From 5134be4fe0d1468e68504ef67511f2fdb536f73b Mon Sep 17 00:00:00 2001 From: Frederik Ring Date: Mon, 21 Oct 2019 22:23:34 +0200 Subject: [PATCH 1/3] render sitemap via pelican template --- homepage/content/pages/404.md | 1 + homepage/content/pages/opt-out.md | 1 + homepage/pelicanconf.py | 5 ++++- homepage/theme/templates/sitemap.html | 11 +++++++++++ 4 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 homepage/theme/templates/sitemap.html diff --git a/homepage/content/pages/404.md b/homepage/content/pages/404.md index db7f3d3..42dfbc5 100644 --- a/homepage/content/pages/404.md +++ b/homepage/content/pages/404.md @@ -3,6 +3,7 @@ description: offen is a free and open source analytics software for websites and save_as: 404.html href: /404.html no_stats: true +exclude_from_sitemap: true ![Page not Found](/theme/images/content-404.webp){:class="image-text-560-315"} diff --git a/homepage/content/pages/opt-out.md b/homepage/content/pages/opt-out.md index 80af01c..5bdf07e 100644 --- a/homepage/content/pages/opt-out.md +++ b/homepage/content/pages/opt-out.md @@ -1,6 +1,7 @@ Title: Opt-out | offen description: offen is a free and open source analytics software for websites and web applications that allows respectful handling of data. save_as: opt-out/index.html +exclude_from_sitemap: true ## You are opted out diff --git a/homepage/pelicanconf.py b/homepage/pelicanconf.py index 9cc5867..5fd4540 100644 --- a/homepage/pelicanconf.py +++ b/homepage/pelicanconf.py @@ -18,6 +18,8 @@ TRANSLATION_FEED_ATOM = None AUTHOR_FEED_ATOM = None AUTHOR_FEED_RSS = None +SITEURL = 'http://localhost:8000' + # pagination DEFAULT_PAGINATION = False @@ -33,7 +35,8 @@ CATEGORIES_SAVE_AS = None TAGS_SAVE_AS = None # keep this for access to page variable -DIRECT_TEMPLATES = [] +DIRECT_TEMPLATES = ['sitemap'] +SITEMAP_SAVE_AS = 'sitemap.xml' PLUGIN_PATHS = ['./plugins'] PLUGINS = ['assets'] diff --git a/homepage/theme/templates/sitemap.html b/homepage/theme/templates/sitemap.html new file mode 100644 index 0000000..0a6716a --- /dev/null +++ b/homepage/theme/templates/sitemap.html @@ -0,0 +1,11 @@ + + +{% for page in pages %} + {% if not page.exclude_from_sitemap %} + + {{ SITEURL }}{{ page.href }} + {{ page.sitemap_priority or 1.0 }} + + {% endif %} +{% endfor %} + From 404c5a7b39a0198d1c1102967cbd6d5e83712c2c Mon Sep 17 00:00:00 2001 From: Frederik Ring Date: Wed, 23 Oct 2019 18:00:56 +0200 Subject: [PATCH 2/3] pin docker images --- Dockerrun.aws.json.production | 2 +- Dockerrun.aws.json.staging | 2 +- docker-compose.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerrun.aws.json.production b/Dockerrun.aws.json.production index 2e104c0..439ea7c 100644 --- a/Dockerrun.aws.json.production +++ b/Dockerrun.aws.json.production @@ -30,7 +30,7 @@ }, { "name": "server", - "image": "offen/offen:stable", + "image": "offen/offen:stable@sha256:87b77a8db3a3d09007e3fe01771b0c459873c7716426bc8746b5477045d38447", "essential": true, "memory": 256, "command": ["serve"] diff --git a/Dockerrun.aws.json.staging b/Dockerrun.aws.json.staging index 7a2d6e3..4640766 100644 --- a/Dockerrun.aws.json.staging +++ b/Dockerrun.aws.json.staging @@ -23,7 +23,7 @@ }, { "name": "server", - "image": "offen/offen:latest", + "image": "offen/offen:latest@sha256:e14297bb6c6e03e282b0ce9d38ba2b987ef2a5de16e8943aaae3c3ca75260427", "essential": true, "memory": 256, "command": ["serve"] diff --git a/docker-compose.yml b/docker-compose.yml index 5437a5c..51e2cf4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,7 +12,7 @@ services: - server server: - image: offen/offen:latest + image: offen/offen:latest@sha256:e14297bb6c6e03e282b0ce9d38ba2b987ef2a5de16e8943aaae3c3ca75260427 command: serve volumes: - ./bootstrap.yml:/bootstrap.yml From 13a49f37c2cb77be7137637e33452f3bf6d1f11d Mon Sep 17 00:00:00 2001 From: Frederik Ring Date: Thu, 24 Oct 2019 12:32:31 +0200 Subject: [PATCH 3/3] fix duplicate headers in dev, use updated env schema, develop against sqlite --- Dockerrun.aws.json.production | 2 +- Dockerrun.aws.json.staging | 2 +- Makefile | 3 +++ README.md | 2 +- docker-compose.yml | 18 ++++++++++-------- nginx.conf | 7 +++++++ 6 files changed, 23 insertions(+), 11 deletions(-) diff --git a/Dockerrun.aws.json.production b/Dockerrun.aws.json.production index 439ea7c..656ab55 100644 --- a/Dockerrun.aws.json.production +++ b/Dockerrun.aws.json.production @@ -30,7 +30,7 @@ }, { "name": "server", - "image": "offen/offen:stable@sha256:87b77a8db3a3d09007e3fe01771b0c459873c7716426bc8746b5477045d38447", + "image": "offen/offen@sha256:fe55ba1c183eb8bb4dd19143e6fe1133d6d3b9115c94cc2150620b27adef18fc", "essential": true, "memory": 256, "command": ["serve"] diff --git a/Dockerrun.aws.json.staging b/Dockerrun.aws.json.staging index 4640766..eca188f 100644 --- a/Dockerrun.aws.json.staging +++ b/Dockerrun.aws.json.staging @@ -23,7 +23,7 @@ }, { "name": "server", - "image": "offen/offen:latest@sha256:e14297bb6c6e03e282b0ce9d38ba2b987ef2a5de16e8943aaae3c3ca75260427", + "image": "offen/offen@sha256:fe55ba1c183eb8bb4dd19143e6fe1133d6d3b9115c94cc2150620b27adef18fc", "essential": true, "memory": 256, "command": ["serve"] diff --git a/Makefile b/Makefile index 36a7a0a..93fa809 100644 --- a/Makefile +++ b/Makefile @@ -14,6 +14,9 @@ setup: dev-build update howto dev-build: @docker-compose build +up: + @docker-compose up + howto: @echo "Successfully built containers and installed dependencies." @echo "If this is your initial setup, you can run 'make bootstrap' next" diff --git a/README.md b/README.md index 7f1511c..ff7036f 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ $ make bootstrap You can test your setup by starting the application: ```sh -$ docker-compose up +$ make up ``` which should enable you to access the homepage at and use the wrapped `auditorium` at diff --git a/docker-compose.yml b/docker-compose.yml index 51e2cf4..8939bc8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,18 +12,19 @@ services: - server server: - image: offen/offen:latest@sha256:e14297bb6c6e03e282b0ce9d38ba2b987ef2a5de16e8943aaae3c3ca75260427 + image: offen/offen@sha256:fe55ba1c183eb8bb4dd19143e6fe1133d6d3b9115c94cc2150620b27adef18fc command: serve volumes: - ./bootstrap.yml:/bootstrap.yml + - database:/data environment: - POSTGRES_CONNECTION_STRING: postgres://postgres:develop@server_database:5432/postgres?sslmode=disable - DEVELOPMENT: '1' - PORT: 8080 - COOKIE_EXCHANGE_SECRET: 8jeKYbbnywoYIZznu4HffQ== - EVENT_RETENTION_PERIOD: 4464h - ACCOUNT_USER_EMAIL_SALT: eypctS7SVKM1Ureb61db5Q== - SECURE_COOKIE: 'off' + OFFEN_APP_EVENTRETENTIONPERIOD: 4464h + OFFEN_APP_DEVELOPMENT: '1' + OFFEN_APP_DISABLESECURECOOKIE: '1' + OFFEN_DATABASE_CONNECTIONSTRING: /data/offen.db + OFFEN_SERVER_PORT: 8080 + OFFEN_SECRETS_COOKIEEXCHANGE: 8jeKYbbnywoYIZznu4HffQ== + OFFEN_SECRETS_EMAILSALT: eypctS7SVKM1Ureb61db5Q== depends_on: - server_database @@ -46,3 +47,4 @@ services: volumes: homepagedeps: + database: diff --git a/nginx.conf b/nginx.conf index 6203cc3..15e78b3 100644 --- a/nginx.conf +++ b/nginx.conf @@ -25,11 +25,18 @@ http { server { listen 80; expires $expires; + proxy_hide_header Content-Security-Policy; add_header Content-Security-Policy $csp; + proxy_hide_header Strict-Transport-Security; + add_header Strict-Transport-Security 'max-age=604800; includeSubDomains'; + proxy_hide_header Referrer-Policy; add_header Referrer-Policy 'origin-when-cross-origin'; + proxy_hide_header X-Content-Type-Options; add_header X-Content-Type-Options 'nosniff'; + proxy_hide_header X-XSS-Protection; add_header X-XSS-Protection '1; mode=block'; + location /api/ { proxy_pass http://server; proxy_redirect off;