Cian-H/iform-invenio
1
0
Fork 0
mirror of https://github.com/Cian-H/iform-invenio.git synced 2025-12-22 20:41:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Set up site for production config behind proxy

Browse Source
This commit is contained in:
EC2 Default User
2025-01-29 12:02:37 +00:00
parent 91f4f61287
commit 9ff11191e2
3 changed files with 31 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@@ -74,5 +74,5 @@ data/.minio.sys
# Celery # Celery
celerybeat-schedule celerybeat-schedule
# Configuration secrets # Configuration environment
secrets.toml .env

35
invenio.cfg
View File

@@ -14,13 +14,30 @@ from invenio_i18n import lazy_gettext as _
def _(x): # needed to avoid start time failure with lazy strings def _(x): # needed to avoid start time failure with lazy strings
return x return x
# Custom function and constant to manage secrets more easily # Custom functions and to get env variables more safely
def read_secrets(): def init_env():
import tomli from py_dotenv_safe import config
with open("secrets.toml", "rb") as f:
return tomli.load(f)
SECRETS = read_secrets() options = {
"dotenvPath": ".env",
"examplePath": ".env.example",
"allowEmptyValues": False,
}
config(options)
print("Environment variables loaded successfully.")
init_env()
def get_env_variable(key):
import os
x = os.getenv(key)
if x is None:
raise EnvironmentError(f"Environment variable {key} not found")
return x
# Flask # Flask
# ===== # =====
@@ -35,7 +52,7 @@ SEND_FILE_MAX_AGE_DEFAULT = 300
# SECURITY WARNING: keep the secret key used in production secret! # SECURITY WARNING: keep the secret key used in production secret!
# Do not commit it to a source code repository. # Do not commit it to a source code repository.
# TODO: Set # TODO: Set
SECRET_KEY=SECRETS["SECRET_KEY"] SECRET_KEY=get_env_variable("INVENIO_SECRET_KEY")
# Since HAProxy and Nginx route all requests no matter the host header # Since HAProxy and Nginx route all requests no matter the host header
# provided, the allowed hosts variable is set to localhost. In production it # provided, the allowed hosts variable is set to localhost. In production it
@@ -154,8 +171,8 @@ FILES_REST_STORAGE_FACTORY='invenio_s3.s3fs_storage_factory'
# Invenio-S3 # Invenio-S3
# ========== # ==========
S3_ENDPOINT_URL='http://localhost:9000/' S3_ENDPOINT_URL='http://localhost:9000/'
S3_ACCESS_KEY_ID='CHANGE_ME' S3_ACCESS_KEY_ID=get_env_variable("S3_ACCESS_KEY_ID")
S3_SECRET_ACCESS_KEY='CHANGE_ME' S3_SECRET_ACCESS_KEY=get_env_variable("S3_SECRET_ACCESS_KEY")
# Allow S3 endpoint in the CSP rules # Allow S3 endpoint in the CSP rules
APP_DEFAULT_SECURE_HEADERS['content_security_policy']['default-src'].append( APP_DEFAULT_SECURE_HEADERS['content_security_policy']['default-src'].append(

3
prepare-env.sh Executable file
View File

@@ -0,0 +1,3 @@
#!/usr/bin/env bash
aws secretsmanager get-secret-value --secret-id Invenio | \
jq -r '.SecretString | fromjson | to_entries | .[] | .key + "=" + .value' > .env