Better examples in INSTALL.md and local_settings.py #528
Description
We would suggest to mention EMAIL Settings:
# Mail Setting
EMAIL_FROM_NAME = "ScaleUp Patchman"
EMAIL_HOST = "mx01.example.com"
EMAIL_HOST_USER = "smtpout@example.com"
EMAIL_HOST_PASSWORD = "my-secret"
EMAIL_PORT = 587
EMAIL_USE_TLS = True
And URL Settings (if you do not want to https://host.example.com/patchman/ as a main url):
# Login Urls
LOGIN_REDIRECT_URL = '/'
LOGOUT_REDIRECT_URL = '/login/'
LOGIN_URL = '/login/'
# URL prefix for static files.
STATIC_URL = '/static/'
# Additional dirs where the media should be copied from
STATICFILES_DIRS = [os.path.abspath(os.path.join(BASE_DIR, 'static'))]
Here is also a SSL Site config, which can be used without /etc/apache2/conf-enabled/patchman.conf
Define patchman_pythonpath /usr/lib/python3/dist-packages
WSGIPythonPath ${patchman_pythonpath}
# generated 2023-11-22, Mozilla Guideline v5.7, Apache 2.4.52, OpenSSL 3.0.2, modern configuration
# https://ssl-config.mozilla.org/#server=apache&version=2.4.52&config=modern&openssl=3.0.2&guideline=5.7
# this configuration requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/certs/patchman.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/certs/patchman.example.com/privkey.key
# enable HTTP/2, if available
Protocols h2 http/1.1
# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
Header always set Strict-Transport-Security "max-age=63072000"
WSGIScriptAlias / ${patchman_pythonpath}/patchman/wsgi.py
<Directory ${patchman_pythonpath}>
<Files wsgi.py>
Require all granted
</Files>
AllowOverride All
</Directory>
Alias /static "/var/lib/patchman/static"
<Location /static>
SetHandler None
</Location>
<Directory /var/lib/patchman/static>
Require all granted
</Directory>
#<Location /patchman/reports/upload>
# # Add the IP addresses of your client networks/hosts here
# # to allow uploading of reports
# Require ip 127.0.0.0/255.0.0.0
# Require ip ::1/128
#</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
# modern configuration
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
SSLHonorCipherOrder off
SSLSessionTickets off
Benefit in not having a /etc/apache2/conf-enabled/patchman.conf is that you can add an other site on the same host, without any side-effects (for example if you add wiki and write a documentation about patchman under: https://wiki.example.com/patchman/ the conf file will change urls.