From 614810cf50a5af49a8219b70f3b92436a8f111f1 Mon Sep 17 00:00:00 2001 From: Emmanuel Viennet Date: Sat, 21 Aug 2021 19:51:33 +0200 Subject: [PATCH] installation avec nginx + service scodoc9 --- app/__init__.py | 7 +- app/scodoc/notes_table.py | 6 +- config.py | 3 +- tools/etc/scodoc9.nginx | 37 ++++++++++ tools/etc/scodoc9.service | 9 ++- tools/install_debian11.sh | 138 +++++++++++++------------------------- 6 files changed, 99 insertions(+), 101 deletions(-) create mode 100644 tools/etc/scodoc9.nginx diff --git a/app/__init__.py b/app/__init__.py index fd3cd26a..5c403923 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -1,7 +1,6 @@ # -*- coding: UTF-8 -* # pylint: disable=invalid-name -from app.scodoc.sco_exceptions import ScoValueError import os import sys @@ -21,6 +20,7 @@ from flask_bootstrap import Bootstrap from flask_moment import Moment from flask_caching import Cache +from app.scodoc.sco_exceptions import ScoValueError from config import DevConfig import sco_version @@ -103,7 +103,8 @@ def create_app(config_class=DevConfig): ) mail_handler.setLevel(logging.ERROR) app.logger.addHandler(mail_handler) - + if not app.testing: + # Configuration des logs (actifs aussi en mode development) if not os.path.exists("logs"): os.mkdir("logs") file_handler = TimedRotatingFileHandler( @@ -113,7 +114,7 @@ def create_app(config_class=DevConfig): ) file_handler.setFormatter( logging.Formatter( - "%(asctime)s %(levelname)s: %(message)s " "[in %(pathname)s:%(lineno)d]" + "%(asctime)s pid=%(process)d th=%(thread)s %(levelname)s: %(message)s " # "[in %(pathname)s:%(lineno)d]" ) ) file_handler.setLevel(logging.INFO) diff --git a/app/scodoc/notes_table.py b/app/scodoc/notes_table.py index 3f015524..bfd7c9e2 100644 --- a/app/scodoc/notes_table.py +++ b/app/scodoc/notes_table.py @@ -173,7 +173,7 @@ class NotesTable(object): """ def __init__(self, formsemestre_id): - log(f"[pid={os.getpid()}] NotesTable( formsemestre_id={formsemestre_id} )") + log(f"NotesTable( formsemestre_id={formsemestre_id} )") if not formsemestre_id: raise ValueError("invalid formsemestre_id (%s)" % formsemestre_id) self.formsemestre_id = formsemestre_id @@ -357,9 +357,7 @@ class NotesTable(object): # self.compute_moy_moy() # - log( - f"[pid={os.getpid()}] NotesTable( formsemestre_id={formsemestre_id} ) done." - ) + log(f"NotesTable( formsemestre_id={formsemestre_id} ) done.") def get_etudids(self, sorted=False): if sorted: diff --git a/config.py b/config.py index f854b786..ced04ffb 100755 --- a/config.py +++ b/config.py @@ -52,7 +52,7 @@ class ProdConfig(Config): class DevConfig(Config): FLASK_ENV = "development" DEBUG = True - TESTING = True + TESTING = False SQLALCHEMY_DATABASE_URI = ( os.environ.get("SCODOC_DEV_DATABASE_URI") or "postgresql:///SCODOC_DEV" ) @@ -60,6 +60,7 @@ class DevConfig(Config): class TestConfig(DevConfig): + TESTING = True SQLALCHEMY_DATABASE_URI = ( os.environ.get("SCODOC_TEST_DATABASE_URI") or "postgresql:///SCODOC_TEST" ) diff --git a/tools/etc/scodoc9.nginx b/tools/etc/scodoc9.nginx new file mode 100644 index 00000000..ab80d3a4 --- /dev/null +++ b/tools/etc/scodoc9.nginx @@ -0,0 +1,37 @@ +# BASIC SCODOC 9 CONFIG FOR NGINX +# EV, Aug 2021 + +server { + # listen on port 80 (http) + listen 80; + server_name _; + location / { + # redirect any requests to the same URL but on https + return 301 https://$host$request_uri; + } +} +server { + # listen on port 443 (https) + listen 443 ssl; + server_name _; + # location of the self-signed SSL certificate + ssl_certificate /opt/scodoc-data/certs/cert.pem; + ssl_certificate_key /opt/scodoc-data/certs/key.pem; + # write access and error logs to /var/log + access_log /var/log/scodoc_access.log; + error_log /var/log/scodoc_error.log; + location / { + # forward application requests to the gunicorn server + proxy_pass http://localhost:8000; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + location /static { + # handle static files directly, without forwarding to the application + alias /opt/scodoc/app/static; + expires 5d; + } +} diff --git a/tools/etc/scodoc9.service b/tools/etc/scodoc9.service index 0e364b5a..6d0f223e 100644 --- a/tools/etc/scodoc9.service +++ b/tools/etc/scodoc9.service @@ -2,6 +2,12 @@ # Flask based # a priori on ne dépend plus de postgresql ? XXX # inspiré par https://blog.miguelgrinberg.com/post/running-a-flask-application-as-a-service-with-systemd +# +# A copier dans /etc/systemd/system/scodoc9.service +# puis +# sudo systemctl daemon-reload +# sudo systemctl start scodoc9 +# [Unit] Description=ScoDoc 9 service After=network.target @@ -13,10 +19,9 @@ After=network.target User=scodoc Group=scodoc WorkingDirectory=/opt/scodoc +#Environment=FLASK_ENV=production ExecStart=/opt/scodoc/venv/bin/gunicorn -b localhost:8000 -w 4 scodoc:app Restart=always -# Environment=FLASK_CONFIG=production -Restart=always [Install] WantedBy=multi-user.target \ No newline at end of file diff --git a/tools/install_debian11.sh b/tools/install_debian11.sh index 39ab65a5..74c59cea 100755 --- a/tools/install_debian11.sh +++ b/tools/install_debian11.sh @@ -59,6 +59,7 @@ apt-get -y install python3-pip apt-get install -y python3-wheel apt-get -y install libpq-dev apt-get -y install libcrack2-dev +apt-get -y install nginx apt-get -y install postgresql apt-get -y install redis apt-get -y install curl @@ -113,106 +114,61 @@ fi init_postgres_user +# ------------ CONFIG NGINX + +echo +echo "La configuration du serveur web peut modifier l'installation nginx pour supporter ScoDoc." +echo -n "Voulez-vous configurer le serveur web nginx maintenant (vivement conseillé) ? (y/n) [y] " +read -r ans +if [ "$(norm_ans "$ans")" != 'N' ] +then + echo "Configuration du serveur web nginx" + # --- CERTIFICATS AUTO-SIGNES + echo + echo "Il est possible d'utiliser des certificats cryptographiques" + echo "auto-signés, qui ne seront pas reconnus comme de confiance" + echo "par les navigateurs, permettent de tester." + echo "Si vous avez déjà de vrais certificats, passez cette étape et installez-les ensuite." + echo -n 'Voulez-vous générer des certificats ssl auto-signés ? (y/n) [y] ' + read -r ans + if [ "$(norm_ans "$ans")" != 'N' ] + then + # generation des certifs: cert.pem key.pem dans /opt/scodoc-data/certs/ + su -c "(cd $SCODOC_VAR_DIR && mkdir -p certs && openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -keyout certs/key.pem -out certs/cert.pem)" "$SCODOC_USER" + cert_status=$? + else + cert_status=-1 + fi + # --- + echo 'copie de la configuration nginx' + cp -p "$SCODOC_DIR"/tools/etc/scodoc9.nginx /etc/nginx/sites-available/ + ln -s /etc/nginx/sites-available/scodoc9.nginx /etc/nginx/sites-enabled/ + /bin/rm -f /etc/nginx/sites-enabled/default +fi + +systemctl restart nginx + +# ------------ CONFIG SERVICE SCODOC +echo +echo "Installation du service systemd scodoc9..." +# ScoDoc 7.19+ uses systemd +cp "$SCODOC_DIR"/tools/etc/scodoc9.service /etc/systemd/system/ +systemctl daemon-reload + + # --- XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX --- echo echo "WARNING: version ScoDoc 9 expérimentale" echo "Ne pas utiliser en production !" echo echo "Pour lancer le serveur de développement: voir README" +echo +echo "Pour lancer scodoc9: systemctl start scodoc9" +echo "(les logs sont dans /opt/scodoc-data/logs)" exit 0 # --- XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX --- -# Nota: after this point, the network _may_ be unreachable -# (if firewall config is wrong) - -# ------------ CONFIG NGINX -a2enmod ssl -a2enmod proxy -a2enmod proxy_http -a2enmod rewrite - -echo -echo "La configuration du serveur web va modifier votre installation Apache pour supporter ScoDoc." -echo -n "Voulez vous configurer le serveur web Apache maintenant (tres conseille) ? (y/n) [y] " -read -r ans -if [ "$(norm_ans "$ans")" != 'N' ] -then - echo "Configuration d'Apache" - server_name="" - while [ -z "$server_name" ] - do - echo "Le nom de votre serveur doit normalement etre connu dans le DNS." - echo -n "Nom complet de votre serveur (exemple: notes.univ.fr): " - read -r server_name - done - # --- CERTIFICATS AUTO-SIGNES - echo - echo "Il est possible d'utiliser des certificats cryptographiques" - echo "auto-signes, qui ne seront pas reconnus comme de confiance" - echo "par les navigateurs, mais offrent une certaine securite." - echo -n 'Voulez vous generer des certificats ssl auto-signes ? (y/n) [y] ' - read -r ans - if [ "$(norm_ans "$ans")" != 'N' ] - then - # attention: utilise dans scodoc-site-ssl.orig - ssl_dir=/etc/apache2/scodoc-ssl - if [ ! -e $ssl_dir ] - then - mkdir $ssl_dir - fi - /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf $ssl_dir/apache.pem - cert_status=$? - else - cert_status=-1 - fi - # --- - echo 'generation de /etc/apache2/sites-available/scodoc-site-ssl' - cat "$SCODOC_DIR"/tools/etc/scodoc-site-ssl-apache2.4.orig | sed -e "s:YOUR\.FULL\.HOST\.NAME:$server_name:g" > /etc/apache2/sites-available/scodoc-site-ssl.conf - echo 'activation du site...' - a2ensite scodoc-site-ssl - - echo 'Remplacement du site Apache par defaut (sic ! old saved as .bak)' - fn=/etc/apache2/sites-available/000-default.conf - if [ -e $fn ] - then - mv $fn $fn.bak - fi - cp "$SCODOC_DIR"/tools/etc/scodoc-site.orig $fn - - if [ -z "$(grep Listen /etc/apache2/ports.conf | grep 443)" ] - then - echo 'adding port 443' - echo 'Listen 443' >> /etc/apache2/ports.conf - fi - - echo 'configuring Apache proxy' - mv /etc/apache2/mods-available/proxy.conf /etc/apache2/mods-available/proxy.conf.bak - cat > /etc/apache2/mods-available/proxy.conf < -# Proxy config for ScoDoc default installation -ProxyRequests Off - - Order deny,allow - Allow from all - - -EOF - -fi - -systemctl restart apache2 - -# ------------ CONFIG SERVICE SCODOC -echo -echo "Installer le service scodoc permet de lancer automatiquement le serveur au demarrage." -echo -n "Voulez vous installer le service scodoc ? (y/n) [y] " -read ans -if [ "$(norm_ans "$ans")" != 'N' ] -then - # ScoDoc 7.19+ uses systemd - $SCODOC_DIR/tools/configure_systemd.sh -fi - +# XXX SUITE A TERMINER ! # ------------ CONFIG MISE A JOUR HEBDOMADAIRE echo