in progress

2025-12-15 21:56:50 +01:00 · 2024-09-16 16:09:00 +02:00 · 2024-09-16 16:09:00 +02:00 · e378ddc694
commit e378ddc694
parent 863342f720
7 changed files with 104 additions and 83 deletions
--- a/certs/ssl/backend-cert.pem
+++ b/certs/ssl/backend-cert.pem
@ -1,31 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIFazCCA1OgAwIBAgIUOD9IAcHJzD9Me6OP7fbTThgZHUAwDQYJKoZIhvcNAQEL
-BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
-GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDA5MTExNDEwMzJaFw0yNTA5
-MTExNDEwMzJaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
-HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggIiMA0GCSqGSIb3DQEB
-AQUAA4ICDwAwggIKAoICAQDGwtY16ighyAqcLI+uci4oJovChHN1I61aPqATcTNC
-L98ydVF+dkPMlgS+No1tjBthFQKJ54U733AxgauJ2UDoc27oQpJQiuALf0ui9AjH
-+82v5thtWrQBUgsOQGGqu7lmFncIH3cZ5AiwVHu3O7JSYEm4l+P4uyJaRzIwi9ab
-dSRJ9hjaa1UydEUlMWhpICc2U8r/BVTt8W1mc3eMu6rB429NuKrL0mQ2tgwqKdMV
-904PlAF4dPKeEwl8VkXq/IJd9qr/97GfCJYPw+bJS3vnjD5JfBJoSh6o+BSck/ps
-GnThf79kZtc29FoWmgtT7K5s5bDOuM6YzqPNGEkNxWh4D5Qtb5J6HIhea92U5/QN
-/4PsBOAP1GrPpXkssMIPQEButK/qx1mtPHNaVC+wNRGH1kbaqbVVSiH0akidArhv
-2BRP0Ajg8wNUZkCgDKoM60ZgHpchwYQ6GcKZ9IvRZFCuvl/8/Nuw2RzesIAoaxWn
-G5CVZFsPvbHd80weeCisBSdDXN140iwru/h9vBrNQRo+1M+Q3gy1odsZqth3ip6B
-PNdqUU/tgcPZzHRdE7YSP1UnSCGu45aMYAKHPngDJ6N08m25iSW0Dc0yVnRpgAeD
-6q0K1IQQZYIr+W+UtJX8u4I1eW0kthRY7dLXTjYSgcDKHZaoUkT9/qyAeTHsLv0c
-xwIDAQABo1MwUTAdBgNVHQ4EFgQUOr0WUb3fJYxL62kdhryTUmXwHCMwHwYDVR0j
-BBgwFoAUOr0WUb3fJYxL62kdhryTUmXwHCMwDwYDVR0TAQH/BAUwAwEB/zANBgkq
-hkiG9w0BAQsFAAOCAgEAkJlH857I2PkUja57cWEvEh2gsNKi74oxz5RH7psPPUma
-kY4SImuGkFTdCYFHxD5Qvjag4kpeT8XXq4jBBqHR41cA1cyvK0K4F4ln5bhqVCQk
-hFI7UBnZjRRa6hl5367YR3I4A45E+TAIzBhBo5W7dBJ+hJNyrADB/nQ3J1skbZ5b
-pdsMfAWZ44VoHJE4evg2V5BS374UDiqdyCR3suauxmhedipNXu6r9nO1Q9Wij1+h
-7rawHLgKXBR9/mJ4UWLkBswb8kptpcrm2cpqWprGFdGAeNCspSXmotYRya5tNu7W
-wm25NJyni1O86dvMxiWuRY+sap8nqe7Hz83goQ2Yd1YgT1G2UwQx2e64SGjt0AaV
-/bt9pya+W0FHB++w4wJVZcJRZt4LynufjHkqNLiSbB8XM+hIr9M/LDjx8xWHjiKD
-oSFNj1K6Fr9TcvObIn//LXM1P1aegKBsOylYFFqKh3RVtSjOZXhJQm98gdERT2CZ
-sD1fY6KvsGGVEKk1eSZKeJJowO6k4cZH4wrlIK7W8dnCmlhPmvXEDX1KiV7dSeFC
-7lynyjyZihukuMYBYxBhT7mDZLMiy1of319SPOlY0GlZdoXJ7lcvWdFgXLSi6MIk
-Y+yhMG4nTRIGGEWQP5EONkIp30i488csL/ivK8OxULZyrn6ZNByY/EPEFllWfqI=
-----END CERTIFICATE-----
--- a/certs/ssl/backend-key.pem
+++ b/certs/ssl/backend-key.pem
@ -1,52 +0,0 @@
-----BEGIN PRIVATE KEY-----
-MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDGwtY16ighyAqc
-LI+uci4oJovChHN1I61aPqATcTNCL98ydVF+dkPMlgS+No1tjBthFQKJ54U733Ax
-gauJ2UDoc27oQpJQiuALf0ui9AjH+82v5thtWrQBUgsOQGGqu7lmFncIH3cZ5Aiw
-VHu3O7JSYEm4l+P4uyJaRzIwi9abdSRJ9hjaa1UydEUlMWhpICc2U8r/BVTt8W1m
-c3eMu6rB429NuKrL0mQ2tgwqKdMV904PlAF4dPKeEwl8VkXq/IJd9qr/97GfCJYP
-w+bJS3vnjD5JfBJoSh6o+BSck/psGnThf79kZtc29FoWmgtT7K5s5bDOuM6YzqPN
-GEkNxWh4D5Qtb5J6HIhea92U5/QN/4PsBOAP1GrPpXkssMIPQEButK/qx1mtPHNa
-VC+wNRGH1kbaqbVVSiH0akidArhv2BRP0Ajg8wNUZkCgDKoM60ZgHpchwYQ6GcKZ
-9IvRZFCuvl/8/Nuw2RzesIAoaxWnG5CVZFsPvbHd80weeCisBSdDXN140iwru/h9
-vBrNQRo+1M+Q3gy1odsZqth3ip6BPNdqUU/tgcPZzHRdE7YSP1UnSCGu45aMYAKH
-PngDJ6N08m25iSW0Dc0yVnRpgAeD6q0K1IQQZYIr+W+UtJX8u4I1eW0kthRY7dLX
-TjYSgcDKHZaoUkT9/qyAeTHsLv0cxwIDAQABAoICAEKtH7EMcRQMCEslw7lwgj1j
-2OSTDCxSoJeyhH6hLeHZL1W8926l+86I0OSCZmVGZ/TkWGqsqQxRw1BIQKRIpjaU
-arMtienM/KW+uT/b/4oe1XxZw2bD07jRrfXE8T6WJPazOJEYBRtBXQzR+oKYWxS5
-SmHLSmWpWTfRxGt2rbKO1HKfRO0YrobzbDKy5WTGrYDTETkFr9z2bY291G/4kKrk
-QfVfqqQfWxDjdyc5yp8GzD/7lZa0HKOcnUUBqAjRVmZxFiIyFHrWJYj6XdRPJyyg
-5lA+d+pWWvyx5DA2j/5tzaHL+geTXEUKKaKFYKFxt32+e9aNNnkacOafa/pbq9Rr
-cytWQhswgj5VUHrvb06Ncm7ZBkIfUy1PjiRGzpfsASz8WsKSSBA5DNmaXRbT2/2n
-NVe0BnPheghshg9jtOi9TT7IUbbT+pEVetaalAp7+uiTVXIOD6WeV7gcbWDZF2/N
-ipKiRAerIP+TmJ18u6TV57zQoCT9+JokTKvKVC+HC2JCGOkbqOCEc5hwpVCCtaiI
-o/dNYZiqN0pzieit3QOOrYSfP+wz5rPlNFHxnnAOA45VpJ+Z2q1st9Z/6Rlp6OL5
-/BuZ0/tnCql/jNTuXl7F7BWw/6DuuO91D1lUTr1zkJ/lwN211Os9gBUKoCEJAfUQ
-lMigpFCSU/3ELbrO8BNRAoIBAQDopzVf+6ijbXo1M0ZQPvpnCxCMHRIvas3b3dw9
-hh9vXiUzCyIX8XiSY/BllKyPbNomXYeg9/pmmTgu5WPXFkpES+ZIo76+VrYyfaJx
-aYR+1smeGVbI1QQwUXylq8LbXZvmEktC2RIuHW99Qa3yXidbvzwZze/GOHFj5yMk
-a5d0HoCEcHF1dhMyF8BWRVy43IFbSsGhTtfwLl8ayRdcvwaxqytTyNx9P7ja08bI
-zKYEH8G4lZKFzYp4t9sXZs6JT13MTPNUj8rAN/WR7YIfcfW2bDt5So8ATKyUDuOj
-dE8Rb1lHIWo5uSlzP/bDQGoHUtg/70zusxpc7HvOX7rdB5KfAoIBAQDatPNi9Qnq
-4GF0AnaOjVWuDJXMbL1fcfNi+u12ZyPq0I2PqphlUZA14le9vOuUMMnUQNsJCmUU
-EY6XayR4NujBsk9zYmU+3r73/gyxT36/Ne40OJAdftsEPjw41qgYNL+rgORnjJgK
-XlbAeb83KGg+pA5DQy0ljjgvaaNvl5BmqWENC2aJOkeoxNdik4H5nqobUnvHTGRH
-9ORzA9Vqq+O39Lj3lSmW0/DsgFSki5LQs+J9edCUZMsW0hfai6c7tZnkheXv16z5
-QRDpqx+m4JnzJsoakl0qdA91mbiO5p8MFTfy/Q3czHLh/qOKrZtsYvOkIfUZtfL4
-tv4n99+vkazZAoIBAF0LUjtayCzkAbX5FavOJBLFyA5hKf6wtjeyWPx6AWRmwHXT
-hAUTW2cgdOoLNZ/+ppglW7KyugACUwfeUbmZfoYl3Kk8Y3J391HmEOtOieC4QdXq
-yFx1ZMF2NWWEdd+JZmny8wp/CdhLiWUMuWZu5Uq6Bm1DgRtDQ4Xy0IkmRmH4OOm+
-loGlgTPNb+yQvO5psYozMZEzmQTDZuGtfpxnAWRY0nElqZilvWY2wA9aWSLZGH6b
-wwekFjcFQKfxQ7SCez7Tn5U4FJwfRSThWeL9jokwa/CsMtip0XM9KSkbwOt2Hrxl
-zrfbJ4qiECwyPLVFGpsnNxtXobl8El+MxYzUFH0CggEAc4aF0c3R8UmY8Kika2Ro
-z8lCD3uZBKOyhqQ5bwPISy7it/LLESnmXTA0XLtATUUAN6gSi1H8Vn93rLAh0YZf
-qIFBypc9F9qdUW3W0opFT0dzjg4awhnSIwmk0flBTZf/bt5kx/XSEhgHByDISqCD
-gCM0jX8ch+v57cGFXVrYIgJyi2tsPCyW0aU4iI+WZn7TKB+H1pyZlBDd44sw3mnx
-nagdVFpsX4mQh7y5+Tjo0mlSyCjibqBXTrSneP+v1LB2m+nGrcxlSDyAbI3B6GpX
-p8LjmumZYOVxjRMoFAPqG33R0f6tpeYxAQN667QMl1IllJuDVpNvxsUSt5YNiDYQ
-8QKCAQEA56yp0RDYKiCcvRG/jh3/Zpa9YRKhzhefnT/f7InmXFyQeJqaJmyhWV/S
-Wlzi7o+N8o96ACSPzsVlU/WH+pQy1JhumNaE1fg8siDS+Nfm/sUHsd0s9X0LxsYD
-zgdQrc68PO//hSr4IMpZxaC9yGsbpTCXWtuu4YdGa8oJvrGX4DZ4Rt7OTme9iPa/
-pY0ofzMX3BbxWLQzq5WzOAuVZpu83w1HtZ40nU/JzErSv2ynqczEbwvX6o/mZSgS
-FLkh16KQaKcR4eLfLfEA+/i8sB/x+NtlCRl7Tgua9Kd4qZBL5bq+Vnq2OUkN3Tyt
-f+i8icq3eKXI5Sr+Go3P8JjawtkHfA==
-----END PRIVATE KEY-----
--- a/certs/ssl/certificate.crt
+++ b/certs/ssl/certificate.crt
@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDazCCAlOgAwIBAgIUHw0952GkKvodhosoBmPbHyuvPK8wDQYJKoZIhvcNAQEL
+BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDA5MTUxNTU3MzZaFw0yNTA5
+MTUxNTU3MzZaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
+HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDtIa5RfSzkHUZBCvYELemKHMVNtHPke2TsgjtvrbmX
+fDEtaRmdBI49fpv4lLGUclSDcsOGhbpm0jUaMrVZHt+h7o1GI4ev5KmhmyBdD1GY
+P3kQixdFDBVfCgqoPZ20cUsjL+zTtC6bREakx6gcdSaIrRGqlBSQNoXQrvHAC2kj
+yFh1lMENXCzd3Xs/u4cGgU7o5P9N/nYombp0aTmyIUke44zNpq59p1qG5XG1c2AZ
+WwMe+AG6ziLz58uswUedb9jPeQpLsGeyBG2MP8koZmxZLXvSu/SLu95FGg6o5mvi
+JVft5wymV4imANQ6aS4BjH6QLkFzo6NtXbrCk5QlX5YlAgMBAAGjUzBRMB0GA1Ud
+DgQWBBT9RoOc82syUX3KdzGYPVKtcHH5FDAfBgNVHSMEGDAWgBT9RoOc82syUX3K
+dzGYPVKtcHH5FDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAC
+scDuhjZL9ITaAh3NcMXBgF2mULM5MMjiUZZrxWgMn6jhqjkkh+I7xyB7EUoDsA7G
+WEZVe0FnZMfP4bL8OW9IGn8fkX0S1HPT6QylfMnzjz/Sf35xPywqDnSQkotlmC8A
+rCjJQHYTZIojvK1idcwl3iQA5W5OpUz7HL1hGx4EcS71+vlKF8WfpGg/DHlb6F4I
+hKngJO7DZPHprdvXOdlhDTwTOBAlaURSILIf16N51R0r9o1H65/4U9lmBZ5QsUlv
+CCcm5Kcxq/pomyt7IxYPY7wegDxAWVQE58IdzgfvtyBHNb9v0Grs8k+QnPx6wtrf
+Op3E2FqB6CDku8Dnlhhw
+-----END CERTIFICATE-----
--- a/certs/ssl/private.key
+++ b/certs/ssl/private.key
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDtIa5RfSzkHUZB
+CvYELemKHMVNtHPke2TsgjtvrbmXfDEtaRmdBI49fpv4lLGUclSDcsOGhbpm0jUa
+MrVZHt+h7o1GI4ev5KmhmyBdD1GYP3kQixdFDBVfCgqoPZ20cUsjL+zTtC6bREak
+x6gcdSaIrRGqlBSQNoXQrvHAC2kjyFh1lMENXCzd3Xs/u4cGgU7o5P9N/nYombp0
+aTmyIUke44zNpq59p1qG5XG1c2AZWwMe+AG6ziLz58uswUedb9jPeQpLsGeyBG2M
+P8koZmxZLXvSu/SLu95FGg6o5mviJVft5wymV4imANQ6aS4BjH6QLkFzo6NtXbrC
+k5QlX5YlAgMBAAECggEAV3wWFk1SqwQb37I+ClOv9frgVect3I0jslfnuq+CqZ8x
+e3nrb7D3EzvrKh4dl9FIWciU10Pt/bIu0jAEFNGdmt3qNAa2sA9x/8O+AGc+6Kb+
+MLrIBnrLRalsPh6hWKl1mZE8U+yFR1Y8o91fKcSUx1bmjiKcpYnf+5oXaY0sKH0z
+Ob7RiMlrSAH6gW7ciT33tcGCKKRQpF2j1oBsBmEKN3LUy/J7unjwQbaWql78q7/S
+THMOdVt/Qge++00L3wvZ0DFGDMHytuKLEoyH8l+FpzFN4U3ZSYjOvvTg5XhYyyPK
+FcoRLGK8Gwm7cguyUoETnbohEeJ2HFidn1F4VlE4rwKBgQD9hXZo9uiczmTKGURU
+Yk1Fxth+xyhDRiNJKNr2QirWldDOdQ2w6h/e3jE1jumRly833OVoB84ZUakHDc3k
+8z//ljGMgQZ3wra49bI/RUzeJtdNFg1qPgzWzVXdkT+oRHAUkR5xI5IUkssTw0zd
+wWlz0hJS1RQsrPsU7iM8GzU05wKBgQDvczJN/bKF6EscYV4cLZTbfygcZ99kMM4T
+nJp+AFFT6lFElQJi2EvGfM2JPH78QaHq5wtoKMUhafhpRJEQbW0AI6Gfrum0Cmqd
+vmIvugjv+//5lv85efzjx0kejfarGZCNbJGPr0NA/aDSg8Wx8sxqZrgYcQbXu8xi
+ZWWmAY/vEwJ/L4jWqtegxcXtH/ec2DWWR38BGMQ+yF5eP1lptMKzRYjRneRUrNc5
+IpCGqYQiRyoRsGe6m8ba3eRxzODJuiPh3ApNQArxK4NWv1dSFIrp3r1poQqBeWoo
+/h2B/Ak/5kzutux+yLfiq/jaGtqDjxC0tQKubNmG7tmAOmxsLtjrIQKBgQCqQ6aM
+kI5F65SlPJMXxE2p+nQCJtZRPub6SQwN9pnd6qsY8j/9G0JehFX+dNby9pR1HQ8e
+ZIcwKFMsP0ZLgRPV2oBNtKmXjSScwEi/GTDLvMwapQUc0KJDMWzL3jR9G7OO7Jlg
+q0ZOS0r1BiAoVbaHHj1fm9c6xd4iRWmPLmMzowKBgQDZnJ5Ku06y3iJDhhRg/kvw
+8u3WwCor0SvGr507tBahwJ7VNHZsIsW/0cIZ9ifrutT9DHLxkd8zdTXqnQZAwecG
+loIFjq9Krq8jGkCrqhHG9IyR5m3uPAy9bxIlHmtM/SMpU8fC1Sm4HcyQoiEW7Vyh
+st8d6VZKCQPbgppKvO6g4w==
+-----END PRIVATE KEY-----
--- a/config/nginx.conf
+++ b/config/nginx.conf
@ -0,0 +1,30 @@
+server {
+    listen 80;
+	#server_name yourdomain.com;
+
+    # Redirect HTTP to HTTPS
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+	server_name localhost;
+
+    ssl_certificate /etc/nginx/ssl/certificate.crt;
+    ssl_certificate_key /etc/nginx/ssl/private.key;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    root /usr/share/nginx/html;
+    index index.html;
+
+    # Proxy normal HTTP requests to Django
+    location / {
+        proxy_pass http://backend:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,4 +1,18 @@
 services:
+  nginx:
+    image: nginx:latest
+    container_name: nginx
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./config/nginx.conf:/etc/nginx/conf.d/default.conf
+      - ./certs/ssl:/etc/nginx/ssl
+    networks:
+      - app-network
+    depends_on:
+      - backend
+
  backend:
    build:
      context: .
--- a/pong/settings.py
+++ b/pong/settings.py
@ -13,6 +13,17 @@ from pathlib import Path
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent

+# Force HTTPS by redirecting HTTP traffic to HTTPS
+#SECURE_SSL_REDIRECT = True
+
+# Set secure cookie flags to ensure they are only sent over HTTPS
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True
+
+# Enforce HTTP Strict Transport Security (HSTS)
+SECURE_HSTS_SECONDS = 31536000  # One year
+SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+SECURE_HSTS_PRELOAD = True

 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/3.2/howto/deployment/checklist/