forked from ScoDoc/DocScoDoc
installation avec nginx + service scodoc9
This commit is contained in:
parent
09af326b03
commit
614810cf50
@ -1,7 +1,6 @@
|
||||
# -*- coding: UTF-8 -*
|
||||
# pylint: disable=invalid-name
|
||||
|
||||
from app.scodoc.sco_exceptions import ScoValueError
|
||||
import os
|
||||
import sys
|
||||
|
||||
@ -21,6 +20,7 @@ from flask_bootstrap import Bootstrap
|
||||
from flask_moment import Moment
|
||||
from flask_caching import Cache
|
||||
|
||||
from app.scodoc.sco_exceptions import ScoValueError
|
||||
from config import DevConfig
|
||||
import sco_version
|
||||
|
||||
@ -103,7 +103,8 @@ def create_app(config_class=DevConfig):
|
||||
)
|
||||
mail_handler.setLevel(logging.ERROR)
|
||||
app.logger.addHandler(mail_handler)
|
||||
|
||||
if not app.testing:
|
||||
# Configuration des logs (actifs aussi en mode development)
|
||||
if not os.path.exists("logs"):
|
||||
os.mkdir("logs")
|
||||
file_handler = TimedRotatingFileHandler(
|
||||
@ -113,7 +114,7 @@ def create_app(config_class=DevConfig):
|
||||
)
|
||||
file_handler.setFormatter(
|
||||
logging.Formatter(
|
||||
"%(asctime)s %(levelname)s: %(message)s " "[in %(pathname)s:%(lineno)d]"
|
||||
"%(asctime)s pid=%(process)d th=%(thread)s %(levelname)s: %(message)s " # "[in %(pathname)s:%(lineno)d]"
|
||||
)
|
||||
)
|
||||
file_handler.setLevel(logging.INFO)
|
||||
|
@ -173,7 +173,7 @@ class NotesTable(object):
|
||||
"""
|
||||
|
||||
def __init__(self, formsemestre_id):
|
||||
log(f"[pid={os.getpid()}] NotesTable( formsemestre_id={formsemestre_id} )")
|
||||
log(f"NotesTable( formsemestre_id={formsemestre_id} )")
|
||||
if not formsemestre_id:
|
||||
raise ValueError("invalid formsemestre_id (%s)" % formsemestre_id)
|
||||
self.formsemestre_id = formsemestre_id
|
||||
@ -357,9 +357,7 @@ class NotesTable(object):
|
||||
#
|
||||
self.compute_moy_moy()
|
||||
#
|
||||
log(
|
||||
f"[pid={os.getpid()}] NotesTable( formsemestre_id={formsemestre_id} ) done."
|
||||
)
|
||||
log(f"NotesTable( formsemestre_id={formsemestre_id} ) done.")
|
||||
|
||||
def get_etudids(self, sorted=False):
|
||||
if sorted:
|
||||
|
@ -52,7 +52,7 @@ class ProdConfig(Config):
|
||||
class DevConfig(Config):
|
||||
FLASK_ENV = "development"
|
||||
DEBUG = True
|
||||
TESTING = True
|
||||
TESTING = False
|
||||
SQLALCHEMY_DATABASE_URI = (
|
||||
os.environ.get("SCODOC_DEV_DATABASE_URI") or "postgresql:///SCODOC_DEV"
|
||||
)
|
||||
@ -60,6 +60,7 @@ class DevConfig(Config):
|
||||
|
||||
|
||||
class TestConfig(DevConfig):
|
||||
TESTING = True
|
||||
SQLALCHEMY_DATABASE_URI = (
|
||||
os.environ.get("SCODOC_TEST_DATABASE_URI") or "postgresql:///SCODOC_TEST"
|
||||
)
|
||||
|
37
tools/etc/scodoc9.nginx
Normal file
37
tools/etc/scodoc9.nginx
Normal file
@ -0,0 +1,37 @@
|
||||
# BASIC SCODOC 9 CONFIG FOR NGINX
|
||||
# EV, Aug 2021
|
||||
|
||||
server {
|
||||
# listen on port 80 (http)
|
||||
listen 80;
|
||||
server_name _;
|
||||
location / {
|
||||
# redirect any requests to the same URL but on https
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
server {
|
||||
# listen on port 443 (https)
|
||||
listen 443 ssl;
|
||||
server_name _;
|
||||
# location of the self-signed SSL certificate
|
||||
ssl_certificate /opt/scodoc-data/certs/cert.pem;
|
||||
ssl_certificate_key /opt/scodoc-data/certs/key.pem;
|
||||
# write access and error logs to /var/log
|
||||
access_log /var/log/scodoc_access.log;
|
||||
error_log /var/log/scodoc_error.log;
|
||||
location / {
|
||||
# forward application requests to the gunicorn server
|
||||
proxy_pass http://localhost:8000;
|
||||
proxy_redirect off;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
||||
location /static {
|
||||
# handle static files directly, without forwarding to the application
|
||||
alias /opt/scodoc/app/static;
|
||||
expires 5d;
|
||||
}
|
||||
}
|
@ -2,6 +2,12 @@
|
||||
# Flask based
|
||||
# a priori on ne dépend plus de postgresql ? XXX
|
||||
# inspiré par https://blog.miguelgrinberg.com/post/running-a-flask-application-as-a-service-with-systemd
|
||||
#
|
||||
# A copier dans /etc/systemd/system/scodoc9.service
|
||||
# puis
|
||||
# sudo systemctl daemon-reload
|
||||
# sudo systemctl start scodoc9
|
||||
#
|
||||
[Unit]
|
||||
Description=ScoDoc 9 service
|
||||
After=network.target
|
||||
@ -13,10 +19,9 @@ After=network.target
|
||||
User=scodoc
|
||||
Group=scodoc
|
||||
WorkingDirectory=/opt/scodoc
|
||||
#Environment=FLASK_ENV=production
|
||||
ExecStart=/opt/scodoc/venv/bin/gunicorn -b localhost:8000 -w 4 scodoc:app
|
||||
Restart=always
|
||||
# Environment=FLASK_CONFIG=production
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -59,6 +59,7 @@ apt-get -y install python3-pip
|
||||
apt-get install -y python3-wheel
|
||||
apt-get -y install libpq-dev
|
||||
apt-get -y install libcrack2-dev
|
||||
apt-get -y install nginx
|
||||
apt-get -y install postgresql
|
||||
apt-get -y install redis
|
||||
apt-get -y install curl
|
||||
@ -113,106 +114,61 @@ fi
|
||||
init_postgres_user
|
||||
|
||||
|
||||
# ------------ CONFIG NGINX
|
||||
|
||||
echo
|
||||
echo "La configuration du serveur web peut modifier l'installation nginx pour supporter ScoDoc."
|
||||
echo -n "Voulez-vous configurer le serveur web nginx maintenant (vivement conseillé) ? (y/n) [y] "
|
||||
read -r ans
|
||||
if [ "$(norm_ans "$ans")" != 'N' ]
|
||||
then
|
||||
echo "Configuration du serveur web nginx"
|
||||
# --- CERTIFICATS AUTO-SIGNES
|
||||
echo
|
||||
echo "Il est possible d'utiliser des certificats cryptographiques"
|
||||
echo "auto-signés, qui ne seront pas reconnus comme de confiance"
|
||||
echo "par les navigateurs, permettent de tester."
|
||||
echo "Si vous avez déjà de vrais certificats, passez cette étape et installez-les ensuite."
|
||||
echo -n 'Voulez-vous générer des certificats ssl auto-signés ? (y/n) [y] '
|
||||
read -r ans
|
||||
if [ "$(norm_ans "$ans")" != 'N' ]
|
||||
then
|
||||
# generation des certifs: cert.pem key.pem dans /opt/scodoc-data/certs/
|
||||
su -c "(cd $SCODOC_VAR_DIR && mkdir -p certs && openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -keyout certs/key.pem -out certs/cert.pem)" "$SCODOC_USER"
|
||||
cert_status=$?
|
||||
else
|
||||
cert_status=-1
|
||||
fi
|
||||
# ---
|
||||
echo 'copie de la configuration nginx'
|
||||
cp -p "$SCODOC_DIR"/tools/etc/scodoc9.nginx /etc/nginx/sites-available/
|
||||
ln -s /etc/nginx/sites-available/scodoc9.nginx /etc/nginx/sites-enabled/
|
||||
/bin/rm -f /etc/nginx/sites-enabled/default
|
||||
fi
|
||||
|
||||
systemctl restart nginx
|
||||
|
||||
# ------------ CONFIG SERVICE SCODOC
|
||||
echo
|
||||
echo "Installation du service systemd scodoc9..."
|
||||
# ScoDoc 7.19+ uses systemd
|
||||
cp "$SCODOC_DIR"/tools/etc/scodoc9.service /etc/systemd/system/
|
||||
systemctl daemon-reload
|
||||
|
||||
|
||||
# --- XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX ---
|
||||
echo
|
||||
echo "WARNING: version ScoDoc 9 expérimentale"
|
||||
echo "Ne pas utiliser en production !"
|
||||
echo
|
||||
echo "Pour lancer le serveur de développement: voir README"
|
||||
echo
|
||||
echo "Pour lancer scodoc9: systemctl start scodoc9"
|
||||
echo "(les logs sont dans /opt/scodoc-data/logs)"
|
||||
exit 0
|
||||
# --- XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX ---
|
||||
|
||||
# Nota: after this point, the network _may_ be unreachable
|
||||
# (if firewall config is wrong)
|
||||
|
||||
# ------------ CONFIG NGINX
|
||||
a2enmod ssl
|
||||
a2enmod proxy
|
||||
a2enmod proxy_http
|
||||
a2enmod rewrite
|
||||
|
||||
echo
|
||||
echo "La configuration du serveur web va modifier votre installation Apache pour supporter ScoDoc."
|
||||
echo -n "Voulez vous configurer le serveur web Apache maintenant (tres conseille) ? (y/n) [y] "
|
||||
read -r ans
|
||||
if [ "$(norm_ans "$ans")" != 'N' ]
|
||||
then
|
||||
echo "Configuration d'Apache"
|
||||
server_name=""
|
||||
while [ -z "$server_name" ]
|
||||
do
|
||||
echo "Le nom de votre serveur doit normalement etre connu dans le DNS."
|
||||
echo -n "Nom complet de votre serveur (exemple: notes.univ.fr): "
|
||||
read -r server_name
|
||||
done
|
||||
# --- CERTIFICATS AUTO-SIGNES
|
||||
echo
|
||||
echo "Il est possible d'utiliser des certificats cryptographiques"
|
||||
echo "auto-signes, qui ne seront pas reconnus comme de confiance"
|
||||
echo "par les navigateurs, mais offrent une certaine securite."
|
||||
echo -n 'Voulez vous generer des certificats ssl auto-signes ? (y/n) [y] '
|
||||
read -r ans
|
||||
if [ "$(norm_ans "$ans")" != 'N' ]
|
||||
then
|
||||
# attention: utilise dans scodoc-site-ssl.orig
|
||||
ssl_dir=/etc/apache2/scodoc-ssl
|
||||
if [ ! -e $ssl_dir ]
|
||||
then
|
||||
mkdir $ssl_dir
|
||||
fi
|
||||
/usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf $ssl_dir/apache.pem
|
||||
cert_status=$?
|
||||
else
|
||||
cert_status=-1
|
||||
fi
|
||||
# ---
|
||||
echo 'generation de /etc/apache2/sites-available/scodoc-site-ssl'
|
||||
cat "$SCODOC_DIR"/tools/etc/scodoc-site-ssl-apache2.4.orig | sed -e "s:YOUR\.FULL\.HOST\.NAME:$server_name:g" > /etc/apache2/sites-available/scodoc-site-ssl.conf
|
||||
echo 'activation du site...'
|
||||
a2ensite scodoc-site-ssl
|
||||
|
||||
echo 'Remplacement du site Apache par defaut (sic ! old saved as .bak)'
|
||||
fn=/etc/apache2/sites-available/000-default.conf
|
||||
if [ -e $fn ]
|
||||
then
|
||||
mv $fn $fn.bak
|
||||
fi
|
||||
cp "$SCODOC_DIR"/tools/etc/scodoc-site.orig $fn
|
||||
|
||||
if [ -z "$(grep Listen /etc/apache2/ports.conf | grep 443)" ]
|
||||
then
|
||||
echo 'adding port 443'
|
||||
echo 'Listen 443' >> /etc/apache2/ports.conf
|
||||
fi
|
||||
|
||||
echo 'configuring Apache proxy'
|
||||
mv /etc/apache2/mods-available/proxy.conf /etc/apache2/mods-available/proxy.conf.bak
|
||||
cat > /etc/apache2/mods-available/proxy.conf <<EOF
|
||||
<IfModule mod_proxy.c>
|
||||
# Proxy config for ScoDoc default installation
|
||||
ProxyRequests Off
|
||||
<ProxyMatch http://localhost:8080>
|
||||
Order deny,allow
|
||||
Allow from all
|
||||
</ProxyMatch>
|
||||
</IfModule>
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
systemctl restart apache2
|
||||
|
||||
# ------------ CONFIG SERVICE SCODOC
|
||||
echo
|
||||
echo "Installer le service scodoc permet de lancer automatiquement le serveur au demarrage."
|
||||
echo -n "Voulez vous installer le service scodoc ? (y/n) [y] "
|
||||
read ans
|
||||
if [ "$(norm_ans "$ans")" != 'N' ]
|
||||
then
|
||||
# ScoDoc 7.19+ uses systemd
|
||||
$SCODOC_DIR/tools/configure_systemd.sh
|
||||
fi
|
||||
|
||||
# XXX SUITE A TERMINER !
|
||||
|
||||
# ------------ CONFIG MISE A JOUR HEBDOMADAIRE
|
||||
echo
|
||||
|
Loading…
Reference in New Issue
Block a user