Added dummy certs

.gitignore

@@ -6,4 +6,5 @@
 .aider.tags.cache.v1/cache.db-shm
 .aider.tags.cache.v1/cache.db-wal
 dj_backend_server/.aider.conf.yml
-dj_backend_server/.aider.conf.yml~
+dj_backend_server/nginx/ssl/privkey.pem
+dj_backend_server/nginx/ssl/cert.pem

dj_backend_server/Dockerfile

@@ -15,4 +15,8 @@ COPY . /app/
 RUN pip install --no-cache-dir -r requirements.txt
 
 # Run migrations on startup
-CMD ["sh", "-c", "python manage.py sync_models && python manage.py runserver 0.0.0.0:8000"]
+CMD ["sh", "-c", "python manage.py sync_models && python manage.py runserver 0.0.0.0:8000"]
+
+COPY ./entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]

dj_backend_server/Makefile

@@ -63,17 +63,14 @@ endif
 # celery -A dj_backend_server worker --loglevel=info &
 dev-start:
 	$(DOCKER_COMPOSE) -f docker-compose.linux.yaml up -d
-
 	@echo $(shell tput setaf 3)"Waiting for 20 seconds before opening the browser..."$(shell tput sgr0)
 	sleep 20
-
 	$(OPEN_COMMAND) http://0.0.0.0:8000/	
 
 dev-stop:
 	$(DOCKER_COMPOSE) down --remove-orphans
 	kill -9 $$(pgrep -f "celery -A dj_backend_server")
 	kill -9 $$(pgrep -f "python3 manage.py runserver")
-
 	@echo $$(tput setaf 3)"Services stopped."$$(tput sgr0)
 
 force_migrate:

dj_backend_server/dj_backend_server/settings.py

@@ -55,7 +55,8 @@
     'django.contrib.staticfiles',
     'web',
     'api',
-    'management'
+    'management',
+    'corsheaders'
 ]
 
 MIDDLEWARE = [
@@ -67,6 +68,7 @@
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'corsheaders.middleware.CorsMiddleware',
 ]
 
 ROOT_URLCONF = 'dj_backend_server.urls'
@@ -187,3 +189,7 @@
 #]
 ALLOWED_HOSTS = os.environ.get('ALLOWED_HOSTS', '0.0.0.0').split(',')
 APP_URL = os.environ.get('APP_URL', 'http://0.0.0.0:8000')
+
+CORS_ALLOWED_ORIGINS = [
+    APP_URL,
+]

dj_backend_server/docker-compose.linux.yaml

@@ -32,32 +32,38 @@ services:
     networks:
       - openchat_network
 
-  # nginx:
-  #   restart: unless-stopped
-  #   container_name: oc_nginx
-  #   build: ./docker/nginx
-  #   ports:
-  #     - 80:80
-  #     - 443:443
-  #   volumes:
-  #     - ./app:/var/www/html
-  #     - ./nginx/ssl:/etc/nginx/ssl
-  #   working_dir: /etc/nginx
-  #   links:
-  #     - python
-  #   networks:
-  #     - openchat_network 
+  nginx:
+    image: nginx
+    container_name: oc_nginx
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./nginx/nginx.conf:/etc/nginx/nginx.conf
+      - ./nginx/ssl/cert.pem:/etc/nginx/ssl/cert.pem
+      - ./nginx/ssl/privkey.pem:/etc/nginx/ssl/privkey.pem
+      - ./static:/app/web/static/
+    networks:
+      - openchat_network
+    depends_on:
+      - qdrant
+      - mysql
+      - web
+      - redis
+      - celery_worker
 
   web:
     build:
       context: .
       dockerfile: Dockerfile
     container_name: oc_web
     ports:
-      - "8000:8000"
+      - "8001:8000"
     volumes:
       - ./website_data_sources:/app/website_data_sources
       - ./:/app/
+    # - ./entrypoint.sh:/app/entrypoint.sh
     # - ./llama-2-7b-chat.ggmlv3.q4_K_M.bin:/app/llama-2-7b-chat.ggmlv3.q4_K_M.bin:ro
     depends_on:
       mysql:
@@ -66,6 +72,7 @@ services:
         condition: service_healthy
     env_file:
       - .env.docker
+    entrypoint: ["/entrypoint.sh"]
     command: >
       sh -c "python manage.py migrate auth && 
              python manage.py migrate && 

dj_backend_server/docker-compose.yaml

@@ -91,11 +91,16 @@ services:
 
   nginx:
     image: nginx
+    container_name: oc_nginx
     restart: unless-stopped
     ports:
       - "80:80"
+      - "443:443"
     volumes:
       - ./nginx/nginx.conf:/etc/nginx/nginx.conf
+      - ./nginx/ssl/cert.pem:/etc/nginx/ssl/cert.pem
+      - ./nginx/ssl/privkey.pem:/etc/nginx/ssl/privkey.pem
+      - ./static:/app/web/static/
     networks:
       - openchat_network
     depends_on:

dj_backend_server/entrypoint.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# Define the file path as a variable
+CHAT_JS_FILE="/app/web/static/chat.js"
+
+# Actual replacement
+sed -i "s|http://0.0.0.0:8000|${APP_URL}|g" $CHAT_JS_FILE
+
+# Check if the pattern with APP_URL already exists
+if grep -q '("${APP_URL}/chat/init")' $CHAT_JS_FILE; then
+  echo "Pattern with APP_URL already exists, doing nothing."
+
+# Check if the pattern with the default URL exists
+elif grep -q '("http://0.0.0.0:8000/chat/init")' "$CHAT_JS_FILE"; then
+  echo "Replacing default URL with APP_URL."
+  sed -i "s|http://0.0.0.0:8000|${APP_URL}|g" "$CHAT_JS_FILE"
+
+# If none of the above conditions are met, append APP_URL to /chat/init
+else
+  echo "Appending APP_URL to /chat/init."
+  sed -i "s|/chat/init|${APP_URL}/chat/init|g" "$CHAT_JS_FILE"
+fi
+
+# Start your app normally
+exec "$@"   

dj_backend_server/nginx/nginx.conf

@@ -7,34 +7,135 @@ http {
 
     server {
         listen 80;
-        server_name your_domain.com; # Replace with your domain name or IP address
-
+        server_name yourdomain.com; # Replace with your domain name or IP address
 
-        # location /static {
-        #     proxy_pass http://web:8000;
-        #     alias /app/web/static;
+        location /static {
+            proxy_pass https://web:8000;
+            expires -1; #dev env
+        }
+
+        #FOR ONLY HTTP:// USE THIS
+        # location / {
+        #     proxy_pass http://web:8000; # Forward requests to the Django web container
+        #     proxy_set_header Host $host;
+        #     proxy_set_header X-Real-IP $remote_addr;
+        #     expires -1; #dev environment
+        #     proxy_cache_bypass 1;
+        #     proxy_no_cache 1;
+        # }
+
+        #FOR HTTPS:// USE THIS
+        location / {
+            return 301 https://$host$request_uri;
+        }
+
+        location /adminer {
+            proxy_pass http://adminer:8080; # Forward requests to the Adminer container
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+        }
+
+        location /qdrant {
+            proxy_pass http://qdrant:6333; # Forward requests to the Qdrant container
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+        }
+
+        location /qdrant-storage {
+            proxy_pass http://qdrant:6334; # Forward requests to the Qdrant container
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+        }
+    }
+
+    server {
+        listen 443 ssl;
+        server_name yourdomain.com; # Replace with your domain name or IP address
+
+        ssl_certificate /etc/nginx/ssl/cert.pem;
+        ssl_certificate_key /etc/nginx/ssl/privkey.pem;
+
+        ssl_protocols TLSv1.2 TLSv1.3;
+        #ssl_prefer_server_ciphers on;
+        ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
+        ssl_session_cache shared:SSL:50m;
+        ssl_session_timeout 1d;
+
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+
+        ssl_stapling on;
+        ssl_stapling_verify on;
+        resolver 8.8.8.8 8.8.4.4 valid=300s;
+        resolver_timeout 5s;
+
+        types {
+        text/css css;
+        text/html html;
+        }
+
+        # location /static/ {
+        #     alias /app/web/static/; # The trailing slash is important
+        #     # proxy_set_header Host $host;
+        #     # proxy_set_header X-Real-IP $remote_addr;
+        #     # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        #     # proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;     
+        #     expires -1; #dev
+        #     # proxy_cache_bypass 1;
+        #     # proxy_no_cache 1;
+        #     add_header Cache-Control "public, max-age=2592000";
+        #     proxy_set_header X-Forwarded-Proto $scheme;
+        #     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;  # HSTS header
+        #     add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'";
         # }
 
+        location /static {
+            proxy_pass http://web:8000;
+            #alias /app/web/static/;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; 
+            expires -1; #dev environment
+            proxy_no_cache 1; #dev environment
+            proxy_cache_bypass 1; #dev environment
+            proxy_set_header X-Forwarded-Proto $scheme; # Forward the original scheme (HTTP or HTTPS)
+            add_header Cache-Control "public, max-age=2592000";
+            add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;  # HSTS header
+            add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'";
+        }
+
         location / {
             proxy_pass http://web:8000; # Forward requests to the Django web container
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;  # Forward the original scheme (HTTP or HTTPS)
+            proxy_set_header Origin "";  # Optionally forward the Origin header
+            proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; 
+            add_header Cache-Control "public, max-age=2592000";
+            add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;  # HSTS header            
+            expires -1; #dev environment
+            proxy_cache_bypass 1; #dev environment
+            proxy_no_cache 1; #dev environment
         }
 
         location /adminer {
             proxy_pass http://adminer:8080; # Forward requests to the Adminer container
+            proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; 
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
         }
 
         location /qdrant {
             proxy_pass http://qdrant:6333; # Forward requests to the Qdrant container
+            proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; 
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
         }
 
         location /qdrant-storage {
             proxy_pass http://qdrant:6334; # Forward requests to the Qdrant container
+            proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; 
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
         }

dj_backend_server/nginx/readme.md

@@ -0,0 +1,8 @@
+# Generate private key
+openssl genrsa -out nginx/ssl/privkey.pem 2048
+
+# Generate certificate signing request
+openssl req -new -key nginx/ssl/privkey.pem -out nginx/ssl/cert.csr
+
+# Self-sign certificate 
+openssl x509 -req -days 365 -in nginx/ssl/cert.csr -signkey nginx/ssl/privkey.pem -out nginx/ssl/cert.pem

dj_backend_server/nginx/ssl/cert.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
+ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAOGtjlfeIcnVhTAjb/R3RSaYZLgM4hNmTXj4O1nZ
+6wZVMtZ8kr35mwcBsVgKh2dNAdyVbeJsGLLflcbi8cbssmzXvR8RffuKvxcUP5kh
+UzFBQgVl06FHxcrmhlzns4akUAERf8iyq6pDB6bS2FplTMpHKTd1B8k42suJgBhs
+DYAOpNuIBNOVN6v/QqDeyeaVCl+zqO1Mos6kQfJTJZQunYKAK/BF4EYrW53g+zl4
+71OzPOtZpNrPd4sG++XAbb/8PkK+ucBSMEnzakyux8Xnws06HPKuC9ycoSvO8mgm
+dV4B1r1IiumNT1Yt7syTbTDIRI65dBuQCN98P2H9DXKStz8CAwEAAaAAMA0GCSqG
+SIb3DQEBCwUAA4IBAQAUu0F2s+8uUuKoyuh9B+5tZa7HT96Wlj5Amogf7dXfy4q8
+jyvN+WMT91k8LgX0Yj4k02r8s3/CJGwUCffaz70OGgiTEaI3I3a6JMP00AoOk9HQ
+PmweGrJZfI+AG5IE4O7iABIZbOTZprboHuESBCMfQgzCIGDDYymt+70eJVQMgh2g
+fKLvJy5YzoX2/guYMHd/8mDErgXwNDJBiHC66wPW/6yK6Qo1tz1i3Ga2xKzfNeYO
+NQuTu6mJ50V3V8fozewL6t7YqsK+GNJp6mJoar2einBDkamAloXQnj28k+cX+3RX
+4zwovDIW5pCRdMn1bg41QrEc7uUJcpHISGRh9E9m
+-----END CERTIFICATE REQUEST-----

dj_backend_server/requirements.txt

@@ -76,3 +76,4 @@ urllib3==1.26.16
 vine==5.0.0
 wcwidth==0.2.6
 yarl==1.9.2
+django-cors-headers