRDpqx+m4JnzJsoakl0qdA91mbiO5p8MFTfy/Q3czHLh/qOKrZtsYvOkIfUZtfL4 +tv4n99+vkazZAoIBAF0LUjtayCzkAbX5FavOJBLFyA5hKf6wtjeyWPx6AWRmwHXT +hAUTW2cgdOoLNZ/+ppglW7KyugACUwfeUbmZfoYl3Kk8Y3J391HmEOtOieC4QdXq +yFx1ZMF2NWWEdd+JZmny8wp/CdhLiWUMuWZu5Uq6Bm1DgRtDQ4Xy0IkmRmH4OOm+ +loGlgTPNb+yQvO5psYozMZEzmQTDZuGtfpxnAWRY0nElqZilvWY2wA9aWSLZGH6b +wwekFjcFQKfxQ7SCez7Tn5U4FJwfRSThWeL9jokwa/CsMtip0XM9KSkbwOt2Hrxl +zrfbJ4qiECwyPLVFGpsnNxtXobl8El+MxYzUFH0CggEAc4aF0c3R8UmY8Kika2Ro +z8lCD3uZBKOyhqQ5bwPISy7it/LLESnmXTA0XLtATUUAN6gSi1H8Vn93rLAh0YZf +qIFBypc9F9qdUW3W0opFT0dzjg4awhnSIwmk0flBTZf/bt5kx/XSEhgHByDISqCD +gCM0jX8ch+v57cGFXVrYIgJyi2tsPCyW0aU4iI+WZn7TKB+H1pyZlBDd44sw3mnx +nagdVFpsX4mQh7y5+Tjo0mlSyCjibqBXTrSneP+v1LB2m+nGrcxlSDyAbI3B6GpX +p8LjmumZYOVxjRMoFAPqG33R0f6tpeYxAQN667QMl1IllJuDVpNvxsUSt5YNiDYQ +8QKCAQEA56yp0RDYKiCcvRG/jh3/Zpa9YRKhzhefnT/f7InmXFyQeJqaJmyhWV/S +Wlzi7o+N8o96ACSPzsVlU/WH+pQy1JhumNaE1fg8siDS+Nfm/sUHsd0s9X0LxsYD +zgdQrc68PO//hSr4IMpZxaC9yGsbpTCXWtuu4YdGa8oJvrGX4DZ4Rt7OTme9iPa/ +pY0ofzMX3BbxWLQzq5WzOAuVZpu83w1HtZ40nU/JzErSv2ynqczEbwvX6o/mZSgS +FLkh16KQaKcR4eLfLfEA+/i8sB/x+NtlCRl7Tgua9Kd4qZBL5bq+Vnq2OUkN3Tyt +f+i8icq3eKXI5Sr+Go3P8JjawtkHfA== +-----END PRIVATE KEY----- diff --git a/docker-compose.yml b/docker-compose.yml index 062be5a..f1ecee9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -69,7 +69,7 @@ services: venv/bin/python manage.py makemigrations --noinput && venv/bin/python manage.py migrate --noinput && venv/bin/python manage.py collectstatic --noinput && - venv/bin/daphne -b 0.0.0.0 -p 8080 pong.asgi:application" + venv/bin/daphne -e ssl:8080:privateKey=./certs/ssl/backend-key.pem:certKey=./certs/ssl/backend-cert.pem pong.asgi:application" volumes: - pong:/transcendence/pong - pong_django_logs:/transcendence/logs @@ -83,6 +83,10 @@ services: DB_NAME: ${POSTGRES_DB} DB_USER: ${POSTGRES_USER} DB_PASSWORD: ${POSTGRES_PASSWORD} + SECURE_SSL_REDIRECT: True + SECURE_HSTS_SECONDS: 31536000 + SECURE_HSTS_INCLUDE_SUBDOMAINS: True + SECURE_HSTS_PRELOAD: True depends_on: - db healthcheck: diff --git a/makefile b/makefile index e7fbc31..899ef5a 100644 --- a/makefile +++ b/makefile @@ -28,9 +28,6 @@ kill-pid: sudo lsof -i :8080 | awk 'NR>1 {print $$2}' | xargs sudo kill -9 || true sudo lsof -i :5044 | awk 'NR>1 {print $$2}' | xargs sudo kill -9 || true -logs: - $(COMPOSE) logs -f $(CONTAINER) - ps: $(COMPOSE) ps diff --git a/pong/static/game.js b/pong/static/game.js index 8dcc898..38bca56 100644 --- a/pong/static/game.js +++ b/pong/static/game.js @@ -360,7 +360,7 @@ document.addEventListener('DOMContentLoaded', () => { } function startWebSocketConnection(token, players) { - socket = new WebSocket(`ws://${window.location.host}/ws/game/`); + socket = new WebSocket(`wss://${window.location.host}/ws/game/`); socket.onopen = function (event) { console.log('WebSocket connection established');