gunicorn nginx ssl
This commit is contained in:
parent
4d6396ace1
commit
d1d15323e8
150
Readme.md
150
Readme.md
@ -3,7 +3,7 @@ glicthtip 2.4.5 on debian 12 bookworm
|
||||
|
||||
|
||||
## python 3.13
|
||||
|
||||
this is probably unecessary
|
||||
```shell
|
||||
apt update && apt upgrade -y
|
||||
apt install wget build-essential libreadline-dev libncursesw5-dev libssl-dev libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev libffi-dev zlib1g-dev -y
|
||||
@ -28,18 +28,22 @@ apt install -y acl build-essential libpq-dev libsasl2-dev libssl-dev nginx nodej
|
||||
```shell
|
||||
su - postgres
|
||||
postgres@:~$ psql
|
||||
postgres=# CREATE DATABASE glitchtip;
|
||||
postgres=# CREATE DATABASE glitchtip WITH ENCODING 'UTF8' TEMPLATE template0;
|
||||
postgres=# CREATE USER glitchtip WITH ENCRYPTED PASSWORD '<PGSQL_PASSWORD>';
|
||||
postgres=# GRANT ALL PRIVILEGES ON DATABASE glitchtip TO glitchtip;
|
||||
|
||||
postgres=# ALTER DATABASE glitchtip OWNER TO "glitchtip";
|
||||
postgres=# \c glitchtip
|
||||
postgres=# ALTER SCHEMA public OWNER TO "glitchtip";
|
||||
```
|
||||
|
||||
## glitchtip
|
||||
|
||||
```shell
|
||||
su -
|
||||
useradd -m -s /bin/bash glitchtip
|
||||
mkdir /opt/glitchtip
|
||||
chown glitchtip:glitchtip /opt/glitchtip
|
||||
su - glitchtip
|
||||
```
|
||||
### frontend
|
||||
```shell
|
||||
@ -66,7 +70,7 @@ uv sync
|
||||
#### set the env variables
|
||||
https://glitchtip.com/documentation/install#configuration
|
||||
|
||||
```shel
|
||||
```shell
|
||||
vim .env
|
||||
```
|
||||
|
||||
@ -88,12 +92,144 @@ GLITCHTIP_DOMAIN="http://yourdomain.net"
|
||||
#### migrate db
|
||||
```shell
|
||||
export $(cat .env | xargs)
|
||||
manage.py migrate
|
||||
./manage.py migrate
|
||||
```
|
||||
|
||||
```
|
||||
### collect static
|
||||
```shell
|
||||
ln -s /opt/glitchtip/glitchtip-frontend/dist/glitchtip-frontend/ dist
|
||||
mkdir /opt/glitchtip/glitchtip-backend/{static,media}
|
||||
manage.py collectstatic
|
||||
./manage.py collectstatic
|
||||
```
|
||||
|
||||
#### gunicorn
|
||||
|
||||
```shell
|
||||
mkdir /opt/glitchtip/runtime
|
||||
vim /opt/glitchtip/gunicon.py
|
||||
```
|
||||
|
||||
```ini
|
||||
pidfile = "/opt/glitchtip/runtime/pid"
|
||||
bind = "unix:/opt/glitchtip/runtime/socket"
|
||||
proc_name = "glitchtip"
|
||||
worker_tmp_dir = "/dev/shm"
|
||||
workers = 3
|
||||
```
|
||||
|
||||
#### systemd service
|
||||
```shell
|
||||
su -
|
||||
vim /etc/systemd/system/glitchtip.service
|
||||
```
|
||||
```ini
|
||||
[Unit]
|
||||
Description=glitchtip daemon
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
PIDFile=/opt/glitchtip/runtime/pidfile
|
||||
EnvironmentFile=/opt/glitchtip/glitchtip-backend/.env
|
||||
User=glitchtip
|
||||
Group=glitchtip
|
||||
RuntimeDirectory=glitchtip
|
||||
WorkingDirectory=/opt/glitchtip/glitchtip-backend
|
||||
ExecStart=/opt/glitchtip/glitchtip-backend/.venv/bin/gunicorn glitchtip.wsgi --config /opt/glitchtip/gunicorn.py
|
||||
ExecReload=/bin/kill -s HUP $MAINPID
|
||||
ExecStop=/bin/kill -s TERM $MAINPID
|
||||
PrivateTmp=true
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
```
|
||||
```shell
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl start glitchtip
|
||||
sudo journalctl -u glitchtip
|
||||
sudo systemctl enable glitchtip
|
||||
```
|
||||
|
||||
## nginx
|
||||
|
||||
### letsencrypt
|
||||
because of the mess with python 3.13 i use special venv for certbot
|
||||
```shell
|
||||
cd /root
|
||||
python3.11 -m venv certbot-venv
|
||||
source certbot-venv/bin/activate
|
||||
pip install certbot
|
||||
systemctl stop nginx
|
||||
./certbot-venv/bin/certbot certonly --standalone -d your.domin.tld --cert-name your.domin.tld
|
||||
systemctl start nginx
|
||||
deactivate
|
||||
mkdir -p /etc/nginx/ssl/certs/your.domain.tld
|
||||
openssl dhparam -out /etc/nginx/ssl/certs/your.domain.tld/dhparam.pem 2048
|
||||
# renewing
|
||||
# touch /var/spool/cron/crontabs/root
|
||||
# crontab -l > mycron
|
||||
# echo "0 3 * * * certbot renew --pre-hook 'systemctl stop nginx' --post-hook 'systemctl start nginx' --cert-name $_domain" >> mycron
|
||||
# crontab mycron
|
||||
# rm mycron
|
||||
```
|
||||
|
||||
### vhost
|
||||
```shell
|
||||
vim /etc/nginx/sites-available/your.domain.tld.conf
|
||||
```
|
||||
|
||||
```nginx
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name your.domain.tld;
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen [::]:443 ssl http2;
|
||||
listen 443 ssl http2;
|
||||
server_name your.domain.tld;
|
||||
access_log /var/log/nginx/your.domain.tld.access.log;
|
||||
error_log /var/log/nginx/your.domain.tld.error.log;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/your.domain.tld/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/your.domain.tld/privkey.pem;
|
||||
ssl_dhparam /etc/nginx/ssl/certs/your.domain.tld/dhparam.pem;
|
||||
|
||||
add_header Strict-Transport-Security max-age=15768000;
|
||||
|
||||
location ~ /\.git {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location / {
|
||||
alias /opt/glitchtip/glitchtip-backend/static/;
|
||||
try_files $uri $uri/index.html /index.html;
|
||||
expires 1h;
|
||||
add_header Pragma public;
|
||||
add_header Cache-Control "public";
|
||||
}
|
||||
location /media/ {
|
||||
alias /opt/glitchtip/glitchtip-backend/media/;
|
||||
}
|
||||
|
||||
location ~ ^/(api|admin|_health|rest-auth)/ {
|
||||
proxy_pass http://unix:/opt/glitchtip/runtime/socket;
|
||||
proxy_redirect off;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
|
||||
```
|
||||
|
||||
```shell
|
||||
ln -s /etc/nginx/sites-available/your.domain.tld.conf /etc/nginx/sites-enabled/
|
||||
nginx -t
|
||||
systemctl restart nginx
|
||||
```
|
||||
|
||||
## sources
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user