installation avec nginx + service scodoc9

2021-08-21 19:51:33 +02:00 · 2021-08-21 19:51:33 +02:00 · 614810cf50
parent 09af326b03
commit 614810cf50
6 changed files with 99 additions and 101 deletions
--- a/app/init.py
+++ b/app/init.py
@ -1,7 +1,6 @@
 # -*- coding: UTF-8 -*
 # pylint: disable=invalid-name

-from app.scodoc.sco_exceptions import ScoValueError
 import os
 import sys

@ -21,6 +20,7 @@ from flask_bootstrap import Bootstrap
 from flask_moment import Moment
 from flask_caching import Cache

+from app.scodoc.sco_exceptions import ScoValueError
 from config import DevConfig
 import sco_version

@ -103,7 +103,8 @@ def create_app(config_class=DevConfig):
            )
            mail_handler.setLevel(logging.ERROR)
            app.logger.addHandler(mail_handler)
-
+    if not app.testing:
+        # Configuration des logs (actifs aussi en mode development)
        if not os.path.exists("logs"):
            os.mkdir("logs")
        file_handler = TimedRotatingFileHandler(
@ -113,7 +114,7 @@ def create_app(config_class=DevConfig):
        )
        file_handler.setFormatter(
            logging.Formatter(
-                "%(asctime)s %(levelname)s: %(message)s " "[in %(pathname)s:%(lineno)d]"
+                "%(asctime)s pid=%(process)d th=%(thread)s %(levelname)s: %(message)s "  # "[in %(pathname)s:%(lineno)d]"
            )
        )
        file_handler.setLevel(logging.INFO)
--- a/app/scodoc/notes_table.py
+++ b/app/scodoc/notes_table.py
@ -173,7 +173,7 @@ class NotesTable(object):
    """

    def __init__(self, formsemestre_id):
-        log(f"[pid={os.getpid()}] NotesTable( formsemestre_id={formsemestre_id} )")
+        log(f"NotesTable( formsemestre_id={formsemestre_id} )")
        if not formsemestre_id:
            raise ValueError("invalid formsemestre_id (%s)" % formsemestre_id)
        self.formsemestre_id = formsemestre_id
@ -357,9 +357,7 @@ class NotesTable(object):
        #
        self.compute_moy_moy()
        #
-        log(
-            f"[pid={os.getpid()}] NotesTable( formsemestre_id={formsemestre_id} ) done."
-        )
+        log(f"NotesTable( formsemestre_id={formsemestre_id} ) done.")

    def get_etudids(self, sorted=False):
        if sorted:
--- a/config.py
+++ b/config.py
@ -52,7 +52,7 @@ class ProdConfig(Config):
 class DevConfig(Config):
    FLASK_ENV = "development"
    DEBUG = True
-    TESTING = True
+    TESTING = False
    SQLALCHEMY_DATABASE_URI = (
        os.environ.get("SCODOC_DEV_DATABASE_URI") or "postgresql:///SCODOC_DEV"
    )
@ -60,6 +60,7 @@ class DevConfig(Config):


 class TestConfig(DevConfig):
+    TESTING = True
    SQLALCHEMY_DATABASE_URI = (
        os.environ.get("SCODOC_TEST_DATABASE_URI") or "postgresql:///SCODOC_TEST"
    )
--- a/tools/etc/scodoc9.nginx
+++ b/tools/etc/scodoc9.nginx
@ -0,0 +1,37 @@
+# BASIC SCODOC 9 CONFIG FOR NGINX
+# EV, Aug 2021
+
+server {
+    # listen on port 80 (http)
+    listen 80;
+    server_name _;
+    location / {
+        # redirect any requests to the same URL but on https
+        return 301 https://$host$request_uri;
+    }
+}
+server {
+    # listen on port 443 (https)
+    listen 443 ssl;
+    server_name _;
+    # location of the self-signed SSL certificate
+    ssl_certificate /opt/scodoc-data/certs/cert.pem;
+    ssl_certificate_key /opt/scodoc-data/certs/key.pem;
+    # write access and error logs to /var/log
+    access_log /var/log/scodoc_access.log;
+    error_log /var/log/scodoc_error.log;
+    location / {
+        # forward application requests to the gunicorn server
+        proxy_pass http://localhost:8000;
+        proxy_redirect off;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+
+    location /static {
+        # handle static files directly, without forwarding to the application
+        alias /opt/scodoc/app/static;
+        expires 5d;
+    } 
+}
--- a/tools/etc/scodoc9.service
+++ b/tools/etc/scodoc9.service
@ -2,6 +2,12 @@
 #  Flask based
 #  a priori on ne dépend plus de postgresql ? XXX
 # inspiré par https://blog.miguelgrinberg.com/post/running-a-flask-application-as-a-service-with-systemd
+#
+# A copier dans /etc/systemd/system/scodoc9.service
+# puis 
+#  sudo systemctl daemon-reload
+#  sudo systemctl start scodoc9
+#
 [Unit]
 Description=ScoDoc 9 service
 After=network.target
@ -13,10 +19,9 @@ After=network.target
 User=scodoc
 Group=scodoc
 WorkingDirectory=/opt/scodoc
+#Environment=FLASK_ENV=production
 ExecStart=/opt/scodoc/venv/bin/gunicorn -b localhost:8000 -w 4 scodoc:app
 Restart=always
-# Environment=FLASK_CONFIG=production
-Restart=always

 [Install]
 WantedBy=multi-user.target
--- a/tools/install_debian11.sh
+++ b/tools/install_debian11.sh
@ -59,6 +59,7 @@ apt-get -y install python3-pip
 apt-get install -y python3-wheel
 apt-get -y install libpq-dev
 apt-get -y install libcrack2-dev
+apt-get -y install nginx
 apt-get -y install postgresql
 apt-get -y install redis
 apt-get -y install curl
@ -113,106 +114,61 @@ fi
 init_postgres_user


+# ------------ CONFIG NGINX
+
+echo 
+echo "La configuration du serveur web peut modifier l'installation nginx pour supporter ScoDoc."
+echo -n "Voulez-vous configurer le serveur web nginx maintenant (vivement conseillé) ? (y/n) [y] "
+read -r ans
+if [ "$(norm_ans "$ans")" != 'N' ]
+then
+    echo "Configuration du serveur web nginx"
+    # --- CERTIFICATS AUTO-SIGNES
+    echo 
+    echo "Il est possible d'utiliser des certificats cryptographiques"
+    echo "auto-signés, qui ne seront pas reconnus comme de confiance"
+    echo "par les navigateurs, permettent de tester."
+    echo "Si vous avez déjà de vrais certificats, passez cette étape et installez-les ensuite."
+    echo -n 'Voulez-vous générer des certificats ssl auto-signés ? (y/n) [y] '
+    read -r ans
+    if [ "$(norm_ans "$ans")" != 'N' ]
+    then
+        # generation des certifs: cert.pem  key.pem dans /opt/scodoc-data/certs/
+        su -c "(cd $SCODOC_VAR_DIR && mkdir -p certs && openssl req -new -newkey rsa:4096 -days 365 -nodes -x509  -keyout certs/key.pem -out certs/cert.pem)" "$SCODOC_USER"
+        cert_status=$?
+    else
+        cert_status=-1
+    fi
+    # ---
+    echo 'copie de la configuration nginx'
+    cp -p "$SCODOC_DIR"/tools/etc/scodoc9.nginx /etc/nginx/sites-available/
+    ln -s /etc/nginx/sites-available/scodoc9.nginx  /etc/nginx/sites-enabled/
+    /bin/rm -f /etc/nginx/sites-enabled/default
+fi
+
+systemctl restart nginx
+
+# ------------ CONFIG SERVICE SCODOC
+echo 
+echo "Installation du service systemd scodoc9..."
+# ScoDoc 7.19+ uses systemd
+cp "$SCODOC_DIR"/tools/etc/scodoc9.service /etc/systemd/system/
+systemctl daemon-reload
+
+
 # --- XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX ---
 echo
 echo "WARNING: version ScoDoc 9 expérimentale"
 echo "Ne pas utiliser en production !"
 echo
 echo "Pour lancer le serveur de développement: voir README"
+echo
+echo "Pour lancer scodoc9:  systemctl start scodoc9"
+echo "(les logs sont dans /opt/scodoc-data/logs)"
 exit 0
 # --- XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX ---

-# Nota: after this point, the network _may_ be unreachable 
-# (if firewall config is wrong)
-
-# ------------ CONFIG NGINX
-a2enmod ssl
-a2enmod proxy
-a2enmod proxy_http
-a2enmod rewrite
-
-echo 
-echo "La configuration du serveur web va modifier votre installation Apache pour supporter ScoDoc."
-echo -n "Voulez vous configurer le serveur web Apache maintenant (tres conseille) ? (y/n) [y] "
-read -r ans
-if [ "$(norm_ans "$ans")" != 'N' ]
-then
-    echo "Configuration d'Apache"
-    server_name=""
-    while [ -z "$server_name" ]
-    do
-        echo "Le nom de votre serveur doit normalement etre connu dans le DNS."
-	echo -n "Nom complet de votre serveur (exemple: notes.univ.fr): "
-	read -r server_name
-    done
-    # --- CERTIFICATS AUTO-SIGNES
-    echo 
-    echo "Il est possible d'utiliser des certificats cryptographiques"
-    echo "auto-signes, qui ne seront pas reconnus comme de confiance"
-    echo "par les navigateurs, mais offrent une certaine securite."
-    echo -n 'Voulez vous generer des certificats ssl auto-signes ? (y/n) [y] '
-    read -r ans
-    if [ "$(norm_ans "$ans")" != 'N' ]
-    then
-        # attention: utilise dans scodoc-site-ssl.orig
-	    ssl_dir=/etc/apache2/scodoc-ssl 
-    	if [ ! -e $ssl_dir ]
-	    then
-            mkdir $ssl_dir
-	    fi
-	    /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf $ssl_dir/apache.pem
-        cert_status=$?
-    else
-        cert_status=-1
-    fi
-    # ---
-    echo 'generation de /etc/apache2/sites-available/scodoc-site-ssl'
-    cat "$SCODOC_DIR"/tools/etc/scodoc-site-ssl-apache2.4.orig | sed -e "s:YOUR\.FULL\.HOST\.NAME:$server_name:g" > /etc/apache2/sites-available/scodoc-site-ssl.conf
-    echo 'activation du site...'
-    a2ensite scodoc-site-ssl
-
-    echo 'Remplacement du site Apache par defaut (sic ! old saved as .bak)'
-    fn=/etc/apache2/sites-available/000-default.conf
-    if [ -e $fn ]
-    then
-       mv $fn $fn.bak
-    fi
-    cp "$SCODOC_DIR"/tools/etc/scodoc-site.orig $fn
-
-    if [ -z "$(grep Listen /etc/apache2/ports.conf | grep 443)" ]
-    then
-      echo 'adding port 443'
-      echo 'Listen 443' >> /etc/apache2/ports.conf
-    fi
-
-    echo 'configuring Apache proxy'
-    mv /etc/apache2/mods-available/proxy.conf /etc/apache2/mods-available/proxy.conf.bak
-    cat > /etc/apache2/mods-available/proxy.conf <<EOF
-<IfModule mod_proxy.c>
-# Proxy config for ScoDoc default installation
-ProxyRequests Off
-  <ProxyMatch http://localhost:8080>
-          Order deny,allow
-          Allow from all
-  </ProxyMatch>
-</IfModule>
-EOF
-
-fi
-
-systemctl restart apache2
-
-# ------------ CONFIG SERVICE SCODOC
-echo 
-echo "Installer le service scodoc permet de lancer automatiquement le serveur au demarrage."
-echo -n "Voulez vous installer le service scodoc ? (y/n) [y] "
-read ans
-if [ "$(norm_ans "$ans")" != 'N' ]
-then
-    # ScoDoc 7.19+ uses systemd
-    $SCODOC_DIR/tools/configure_systemd.sh
-fi
-
+# XXX SUITE A TERMINER !

 # ------------ CONFIG MISE A JOUR HEBDOMADAIRE
 echo