diff --git a/.env.example b/.env.example index 9e48a964..f2403634 100644 --- a/.env.example +++ b/.env.example @@ -1,3 +1,9 @@ +POSTGRES_PORT=5420 +APISIX_PORT=9080 +KEYCLOAK_SSL_PORT=7443 +KEYCLOAK_PORT=7080 +NGINX_PORT=8073 + SITE_NAME="MIT Open Learning Ecommerce" SECRET_KEY= STATUS_TOKEN= @@ -46,5 +52,4 @@ KEYCLOAK_DISCOVERY_URL= KEYCLOAK_CLIENT_ID= KEYCLOAK_CLIENT_SECRET= -APISIX_PORT=9080 APISIX_SESSION_SECRET_KEY=must_be_at_least_16_chars diff --git a/README.md b/README.md index 32281b2a..4aa804f9 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,8 @@ This application provides a central system to handle ecommerce activities across - [Interstitial Debug Mode](#interstitial-debug-mode) - [Webhook Retry](#webhook-retry) - [Running the app in a notebook](#running-the-app-in-a-notebook) + - [Change ports](#change-ports) + - [Import MaxMind GeoIP data](#import-maxmind-geoip-data) ## Initial Setup @@ -184,3 +186,31 @@ This repo includes a config for running a [Jupyter notebook](https://jupyter.org - Execute the first block to confirm it's working properly (click inside the block and press Shift+Enter) From there, you should be able to run code snippets with a live Django app just like you would in a Django shell. + +### Change ports + +If you need, you can change the exposed ports for all services: + +``` +POSTGRES_PORT=5420 +APISIX_PORT=9080 +KEYCLOAK_SSL_PORT=7443 +KEYCLOAK_PORT=7080 +NGINX_PORT=8073 +``` + +If you change these, you may need to update settings elsewhere. (Note that the APISIX config references `nginx:8073` but since it's _within_ the Docker network for the app, you don't need to update its port if you change it in your `.env` file.) + +### Import MaxMind GeoIP data + +The blocked country and tax assessment checks need the MaxMind GeoLite2 dataset to be imported into the app. + +You'll need to retrieve a copy of the data. You can get this for free from MaxMind: https://dev.maxmind.com/ Use the blue "Sign up for a GeoLite2 account" at the bottom to sign up for an account, and then you can download the data. There are several versions of the data to download - generally the "Country: CSV Format" is the best option. (You _have_ to use a CSV option, however.) + +Once you've downloaded it, place the CSV files in the root directory and then you can run this one-liner: + +``` +docker compose exec web ./manage.py import_maxmind_data GeoLite2-Country-Locations-en.csv geolite2-country-locations ; docker compose exec web ./manage.py import_maxmind_data GeoLite2-Country-Blocks-IPv4.csv geolite2-country-ipv4 ; docker compose exec web ./manage.py import_maxmind_data GeoLite2-Country-Blocks-IPv6.csv geolite2-country-ipv6 +``` + +You can also (and probably should) add mappings for private IPs too. Private IPs aren't represented by default in the GeoIP databases. Run `docker compose exec web ./manage.py create_private_maxmind_data ` to do this. The ISO code can be anything that's a valid ISO 3166 code (so, US works, but you can set it to something else if you'd prefer). diff --git a/docker-compose.yml b/docker-compose.yml index ead4c1d9..db6b007e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,17 +12,21 @@ x-environment: &py-environment DOCKER_HOST: ${DOCKER_HOST:-missing} POSTGRES_PORT: ${POSTGRES_PORT:-5432} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres} + NGINX_PORT: ${NGINX_PORT:-8073} + APISIX_PORT: ${APISIX_PORT:-9080} + KEYCLOAK_PORT: ${KEYCLOAK_PORT:-7080} + KEYCLOAK_SSL_PORT: ${KEYCLOAK_SSL_PORT:-7443} services: db: - image: postgres:16 + image: postgres:17 ports: - "$POSTGRES_PORT:5432" environment: <<: *py-environment redis: - image: redis:5.0.14 + image: redis:6.2 ports: - "6379" @@ -49,7 +53,7 @@ services: stdin_open: true tty: true ports: - - "8071:8071" + - "8071" links: - db - redis @@ -86,8 +90,7 @@ services: - APISIX_SESSION_SECRET_KEY=${APISIX_SESSION_SECRET_KEY:-something_at_least_16_characters} - UE_LOGOUT_URL=${UE_LOGOUT_URL:-http://ue.odl.local:9080/auth/logout/} ports: - - 9080:9080 - - 9180:9180 + - ${APISIX_PORT}:9080 volumes: - ./config/apisix/config.yaml:/usr/local/apisix/conf/config.yaml - ./config/apisix/apisix.yaml:/usr/local/apisix/conf/apisix.yaml @@ -100,7 +103,7 @@ services: depends_on: - db ports: - - 7080:7080 + - ${KEYCLOAK_PORT}:7080 - 7443:7443 environment: - KEYCLOAK_ADMIN=${KEYCLOAK_SVC_ADMIN:-admin} @@ -111,7 +114,7 @@ services: - ${KEYCLOAK_SVC_HOSTNAME:-kc.odl.local} links: - db:uedb - command: start --verbose --features scripts --import-realm --hostname=${KEYCLOAK_SVC_HOSTNAME:-kc.odl.local} --hostname-strict=false --hostname-debug=true --https-port=7443 --https-certificate-file=/etc/x509/https/tls.crt --https-certificate-key-file=/etc/x509/https/tls.key --http-enabled=true --http-port=7080 --config-keystore=/etc/keycloak-store --config-keystore-password=${KEYCLOAK_SVC_KEYSTORE_PASSWORD} --db=postgres --db-url-database=keycloak --db-url-host=uedb --db-schema=public --db-password=${POSTGRES_PASSWORD:-postgres} --db-username=postgres + command: start --verbose --features scripts --import-realm --hostname=${KEYCLOAK_SVC_HOSTNAME:-kc.odl.local} --hostname-strict=false --hostname-debug=true --https-port=${KEYCLOAK_SSL_PORT} --https-certificate-file=/etc/x509/https/tls.crt --https-certificate-key-file=/etc/x509/https/tls.key --http-enabled=true --http-port=${KEYCLOAK_PORT} --config-keystore=/etc/keycloak-store --config-keystore-password=${KEYCLOAK_SVC_KEYSTORE_PASSWORD} --db=postgres --db-url-database=keycloak --db-url-host=uedb --db-schema=public --db-password=${POSTGRES_PASSWORD:-postgres} --db-username=postgres volumes: - keycloak-store:/etc/keycloak-store - ./config/keycloak/tls:/etc/x509/https diff --git a/uwsgi.ini b/uwsgi.ini index 44adfef7..2fb063f2 100644 --- a/uwsgi.ini +++ b/uwsgi.ini @@ -32,3 +32,4 @@ if-not-env = UWSGI_SOCKET_TIMEOUT socket-timeout = 3 endif = buffer-size = 65535 +py-call-uwsgi-fork-hooks = true