readme

README.md

@@ -1,48 +1,87 @@
 
-sudo docker-compose exec web python manage.py initial_deployment
-
-sudo docker-compose exec web python manage.py shell_plus --ipython
-sudo docker-compose exec web python manage.py createsuperuser
-sudo docker-compose exec web python manage.py generateschema --file openapi-schema.yml
-sudo docker-compose exec web python manage.py export route_registered_with_the_router
-
-**ipython shell** <br>
-sudo docker-compose exec web python manage.py shell
-
-
-sudo docker-compose exec web sh
-
-**clear data** <br>
-sudo docker system prune -a
-sudo docker volume prune
-sudo docker-compose exec web python manage.py flush
-
-https://linuxize.com/post/how-to-remove-docker-images-containers-volumes-and-networks/
-For docker-compose the correct way to remove volumes would be docker-compose down --volumes or docker-compose down --rmi all --volumes
-
-sudo docker-compose ps
-sudo docker container ls -a
-sudo docker container stop 2fe70c7c1839
-sudo docker container rm 2fe70c7c1839
-sudo docker system prune -a
-
-sudo docker volume ls
-
-**pg admin** <br>
-https://towardsdatascience.com/how-to-run-postgresql-and-pgadmin-using-docker-3a6a8ae918b5
-
-
-deployment on digital ocean:
-
-(local) git archive --format tar --output ./project.tar main
-(local) rsync ./project.tar root@$DIGITAL_OCEAN_IP_ADDRESS:/tmp/project.tar
-(ssh) rm -rf /app/* && tar -xf /tmp/project.tar -C /app
-(ssh) cd /app/
-(ssh) docker-compose -f /app/docker-compose.prod.yml build
-(ssh) docker-compose -f /app/docker-compose.prod.yml up
-
-
-sudo kill $(sudo lsof -t -i:80)
-
-ssh user@server -o ServerAliveInterval=15
 
+![alt text](sit-logo.png "Title" )
+
+# SIT messenger - backend
+
+> SIT Messenger is a fully encrypted chat application. SIT Messenger Frontend is Nuxt.js web client for backend Django Rest API service.
+
+### 🏠 [Homepage](https://sit-messenger.com/)
+
+### ✨ [Demo](https://sit-messenger.com/)
+
+## Installation and usage in production
+1. Clone repo
+2. Install docker-compose
+3. Build images
+  ```
+  docker-compose build
+  ```
+4. Run containers
+  ```
+  docker-compose up
+  ```
+5. application will be available on ports 80 (http) adn 443 (htpps)
+
+## Installation and usage in production
+1-2 ame a in production
+3. Build images
+  ```
+  docker-compose -f docker-compose.dev.yml build
+  ```
+4. Run containers
+  ```
+  docker-compose -f docker-compose.dev.yml up
+  ```
+5. application will be available http://localhost:8000/
+
+
+## Application structure
+
+Application component are packed inside docker-compose. Inside docker there are several linked services as separate
+containers:
+
+- #### nginx
+  A web server, used for the purpose of reverse proxy, load balancer (jointly with Gunicorn in "web" container, later in
+  the text), and parse HTTPS protocol (jointly with "certbot" container )
+- #### certbot
+  A software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS
+- #### web
+  The Main container with Django Rest Framework application. This container is collection of application organised to
+  manage encrypted data hosted in storage, data from a database, integrate applications n from other contenders and
+  finally parse Rest API as entry point
+- #### db
+  A Postgres relational database.
+- #### redis
+  An in-memory data structure store used to store cache
+- #### rabbitmq
+  A message-broker used by celery_worker container.
+- #### celery_worker
+  An asynchronous task and job queue. Celery worker mange caches by distributed message passing. Celery worker use "
+  redis" container ad storage and "rabbitmq" container as message-broker
+- #### celery_beat
+  A specific usage of celery to manage recurring job queue in given time intervals.
+- flower. A web based tool for monitoring and administrating Celery clusters.
+
+## Data encryption:
+
+- chats (which contain messages) are store as models.FileField where chats are stored as encrypted binary files and
+  database store location to file
+- everytime messages are saved to/read from storage, data is encrypted / decrypted by individual (for each chat).
+  Cryptography is held under Fernet protocol provided by Cryptography
+  framework [Cryptography Framework](https://cryptography.io/en/latest/fernet.html).
+- It is not completed in this version but there are complited snipets inside aplication to provide encryption by tokens
+  that base on, individual uudi created and stored on client side and salt created and stored on Django application.
+  Lack of implementation is caused by the limitation of "SIT Messenger Frontend" the JavaScript client of Rest
+  API [SIT Messenger Frontend](https://github.com/kamil1marczak/SIT-messenger-frontend)
+
+## Author
+
+👤 **Kamil Marczak**
+
+* Github: [@kamil1marczak](https://github.com/kamil1marczak)
+* LinkedIn: [@kamil-marczak-71765b48](https://linkedin.com/in/kamil-marczak-71765b48)
+
+## Show your support
+
+Give a ⭐️ if this project helped you!

data/nginx/conf_ssl.d/nginx.conf

@@ -57,9 +57,11 @@ server {
             proxy_set_header X-Forwarded-Proto $scheme;
     }
 
-    location /flower/ {
+
+    location /flower {
         rewrite ^/flower/(.*)$ /$1 break;
-        proxy_pass http://example.com:5555;
+        proxy_pass http://flower:5555;
+        proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header Host $host;
     }
 

docker-compose.dev.yml

@@ -34,17 +34,11 @@ services:
       context: .
       dockerfile: ./compose/local/django/Dockerfile
     image: sit_core_web
-    # this is shell script run the service
     command: /start
-    # so if we change code on host, code in docker container would also be changed
     volumes:
       - .:/app
-#      - staticfiles:/app/staticfiles
-#      - mediafiles:/app/mediafiles
-    # this is the Django dev server default number
     ports:
       - 8000:8000
-    # we use this file to manage env variables of our project
     env_file:
       - .env/dev.env
     depends_on:

docker-compose.yml

@@ -20,7 +20,6 @@ services:
     depends_on:
       - web
       - flower
-#      - frontend
 
   certbot:
     image: certbot/dns-digitalocean
@@ -30,32 +29,6 @@ services:
       - ./data/certbot/www:/var/www/certbot
     entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 5d & wait $${!}; done;'"
 
-#  cert:
-#    build:
-#      context: .
-#      dockerfile: ./compose/production/cert/Dockerfile
-#    restart: unless-stopped
-#    volumes:
-#      - ./data/certbot/conf:/etc/letsencrypt
-#      - ./data/certbot/www:/var/www/certbot
-#    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 5d & wait $${!}; done;'"
-#    entrypoint: "/bin/sh -c 'certbot certonly -m kamil1marczak@gmail.com --force-interactive --expand --no-eff-email --agree-tos --dns-digitalocean --dns-digitalocean-credentials certbot-creds.ini --dns-digitalocean-propagation-seconds 20 -d api.sit-messenger.com -d www.api.sit-messenger.com;'"
-
-#  frontend:
-#    image: sit_core_frontend
-#    build: ./frontend
-#    #    volumes:
-#    #      - ./frontend/:/user/src/app/
-#    #    expose:
-#    #      - 3000
-#    #    ports:
-#    #      - 3000:3000
-#    depends_on:
-#      - web
-#    command: ./start-dev
-#    env_file:
-#      - .env/prod.env
-
 
   web:
     build:

mediafiles/message_storage/Natalia-AND-root.txt

@@ -1 +1 @@
-gAAAAABgUZ9iXEzb89AYhHgFM89mYcN3tU_Qql__KhUJ6j7OzCwJNC6OQYPKHsOY2n0epP6kM2S7KsjzPngG2w9o1fg49uRM8ZI6t7S2WcQbiNu78EDUTMMrmkaNJgkkQK8lYdcW4IidZYGcHizX5zwb_QzjTKW2O9HUd7dkDvbB4xhWJwxCGhRf9wau2nNMgZ7ppVvx12QyjPSBPUJOBqBhaxNwSO3R7XFyZLcUUV2oTrObPH5a1p4=
+gAAAAABgVZjvunnHItYUbbcm6oR8TJixI2IwuEB-0cyg7C0_rTfwIQfPof2hXdhALq-a1wtkNHwIVy4mOcStfmaiAAExiR0tIGRWGBQMfluFjr_51DzrMlKdeEAgSOftNtmlFFTpYk7k6z7lcRhDZGW5x1-KyHOGSH3QEDpkACZxIsPdpMgxCUAJaCs8DBccHKbnM84-imwBItysOHED5ttAMgs8XUP89kxWJGF0Ddg9040HSjA_oIlU7GfqexaV_pkExxmh-7zDgM0mw2FuRpwcUbQW_erlq7UFm0jd8Gp3cuF0FfKnAlT7R2p5cuJv5njDjipBJ9_jKLIWC0NKPtOJ2uuoT1CSGl8eV8FM48TFXxd09u0miiiL6XF6z-r8j6NTgGY8UnJmm9PplhRfBECSnqhwyi7QL5dcPjXB6iMPEh7icrBbY_aobNQh4qtbEz3B6kkvX5NGH81_Mrj_m8Ul4PKNrwLa2E_wyBsig6e4I30djCJXSENAn4OrjT-aWAzzL_b6jzRFWyIFkapc5hWPCu0S55MIjf0BB2HZpGuS1aRMQE9P8x1ZiRUo5_FgP8Xl1qjoWjhfKnoREPE0QwsZBPObV1B2P78ilWJqlJ7ycIgoGfY9oUsZB7QHhygngaFqr52WI9c7I9ZUCEVoVXhnIwcyNSsahTDuHmBkFO9asfky3Qd8f4bi9S9n6hDPxTG1uOrU3PHc-dqwF5DD7C-qNyRu84kLmgmD8yPxQj5bEOdN7DytciDTFIXTzIjPfT6FPCpd-YGxF96S00VhtNDJxBIZkp24hgsyLTZCOhyP36xGSExGqitwU-AZS3VYuqC_Y0by3Omy