This repository hosts the Godot showreel website. It is a video submission and voting platform meant to help contributors selecting the best videos to showcase Godot engine.
It uses Keycloak as the authentication provider.
The repository is built as a docker-compose project. The gdshowreelvote
folder contains the main application as a standard django project. When using
docker-compose to start the service, it also starts an nginx proxy and a
postgres database. The secrets
, certificates
and pgdata
folders are
defaults folders used as mount points, but they may not be useful in a
production environment.
The next section requires a good understanding of hwo to use docker compose, ngingx and a postgres database. The use of docker-compose should simplify the processus a lot but setting up everything in a real production environment might be more complex.
To setup your keycloak instance you will have at least to:
- Connect to you keycloak instance (the default credential for the local keycloak instance are admin/admin).
- Create a new client.
- Setup the client access type as "confidential".
- Get the secret in the Crendetials section, it's needed in the web app configuration.
- In the Mappers section, create a built-in mapper for "realm roles".
The default configuration is the one used for testing, so you don't have to modify it. However you will need to:
- Add a certificate in to the
./certificates
folder. It should contain two files namedshowreel.godotengine.org.crt
andshowreel.godotengine.org.key
, which are the private key and the certificate for the website. In a testing environment, you should probably use a self-signed certificate, - Create four files in the
./secrets
folder, namedgdshowreel_django_db_root_password.txt
,gdshowreel_django_db_password.txt
,gdshowreel_django_secret.txt
,gdshowreel_oidc_rp_client_id.txt
andgdshowreel_oidc_rp_client_secret.txt
. The first threee should contains random passwords, they are used to, respectively, setup the mysql root password, communicate between django and the database, and the internal django secret. The last two ones are should be provided by the keycloak instance.
By default, the ./pgdata
will contain the database data.
With docker-compose installed, shoud should then be able to buil and run the
app using: docker-compose build; docker-compose up nginx
Note that, the first time you run the application, you might need to setup the
django database by running: docker-compose run web ./manage.py migrate
. Any
change to django models might also require running docker-compose run web ./manage.py makemigrations
first. But that's in Django's documentation.
The app is, by default, listening on the default HTTP and HTTPS port (80 and 433), but any HTTP request will be redirected to HTTPS. Accessing the keycloak server is possible via the 8080 port.
To run in production, you will have at least to:
- set
DJANGO_DEBUG=False
andDJANGO_ALLOWED_HOSTS=<the_website_domain>
in the web service's environment variables configuration, - possibly modify the mount point for your database data
<pgdata_folder>:/var/lib/postgresql
indocker-compose.yml
, - possibly modify the mount point for your certificates
<certificates_folder>:/etc/nginx/ssl/
indocker-compose.yml
, - possibly modify the location of your secrets in
docker-compose.yml
(if they are not in the./secrets
folder), - setup your certificates and secrets as you would do for the testing use case.
This should be enough to run in production with docker compose. For other more complex use case, each of the postagres, nginx, and web application components could require specific setup. As a tip on how to configure each one of them, you might have a look to the files:
nginx/nginx.conf
for the nginx proxy configuration,docker-compose.yml
for the postgres database configuration,gdshowreelvote/gdshowreelvote/settings.py
for the web app.
Indeed, you should also refer to the documentations of each of those components to undertand what those file do.
This website's code is provided under the MIT license.