esitarski
commented
7 months ago Short answer:
And please go easy on me. Browser warnings about non-https web sites are not my fault ;) hjttps is not feasible with a stand-alone install (part of the reason I proposed a central multi-tenant RaceDB website). However, it is possible for you to do this yourself https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu as the underlying toolkit, Django, supports if (eg with nginx and Gunicorn). There are a number of additional configuration steps to get and maintain your encryption certificate.
For example, www.racedb.ca is fully https and runs the same code line-for-line as github RaceDB. It is just deployed differently with nginx and Gunicorn.
Very long answer:
Briefly, a web site has 3 major components:
- web server (nginx, apache, etc.)
- application server (WSGI HTTP, Gunicorn, uWSG, etc.)
- database server (postgres, mysql, etc.)
The web server process does encryption (https), serves static files, protects against denial of service attacks, etc. High performance. It receives the raw url GET and POST requests from a web browser and figures out what to do with it. In a simple configuration, urls that begin with "static" are files retrieved from a folder. This enables high-performance retrieval of images, javascript, style sheets and other content that does not change.
For all other urls, the web server is configured to forward the url to the "application server". The application server is a wrapper process around the application code (in the case of RaceDB, it is written in Python using Django).
The application server then reads/writes data from the database server, applies logic as necessary, then returns a response (eg. html, Excel, pdf) back to the web server, which then encrypts it and finally sends it to the user's browser. Of course, this is all multi-threaded and I/O optimized.
Distinct servers enable scalability options. For example, each server could be deployed on a seperate computer, or there can be multiple instances of the same server across multiple computers, with load balancing software controlling the requests. This really isn't much of a concern for RaceDB which is a relatively very low-volume web app.
Back to the original question - supporting https:
RaceDB ships with a "toy" built-in web server that is embedded in the same process as the application. It performs OK, but does not support https. The web server and application server are merged into one. The database process remains separate.
To support https, you really should use a real web server like nginx or apache. In the RaceDB context, a web server would have to be included in the Docker install. I know this is possible, but I currently lack the Docker skills to do it. I recently discovered there is a pure-Python https server here https://gist.github.com/DannyHinshaw/a3ac5991d66a2fe6d97a569c6cdac534 or here https://piware.de/2011/01/creating-an-https-server-in-python/.
However, an https-capable web server in RaceDB does not get you https. You also need a certificate. The free option is Let's Encrypt https://letsencrypt.org/ where you can get the certificate and permission. You have to renew the certificate every month, or Let's Encrypt will delete it and https stops working. This is usually done with a cron job running on the web server (you can also do it manually, but don't ever forget).
That's a one-time deal if you are running from a hosted web site. It is more complicated when you have a local server.
Solution: hosted RaceDB?
This is yet another level of complexity required to run RaceDB standalone, and brings us back to the idea of a common multi-tenant RaceDb web server and usb RFID readers on site.
The only use case this doesn't cover for you is printing the bib numbers automatically.
There may be a solution. "Email to Print" (eg, https://github.com/aardsoft/cups-email) is a cron job configured to monitor an email address(s) and print documents received on it. Say there was a new option in RaceDB that tells it to email pdfs to certain email addresses corresponding to different "printers" instead of downloading them in the web browser. RaceDB users would print bibs, Instead of downloading pdfs, RaceDB would send those pdfs to those email address(es). Software running on your on-venue server checks those inboxes and prints the attachments on the correct printer. Rather than sending to multiple email addresses, RaceDB could put a description in the email text and mail to one (whatever is easier).
On Sun, Mar 17, 2024 at 5:44 PM Stuart Lynne @.***> wrote:
This can be confusing and easily missed when trying to download CrossMgr file minutes before the event starts while breathing heavily because you just ran 400m from the finish line to get the new download etc.
image.png (view on web) https://github.com/esitarski/RaceDB/assets/297561/81df2211-bfdc-47ba-8ee7-6dee8e95dd82
It is possible to fix this in Chrome. But the flags seem to move around, following this I eventually did get it added.
How to Enable or Disable Insecure Download Warning in Chrome. You can also whitelist entire websites via Chrome's settings: Settings > Security and Privacy > Site Settings > Insecure Content. Under Allowed to show insecure content click “Add” and enter the main website URL and click “Add”
image.png (view on web) https://github.com/esitarski/RaceDB/assets/297561/925aca31-80c3-4e9a-91f8-f7e10bc9c3f4
This appears to be an issue with "insecure" sites, as in HTTP vs HTTPS.
If RaceDB added HTTPS support it would eliminate the need for organizers to jump through hoops to keep Chrome happy.
— Reply to this email directly, view it on GitHub https://github.com/esitarski/RaceDB/issues/66, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABGXKNHG4YQIUMHXJQCTPDYYYFDVAVCNFSM6AAAAABE2Q62Z2VHI2DSMVQWIX3LMV43ASLTON2WKOZSGE4TAOBXHE3TENQ . You are receiving this because you are subscribed to this thread.Message ID: @.***>
--
Edward Sitarski
stuartlynne
This can be confusing and easily missed when trying to download CrossMgr file minutes before the event starts while breathing heavily because you just ran 400m from the finish line to get the new download etc.
It is possible to fix this in Chrome. But the flags seem to move around, following this I eventually did get it added.
This appears to be an issue with "insecure" sites, as in HTTP vs HTTPS.
If RaceDB added HTTPS support it would eliminate the need for organizers to jump through hoops to keep Chrome happy.