From ab91420bb64c8b0edde838cc3073ef8f361162ae Mon Sep 17 00:00:00 2001 From: jaseg Date: Mon, 6 Dec 2021 19:10:15 +0100 Subject: Add vcdrender app --- nginx.conf | 40 +++++++++++++++++++++++++++++ setup_vcd_render.yml | 64 ++++++++++++++++++++++++++++++++++++++++++++++ setup_webserver.yml | 2 ++ tmpfiles-vcdrender.conf.j2 | 1 + uwsgi-vcdrender.ini | 10 ++++++++ vcdrender.cfg.j2 | 2 ++ 6 files changed, 119 insertions(+) create mode 100644 setup_vcd_render.yml create mode 100644 tmpfiles-vcdrender.conf.j2 create mode 100644 uwsgi-vcdrender.ini create mode 100644 vcdrender.cfg.j2 diff --git a/nginx.conf b/nginx.conf index f14f370..cbae89b 100644 --- a/nginx.conf +++ b/nginx.conf @@ -344,6 +344,46 @@ http { } } + server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name vcdrender.jaseg.net; + root /usr/share/nginx/html; + + ssl_certificate "/etc/letsencrypt/live/vcdrender.jaseg.net/fullchain.pem"; + ssl_certificate_key "/etc/letsencrypt/live/vcdrender.jaseg.net/privkey.pem"; + ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem"; + include /etc/letsencrypt/options-ssl-nginx.conf; + + ssl_stapling on; + ssl_stapling_verify on; + + resolver 67.207.67.2 67.207.67.3 valid=300s; + resolver_timeout 10s; + client_max_body_size 10M; + + add_header Strict-Transport-Security "max-age=86400"; + + # Load configuration files for the default server block. + include /etc/nginx/default.d/*.conf; + + + location / { + include uwsgi_params; + uwsgi_pass unix:/run/uwsgi/vcdrender.socket; + } + + error_page 404 /404.html; + location = /40x.html { + root /usr/share/nginx/html; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + } + server { listen 443 ssl http2; listen [::]:443 ssl http2; diff --git a/setup_vcd_render.yml b/setup_vcd_render.yml new file mode 100644 index 0000000..0a8ed5d --- /dev/null +++ b/setup_vcd_render.yml @@ -0,0 +1,64 @@ +--- +- name: Set local facts + set_fact: + vcdrender_cache: /var/cache/vcd-render + +- name: Copy webapp sources + synchronize: + src: checkouts/vcd-render/ + dest: /var/lib/vcd-render + delete: true + group: no + owner: no + +- name: Create uwsgi worker user and group + user: + name: uwsgi-vcdrender + create_home: no + group: uwsgi + password: '!' + shell: /sbin/nologin + system: yes + +- name: Template webapp config + template: + src: vcdrender.cfg.j2 + dest: /var/lib/pogojig/pogojig_prod.cfg + owner: uwsgi-pogojig + group: root + mode: 0660 + +- name: Copy uwsgi config + copy: + src: uwsgi-vcdrender.ini + dest: /etc/uwsgi.d/vcdrender.ini + owner: uwsgi-vcdrender + group: uwsgi + mode: 440 + +- name: Enable uwsgi systemd socket + systemd: + daemon-reload: yes + name: uwsgi-app@vcdrender.socket + enabled: yes + +# FIXME the socket doesn't seem to work properly +- name: Enable uwsgi systemd service + systemd: + daemon-reload: yes + name: uwsgi-app@vcdrender.service + enabled: yes + +- name: Copy pogojig cache dir tmpfiles.d config + template: + src: tmpfiles-vcdrender.conf.j2 + dest: /etc/tmpfiles.d/vcdrender.conf + owner: root + group: root + mode: 0644 + register: vcdrender_tmpfiles_config + +- name: Kick systemd tmpfiles service to create cache dir + command: systemd-tmpfiles --create + when: vcdrender_tmpfiles_config is changed + diff --git a/setup_webserver.yml b/setup_webserver.yml index 552711f..3c6c868 100644 --- a/setup_webserver.yml +++ b/setup_webserver.yml @@ -62,12 +62,14 @@ - blog.jaseg.net - blog.jaseg.de - kochbuch.jaseg.net + - kochbuch.jaseg.de - gerbolyze.jaseg.net - tracespace.jaseg.net - openjscad.jaseg.net - pogojig.jaseg.net - automation.jaseg.de - dyndns.jaseg.de + - vcdrender.jaseg.de - name: Copy final nginx config copy: diff --git a/tmpfiles-vcdrender.conf.j2 b/tmpfiles-vcdrender.conf.j2 new file mode 100644 index 0000000..3f27dda --- /dev/null +++ b/tmpfiles-vcdrender.conf.j2 @@ -0,0 +1 @@ +d {{vcdrender_cache}} 770 uwsgi-vcdrender uwsgi 2d diff --git a/uwsgi-vcdrender.ini b/uwsgi-vcdrender.ini new file mode 100644 index 0000000..c4df516 --- /dev/null +++ b/uwsgi-vcdrender.ini @@ -0,0 +1,10 @@ +[uwsgi] +master = True +cheap = True +die-on-idle = False +manage-script-name = True +plugins = python3 +chdir = /var/lib/vcd-render +mount = /=pogojig:app +env = VCD8SEG_SETTINGS=vcdrender_prod.cfg + diff --git a/vcdrender.cfg.j2 b/vcdrender.cfg.j2 new file mode 100644 index 0000000..2026606 --- /dev/null +++ b/vcdrender.cfg.j2 @@ -0,0 +1,2 @@ +SECRET_KEY="{{lookup('password', 'vcdrender_flask_secret.txt length=32')}}" +UPLOAD_PATH="{{pogojig_cache}}/upload" -- cgit