From b9ff3816e8b4e7f5f2b261e7d3287438862cc81b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=81lvaro=20Justen=20=28=40turicas=29?=
 <alvarojusten@gmail.com>
Date: Sun, 8 Sep 2024 00:23:26 -0300
Subject: [PATCH] =?UTF-8?q?Ajusta=20documenta=C3=A7=C3=A3o=20de=20deployme?=
 =?UTF-8?q?nt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker/env/web      |  4 ++--
 docs/deploy.md      | 19 ++++++++++++++-----
 docs/dev-setup.md   |  4 ++++
 project/settings.py |  1 -
 4 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/docker/env/web b/docker/env/web
index 249167ad..bb590c3f 100644
--- a/docker/env/web
+++ b/docker/env/web
@@ -1,7 +1,8 @@
 # Environment variables for `web` service
 
 ADMINS="App Admin|admin@myapp.example.com"
-ALLOWED_HOSTS="localhost,127.0.0.1,[::1]"
+ALLOWED_HOSTS="localhost,api.localhost,127.0.0.1,[::1]"
+BRASILIO_API_HOST="api.localhost"
 AWS_S3_ACCESS_KEY_ID=minioroot
 AWS_S3_ENDPOINT_URL=http://storage:9000/
 AWS_S3_SECRET_ACCESS_KEY=miniopass
@@ -35,7 +36,6 @@ APP_HOST="localhost:8000"
 BLOCKED_AGENTS="Wget,curl,python-requests,Python-urllib"
 DATABASE_STATEMENT_TIMEOUT=25000
 DATA_URL="https://docs.google.com/spreadsheets/d/1-hw07Q7PBGlz2QjOifkwM3T8406OqsGOAWA-fikgW8c/export?format=xlsx"
-PRODUCTION=False
 FERNET_KEY="1Vo_8aX-WIKEyOWsusu8SHdMDc258elXTN4-WYu_9MQ="
 RECAPTCHA_PUBLIC_KEY="CHAVE_PUBLICA_RECAPTCHA"
 RECAPTCHA_PRIVATE_KEY="CHAVE_PRIVADA_RECAPTCHA"
diff --git a/docs/deploy.md b/docs/deploy.md
index 79abcc9a..5d82fda8 100644
--- a/docs/deploy.md
+++ b/docs/deploy.md
@@ -105,6 +105,9 @@ não precisaremos armazenar senhas em arquivos no repositório).
 # Provavelmente você precisará trocar apenas essas primeiras:
 export APP_NAME="brasil-io-prd"
 export APP_DOMAINS="brasil.io,www.brasil.io,api.brasil.io"
+export AWS_S3_DATASETS_BUCKET_NAME="dataset"
+export AWS_STORAGE_BUCKET_NAME="main"
+export BRASILIO_API_HOST="api.brasil.io"
 export SENTRY_DSN="..."  # URL de acesso ao Sentry, para reporte de erros
 export ADMINS="App Admin|admin@myapp.example.com"
 export LETSENCRYPT_EMAIL="$(echo $ADMINS | sed 's/^[^|]*|\([^,]*\).*$/\1/')"
@@ -117,7 +120,6 @@ export DB_NAME="pg_${APP_NAME}"
 export REDIS_NAME="redis_${APP_NAME}"
 export STORAGE_PATH="/var/lib/dokku/data/storage/$APP_NAME"
 export SESSION_COOKIE_DOMAIN=".brasil.io"
-export PRODUCTION="True"
 export EMAIL_BACKEND="django.core.mail.backends.smtp.EmailBackend"
 export DEFAULT_FROM_EMAIL="noreply@myapp.example.com"
 export EMAIL_HOST="..."
@@ -128,7 +130,7 @@ export EMAIL_USE_SSL="..."
 export EMAIL_USE_TLS="..."
 export DATA_URL="https://docs.google.com/spreadsheets/d/1-hw07Q7PBGlz2QjOifkwM3T8406OqsGOAWA-fikgW8c/export?format=xlsx"
 export SECRET_KEY=$(openssl rand -base64 64 | tr -d ' \n')
-export FERNET_KEY="$(python -c 'from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())')"
+export FERNET_KEY="$(python3 -c 'from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())')"
 ```
 
 Depois que as variáveis foram definidas, podemos criar o app, os serviços de banco de dados e fazer as configurações
@@ -161,6 +163,7 @@ dokku redis:link $REDIS_NAME $APP_NAME
 
 dokku config:set --no-restart $APP_NAME ADMINS="$ADMINS"
 dokku config:set --no-restart $APP_NAME ALLOWED_HOSTS="$ALLOWED_HOSTS"
+dokku config:set --no-restart $APP_NAME BRASILIO_API_HOST="$BRASILIO_API_HOST"
 dokku config:set --no-restart $APP_NAME CSRF_TRUSTED_ORIGINS="$CSRF_TRUSTED_ORIGINS"
 dokku config:set --no-restart $APP_NAME DATA_DIR="$DATA_DIR"
 dokku config:set --no-restart $APP_NAME DATA_URL="$DATA_URL"
@@ -175,7 +178,6 @@ dokku config:set --no-restart $APP_NAME EMAIL_PORT="$EMAIL_PORT"
 dokku config:set --no-restart $APP_NAME EMAIL_USE_SSL="$EMAIL_USE_SSL"
 dokku config:set --no-restart $APP_NAME EMAIL_USE_TLS="$EMAIL_USE_TLS"
 dokku config:set --no-restart $APP_NAME FERNET_KEY="$FERNET_KEY"
-dokku config:set --no-restart $APP_NAME PRODUCTION="$PRODUCTION"
 dokku config:set --no-restart $APP_NAME SECRET_KEY="$SECRET_KEY"
 dokku config:set --no-restart $APP_NAME SENTRY_DSN="$SENTRY_DSN"
 dokku config:set --no-restart $APP_NAME SESSION_COOKIE_DOMAIN="$SESSION_COOKIE_DOMAIN"
@@ -193,14 +195,14 @@ dokku config:set --no-restart $APP_NAME AWS_DEFAULT_ACL="private"
 dokku config:set --no-restart $APP_NAME AWS_IS_GZIPPED="False"
 dokku config:set --no-restart $APP_NAME AWS_S3_ACCESS_KEY_ID="..."
 dokku config:set --no-restart $APP_NAME AWS_S3_CUSTOM_DOMAIN="data.brasil.io/${AWS_STORAGE_BUCKET_NAME}"
-dokku config:set --no-restart $APP_NAME AWS_S3_DATASETS_BUCKET_NAME="dataset"
+dokku config:set --no-restart $APP_NAME AWS_S3_DATASETS_BUCKET_NAME="$AWS_S3_DATASETS_BUCKET_NAME"
 dokku config:set --no-restart $APP_NAME AWS_S3_DATASET_DOWNLOAD_CHUNK_SIZE="8388608"
 dokku config:set --no-restart $APP_NAME AWS_S3_DATASET_SHA512SUMS_FILENAME="SHA512SUMS"
 dokku config:set --no-restart $APP_NAME AWS_S3_DATASET_TABLES_FILES_LIST_FILENAME="_meta/list.html"
 dokku config:set --no-restart $APP_NAME AWS_S3_ENDPOINT_URL="https://data.brasil.io/"
 dokku config:set --no-restart $APP_NAME AWS_S3_SECRET_ACCESS_KEY="..."
 dokku config:set --no-restart $APP_NAME AWS_S3_URL_PROTOCOL="https:"
-dokku config:set --no-restart $APP_NAME AWS_STORAGE_BUCKET_NAME="main"
+dokku config:set --no-restart $APP_NAME AWS_STORAGE_BUCKET_NAME="$AWS_STORAGE_BUCKET_NAME"
 dokku config:set --no-restart $APP_NAME BLOCKED_AGENTS="Wget,curl,python-requests,Python-urllib"
 dokku config:set --no-restart $APP_NAME CACHE_BACKEND="django_redis.cache.RedisCache"
 dokku config:set --no-restart $APP_NAME CACHE_CLIENT_CLASS="django_redis.client.DefaultClient"
@@ -232,6 +234,13 @@ dokku config:set --no-restart $APP_NAME STATICFILES_STORAGE="whitenoise.storage.
 dokku config:set --no-restart $APP_NAME THROTTLING_RATE="30/m"
 ```
 
+> Nota: configurar a variável `ALLOWED_HOSTS` com os Dokku checks habilitados poderá gerar um erro no deployment (dado
+> que os checks são feitos usando um IP interno e o Dokku não envia o cabeçalho `Host`). Para resolver isso existem
+> duas soluções possíveis:
+> - (preferível) Configurar o Django para aceitar todos os hostnames com
+>   `dokku config:set --no-restart $APP_NAME 'ALLOWED_HOSTS=*'`; ou
+> - Desabilitar os checks com `dokku checks:disable $APP_NAME`
+
 Caso queira alterar a versão do postgres, atualize o arquivo de configuração da versão correspondente executando:
 
 ```shell
diff --git a/docs/dev-setup.md b/docs/dev-setup.md
index ad8317bb..387de991 100644
--- a/docs/dev-setup.md
+++ b/docs/dev-setup.md
@@ -38,6 +38,10 @@ python manage.py createsuperuser --username=admin --email=admin@brasil.io
 
 Pronto! A plataforma poderá ser acessada pelo seu navegador Web em [localhost:5000](http://localhost:5000/).
 
+> Nota: para diferenciar o domínio da API, utilizamos o domínio `api.localhost` nas configurações, então ela deve ser
+> acessada por [api.localhost:5000](http://api.localhost:5000/) e você deve criar uma entrada de `api.localhost` em seu
+> `/etc/hosts` que deve resolver `127.0.0.1`.
+
 Caso termine de trabalhar no projeto e queira parar os serviços, execute:
 
 ```shell
diff --git a/project/settings.py b/project/settings.py
index 08bd8648..cb1db69d 100644
--- a/project/settings.py
+++ b/project/settings.py
@@ -37,7 +37,6 @@
 SESSION_COOKIE_DOMAIN = config("SESSION_COOKIE_DOMAIN", default=None)  # ".brasil.io"  # wildcard brasil.io subdomains
 BRASILIO_API_HOST = config("BRASILIO_API_HOST", default="api.brasil.io")
 
-PRODUCTION = config("PRODUCTION", cast=bool, default=True)
 SECRET_KEY = config("SECRET_KEY")
 FERNET_KEY = config("FERNET_KEY")