boris/keywarden
1
1
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Update Docker configuration: change command to use entrypoint script, set superuser environment variables, and adjust NGINX settings for port and server name.

Browse Source
This commit is contained in:
George Wilkinson
2025-11-11 10:43:23 +00:00
parent 7021035f94
commit 99ae905cb0
8 changed files with 92 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
.DS_Store vendored Normal file
View File

Binary file not shown.

3
Dockerfile
View File

@@ -43,6 +43,7 @@ WORKDIR /app
COPY ./app . COPY ./app .
RUN python manage.py collectstatic --noinput RUN python manage.py collectstatic --noinput
RUN chmod +x /app/entrypoint.sh
# ============================================= # =============================================
# 5. Create non-root user # 5. Create non-root user
@@ -55,4 +56,4 @@ EXPOSE 80
# ============================================= # =============================================
# 6. Launch the app # 6. Launch the app
# ============================================= # =============================================
CMD ["gunicorn", "keywarden.wsgi:application", "--bind", "0.0.0.0:8000", "--workers", "3"] CMD ["./entrypoint.sh"]

2
app/apps/core/management/__init__.py Normal file
View File

@@ -0,0 +1,2 @@
# Intentionally empty to mark package

2
app/apps/core/management/commands/__init__.py Normal file
View File

@@ -0,0 +1,2 @@
# Intentionally empty to mark package

68
app/apps/core/management/commands/ensure_admin.py Normal file
View File

@@ -0,0 +1,68 @@
import os
from django.contrib.auth import get_user_model
from django.core.management.base import BaseCommand
class Command(BaseCommand):
help = "Ensure a Django superuser exists using environment variables"
def handle(self, *args, **options):
username = (
os.getenv("DJANGO_SUPERUSER_USERNAME")
or os.getenv("KEYWARDEN_ADMIN_USERNAME")
)
email = (
os.getenv("DJANGO_SUPERUSER_EMAIL")
or os.getenv("KEYWARDEN_ADMIN_EMAIL")
)
password = (
os.getenv("DJANGO_SUPERUSER_PASSWORD")
or os.getenv("KEYWARDEN_ADMIN_PASSWORD")
)
if not username or not email or not password:
self.stdout.write(
self.style.WARNING(
"Superuser env vars not fully set; skipping ensure_admin. "
"Set DJANGO_SUPERUSER_USERNAME, DJANGO_SUPERUSER_EMAIL, "
"DJANGO_SUPERUSER_PASSWORD (or KEYWARDEN_ADMIN_*)."
)
)
return
User = get_user_model()
user, created = User.objects.get_or_create(username=username, defaults={
"email": email,
"is_staff": True,
"is_superuser": True,
})
if created:
user.set_password(password)
user.save()
self.stdout.write(self.style.SUCCESS(f"Superuser '{username}' created."))
return
changed = False
if user.email != email:
user.email = email
changed = True
# Ensure flags are correct
if not user.is_staff:
user.is_staff = True
changed = True
if not user.is_superuser:
user.is_superuser = True
changed = True
if changed:
user.save()
self.stdout.write(self.style.SUCCESS(f"Superuser '{username}' updated."))
else:
self.stdout.write(self.style.SUCCESS(f"Superuser '{username}' already present."))

9
app/entrypoint.sh Normal file
View File

@@ -0,0 +1,9 @@
#!/bin/sh
set -eu
python manage.py migrate --noinput
python manage.py ensure_admin
exec gunicorn keywarden.wsgi:application --bind 0.0.0.0:80 --workers 3

5
docker-compose.yml.example
View File

@@ -38,7 +38,7 @@ services:
keywarden: keywarden:
image: git.ntbx.io/boris/keywarden:latest image: git.ntbx.io/boris/keywarden:latest
container_name: keywarden container_name: keywarden
command: gunicorn keywarden.wsgi:application --bind 0.0.0.0:8000 command: sh ./entrypoint.sh
ports: ports:
- "8000:80" - "8000:80"
depends_on: depends_on:
@@ -47,6 +47,9 @@ services:
environment: environment:
- DJANGO_SETTINGS_MODULE=keywarden.settings.dev - DJANGO_SETTINGS_MODULE=keywarden.settings.dev
- PYTHONPATH=/app - PYTHONPATH=/app
- DJANGO_SUPERUSER_USERNAME=${DJANGO_SUPERUSER_USERNAME}
- DJANGO_SUPERUSER_EMAIL=${DJANGO_SUPERUSER_EMAIL}
- DJANGO_SUPERUSER_PASSWORD=${DJANGO_SUPERUSER_PASSWORD}
env_file: env_file:
- .env - .env

10
nginx/configs/sites/default.conf
View File

@@ -1,8 +1,8 @@
# Default NGINX Config # Default NGINX Config
server { server {
listen 80; listen 8008;
listen [::]:80; listen [::]:8008;
server_name keywarden.dev.ntbx.io; server_name _;
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
@@ -13,7 +13,7 @@ server {
listen [::]:443 ssl; listen [::]:443 ssl;
http2 on; http2 on;
server_name keywarden.dev.ntbx.io; server_name _;
ssl_certificate /certs/certificate.pem; ssl_certificate /certs/certificate.pem;
ssl_certificate_key /certs/key.pem; ssl_certificate_key /certs/key.pem;
@@ -22,7 +22,7 @@ server {
client_max_body_size 50M; client_max_body_size 50M;
location / { location / {
proxy_pass http://keywarden:8000; proxy_pass http://keywarden:80;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;