When using docker (compose), we don't create a venv and just install
python packages system-wide.
With python 3.11 (PEP 668) we need to explicitly tell pip to allow this.
Signed-off-by: moson-mo <mo-son@mailbox.org>
nginx health check always results in "unhealthy":
There is no such option "--no-verify" for curl.
We can use "-k" or "--insecure" for disabling SSL checks.
Signed-off-by: moson-mo <mo-son@mailbox.org>
With this commit, it is advised to `rm ./data/root_ca.crt ./data/*.pem`,
as new certificates and a root CA will be generated while utilizing the
step volume.
Closes#367
Signed-off-by: Kevin Morris <kevr@0cost.org>
This reverts commit 952c24783b.
The issue found was actually:
- If `./aur.git` exists within the aurweb repository locally,
it also ends up in the destination, stopping the aurweb_git_data
volume from being mounted properly.
For our development setup we run a redis container without a
username/password. Redis recently set protected mode by default which
disallows this, turn it off as it has no security implication.
This variable allows users to override the logging.conf used
for Python logging configuration. By default, this is set
to logging.conf, which is a production config. LOG_CONFIG
is treated relative to [options] aurwebdir.
This patch allows us to specify the logging config as opposed
to copying over logging.conf in our test docker and gitlab
test scripts, as well as ease-of-testing as a developer.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This was left in when we removed logging.prod.conf in a
previous patch. `test-mysql-entrypoint.sh` takes care of
test logging for us now, so this section is unnecessary.
Closes#261
Signed-off-by: Kevin Morris <kevr@0cost.org>
We'll override logging.conf with logging.test.conf for debug logging
needed for tests now, so we can rely on the default logging.conf
for production use.
Signed-off-by: Kevin Morris <kevr@0cost.org>
- On non-localhost communication, this whitelists forwarded headers
on all remote ips
- Add more headers
- Force https X-Forwarded-Proto
- Unset Forwarded header and rely on X-Forwarded-*
Signed-off-by: Kevin Morris <kevr@0cost.org>
When the Docker image is outdated, we need to fetch updated
archlinux-keyring keys to perform an -Syu without problems.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Without this rewriting, we've been running into conversing with
HTTP over HTTPS (400 Bad Request).
TODO: Refactor this entire nginx config to something a bit more
simple and clean.
Signed-off-by: Kevin Morris <kevr@0cost.org>
We don't need the https certificates being dealt with in the fastapi
service; we will define our certificates in any frontend nginx
running on top.
Signed-off-by: Kevin Morris <kevr@0cost.org>
`install` includes dependencies present in poetry.lock
and we must stick to them if we wish to pin dependencies.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Centralize database setup there and remove all copying of
config.dev from the entrypoint scripts (the Dockerfile
now does it).
Signed-off-by: Kevin Morris <kevr@0cost.org>
For the `git` service, ./data is always used to provide an
optional overriding of ssh host keys. In aur-dev production
containers, most services which use the data mount use an
internal Docker `data` volume instead.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This only deals with .gz files in the root of the request_uri
and now more. That is: /packages.gz goes through the nginx regex,
but now /cgit/.../snapshot/package.tar.gz is served by the cgit
block.
Signed-off-by: Kevin Morris <kevr@0cost.org>
