From 9c28961405ccccfda7fa160b7392cd5e6ccfd31c Mon Sep 17 00:00:00 2001 From: Cameron Hyde Date: Mon, 13 Jan 2025 10:15:16 +1000 Subject: [PATCH 1/3] Certbot renew with cron / apt installed certbot --- ansible/roles/galaxy_labs_engine/tasks/certbot.yml | 6 +++--- ansible/roles/galaxy_labs_engine/tasks/main.yml | 6 ++++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ansible/roles/galaxy_labs_engine/tasks/certbot.yml b/ansible/roles/galaxy_labs_engine/tasks/certbot.yml index 59d5364..bff2e5e 100644 --- a/ansible/roles/galaxy_labs_engine/tasks/certbot.yml +++ b/ansible/roles/galaxy_labs_engine/tasks/certbot.yml @@ -48,15 +48,15 @@ register: certbot_certificates tags: certbot + always: - name: setup certbot renew cron job cron: name: "certbot-renew" minute: "0" hour: "0" - job: "cd {{ config_root }} && docker compose --profile certbot run --rm certbot renew" - tags: certbot + job: "sudo certbot renew --webroot --webroot-path /var/www/certbot/" + when: certbot_ssl - always: - name: run docker compose down shell: > docker compose --profile certbot down diff --git a/ansible/roles/galaxy_labs_engine/tasks/main.yml b/ansible/roles/galaxy_labs_engine/tasks/main.yml index 66776ff..557ec2d 100644 --- a/ansible/roles/galaxy_labs_engine/tasks/main.yml +++ b/ansible/roles/galaxy_labs_engine/tasks/main.yml @@ -4,6 +4,12 @@ ansible.builtin.apt: update_cache: yes +- name: install cerbot + ansible.builtin.apt: + name: certbot + state: present + tags: always + - name: Docker pull labs-engine image ansible.builtin.docker_image: name: "{{ labs_engine_docker_image }}" From db0be3998064c022c60f5896c5ef7c3a374b6640 Mon Sep 17 00:00:00 2001 From: Cameron Hyde Date: Wed, 15 Jan 2025 14:44:22 +1000 Subject: [PATCH 2/3] Add CSRF_TRUSTED_ORIGINS --- app/app/settings/prod.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/app/settings/prod.py b/app/app/settings/prod.py index 3415df1..d7ca1b6 100644 --- a/app/app/settings/prod.py +++ b/app/app/settings/prod.py @@ -27,6 +27,10 @@ (ADMIN_NAME, ADMIN_EMAIL), ] +CSRF_TRUSTED_ORIGINS = [ + HOSTNAME, +] + # Use manifest to manage static file versions for cache busting: STORAGES = { "default": { From 4c546519b1ff8aa7a3e1bc6c06dedc146a858ce3 Mon Sep 17 00:00:00 2001 From: Cameron Hyde Date: Wed, 15 Jan 2025 14:50:26 +1000 Subject: [PATCH 3/3] Fix CSRF_TRUSTED_ORIGINS --- app/app/settings/prod.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/app/settings/prod.py b/app/app/settings/prod.py index d7ca1b6..7f34f14 100644 --- a/app/app/settings/prod.py +++ b/app/app/settings/prod.py @@ -28,7 +28,7 @@ ] CSRF_TRUSTED_ORIGINS = [ - HOSTNAME, + f"https://{HOSTNAME}", ] # Use manifest to manage static file versions for cache busting: