Rename SSL env variables for Daphne to solve conflict with SSL_CERT_F…

…ILE of httpx (used be OpenAI client)
openradx · Jan 13, 2025 · 8b89da9 · 8b89da9
1 parent def4c00
commit 8b89da9
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 19 deletions.
diff --git a/adit_radis_shared/invoke_tasks.py b/adit_radis_shared/invoke_tasks.py
@@ -501,10 +501,10 @@ def generate_certificate_files(ctx: Context):
 
     if "SSL_HOSTNAME" not in config:
         raise Exit("Missing SSL_HOSTNAME setting in .env file")
-    if "SSL_CERT_FILE" not in config:
-        raise Exit("Missing SSL_CERT_FILE setting in .env file")
-    if "SSL_KEY_FILE" not in config:
-        raise Exit("Missing SSL_KEY_FILE setting in .env file")
+    if "SSL_SERVER_CERT_FILE" not in config:
+        raise Exit("Missing SSL_SERVER_CERT_FILE setting in .env file")
+    if "SSL_SERVER_KEY_FILE" not in config:
+        raise Exit("Missing SSL_SERVER_KEY_FILE setting in .env file")
 
     hostname = config["SSL_HOSTNAME"]
     assert hostname
@@ -515,19 +515,19 @@ def generate_certificate_files(ctx: Context):
 
     (cert_pem, key_pem) = Utility.generate_self_signed_certificates(hostname, ip_addresses)
 
-    cert_file = config["SSL_CERT_FILE"]
+    cert_file = config["SSL_SERVER_CERT_FILE"]
     assert cert_file
     cert_path = Path(cert_file)
     if cert_path.is_file():
         raise Exit(f"A SSL certificate file {cert_path.absolute()} already exists.")
 
-    key_file = config["SSL_KEY_FILE"]
+    key_file = config["SSL_SERVER_KEY_FILE"]
     assert key_file
     key_path = Path(key_file)
     if key_path.is_file():
         raise Exit(f"Key file {key_path.absolute()} already exists. Skipping.")
 
-    chain_file = config["SSL_CHAIN_FILE"]
+    chain_file = config["SSL_SERVER_CHAIN_FILE"]
     assert chain_file
     chain_path = Path(chain_file)
     if chain_path.is_file():
@@ -558,18 +558,18 @@ def generate_certificate_chain(ctx: Context):
 
     if "SSL_HOSTNAME" not in config:
         raise Exit("Missing SSL_HOSTNAME setting in .env file")
-    if "SSL_CERT_FILE" not in config:
-        raise Exit("Missing SSL_CERT_FILE setting in .env file")
-    if "SSL_CHAIN_FILE" not in config:
-        raise Exit("Missing SSL_CHAIN_FILE setting in .env file")
+    if "SSL_SERVER_CERT_FILE" not in config:
+        raise Exit("Missing SSL_SERVER_CERT_FILE setting in .env file")
+    if "SSL_SERVER_CHAIN_FILE" not in config:
+        raise Exit("Missing SSL_SERVER_CHAIN_FILE setting in .env file")
 
     hostname = config["SSL_HOSTNAME"]
     assert hostname
 
-    cert_file = config["SSL_CERT_FILE"]
+    cert_file = config["SSL_SERVER_CERT_FILE"]
     assert cert_file
 
-    chain_file = config["SSL_CHAIN_FILE"]
+    chain_file = config["SSL_SERVER_CHAIN_FILE"]
     assert chain_file
 
     cert_path = Path(cert_file)
@@ -578,7 +578,7 @@ def generate_certificate_chain(ctx: Context):
             f"SSL certificate file {cert_path.absolute()} does not exist. "
             "You can generate an unsigned certificate with 'invoke generate-certificate-files'"
             " with included chain file. If you have a signed certificate from a CA, be sure to"
-            " provide the correct SSL_CERT_FILE setting in '.env'. Skipping."
+            " provide the correct SSL_SERVER_CERT_FILE setting in '.env'. Skipping."
         )
 
     chain_path = Path(chain_file)

diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
@@ -2,8 +2,8 @@ x-app: &default-app
   image: example_project_prod:latest
   volumes:
     - web_data:/var/www/web
-    - ${SSL_CERT_FILE:?}:/etc/web/ssl/cert.pem
-    - ${SSL_KEY_FILE:?}:/etc/web/ssl/key.pem
+    - ${SSL_SERVER_CERT_FILE:?}:/etc/web/ssl/cert.pem
+    - ${SSL_SERVER_KEY_FILE:?}:/etc/web/ssl/key.pem
   environment:
     DJANGO_EMAIL_URL: ${DJANGO_EMAIL_URL:?}
     DJANGO_SETTINGS_MODULE: "example_project.settings.production"

diff --git a/example.env b/example.env
@@ -70,9 +70,9 @@ SITE_USES_HTTPS=false
 # certificate chain using 'invoke generate-certificate-chain'.
 SSL_HOSTNAME=localhost
 SSL_IP_ADDRESSES=127.0.0.1
-SSL_CERT_FILE="./cert.pem"
-SSL_KEY_FILE="./key.pem"
-SSL_CHAIN_FILE="./chain.pem"
+SSL_SERVER_CERT_FILE="./cert.pem"
+SSL_SERVER_KEY_FILE="./key.pem"
+SSL_SERVER_CHAIN_FILE="./chain.pem"
 
 # The timezone that the web interface uses.
 USER_TIME_ZONE="Europe/Berlin"