switch from WSGI using uWSGI to ASGI using custom event loop based on uvicorn

2023-11-22 21:41:49 +01:00 · 2023-11-22 21:41:49 +01:00 · 6b3cc4c168
commit 6b3cc4c168
parent b103205dfe
15 changed files with 610 additions and 8 deletions
--- a/deploy/ansible/playbooks/templates/c3lf-sys3.service.j2
+++ b/deploy/ansible/playbooks/templates/c3lf-sys3.service.j2
@ -0,0 +1,15 @@
+[Unit]
+Description=standalone c3lf-sys3 server
+After=network.target
+
+[Service]
+Type=notify
+WorkingDirectory=/var/www/c3lf-sys3
+ExecStart=/var/www/c3lf-sys3/venv/bin/python3 /var/www/c3lf-sys3/repo/core/server.py
+Restart=always
+RestartSec=5
+User=www-data
+Group=www-data
+
+[Install]
+WantedBy=multi-user.target
--- a/deploy/ansible/playbooks/templates/config.js.j2
+++ b/deploy/ansible/playbooks/templates/config.js.j2
@ -0,0 +1,9 @@
+export default {
+    service: {
+        url: 'https://{{ web_domain }}/api',
+        auth: {
+            username: '{{ legacy_api_user }}',
+            password: '{{ legacy_api_password }}'
+        }
+    }
+};
--- a/deploy/ansible/playbooks/templates/django.env.j2
+++ b/deploy/ansible/playbooks/templates/django.env.j2
@ -0,0 +1,10 @@
+DB_HOST=localhost
+DB_PORT=3306
+DB_NAME=c3lf_sys3
+DB_USER=c3lf_sys3
+DB_PASSWORD={{ db_password }}
+HTTP_HOST={{ web_domain }}
+LEGACY_API_USER={{ legacy_api_user }}
+LEGACY_API_PASSWORD={{ legacy_api_password }}
+MEDIA_ROOT=/var/www/c3lf-sys3/userfiles
+STATIC_ROOT=/var/www/c3lf-sys3/staticfiles
--- a/deploy/ansible/playbooks/templates/nginx.conf.j2
+++ b/deploy/ansible/playbooks/templates/nginx.conf.j2
@ -0,0 +1,80 @@
+upstream c3lf-sys3 {
+    server unix:/var/www/c3lf-sys3/web.sock;
+}
+
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    '' close;
+}
+
+server {
+
+    server_name {{ web_domain }};
+    client_max_body_size 1024M;
+
+    auth_basic C3LF;
+    auth_basic_user_file conf.d/lf-prod.htpasswd;
+
+    location / {
+        add_header 'Access-Control-Allow-Origin' '*';
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, PUT';
+        add_header 'Content-Security-Policy' "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: wss:;";
+        root /var/www/c3lf-sys3/repo/web/dist;
+        index index.html index.htm index.nginx-debian.html;
+        try_files $uri $uri/ /index.html;
+    }
+
+    location /api {
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+        proxy_redirect off;
+        proxy_buffering off;
+        proxy_pass http://c3lf-sys3;
+    }
+
+    location /admin {
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+        proxy_redirect off;
+        proxy_buffering off;
+        proxy_pass http://c3lf-sys3;
+    }
+
+    location /redirect_media/ {
+        internal;
+        alias /var/www/c3lf-sys3/userfiles/;
+    }
+
+    location /redirect_thumbnail/ {
+        internal;
+        alias /var/www/c3lf-sys3/userfiles/thumbnails/;
+    }
+
+    location /static/ {
+        alias /var/www/c3lf-sys3/staticfiles/;
+    }
+
+    listen 443 ssl http2; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/{{ web_domain }}/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/{{ web_domain }}/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+
+server {
+    if ($host = {{ web_domain }}) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+    server_name {{ web_domain }};
+
+    listen 80;
+    return 404; # managed by Certbot
+}