Some minor documentation and Compose environment changes (#179)

.env.example

@@ -1,3 +1,9 @@
+POSTGRES_PORT=5420
+APISIX_PORT=9080
+KEYCLOAK_SSL_PORT=7443
+KEYCLOAK_PORT=7080
+NGINX_PORT=8073
+
 SITE_NAME="MIT Open Learning Ecommerce"
 SECRET_KEY=
 STATUS_TOKEN=
@@ -46,5 +52,4 @@ KEYCLOAK_DISCOVERY_URL=
 KEYCLOAK_CLIENT_ID=
 KEYCLOAK_CLIENT_SECRET=
 
-APISIX_PORT=9080
 APISIX_SESSION_SECRET_KEY=must_be_at_least_16_chars

README.md

@@ -16,6 +16,8 @@ This application provides a central system to handle ecommerce activities across
     - [Interstitial Debug Mode](#interstitial-debug-mode)
     - [Webhook Retry](#webhook-retry)
     - [Running the app in a notebook](#running-the-app-in-a-notebook)
+    - [Change ports](#change-ports)
+    - [Import MaxMind GeoIP data](#import-maxmind-geoip-data)
 
 ## Initial Setup
 
@@ -184,3 +186,31 @@ This repo includes a config for running a [Jupyter notebook](https://jupyter.org
 - Execute the first block to confirm it's working properly (click inside the block and press Shift+Enter)
 
 From there, you should be able to run code snippets with a live Django app just like you would in a Django shell.
+
+### Change ports
+
+If you need, you can change the exposed ports for all services:
+
+```
+POSTGRES_PORT=5420
+APISIX_PORT=9080
+KEYCLOAK_SSL_PORT=7443
+KEYCLOAK_PORT=7080
+NGINX_PORT=8073
+```
+
+If you change these, you may need to update settings elsewhere. (Note that the APISIX config references `nginx:8073` but since it's _within_ the Docker network for the app, you don't need to update its port if you change it in your `.env` file.)
+
+### Import MaxMind GeoIP data
+
+The blocked country and tax assessment checks need the MaxMind GeoLite2 dataset to be imported into the app.
+
+You'll need to retrieve a copy of the data. You can get this for free from MaxMind: https://dev.maxmind.com/ Use the blue "Sign up for a GeoLite2 account" at the bottom to sign up for an account, and then you can download the data. There are several versions of the data to download - generally the "Country: CSV Format" is the best option. (You _have_ to use a CSV option, however.)
+
+Once you've downloaded it, place the CSV files in the root directory and then you can run this one-liner:
+
+```
+docker compose exec web ./manage.py import_maxmind_data GeoLite2-Country-Locations-en.csv geolite2-country-locations ; docker compose exec web ./manage.py import_maxmind_data GeoLite2-Country-Blocks-IPv4.csv geolite2-country-ipv4 ; docker compose exec web ./manage.py import_maxmind_data GeoLite2-Country-Blocks-IPv6.csv geolite2-country-ipv6
+```
+
+You can also (and probably should) add mappings for private IPs too. Private IPs aren't represented by default in the GeoIP databases. Run `docker compose exec web ./manage.py create_private_maxmind_data <ISO code>` to do this. The ISO code can be anything that's a valid ISO 3166 code (so, US works, but you can set it to something else if you'd prefer).

docker-compose.yml

@@ -12,17 +12,21 @@ x-environment: &py-environment
   DOCKER_HOST: ${DOCKER_HOST:-missing}
   POSTGRES_PORT: ${POSTGRES_PORT:-5432}
   POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
+  NGINX_PORT: ${NGINX_PORT:-8073}
+  APISIX_PORT: ${APISIX_PORT:-9080}
+  KEYCLOAK_PORT: ${KEYCLOAK_PORT:-7080}
+  KEYCLOAK_SSL_PORT: ${KEYCLOAK_SSL_PORT:-7443}
 
 services:
   db:
-    image: postgres:16
+    image: postgres:17
     ports:
       - "$POSTGRES_PORT:5432"
     environment:
       <<: *py-environment
 
   redis:
-    image: redis:5.0.14
+    image: redis:6.2
     ports:
       - "6379"
 
@@ -49,7 +53,7 @@ services:
     stdin_open: true
     tty: true
     ports:
-      - "8071:8071"
+      - "8071"
     links:
       - db
       - redis
@@ -86,8 +90,7 @@ services:
     - APISIX_SESSION_SECRET_KEY=${APISIX_SESSION_SECRET_KEY:-something_at_least_16_characters}
     - UE_LOGOUT_URL=${UE_LOGOUT_URL:-http://ue.odl.local:9080/auth/logout/}
     ports:
-      - 9080:9080
-      - 9180:9180
+      - ${APISIX_PORT}:9080
     volumes:
       - ./config/apisix/config.yaml:/usr/local/apisix/conf/config.yaml
       - ./config/apisix/apisix.yaml:/usr/local/apisix/conf/apisix.yaml
@@ -100,7 +103,7 @@ services:
     depends_on:
       - db
     ports:
-      - 7080:7080
+      - ${KEYCLOAK_PORT}:7080
       - 7443:7443
     environment:
       - KEYCLOAK_ADMIN=${KEYCLOAK_SVC_ADMIN:-admin}
@@ -111,7 +114,7 @@ services:
         - ${KEYCLOAK_SVC_HOSTNAME:-kc.odl.local}
     links:
       - db:uedb
-    command: start --verbose --features scripts --import-realm --hostname=${KEYCLOAK_SVC_HOSTNAME:-kc.odl.local} --hostname-strict=false --hostname-debug=true --https-port=7443 --https-certificate-file=/etc/x509/https/tls.crt --https-certificate-key-file=/etc/x509/https/tls.key --http-enabled=true --http-port=7080 --config-keystore=/etc/keycloak-store --config-keystore-password=${KEYCLOAK_SVC_KEYSTORE_PASSWORD} --db=postgres --db-url-database=keycloak --db-url-host=uedb --db-schema=public --db-password=${POSTGRES_PASSWORD:-postgres} --db-username=postgres
+    command: start --verbose --features scripts --import-realm --hostname=${KEYCLOAK_SVC_HOSTNAME:-kc.odl.local} --hostname-strict=false --hostname-debug=true --https-port=${KEYCLOAK_SSL_PORT} --https-certificate-file=/etc/x509/https/tls.crt --https-certificate-key-file=/etc/x509/https/tls.key --http-enabled=true --http-port=${KEYCLOAK_PORT} --config-keystore=/etc/keycloak-store --config-keystore-password=${KEYCLOAK_SVC_KEYSTORE_PASSWORD} --db=postgres --db-url-database=keycloak --db-url-host=uedb --db-schema=public --db-password=${POSTGRES_PASSWORD:-postgres} --db-username=postgres
     volumes:
       - keycloak-store:/etc/keycloak-store
       - ./config/keycloak/tls:/etc/x509/https

uwsgi.ini

@@ -32,3 +32,4 @@ if-not-env = UWSGI_SOCKET_TIMEOUT
 socket-timeout = 3
 endif =
 buffer-size = 65535
+py-call-uwsgi-fork-hooks = true