Update example-configs to etebase.
Tom Hacohen
4 years ago
parent
b9f20d251a
commit
9efb8d4c40
@ -0,0 +1,22 @@
|
|||||||
|
# Running `etebase` under `nginx` and `uwsgi`
|
||||||
|
|
||||||
|
This configuration assumes that etebase server has been installed in the home folder of a non privileged user
|
||||||
|
called `EtebaseUser` following the instructions in <https://github.com/etesync/server>. Also that static
|
||||||
|
files have been collected at `/srv/http/etebase_server` by running the following commands:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
sudo mkdir -p /srv/http/etebase_server/static
|
||||||
|
sudo chown -R EtebaseUser /srv/http/etebase_server
|
||||||
|
sudo su EtebaseUser
|
||||||
|
cd /path/to/etebase
|
||||||
|
ln -s /srv/http/etebase_server/static static
|
||||||
|
./manage.py collectstatic
|
||||||
|
```
|
||||||
|
|
||||||
|
It is also assumed that `nginx` and `uwsgi` have been installed system wide by `root`, and that `nginx` is running as user/group `www-data`.
|
||||||
|
|
||||||
|
In this setup, `uwsgi` running as a `systemd` service as `root` creates a unix socket with read-write access
|
||||||
|
to both `EtebaseUser` and `nginx`. It then drops its `root` privilege and runs `etebase` as `EtebaseUser`.
|
||||||
|
|
||||||
|
`nginx` listens on the `https` port (or a non standard port `https` port if desired), delivers static pages directly
|
||||||
|
and for everything else, communicates with `etebase` over the unix socket.
|
||||||
@ -0,0 +1,15 @@
|
|||||||
|
# uwsgi configuration file
|
||||||
|
# typical location of this file would be /etc/uwsgi/sites/etebase.ini
|
||||||
|
|
||||||
|
[uwsgi]
|
||||||
|
socket = /path/to/etebase_server.sock
|
||||||
|
chown-socket = EtebaseUser:www-data
|
||||||
|
chmod-socket = 660
|
||||||
|
vacuum = true
|
||||||
|
|
||||||
|
|
||||||
|
uid = EtebaseUser
|
||||||
|
chdir = /path/to/etebase
|
||||||
|
home = %(chdir)/.venv
|
||||||
|
module = etebase_server.wsgi
|
||||||
|
master = true
|
||||||
@ -1,15 +0,0 @@
|
|||||||
# uwsgi configuration file
|
|
||||||
# typical location of this file would be /etc/uwsgi/sites/etesync.ini
|
|
||||||
|
|
||||||
[uwsgi]
|
|
||||||
socket = /path/to/etesync_server.sock
|
|
||||||
chown-socket = EtesyncUser:www-data
|
|
||||||
chmod-socket = 660
|
|
||||||
vacuum = true
|
|
||||||
|
|
||||||
|
|
||||||
uid = EtesyncUser
|
|
||||||
chdir = /path/to/etesync
|
|
||||||
home = %(chdir)/.venv
|
|
||||||
module = etesync_server.wsgi
|
|
||||||
master = true
|
|
||||||
@ -1,30 +1,36 @@
|
|||||||
# nginx configuration for etesync server running on https://my.server.name
|
# nginx configuration for etebase server running on https://my.server.name
|
||||||
# typical location of this file would be /etc/nginx/sites-available/my.server.name.conf
|
# typical location of this file would be /etc/nginx/sites-available/my.server.name.conf
|
||||||
|
|
||||||
server {
|
server {
|
||||||
server_name my.server.name;
|
server_name my.server.name;
|
||||||
|
|
||||||
root /srv/http/etesync_server;
|
root /srv/http/etebase_server;
|
||||||
|
|
||||||
|
client_max_body_size 20M;
|
||||||
|
|
||||||
client_max_body_size 5M;
|
|
||||||
|
|
||||||
location /static {
|
location /static {
|
||||||
expires 1y;
|
expires 1y;
|
||||||
try_files $uri $uri/ =404;
|
try_files $uri $uri/ =404;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
location /media {
|
||||||
|
expires 1y;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
uwsgi_pass unix:/path/to/etesync_server.sock;
|
uwsgi_pass unix:/path/to/etebase_server.sock;
|
||||||
include uwsgi_params;
|
include uwsgi_params;
|
||||||
}
|
}
|
||||||
|
|
||||||
# change 443 to say 9443 to run on a non standard port
|
# change 443 to say 9443 to run on a non standard port
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl;
|
listen [::]:443 ssl;
|
||||||
# Enable these two instead of the two above if your nginx supports http2
|
# Enable these two instead of the two above if your nginx supports http2
|
||||||
# listen 443 ssl http2;
|
# listen 443 ssl http2;
|
||||||
# listen [::]:443 ssl http2;
|
# listen [::]:443 ssl http2;
|
||||||
|
|
||||||
ssl_certificate /path/to/certificate-file
|
ssl_certificate /path/to/certificate-file
|
||||||
ssl_certificate_key /path/to/certificate-key-file
|
ssl_certificate_key /path/to/certificate-key-file
|
||||||
# other ssl directives as needed
|
# other ssl directives as needed
|
||||||
|
}
|
||||||
|
|||||||
@ -1,20 +0,0 @@
|
|||||||
# Running `etesync` under `nginx` and `uwsgi`
|
|
||||||
|
|
||||||
This configuration assumes that etesync server has been installed in the home folder of a non privileged user
|
|
||||||
called `EtesyncUser` following the instructions in <https://github.com/etesync/server-skeleton>. Also that static
|
|
||||||
files have been collected at `/srv/http/etesync_server` by running the following commands:
|
|
||||||
|
|
||||||
sudo mkdir -p /srv/http/etesync_server/static
|
|
||||||
sudo chown -R EtesyncUser /srv/http/etesync_server
|
|
||||||
sudo su EtesyncUser
|
|
||||||
cd /path/to/etesync
|
|
||||||
ln -s /srv/http/etesync_server/static static
|
|
||||||
./manage.py collectstatic
|
|
||||||
|
|
||||||
It is also assumed that `nginx` and `uwsgi` have been installed system wide by `root`, and that `nginx` is running as user/group `www-data`.
|
|
||||||
|
|
||||||
In this setup, `uwsgi` running as a `systemd` service as `root` creates a unix socket with read-write access
|
|
||||||
to both `EtesyncUser` and `nginx`. It then drops its `root` privilege and runs `etesync` as `EtesyncUser`.
|
|
||||||
|
|
||||||
`nginx` listens on the `https` port (or a non standard port `https` port if desired), delivers static pages directly
|
|
||||||
and for everything else, communicates with `etesync` over the unix socket.
|
|
||||||
Loading…
Reference in New Issue