From b02e5bbb386e37cc45b9799bf1bfce19e712589d Mon Sep 17 00:00:00 2001
From: prance <gbryk1@gmail.com>
Date: Fri, 28 Jan 2022 01:28:46 +0100
Subject: [PATCH] imporve nginx configs

---
 MUOR/MUOR/NGINXConfigurator.py                |  7 ++--
 .../configs/muor_after_location_block.conf    | 12 +++---
 .../configs/muor_before_location_block.conf   | 37 ++++++++++++-------
 MUOR/MUOR/settings.py                         |  5 ++-
 MUOR/MUOR/signals.py                          | 17 +++++----
 MUOR/MUOR/views.py                            |  4 +-
 6 files changed, 50 insertions(+), 32 deletions(-)

diff --git a/MUOR/MUOR/NGINXConfigurator.py b/MUOR/MUOR/NGINXConfigurator.py
index 8509faddc..a8b4aa7ed 100644
--- a/MUOR/MUOR/NGINXConfigurator.py
+++ b/MUOR/MUOR/NGINXConfigurator.py
@@ -2,7 +2,7 @@ import subprocess
 
 
 class NGINXConfigurator:
-    _config_path = "/etc/nginx/nginx.conf"
+    _config_path = "/etc/nginx/conf.d/muor.conf"
     _location_preamble_path = "MUOR/configs/muor_before_location_block.conf"
     _location_epilouge_path = "MUOR/configs/muor_after_location_block.conf"
 
@@ -14,7 +14,8 @@ class NGINXConfigurator:
         config = cls._get_config(sessions)
         with open(cls._config_path, 'w') as F:
             F.write(config)
-        completed_process = subprocess.run(["sudo", "nginx", "-s", "reload"])
+        completed_process = subprocess.run(
+            ["sudo", "systemctl", "reload", "nginx"])
         return completed_process.returncode
 
     @classmethod
@@ -43,7 +44,7 @@ class NGINXConfigurator:
     @classmethod
     def _get_upstream_entry(cls, uid, port):
         return f"upstream {uid}" + " {\n" \
-               + f"    server localhost:{port}" + "\n}"
+               + f"    server localhost:{port};" + "\n}"
 
     @classmethod
     def _get_location_entry(cls, uid, sessionid):
diff --git a/MUOR/MUOR/configs/muor_after_location_block.conf b/MUOR/MUOR/configs/muor_after_location_block.conf
index 0969335d8..667cb0449 100644
--- a/MUOR/MUOR/configs/muor_after_location_block.conf
+++ b/MUOR/MUOR/configs/muor_after_location_block.conf
@@ -1,15 +1,15 @@
 
         if ($cookie_sessionid = ""){
-            proxy_pass django; # TODO prolly change that to uwsgi_pass
+            proxy_pass http://django; # TODO prolly change that to uwsgi_pass
         }
     }
 
-    ssl_certificate_key /ssl/private.pem;
-    ssl_certificate     /ssl/certs.pem;
+#     ssl_certificate_key /ssl/private.pem;
+#     ssl_certificate     /ssl/certs.pem;
 
-    ssl_protocols TLSv1.2;
-    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
-    ssl_prefer_server_ciphers on;
+#     ssl_protocols TLSv1.2;
+#     ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+#     ssl_prefer_server_ciphers on;
 
     # add_header Strict-Transport-Security max-age=31536000;
 }
\ No newline at end of file
diff --git a/MUOR/MUOR/configs/muor_before_location_block.conf b/MUOR/MUOR/configs/muor_before_location_block.conf
index 1284230b5..378d6228c 100644
--- a/MUOR/MUOR/configs/muor_before_location_block.conf
+++ b/MUOR/MUOR/configs/muor_before_location_block.conf
@@ -6,19 +6,20 @@ map $http_upgrade $connection_upgrade {
 }
 
 upstream django {
-    server localhost:8080
+    server localhost:8080;
 }
 
-server {
-    listen 80 reuseport;
-    server_name randomsec.projektstudencki.pl;
-    return  301 https://randomsec.projektstudencki.pl;
-}
+# server {
+#     listen 80 reuseport;
+#     server_name randomsec.projektstudencki.pl;
+#     return  301 https://randomsec.projektstudencki.pl;
+# }
 
 # configuration of the server
 server {
     # the port your site will be served on
-    listen  443 ssl http2 reuseport;
+#     listen  443 ssl http2 reuseport; #TODO change to 443
+    listen 80 reuseport;
     # the domain name it will serve for
     server_name randomsec.projektstudencki.pl
     charset utf-8;
@@ -26,14 +27,24 @@ server {
     # max upload size
     client_max_body_size 75M;   # adjust to taste
 
-    location /static {
-        alias /path/to/static; #TODO add path
-        expires 30d;
-        access_log off;
-        add_header Pragma public;
-        add_header Cache-Control "public";
+#     location /static {
+#         alias /path/to/static; #TODO add path
+#         expires 30d;
+#         access_log off;
+#         add_header Pragma public;
+#         add_header Cache-Control "public";
+#     }
+
+    error_page 500 502 503 504 404 /error.html;
+
+    location = /error.html {
+        add_header Content-Type text/html;
+        return 200 '<meta http-equiv="refresh" content="1; URL=http://localhost/" />';
     }
 
+    location /logout/ {
+        proxy_pass http://django;
+    }
 
     # Finally, send all non-media requests to the Django server.
     location / {
diff --git a/MUOR/MUOR/settings.py b/MUOR/MUOR/settings.py
index 91acb5b29..81e22e07f 100644
--- a/MUOR/MUOR/settings.py
+++ b/MUOR/MUOR/settings.py
@@ -25,7 +25,7 @@ SECRET_KEY = 'django-insecure-t52#vo-k9ty*$@u9bf75hrkd#^o_)gadrz9$7w%xnkb-0#y!bi
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
 
-ALLOWED_HOSTS = ['127.0.0.1', 'localhost']
+ALLOWED_HOSTS = ['127.0.0.1', 'localhost', 'django']
 
 # Application definition
 
@@ -50,6 +50,9 @@ MIDDLEWARE = [
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
 ]
 
+CSRF_TRUSTED_ORIGINS = ["http://localhost", "http://192.168.88.206",
+                        "http://randomsec.projektstudencki.pl"]
+
 ROOT_URLCONF = 'MUOR.urls'
 
 TEMPLATES = [
diff --git a/MUOR/MUOR/signals.py b/MUOR/MUOR/signals.py
index ba80d9dfb..10f734117 100644
--- a/MUOR/MUOR/signals.py
+++ b/MUOR/MUOR/signals.py
@@ -60,13 +60,16 @@ def profile_start_up(sender, user, request, **kwargs):
 @receiver(user_logged_out)
 def profile_logged_out(sender, user, request, **kwargs):
     # Obtaining container_id
-    session = Session.objects.get(user=user)
-    container_id = session.container_id
+    try:
+        session = Session.objects.get(user=user)
+        container_id = session.container_id
 
-    # Turn off and delete container
-    docker_manager = DockerManager()
-    docker_manager.turn_off_container(container_id)
+        # Turn off and delete container
+        docker_manager = DockerManager()
+        docker_manager.turn_off_container(container_id)
 
-    # Delete session
-    session.delete()
+        # Delete session
+        session.delete()
+    except Session.DoesNotExist:
+        pass
     NGINXConfigurator.refresh_config(get_sessions_data())
diff --git a/MUOR/MUOR/views.py b/MUOR/MUOR/views.py
index e54ccfc31..780c959ec 100644
--- a/MUOR/MUOR/views.py
+++ b/MUOR/MUOR/views.py
@@ -24,7 +24,7 @@ class SignUpView(generic.CreateView):
 
 
 def home(request):
-    if request.user.is_authenticated:
-        logout(request)
+    # if request.user.is_authenticated:
+    #     logout(request)
 
     return redirect("/welcome")