From 9efb8d4c4090be223d3a7416fe4a9aa83052fc95 Mon Sep 17 00:00:00 2001 From: Tom Hacohen Date: Thu, 10 Sep 2020 19:20:52 +0300 Subject: [PATCH] Update example-configs to etebase. --- example-configs/nginx-uwsgi/README.md | 22 +++++++++++++++++++ example-configs/nginx-uwsgi/etebase.ini | 15 +++++++++++++ example-configs/nginx-uwsgi/etesync.ini | 15 ------------- .../nginx-uwsgi/my.server.name.conf | 22 ++++++++++++------- example-configs/nginx-uwsgi/readme.md | 20 ----------------- 5 files changed, 51 insertions(+), 43 deletions(-) create mode 100644 example-configs/nginx-uwsgi/README.md create mode 100644 example-configs/nginx-uwsgi/etebase.ini delete mode 100644 example-configs/nginx-uwsgi/etesync.ini delete mode 100644 example-configs/nginx-uwsgi/readme.md diff --git a/example-configs/nginx-uwsgi/README.md b/example-configs/nginx-uwsgi/README.md new file mode 100644 index 0000000..55b5fa5 --- /dev/null +++ b/example-configs/nginx-uwsgi/README.md @@ -0,0 +1,22 @@ +# Running `etebase` under `nginx` and `uwsgi` + +This configuration assumes that etebase server has been installed in the home folder of a non privileged user +called `EtebaseUser` following the instructions in . Also that static +files have been collected at `/srv/http/etebase_server` by running the following commands: + +```shell +sudo mkdir -p /srv/http/etebase_server/static +sudo chown -R EtebaseUser /srv/http/etebase_server +sudo su EtebaseUser +cd /path/to/etebase +ln -s /srv/http/etebase_server/static static +./manage.py collectstatic +``` + +It is also assumed that `nginx` and `uwsgi` have been installed system wide by `root`, and that `nginx` is running as user/group `www-data`. + +In this setup, `uwsgi` running as a `systemd` service as `root` creates a unix socket with read-write access +to both `EtebaseUser` and `nginx`. It then drops its `root` privilege and runs `etebase` as `EtebaseUser`. + +`nginx` listens on the `https` port (or a non standard port `https` port if desired), delivers static pages directly +and for everything else, communicates with `etebase` over the unix socket. diff --git a/example-configs/nginx-uwsgi/etebase.ini b/example-configs/nginx-uwsgi/etebase.ini new file mode 100644 index 0000000..a2ebe97 --- /dev/null +++ b/example-configs/nginx-uwsgi/etebase.ini @@ -0,0 +1,15 @@ +# uwsgi configuration file +# typical location of this file would be /etc/uwsgi/sites/etebase.ini + +[uwsgi] +socket = /path/to/etebase_server.sock +chown-socket = EtebaseUser:www-data +chmod-socket = 660 +vacuum = true + + +uid = EtebaseUser +chdir = /path/to/etebase +home = %(chdir)/.venv +module = etebase_server.wsgi +master = true diff --git a/example-configs/nginx-uwsgi/etesync.ini b/example-configs/nginx-uwsgi/etesync.ini deleted file mode 100644 index e79eeee..0000000 --- a/example-configs/nginx-uwsgi/etesync.ini +++ /dev/null @@ -1,15 +0,0 @@ -# uwsgi configuration file -# typical location of this file would be /etc/uwsgi/sites/etesync.ini - -[uwsgi] -socket = /path/to/etesync_server.sock -chown-socket = EtesyncUser:www-data -chmod-socket = 660 -vacuum = true - - -uid = EtesyncUser -chdir = /path/to/etesync -home = %(chdir)/.venv -module = etesync_server.wsgi -master = true diff --git a/example-configs/nginx-uwsgi/my.server.name.conf b/example-configs/nginx-uwsgi/my.server.name.conf index b5b019d..6b5de6e 100644 --- a/example-configs/nginx-uwsgi/my.server.name.conf +++ b/example-configs/nginx-uwsgi/my.server.name.conf @@ -1,30 +1,36 @@ -# nginx configuration for etesync server running on https://my.server.name +# nginx configuration for etebase server running on https://my.server.name # typical location of this file would be /etc/nginx/sites-available/my.server.name.conf server { server_name my.server.name; - root /srv/http/etesync_server; + root /srv/http/etebase_server; + + client_max_body_size 20M; - client_max_body_size 5M; - location /static { expires 1y; try_files $uri $uri/ =404; } + location /media { + expires 1y; + try_files $uri $uri/ =404; + } + location / { - uwsgi_pass unix:/path/to/etesync_server.sock; + uwsgi_pass unix:/path/to/etebase_server.sock; include uwsgi_params; } # change 443 to say 9443 to run on a non standard port - listen 443 ssl; - listen [::]:443 ssl; + listen 443 ssl; + listen [::]:443 ssl; # Enable these two instead of the two above if your nginx supports http2 # listen 443 ssl http2; # listen [::]:443 ssl http2; - + ssl_certificate /path/to/certificate-file ssl_certificate_key /path/to/certificate-key-file # other ssl directives as needed +} diff --git a/example-configs/nginx-uwsgi/readme.md b/example-configs/nginx-uwsgi/readme.md deleted file mode 100644 index dad98b6..0000000 --- a/example-configs/nginx-uwsgi/readme.md +++ /dev/null @@ -1,20 +0,0 @@ -# Running `etesync` under `nginx` and `uwsgi` - -This configuration assumes that etesync server has been installed in the home folder of a non privileged user -called `EtesyncUser` following the instructions in . Also that static -files have been collected at `/srv/http/etesync_server` by running the following commands: - - sudo mkdir -p /srv/http/etesync_server/static - sudo chown -R EtesyncUser /srv/http/etesync_server - sudo su EtesyncUser - cd /path/to/etesync - ln -s /srv/http/etesync_server/static static - ./manage.py collectstatic - -It is also assumed that `nginx` and `uwsgi` have been installed system wide by `root`, and that `nginx` is running as user/group `www-data`. - -In this setup, `uwsgi` running as a `systemd` service as `root` creates a unix socket with read-write access -to both `EtesyncUser` and `nginx`. It then drops its `root` privilege and runs `etesync` as `EtesyncUser`. - -`nginx` listens on the `https` port (or a non standard port `https` port if desired), delivers static pages directly -and for everything else, communicates with `etesync` over the unix socket.