diff --git a/Dockerrun.aws.json.production b/Dockerrun.aws.json.production
index 2e104c0..656ab55 100644
--- a/Dockerrun.aws.json.production
+++ b/Dockerrun.aws.json.production
@@ -30,7 +30,7 @@
},
{
"name": "server",
- "image": "offen/offen:stable",
+ "image": "offen/offen@sha256:fe55ba1c183eb8bb4dd19143e6fe1133d6d3b9115c94cc2150620b27adef18fc",
"essential": true,
"memory": 256,
"command": ["serve"]
diff --git a/Dockerrun.aws.json.staging b/Dockerrun.aws.json.staging
index 7a2d6e3..eca188f 100644
--- a/Dockerrun.aws.json.staging
+++ b/Dockerrun.aws.json.staging
@@ -23,7 +23,7 @@
},
{
"name": "server",
- "image": "offen/offen:latest",
+ "image": "offen/offen@sha256:fe55ba1c183eb8bb4dd19143e6fe1133d6d3b9115c94cc2150620b27adef18fc",
"essential": true,
"memory": 256,
"command": ["serve"]
diff --git a/Makefile b/Makefile
index 36a7a0a..93fa809 100644
--- a/Makefile
+++ b/Makefile
@@ -14,6 +14,9 @@ setup: dev-build update howto
dev-build:
@docker-compose build
+up:
+ @docker-compose up
+
howto:
@echo "Successfully built containers and installed dependencies."
@echo "If this is your initial setup, you can run 'make bootstrap' next"
diff --git a/README.md b/README.md
index 7f1511c..ff7036f 100644
--- a/README.md
+++ b/README.md
@@ -26,7 +26,7 @@ $ make bootstrap
You can test your setup by starting the application:
```sh
-$ docker-compose up
+$ make up
```
which should enable you to access the homepage at and use the wrapped `auditorium` at
diff --git a/docker-compose.yml b/docker-compose.yml
index 5437a5c..8939bc8 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -12,18 +12,19 @@ services:
- server
server:
- image: offen/offen:latest
+ image: offen/offen@sha256:fe55ba1c183eb8bb4dd19143e6fe1133d6d3b9115c94cc2150620b27adef18fc
command: serve
volumes:
- ./bootstrap.yml:/bootstrap.yml
+ - database:/data
environment:
- POSTGRES_CONNECTION_STRING: postgres://postgres:develop@server_database:5432/postgres?sslmode=disable
- DEVELOPMENT: '1'
- PORT: 8080
- COOKIE_EXCHANGE_SECRET: 8jeKYbbnywoYIZznu4HffQ==
- EVENT_RETENTION_PERIOD: 4464h
- ACCOUNT_USER_EMAIL_SALT: eypctS7SVKM1Ureb61db5Q==
- SECURE_COOKIE: 'off'
+ OFFEN_APP_EVENTRETENTIONPERIOD: 4464h
+ OFFEN_APP_DEVELOPMENT: '1'
+ OFFEN_APP_DISABLESECURECOOKIE: '1'
+ OFFEN_DATABASE_CONNECTIONSTRING: /data/offen.db
+ OFFEN_SERVER_PORT: 8080
+ OFFEN_SECRETS_COOKIEEXCHANGE: 8jeKYbbnywoYIZznu4HffQ==
+ OFFEN_SECRETS_EMAILSALT: eypctS7SVKM1Ureb61db5Q==
depends_on:
- server_database
@@ -46,3 +47,4 @@ services:
volumes:
homepagedeps:
+ database:
diff --git a/homepage/content/pages/404.md b/homepage/content/pages/404.md
index db7f3d3..42dfbc5 100644
--- a/homepage/content/pages/404.md
+++ b/homepage/content/pages/404.md
@@ -3,6 +3,7 @@ description: offen is a free and open source analytics software for websites and
save_as: 404.html
href: /404.html
no_stats: true
+exclude_from_sitemap: true
![Page not Found](/theme/images/content-404.webp){:class="image-text-560-315"}
diff --git a/homepage/content/pages/opt-out.md b/homepage/content/pages/opt-out.md
index 80af01c..5bdf07e 100644
--- a/homepage/content/pages/opt-out.md
+++ b/homepage/content/pages/opt-out.md
@@ -1,6 +1,7 @@
Title: Opt-out | offen
description: offen is a free and open source analytics software for websites and web applications that allows respectful handling of data.
save_as: opt-out/index.html
+exclude_from_sitemap: true
## You are opted out
diff --git a/homepage/pelicanconf.py b/homepage/pelicanconf.py
index 9cc5867..5fd4540 100644
--- a/homepage/pelicanconf.py
+++ b/homepage/pelicanconf.py
@@ -18,6 +18,8 @@ TRANSLATION_FEED_ATOM = None
AUTHOR_FEED_ATOM = None
AUTHOR_FEED_RSS = None
+SITEURL = 'http://localhost:8000'
+
# pagination
DEFAULT_PAGINATION = False
@@ -33,7 +35,8 @@ CATEGORIES_SAVE_AS = None
TAGS_SAVE_AS = None
# keep this for access to page variable
-DIRECT_TEMPLATES = []
+DIRECT_TEMPLATES = ['sitemap']
+SITEMAP_SAVE_AS = 'sitemap.xml'
PLUGIN_PATHS = ['./plugins']
PLUGINS = ['assets']
diff --git a/homepage/theme/templates/sitemap.html b/homepage/theme/templates/sitemap.html
new file mode 100644
index 0000000..0a6716a
--- /dev/null
+++ b/homepage/theme/templates/sitemap.html
@@ -0,0 +1,11 @@
+
+
+{% for page in pages %}
+ {% if not page.exclude_from_sitemap %}
+
+ {{ SITEURL }}{{ page.href }}
+ {{ page.sitemap_priority or 1.0 }}
+
+ {% endif %}
+{% endfor %}
+
diff --git a/nginx.conf b/nginx.conf
index 6203cc3..15e78b3 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -25,11 +25,18 @@ http {
server {
listen 80;
expires $expires;
+ proxy_hide_header Content-Security-Policy;
add_header Content-Security-Policy $csp;
+ proxy_hide_header Strict-Transport-Security;
+ add_header Strict-Transport-Security 'max-age=604800; includeSubDomains';
+ proxy_hide_header Referrer-Policy;
add_header Referrer-Policy 'origin-when-cross-origin';
+ proxy_hide_header X-Content-Type-Options;
add_header X-Content-Type-Options 'nosniff';
+ proxy_hide_header X-XSS-Protection;
add_header X-XSS-Protection '1; mode=block';
+
location /api/ {
proxy_pass http://server;
proxy_redirect off;