chore: reorganize project structure and prepare for deployment

- Organize files into logical directories (docs/, scripts/, tests/) - Add comprehensive documentation (README, CONTRIBUTING, CHANGELOG) - Create deployment automation scripts - Add Docker production configuration - Update .gitignore and add .dockerignore - Remove temporary and test files from root - Improve settings.py with DEBUG from env variable Added: - README.md with project overview - CONTRIBUTING.md for contributors - CHANGELOG.md for version tracking - PROJECT_STATUS.md with current state - docker-compose.prod.yml for production - nginx.conf for production web server - scripts/deploy.sh for automated deployment - scripts/check-config.sh for configuration validation - scripts/setup-ssl.sh for SSL certificate setup - docs/DEPLOYMENT.md with detailed deployment guide - docs/ENV_VARIABLES.md with all environment variables Moved: - Documentation to docs/ - Scripts to scripts/ - Test files to tests/ Removed: - .history/ directory - Test response JSON files from root - settings_production.py (merged into settings.py) This commit prepares the project for: - Production deployment - Team collaboration - Docker containerization - Proper documentation
2025-11-24 07:12:04 +09:00
parent 7bf003e70d
commit d9adac609b
26 changed files with 1869 additions and 11 deletions
--- a/scripts/setup-ssl.sh
+++ b/scripts/setup-ssl.sh
@@ -0,0 +1,131 @@
+#!/bin/bash
+
+# SSL Setup script using Let's Encrypt for SmartSolTech
+
+if [ -z "$1" ] || [ -z "$2" ]; then
+    echo "Usage: ./setup-ssl.sh <domain> <email>"
+    echo "Example: ./setup-ssl.sh smartsoltech.kr admin@smartsoltech.kr"
+    exit 1
+fi
+
+DOMAIN=$1
+EMAIL=$2
+
+echo "🔒 Setting up SSL for $DOMAIN..."
+
+# Create directories
+mkdir -p certbot/conf
+mkdir -p certbot/www
+
+# Stop nginx if running
+docker-compose -f docker-compose.prod.yml stop nginx 2>/dev/null || true
+
+# Get certificate
+echo "📝 Requesting SSL certificate..."
+docker-compose -f docker-compose.prod.yml run --rm certbot certonly \
+    --webroot \
+    --webroot-path=/var/www/certbot \
+    --email $EMAIL \
+    --agree-tos \
+    --no-eff-email \
+    --force-renewal \
+    -d $DOMAIN \
+    -d www.$DOMAIN
+
+if [ $? -eq 0 ]; then
+    echo "✅ SSL certificate obtained successfully!"
+    
+    # Update nginx configuration for HTTPS
+    cat > nginx-ssl.conf << 'EOF'
+upstream django_app {
+    server web:8000;
+}
+
+# HTTP redirect to HTTPS
+server {
+    listen 80;
+    server_name DOMAIN_PLACEHOLDER www.DOMAIN_PLACEHOLDER;
+    
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+    
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+
+# HTTPS server
+server {
+    listen 443 ssl http2;
+    server_name DOMAIN_PLACEHOLDER www.DOMAIN_PLACEHOLDER;
+    
+    ssl_certificate /etc/letsencrypt/live/DOMAIN_PLACEHOLDER/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/DOMAIN_PLACEHOLDER/privkey.pem;
+    
+    # SSL settings
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    
+    client_max_body_size 20M;
+
+    # Security headers
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+
+    location / {
+        proxy_pass http://django_app;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $host;
+        proxy_redirect off;
+        proxy_buffering off;
+    }
+
+    location /static/ {
+        alias /app/smartsoltech/staticfiles/;
+        expires 30d;
+        add_header Cache-Control "public, immutable";
+    }
+
+    location /media/ {
+        alias /app/smartsoltech/media/;
+        expires 30d;
+        add_header Cache-Control "public, immutable";
+    }
+
+    # Deny access to sensitive files
+    location ~ /\. {
+        deny all;
+        access_log off;
+        log_not_found off;
+    }
+}
+EOF
+
+    # Replace domain placeholder
+    sed -i "s/DOMAIN_PLACEHOLDER/$DOMAIN/g" nginx-ssl.conf
+    
+    echo ""
+    echo "📋 SSL certificate installed!"
+    echo ""
+    echo "Next steps:"
+    echo "1. Replace nginx.conf with nginx-ssl.conf:"
+    echo "   mv nginx-ssl.conf nginx.conf"
+    echo ""
+    echo "2. Update .env file with your domain:"
+    echo "   ALLOWED_HOSTS=localhost,127.0.0.1,$DOMAIN,www.$DOMAIN"
+    echo "   CSRF_TRUSTED_ORIGINS=https://$DOMAIN,https://www.$DOMAIN"
+    echo ""
+    echo "3. Restart services:"
+    echo "   docker-compose -f docker-compose.prod.yml restart"
+    
+else
+    echo "❌ Failed to obtain SSL certificate"
+    exit 1
+fi