From cc9072817c99098e27e04b7406380beda0cd2c45 Mon Sep 17 00:00:00 2001
From: Michael Kalish <kalishmichael@gmail.com>
Date: Wed, 20 Mar 2019 21:33:55 -0400
Subject: [PATCH] Production docker v2

---
 Dockerfile                                    |  3 --
 .../templates/ancfinder_site/index.html       |  4 +--
 docker-compose.yml                            |  5 ++--
 nginx.production.conf                         | 30 ++++++++++---------
 4 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index e1cd07f..f02ccaf 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,9 +8,6 @@ RUN apt-get update && \
 WORKDIR /srv/app
 COPY . /srv/app
 
-# install our dependencies
-RUN pip3 install -r requirements.txt
-
 # set environment Vars
 ENV DJANGO_ENV=test
 ENV STATIC_ROOT=/srv/app/static
diff --git a/ancfinder_site/templates/ancfinder_site/index.html b/ancfinder_site/templates/ancfinder_site/index.html
index 3a958a0..59cddab 100644
--- a/ancfinder_site/templates/ancfinder_site/index.html
+++ b/ancfinder_site/templates/ancfinder_site/index.html
@@ -25,7 +25,7 @@ <h2>Find Your ANC</h2>
 <!--If search successful, details below-->
 <div id="info" style="display: none; margin-top: 1em;">
 	<div>
-		<p>You live in <b>ANC <span id="anc-name" class="anc-name"> </span></b>, single member district <b><span id="smd-name" class="smd-name"> </span></b></p>
+		<p>You live in <b><span id="anc-name" class="anc-name"> </span></b>, single member district <b><span id="smd-name" class="smd-name"> </span></b></p>
 		<p><a id="anc-link">Find out more about this ANC</a></p>
 	</div>
 </div>
@@ -90,13 +90,13 @@ <h2>Find Your ANC</h2>
 		.then(resp => resp.json())
 		.then(locationResponse => {
 			const location = locationResponse && locationResponse.returnDataset && locationResponse.returnDataset['Table1'] && locationResponse.returnDataset	['Table1'][0];
+			$('#info_address_not_found').hide();
 			$('#info').show();
 			$('#loading').hide();
 			$('#anc-name').text(location['ANC']);
 			$('#smd-name').text(location['SMD']);
 			$('#anc-link').attr('href', `https://anc.dc.gov/page/advisory-neighborhood-commission-${location['ANC'].split(' ')[1]}`);	
 			$('#anc-link').attr('target', '_blank');
-			$('#info_address_not_found').show();
 		})
 		.catch(err => {
 			console.error(err);
diff --git a/docker-compose.yml b/docker-compose.yml
index 9a2d16e..2246eb2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -15,9 +15,10 @@ services:
     nginx:
         image: nginx:latest
         volumes:
-            - ./nginx.conf:/etc/nginx/conf.d/default.conf
+            - ./nginx.production.conf:/etc/nginx/conf.d/default.conf
             - ./uwsgi_params:/home/docker/code/uwsgi_params
-            - ./certs/letsencrypt:/etc/letsencrypt
+            - /etc/letsencrypt:/etc/letsencrypt
+            - /usr/share/nginx/html:/usr/share/nginx/html
             - static:/srv/app/static
         ports:
             - "80:80"
diff --git a/nginx.production.conf b/nginx.production.conf
index 5d39525..e80fbce 100644
--- a/nginx.production.conf
+++ b/nginx.production.conf
@@ -10,26 +10,28 @@ server {
     server_name ancfinder.org www.ancfinder.org ancfinder.com www.ancfinder.com; # substitute your machine's IP address or FQDN
     charset     utf-8;
 
+    ssl_certificate           /etc/letsencrypt/live/ancfinder.org/fullchain.pem;
+    ssl_certificate_key       /etc/letsencrypt/live/ancfinder.org/privkey.pem;
 
-    ssl_certificate /etc/nginx/ssl/certs/fullchain.pem;
-    ssl_certificate_key /etc/nginx/ssl/certs/privkey.pem;
-
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl off;
+    ssl_session_cache  builtin:1000  shared:SSL:10m;
+    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
     ssl_prefer_server_ciphers on;
-    ssl_dhparam /etc/nginx/ssl/certs/dhparam.pem;
-    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
-    ssl_session_timeout 1d;
-    ssl_session_cache shared:SSL:50m;
-    ssl_stapling on;
-    ssl_stapling_verify on;
-    add_header Strict-Transport-Security max-age=15768000;
 
     # max upload size
     client_max_body_size 75M;   # adjust to taste
 
-    # location /static {
-    #     alias /home/docker/volatile/static; # your Django project's static files - amend as required
-    # }
+    location /static {
+        alias /srv/app/static; # your Django project's static files - amend as required
+    }
+
+
+    location '/.well-known/acme-challenge' {
+        default_type "text/plain";
+        root         /tmp/letsencrypt;
+        autoindex    on;
+    }
 
     # Finally, send all non-media requests to the Django server.
     location / {