forked from ScoDoc/DocScoDoc
installation avec nginx + service scodoc9
This commit is contained in:
parent
09af326b03
commit
614810cf50
@ -1,7 +1,6 @@
|
|||||||
# -*- coding: UTF-8 -*
|
# -*- coding: UTF-8 -*
|
||||||
# pylint: disable=invalid-name
|
# pylint: disable=invalid-name
|
||||||
|
|
||||||
from app.scodoc.sco_exceptions import ScoValueError
|
|
||||||
import os
|
import os
|
||||||
import sys
|
import sys
|
||||||
|
|
||||||
@ -21,6 +20,7 @@ from flask_bootstrap import Bootstrap
|
|||||||
from flask_moment import Moment
|
from flask_moment import Moment
|
||||||
from flask_caching import Cache
|
from flask_caching import Cache
|
||||||
|
|
||||||
|
from app.scodoc.sco_exceptions import ScoValueError
|
||||||
from config import DevConfig
|
from config import DevConfig
|
||||||
import sco_version
|
import sco_version
|
||||||
|
|
||||||
@ -103,7 +103,8 @@ def create_app(config_class=DevConfig):
|
|||||||
)
|
)
|
||||||
mail_handler.setLevel(logging.ERROR)
|
mail_handler.setLevel(logging.ERROR)
|
||||||
app.logger.addHandler(mail_handler)
|
app.logger.addHandler(mail_handler)
|
||||||
|
if not app.testing:
|
||||||
|
# Configuration des logs (actifs aussi en mode development)
|
||||||
if not os.path.exists("logs"):
|
if not os.path.exists("logs"):
|
||||||
os.mkdir("logs")
|
os.mkdir("logs")
|
||||||
file_handler = TimedRotatingFileHandler(
|
file_handler = TimedRotatingFileHandler(
|
||||||
@ -113,7 +114,7 @@ def create_app(config_class=DevConfig):
|
|||||||
)
|
)
|
||||||
file_handler.setFormatter(
|
file_handler.setFormatter(
|
||||||
logging.Formatter(
|
logging.Formatter(
|
||||||
"%(asctime)s %(levelname)s: %(message)s " "[in %(pathname)s:%(lineno)d]"
|
"%(asctime)s pid=%(process)d th=%(thread)s %(levelname)s: %(message)s " # "[in %(pathname)s:%(lineno)d]"
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
file_handler.setLevel(logging.INFO)
|
file_handler.setLevel(logging.INFO)
|
||||||
|
@ -173,7 +173,7 @@ class NotesTable(object):
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
def __init__(self, formsemestre_id):
|
def __init__(self, formsemestre_id):
|
||||||
log(f"[pid={os.getpid()}] NotesTable( formsemestre_id={formsemestre_id} )")
|
log(f"NotesTable( formsemestre_id={formsemestre_id} )")
|
||||||
if not formsemestre_id:
|
if not formsemestre_id:
|
||||||
raise ValueError("invalid formsemestre_id (%s)" % formsemestre_id)
|
raise ValueError("invalid formsemestre_id (%s)" % formsemestre_id)
|
||||||
self.formsemestre_id = formsemestre_id
|
self.formsemestre_id = formsemestre_id
|
||||||
@ -357,9 +357,7 @@ class NotesTable(object):
|
|||||||
#
|
#
|
||||||
self.compute_moy_moy()
|
self.compute_moy_moy()
|
||||||
#
|
#
|
||||||
log(
|
log(f"NotesTable( formsemestre_id={formsemestre_id} ) done.")
|
||||||
f"[pid={os.getpid()}] NotesTable( formsemestre_id={formsemestre_id} ) done."
|
|
||||||
)
|
|
||||||
|
|
||||||
def get_etudids(self, sorted=False):
|
def get_etudids(self, sorted=False):
|
||||||
if sorted:
|
if sorted:
|
||||||
|
@ -52,7 +52,7 @@ class ProdConfig(Config):
|
|||||||
class DevConfig(Config):
|
class DevConfig(Config):
|
||||||
FLASK_ENV = "development"
|
FLASK_ENV = "development"
|
||||||
DEBUG = True
|
DEBUG = True
|
||||||
TESTING = True
|
TESTING = False
|
||||||
SQLALCHEMY_DATABASE_URI = (
|
SQLALCHEMY_DATABASE_URI = (
|
||||||
os.environ.get("SCODOC_DEV_DATABASE_URI") or "postgresql:///SCODOC_DEV"
|
os.environ.get("SCODOC_DEV_DATABASE_URI") or "postgresql:///SCODOC_DEV"
|
||||||
)
|
)
|
||||||
@ -60,6 +60,7 @@ class DevConfig(Config):
|
|||||||
|
|
||||||
|
|
||||||
class TestConfig(DevConfig):
|
class TestConfig(DevConfig):
|
||||||
|
TESTING = True
|
||||||
SQLALCHEMY_DATABASE_URI = (
|
SQLALCHEMY_DATABASE_URI = (
|
||||||
os.environ.get("SCODOC_TEST_DATABASE_URI") or "postgresql:///SCODOC_TEST"
|
os.environ.get("SCODOC_TEST_DATABASE_URI") or "postgresql:///SCODOC_TEST"
|
||||||
)
|
)
|
||||||
|
37
tools/etc/scodoc9.nginx
Normal file
37
tools/etc/scodoc9.nginx
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
# BASIC SCODOC 9 CONFIG FOR NGINX
|
||||||
|
# EV, Aug 2021
|
||||||
|
|
||||||
|
server {
|
||||||
|
# listen on port 80 (http)
|
||||||
|
listen 80;
|
||||||
|
server_name _;
|
||||||
|
location / {
|
||||||
|
# redirect any requests to the same URL but on https
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
# listen on port 443 (https)
|
||||||
|
listen 443 ssl;
|
||||||
|
server_name _;
|
||||||
|
# location of the self-signed SSL certificate
|
||||||
|
ssl_certificate /opt/scodoc-data/certs/cert.pem;
|
||||||
|
ssl_certificate_key /opt/scodoc-data/certs/key.pem;
|
||||||
|
# write access and error logs to /var/log
|
||||||
|
access_log /var/log/scodoc_access.log;
|
||||||
|
error_log /var/log/scodoc_error.log;
|
||||||
|
location / {
|
||||||
|
# forward application requests to the gunicorn server
|
||||||
|
proxy_pass http://localhost:8000;
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /static {
|
||||||
|
# handle static files directly, without forwarding to the application
|
||||||
|
alias /opt/scodoc/app/static;
|
||||||
|
expires 5d;
|
||||||
|
}
|
||||||
|
}
|
@ -2,6 +2,12 @@
|
|||||||
# Flask based
|
# Flask based
|
||||||
# a priori on ne dépend plus de postgresql ? XXX
|
# a priori on ne dépend plus de postgresql ? XXX
|
||||||
# inspiré par https://blog.miguelgrinberg.com/post/running-a-flask-application-as-a-service-with-systemd
|
# inspiré par https://blog.miguelgrinberg.com/post/running-a-flask-application-as-a-service-with-systemd
|
||||||
|
#
|
||||||
|
# A copier dans /etc/systemd/system/scodoc9.service
|
||||||
|
# puis
|
||||||
|
# sudo systemctl daemon-reload
|
||||||
|
# sudo systemctl start scodoc9
|
||||||
|
#
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=ScoDoc 9 service
|
Description=ScoDoc 9 service
|
||||||
After=network.target
|
After=network.target
|
||||||
@ -13,10 +19,9 @@ After=network.target
|
|||||||
User=scodoc
|
User=scodoc
|
||||||
Group=scodoc
|
Group=scodoc
|
||||||
WorkingDirectory=/opt/scodoc
|
WorkingDirectory=/opt/scodoc
|
||||||
|
#Environment=FLASK_ENV=production
|
||||||
ExecStart=/opt/scodoc/venv/bin/gunicorn -b localhost:8000 -w 4 scodoc:app
|
ExecStart=/opt/scodoc/venv/bin/gunicorn -b localhost:8000 -w 4 scodoc:app
|
||||||
Restart=always
|
Restart=always
|
||||||
# Environment=FLASK_CONFIG=production
|
|
||||||
Restart=always
|
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
@ -59,6 +59,7 @@ apt-get -y install python3-pip
|
|||||||
apt-get install -y python3-wheel
|
apt-get install -y python3-wheel
|
||||||
apt-get -y install libpq-dev
|
apt-get -y install libpq-dev
|
||||||
apt-get -y install libcrack2-dev
|
apt-get -y install libcrack2-dev
|
||||||
|
apt-get -y install nginx
|
||||||
apt-get -y install postgresql
|
apt-get -y install postgresql
|
||||||
apt-get -y install redis
|
apt-get -y install redis
|
||||||
apt-get -y install curl
|
apt-get -y install curl
|
||||||
@ -113,106 +114,61 @@ fi
|
|||||||
init_postgres_user
|
init_postgres_user
|
||||||
|
|
||||||
|
|
||||||
|
# ------------ CONFIG NGINX
|
||||||
|
|
||||||
|
echo
|
||||||
|
echo "La configuration du serveur web peut modifier l'installation nginx pour supporter ScoDoc."
|
||||||
|
echo -n "Voulez-vous configurer le serveur web nginx maintenant (vivement conseillé) ? (y/n) [y] "
|
||||||
|
read -r ans
|
||||||
|
if [ "$(norm_ans "$ans")" != 'N' ]
|
||||||
|
then
|
||||||
|
echo "Configuration du serveur web nginx"
|
||||||
|
# --- CERTIFICATS AUTO-SIGNES
|
||||||
|
echo
|
||||||
|
echo "Il est possible d'utiliser des certificats cryptographiques"
|
||||||
|
echo "auto-signés, qui ne seront pas reconnus comme de confiance"
|
||||||
|
echo "par les navigateurs, permettent de tester."
|
||||||
|
echo "Si vous avez déjà de vrais certificats, passez cette étape et installez-les ensuite."
|
||||||
|
echo -n 'Voulez-vous générer des certificats ssl auto-signés ? (y/n) [y] '
|
||||||
|
read -r ans
|
||||||
|
if [ "$(norm_ans "$ans")" != 'N' ]
|
||||||
|
then
|
||||||
|
# generation des certifs: cert.pem key.pem dans /opt/scodoc-data/certs/
|
||||||
|
su -c "(cd $SCODOC_VAR_DIR && mkdir -p certs && openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -keyout certs/key.pem -out certs/cert.pem)" "$SCODOC_USER"
|
||||||
|
cert_status=$?
|
||||||
|
else
|
||||||
|
cert_status=-1
|
||||||
|
fi
|
||||||
|
# ---
|
||||||
|
echo 'copie de la configuration nginx'
|
||||||
|
cp -p "$SCODOC_DIR"/tools/etc/scodoc9.nginx /etc/nginx/sites-available/
|
||||||
|
ln -s /etc/nginx/sites-available/scodoc9.nginx /etc/nginx/sites-enabled/
|
||||||
|
/bin/rm -f /etc/nginx/sites-enabled/default
|
||||||
|
fi
|
||||||
|
|
||||||
|
systemctl restart nginx
|
||||||
|
|
||||||
|
# ------------ CONFIG SERVICE SCODOC
|
||||||
|
echo
|
||||||
|
echo "Installation du service systemd scodoc9..."
|
||||||
|
# ScoDoc 7.19+ uses systemd
|
||||||
|
cp "$SCODOC_DIR"/tools/etc/scodoc9.service /etc/systemd/system/
|
||||||
|
systemctl daemon-reload
|
||||||
|
|
||||||
|
|
||||||
# --- XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX ---
|
# --- XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX ---
|
||||||
echo
|
echo
|
||||||
echo "WARNING: version ScoDoc 9 expérimentale"
|
echo "WARNING: version ScoDoc 9 expérimentale"
|
||||||
echo "Ne pas utiliser en production !"
|
echo "Ne pas utiliser en production !"
|
||||||
echo
|
echo
|
||||||
echo "Pour lancer le serveur de développement: voir README"
|
echo "Pour lancer le serveur de développement: voir README"
|
||||||
|
echo
|
||||||
|
echo "Pour lancer scodoc9: systemctl start scodoc9"
|
||||||
|
echo "(les logs sont dans /opt/scodoc-data/logs)"
|
||||||
exit 0
|
exit 0
|
||||||
# --- XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX ---
|
# --- XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX ---
|
||||||
|
|
||||||
# Nota: after this point, the network _may_ be unreachable
|
# XXX SUITE A TERMINER !
|
||||||
# (if firewall config is wrong)
|
|
||||||
|
|
||||||
# ------------ CONFIG NGINX
|
|
||||||
a2enmod ssl
|
|
||||||
a2enmod proxy
|
|
||||||
a2enmod proxy_http
|
|
||||||
a2enmod rewrite
|
|
||||||
|
|
||||||
echo
|
|
||||||
echo "La configuration du serveur web va modifier votre installation Apache pour supporter ScoDoc."
|
|
||||||
echo -n "Voulez vous configurer le serveur web Apache maintenant (tres conseille) ? (y/n) [y] "
|
|
||||||
read -r ans
|
|
||||||
if [ "$(norm_ans "$ans")" != 'N' ]
|
|
||||||
then
|
|
||||||
echo "Configuration d'Apache"
|
|
||||||
server_name=""
|
|
||||||
while [ -z "$server_name" ]
|
|
||||||
do
|
|
||||||
echo "Le nom de votre serveur doit normalement etre connu dans le DNS."
|
|
||||||
echo -n "Nom complet de votre serveur (exemple: notes.univ.fr): "
|
|
||||||
read -r server_name
|
|
||||||
done
|
|
||||||
# --- CERTIFICATS AUTO-SIGNES
|
|
||||||
echo
|
|
||||||
echo "Il est possible d'utiliser des certificats cryptographiques"
|
|
||||||
echo "auto-signes, qui ne seront pas reconnus comme de confiance"
|
|
||||||
echo "par les navigateurs, mais offrent une certaine securite."
|
|
||||||
echo -n 'Voulez vous generer des certificats ssl auto-signes ? (y/n) [y] '
|
|
||||||
read -r ans
|
|
||||||
if [ "$(norm_ans "$ans")" != 'N' ]
|
|
||||||
then
|
|
||||||
# attention: utilise dans scodoc-site-ssl.orig
|
|
||||||
ssl_dir=/etc/apache2/scodoc-ssl
|
|
||||||
if [ ! -e $ssl_dir ]
|
|
||||||
then
|
|
||||||
mkdir $ssl_dir
|
|
||||||
fi
|
|
||||||
/usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf $ssl_dir/apache.pem
|
|
||||||
cert_status=$?
|
|
||||||
else
|
|
||||||
cert_status=-1
|
|
||||||
fi
|
|
||||||
# ---
|
|
||||||
echo 'generation de /etc/apache2/sites-available/scodoc-site-ssl'
|
|
||||||
cat "$SCODOC_DIR"/tools/etc/scodoc-site-ssl-apache2.4.orig | sed -e "s:YOUR\.FULL\.HOST\.NAME:$server_name:g" > /etc/apache2/sites-available/scodoc-site-ssl.conf
|
|
||||||
echo 'activation du site...'
|
|
||||||
a2ensite scodoc-site-ssl
|
|
||||||
|
|
||||||
echo 'Remplacement du site Apache par defaut (sic ! old saved as .bak)'
|
|
||||||
fn=/etc/apache2/sites-available/000-default.conf
|
|
||||||
if [ -e $fn ]
|
|
||||||
then
|
|
||||||
mv $fn $fn.bak
|
|
||||||
fi
|
|
||||||
cp "$SCODOC_DIR"/tools/etc/scodoc-site.orig $fn
|
|
||||||
|
|
||||||
if [ -z "$(grep Listen /etc/apache2/ports.conf | grep 443)" ]
|
|
||||||
then
|
|
||||||
echo 'adding port 443'
|
|
||||||
echo 'Listen 443' >> /etc/apache2/ports.conf
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo 'configuring Apache proxy'
|
|
||||||
mv /etc/apache2/mods-available/proxy.conf /etc/apache2/mods-available/proxy.conf.bak
|
|
||||||
cat > /etc/apache2/mods-available/proxy.conf <<EOF
|
|
||||||
<IfModule mod_proxy.c>
|
|
||||||
# Proxy config for ScoDoc default installation
|
|
||||||
ProxyRequests Off
|
|
||||||
<ProxyMatch http://localhost:8080>
|
|
||||||
Order deny,allow
|
|
||||||
Allow from all
|
|
||||||
</ProxyMatch>
|
|
||||||
</IfModule>
|
|
||||||
EOF
|
|
||||||
|
|
||||||
fi
|
|
||||||
|
|
||||||
systemctl restart apache2
|
|
||||||
|
|
||||||
# ------------ CONFIG SERVICE SCODOC
|
|
||||||
echo
|
|
||||||
echo "Installer le service scodoc permet de lancer automatiquement le serveur au demarrage."
|
|
||||||
echo -n "Voulez vous installer le service scodoc ? (y/n) [y] "
|
|
||||||
read ans
|
|
||||||
if [ "$(norm_ans "$ans")" != 'N' ]
|
|
||||||
then
|
|
||||||
# ScoDoc 7.19+ uses systemd
|
|
||||||
$SCODOC_DIR/tools/configure_systemd.sh
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# ------------ CONFIG MISE A JOUR HEBDOMADAIRE
|
# ------------ CONFIG MISE A JOUR HEBDOMADAIRE
|
||||||
echo
|
echo
|
||||||
|
Loading…
Reference in New Issue
Block a user