Update example-configs to etebase.

This commit is contained in:
Tom Hacohen 2020-09-10 19:20:52 +03:00
parent b9f20d251a
commit 9efb8d4c40
5 changed files with 51 additions and 43 deletions

View File

@ -0,0 +1,22 @@
# Running `etebase` under `nginx` and `uwsgi`
This configuration assumes that etebase server has been installed in the home folder of a non privileged user
called `EtebaseUser` following the instructions in <https://github.com/etesync/server>. Also that static
files have been collected at `/srv/http/etebase_server` by running the following commands:
```shell
sudo mkdir -p /srv/http/etebase_server/static
sudo chown -R EtebaseUser /srv/http/etebase_server
sudo su EtebaseUser
cd /path/to/etebase
ln -s /srv/http/etebase_server/static static
./manage.py collectstatic
```
It is also assumed that `nginx` and `uwsgi` have been installed system wide by `root`, and that `nginx` is running as user/group `www-data`.
In this setup, `uwsgi` running as a `systemd` service as `root` creates a unix socket with read-write access
to both `EtebaseUser` and `nginx`. It then drops its `root` privilege and runs `etebase` as `EtebaseUser`.
`nginx` listens on the `https` port (or a non standard port `https` port if desired), delivers static pages directly
and for everything else, communicates with `etebase` over the unix socket.

View File

@ -0,0 +1,15 @@
# uwsgi configuration file
# typical location of this file would be /etc/uwsgi/sites/etebase.ini
[uwsgi]
socket = /path/to/etebase_server.sock
chown-socket = EtebaseUser:www-data
chmod-socket = 660
vacuum = true
uid = EtebaseUser
chdir = /path/to/etebase
home = %(chdir)/.venv
module = etebase_server.wsgi
master = true

View File

@ -1,15 +0,0 @@
# uwsgi configuration file
# typical location of this file would be /etc/uwsgi/sites/etesync.ini
[uwsgi]
socket = /path/to/etesync_server.sock
chown-socket = EtesyncUser:www-data
chmod-socket = 660
vacuum = true
uid = EtesyncUser
chdir = /path/to/etesync
home = %(chdir)/.venv
module = etesync_server.wsgi
master = true

View File

@ -1,30 +1,36 @@
# nginx configuration for etesync server running on https://my.server.name # nginx configuration for etebase server running on https://my.server.name
# typical location of this file would be /etc/nginx/sites-available/my.server.name.conf # typical location of this file would be /etc/nginx/sites-available/my.server.name.conf
server { server {
server_name my.server.name; server_name my.server.name;
root /srv/http/etesync_server; root /srv/http/etebase_server;
client_max_body_size 20M;
client_max_body_size 5M;
location /static { location /static {
expires 1y; expires 1y;
try_files $uri $uri/ =404; try_files $uri $uri/ =404;
} }
location /media {
expires 1y;
try_files $uri $uri/ =404;
}
location / { location / {
uwsgi_pass unix:/path/to/etesync_server.sock; uwsgi_pass unix:/path/to/etebase_server.sock;
include uwsgi_params; include uwsgi_params;
} }
# change 443 to say 9443 to run on a non standard port # change 443 to say 9443 to run on a non standard port
listen 443 ssl; listen 443 ssl;
listen [::]:443 ssl; listen [::]:443 ssl;
# Enable these two instead of the two above if your nginx supports http2 # Enable these two instead of the two above if your nginx supports http2
# listen 443 ssl http2; # listen 443 ssl http2;
# listen [::]:443 ssl http2; # listen [::]:443 ssl http2;
ssl_certificate /path/to/certificate-file ssl_certificate /path/to/certificate-file
ssl_certificate_key /path/to/certificate-key-file ssl_certificate_key /path/to/certificate-key-file
# other ssl directives as needed # other ssl directives as needed
}

View File

@ -1,20 +0,0 @@
# Running `etesync` under `nginx` and `uwsgi`
This configuration assumes that etesync server has been installed in the home folder of a non privileged user
called `EtesyncUser` following the instructions in <https://github.com/etesync/server-skeleton>. Also that static
files have been collected at `/srv/http/etesync_server` by running the following commands:
sudo mkdir -p /srv/http/etesync_server/static
sudo chown -R EtesyncUser /srv/http/etesync_server
sudo su EtesyncUser
cd /path/to/etesync
ln -s /srv/http/etesync_server/static static
./manage.py collectstatic
It is also assumed that `nginx` and `uwsgi` have been installed system wide by `root`, and that `nginx` is running as user/group `www-data`.
In this setup, `uwsgi` running as a `systemd` service as `root` creates a unix socket with read-write access
to both `EtesyncUser` and `nginx`. It then drops its `root` privilege and runs `etesync` as `EtesyncUser`.
`nginx` listens on the `https` port (or a non standard port `https` port if desired), delivers static pages directly
and for everything else, communicates with `etesync` over the unix socket.