bachir/glitchtip-install
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

gunicorn nginx ssl

Browse Source
This commit is contained in:
Bachir Soussi Chiadmi 2025-03-18 16:28:04 +01:00
parent 4d6396ace1
commit d1d15323e8
1 changed files with 143 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
Readme.md
View File

@ -3,7 +3,7 @@ glicthtip 2.4.5 on debian 12 bookworm
## python 3.13 ## python 3.13
this is probably unecessary
```shell ```shell
apt update && apt upgrade -y apt update && apt upgrade -y
apt install wget build-essential libreadline-dev libncursesw5-dev libssl-dev libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev libffi-dev zlib1g-dev -y apt install wget build-essential libreadline-dev libncursesw5-dev libssl-dev libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev libffi-dev zlib1g-dev -y
@ -28,18 +28,22 @@ apt install -y acl build-essential libpq-dev libsasl2-dev libssl-dev nginx nodej
```shell ```shell
su - postgres su - postgres
postgres@:~$ psql postgres@:~$ psql
postgres=# CREATE DATABASE glitchtip; postgres=# CREATE DATABASE glitchtip WITH ENCODING 'UTF8' TEMPLATE template0;
postgres=# CREATE USER glitchtip WITH ENCRYPTED PASSWORD '<PGSQL_PASSWORD>'; postgres=# CREATE USER glitchtip WITH ENCRYPTED PASSWORD '<PGSQL_PASSWORD>';
postgres=# GRANT ALL PRIVILEGES ON DATABASE glitchtip TO glitchtip; postgres=# GRANT ALL PRIVILEGES ON DATABASE glitchtip TO glitchtip;
postgres=# ALTER DATABASE glitchtip OWNER TO "glitchtip";
postgres=# \c glitchtip
postgres=# ALTER SCHEMA public OWNER TO "glitchtip";
``` ```
## glitchtip ## glitchtip
```shell ```shell
su -
useradd -m -s /bin/bash glitchtip useradd -m -s /bin/bash glitchtip
mkdir /opt/glitchtip mkdir /opt/glitchtip
chown glitchtip:glitchtip /opt/glitchtip chown glitchtip:glitchtip /opt/glitchtip
su - glitchtip
``` ```
### frontend ### frontend
```shell ```shell
@ -66,7 +70,7 @@ uv sync
#### set the env variables #### set the env variables
https://glitchtip.com/documentation/install#configuration https://glitchtip.com/documentation/install#configuration
```shel ```shell
vim .env vim .env
``` ```
@ -88,12 +92,144 @@ GLITCHTIP_DOMAIN="http://yourdomain.net"
#### migrate db #### migrate db
```shell ```shell
export $(cat .env | xargs) export $(cat .env | xargs)
manage.py migrate ./manage.py migrate
``` ```
``` ### collect static
```shell
ln -s /opt/glitchtip/glitchtip-frontend/dist/glitchtip-frontend/ dist
mkdir /opt/glitchtip/glitchtip-backend/{static,media} mkdir /opt/glitchtip/glitchtip-backend/{static,media}
manage.py collectstatic ./manage.py collectstatic
```
#### gunicorn
```shell
mkdir /opt/glitchtip/runtime
vim /opt/glitchtip/gunicon.py
```
```ini
pidfile = "/opt/glitchtip/runtime/pid"
bind = "unix:/opt/glitchtip/runtime/socket"
proc_name = "glitchtip"
worker_tmp_dir = "/dev/shm"
workers = 3
```
#### systemd service
```shell
su -
vim /etc/systemd/system/glitchtip.service
```
```ini
[Unit]
Description=glitchtip daemon
After=network.target
[Service]
PIDFile=/opt/glitchtip/runtime/pidfile
EnvironmentFile=/opt/glitchtip/glitchtip-backend/.env
User=glitchtip
Group=glitchtip
RuntimeDirectory=glitchtip
WorkingDirectory=/opt/glitchtip/glitchtip-backend
ExecStart=/opt/glitchtip/glitchtip-backend/.venv/bin/gunicorn glitchtip.wsgi --config /opt/glitchtip/gunicorn.py
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID
PrivateTmp=true
Restart=always
[Install]
WantedBy=multi-user.target
```
```shell
sudo systemctl daemon-reload
sudo systemctl start glitchtip
sudo journalctl -u glitchtip
sudo systemctl enable glitchtip
```
## nginx
### letsencrypt
because of the mess with python 3.13 i use special venv for certbot
```shell
cd /root
python3.11 -m venv certbot-venv
source certbot-venv/bin/activate
pip install certbot
systemctl stop nginx
./certbot-venv/bin/certbot certonly --standalone -d your.domin.tld --cert-name your.domin.tld
systemctl start nginx
deactivate
mkdir -p /etc/nginx/ssl/certs/your.domain.tld
openssl dhparam -out /etc/nginx/ssl/certs/your.domain.tld/dhparam.pem 2048
# renewing
# touch /var/spool/cron/crontabs/root
# crontab -l > mycron
# echo "0 3 * * * certbot renew --pre-hook 'systemctl stop nginx' --post-hook 'systemctl start nginx' --cert-name $_domain" >> mycron
# crontab mycron
# rm mycron
```
### vhost
```shell
vim /etc/nginx/sites-available/your.domain.tld.conf
```
```nginx
server {
listen 80;
listen [::]:80;
server_name your.domain.tld;
return 301 https://$server_name$request_uri;
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name your.domain.tld;
access_log /var/log/nginx/your.domain.tld.access.log;
error_log /var/log/nginx/your.domain.tld.error.log;
ssl_certificate /etc/letsencrypt/live/your.domain.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your.domain.tld/privkey.pem;
ssl_dhparam /etc/nginx/ssl/certs/your.domain.tld/dhparam.pem;
add_header Strict-Transport-Security max-age=15768000;
location ~ /\.git {
deny all;
}
location / {
alias /opt/glitchtip/glitchtip-backend/static/;
try_files $uri $uri/index.html /index.html;
expires 1h;
add_header Pragma public;
add_header Cache-Control "public";
}
location /media/ {
alias /opt/glitchtip/glitchtip-backend/media/;
}
location ~ ^/(api|admin|_health|rest-auth)/ {
proxy_pass http://unix:/opt/glitchtip/runtime/socket;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
```
```shell
ln -s /etc/nginx/sites-available/your.domain.tld.conf /etc/nginx/sites-enabled/
nginx -t
systemctl restart nginx
``` ```
## sources ## sources