patchman icon indicating copy to clipboard operation
patchman copied to clipboard
verified publisher icon furlongm

Better examples in INSTALL.md and local_settings.py

Open tabacha opened this issue 2 years ago • 0 comments

We would suggest to mention EMAIL Settings:

# Mail Setting
EMAIL_FROM_NAME = "ScaleUp Patchman"
EMAIL_HOST = "mx01.example.com"
EMAIL_HOST_USER = "[email protected]"
EMAIL_HOST_PASSWORD = "my-secret"
EMAIL_PORT = 587
EMAIL_USE_TLS = True

And URL Settings (if you do not want to https://host.example.com/patchman/ as a main url):

# Login Urls
LOGIN_REDIRECT_URL = '/'
LOGOUT_REDIRECT_URL = '/login/'
LOGIN_URL = '/login/'

# URL prefix for static files.
STATIC_URL = '/static/'
# Additional dirs where the media should be copied from
STATICFILES_DIRS = [os.path.abspath(os.path.join(BASE_DIR, 'static'))]

Here is also a SSL Site config, which can be used without /etc/apache2/conf-enabled/patchman.conf

Define patchman_pythonpath /usr/lib/python3/dist-packages
WSGIPythonPath ${patchman_pythonpath}


# generated 2023-11-22, Mozilla Guideline v5.7, Apache 2.4.52, OpenSSL 3.0.2, modern configuration
# https://ssl-config.mozilla.org/#server=apache&version=2.4.52&config=modern&openssl=3.0.2&guideline=5.7

# this configuration requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers
<VirtualHost *:80>
    RewriteEngine On
    RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile      /etc/letsencrypt/certs/patchman.example.com/fullchain.pem
    SSLCertificateKeyFile   /etc/letsencrypt/certs/patchman.example.com/privkey.key

    # enable HTTP/2, if available
    Protocols h2 http/1.1

    # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
    Header always set Strict-Transport-Security "max-age=63072000"

    WSGIScriptAlias / ${patchman_pythonpath}/patchman/wsgi.py

    <Directory ${patchman_pythonpath}>
        <Files wsgi.py>
            Require all granted
        </Files>
        AllowOverride All
    </Directory>

    Alias /static "/var/lib/patchman/static"
    <Location /static>
        SetHandler None
    </Location>

    <Directory /var/lib/patchman/static>
        Require all granted
    </Directory>

    #<Location /patchman/reports/upload>
    #    # Add the IP addresses of your client networks/hosts here
    #    # to allow uploading of reports
    #    Require ip 127.0.0.0/255.0.0.0
    #    Require ip ::1/128
    #</Location>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined


</VirtualHost>

# modern configuration
SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
SSLHonorCipherOrder     off
SSLSessionTickets       off

Benefit in not having a /etc/apache2/conf-enabled/patchman.conf is that you can add an other site on the same host, without any side-effects (for example if you add wiki and write a documentation about patchman under: https://wiki.example.com/patchman/ the conf file will change urls.

tabacha avatar Nov 23 '23 14:11 tabacha