diff --git a/backup_db.sh b/backup_db.sh index 65c079d6..152438e9 100755 --- a/backup_db.sh +++ b/backup_db.sh @@ -1,2 +1,2 @@ mkdir -p /home/incubator/dumps/$(date +"%y-%m") -docker compose -f /home/incubator/docker/apps/incubator/docker-compose.yml exec -T db pg_dumpall --username="incubator" > /home/incubator/dumps/$(date +"%y-%m")/$(date +"%y-%m-%d").sql +docker compose -f /home/incubator/docker/apps/incubator/docker-compose.yml exec -T db pg_dump --username="incubator" --dbname="incubator_db" > /home/incubator/dumps/$(date +"%y-%m")/$(date +"%y-%m-%d").sql diff --git a/build.sh b/build.sh index d2a309e1..792f12a8 100755 --- a/build.sh +++ b/build.sh @@ -2,7 +2,7 @@ git pull docker pull ghcr.io/urlab/incubator:main -docker-compose up -d --build -docker-compose exec web uv run python manage.py migrate --noinput -docker-compose exec web uv run python manage.py collectstatic --no-input --clear -docker-compose restart nginx +docker compose up -d --build +docker compose exec web uv run python manage.py migrate --noinput +docker compose exec web uv run python manage.py collectstatic --no-input --clear +docker compose restart nginx diff --git a/incubator/settings.py b/incubator/settings.py index c4e64e7a..198c73a0 100644 --- a/incubator/settings.py +++ b/incubator/settings.py @@ -316,15 +316,21 @@ DEFAULT_FROM_EMAIL = os.environ.get("EMAIL_FROM", default="contact@urlab.be") EMAIL_USE_TLS = os.environ.get("EMAIL_USE_TLS", default=True) -DEFAULT_FILE_STORAGE = { +DEFAULT_FILE_STORAGE = "django.core.files.storage.FileSystemStorage" + +STORAGES = { "default": { "BACKEND": "django.core.files.storage.FileSystemStorage", }, + "staticfiles": { + "BACKEND": "django.contrib.staticfiles.storage.StaticFilesStorage", + }, } # Security settings (applied in production when DEBUG=False) if not DEBUG: SECURE_SSL_REDIRECT = True + SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") SECURE_HSTS_SECONDS = 31536000 # 1 year SECURE_HSTS_INCLUDE_SUBDOMAINS = True SECURE_HSTS_PRELOAD = True diff --git a/incubator/templatetags/formatting.py b/incubator/templatetags/formatting.py index 100533de..f9f9ed45 100644 --- a/incubator/templatetags/formatting.py +++ b/incubator/templatetags/formatting.py @@ -82,4 +82,10 @@ def safe_markdown(value): @register.filter(is_safe=False, name="unsafeMarkdown") @stringfilter def unsafe_markdown(value): + """Render markdown to sanitized HTML. + + Despite the name, this filter uses the same sanitized rendering path as the + ``markdown`` filter via ``_render_markdown``. It is retained for backwards + compatibility with existing templates that reference ``unsafeMarkdown``. + """ return mark_safe(_render_markdown(value)) diff --git a/upgrade_postgres.sh b/upgrade_postgres.sh index f60bf6be..2c677de1 100755 --- a/upgrade_postgres.sh +++ b/upgrade_postgres.sh @@ -32,10 +32,15 @@ source .env.db DB_NAME="${POSTGRES_DB:-incubator_db}" DB_USER="${POSTGRES_USER:-incubator}" -# echo "[1/6] Dumping database from PostgreSQL 12..." -# docker compose exec -T db pg_dumpall -U "$DB_USER" > "$DUMP_FILE" -# DUMP_SIZE=$(du -h "$DUMP_FILE" | cut -f1) -# echo " Dump complete: $DUMP_FILE ($DUMP_SIZE)" +echo "[1/6] Dumping database from PostgreSQL 12..." +docker compose exec -T db pg_dump -U "$DB_USER" -d "$DB_NAME" > "$DUMP_FILE" +DUMP_SIZE=$(du -h "$DUMP_FILE" | cut -f1) +echo " Dump complete: $DUMP_FILE ($DUMP_SIZE)" + +if [ ! -s "$DUMP_FILE" ]; then + echo "ERROR: Dump file is empty or missing. Aborting." + exit 1 +fi echo "[2/6] Stopping all services..." docker compose down @@ -65,7 +70,7 @@ for i in $(seq 1 30); do done echo "[6/6] Restoring dump into PostgreSQL 17..." -docker compose exec -T db psql -U "$DB_USER" -d "$DB_NAME" < "$DUMP_FILE" +docker compose exec -T db psql -U "$DB_USER" -d "$DB_NAME" -v ON_ERROR_STOP=1 < "$DUMP_FILE" # Re-set the password so it's hashed with scram-sha-256 (Postgres 17 default). # Old Postgres 12 stored passwords as md5, which won't work for TCP connections.