From a5cc185d1acee372e3b1b0afe46331550d792e85 Mon Sep 17 00:00:00 2001
From: Michiel Scholten <michiel@diginaut.net>
Date: Tue, 18 Mar 2025 16:24:41 +0100
Subject: [PATCH] Example configurations

---
 README.md       | 117 ++++++++++++++++++++++++++++++++++++++++++++++++
 requirements.in |   1 +
 2 files changed, 118 insertions(+)

diff --git a/README.md b/README.md
index 310957a..8b44900 100644
--- a/README.md
+++ b/README.md
@@ -21,3 +21,120 @@ flask --app staticshield run
 ```bash
 ruff check --fix --select I .
 ```
+
+
+## Deploying
+
+Create a virtualenv with flask, gunicorn:
+
+```bash
+# Example, create wherever you like
+
+mkdir /srv/venvs/staticshield
+cd /srv/venvs/staticshield
+python3 -m venv .
+source bin/activate
+
+# Optional if you don't have uv installed globally yet (you should ;) )
+pip install uv
+
+uv pip install -r requirements.in
+```
+
+Create a `/etc/systemd/system/staticshield.service` file to run the application:
+
+```ini
+[Unit]
+Description=staticshield web application
+After=network.target
+
+[Service]
+User=divault
+WorkingDirectory=/srv/staticshield
+Environment=FLASK_SERVE_DIR="/srv/a_static_website/html"
+Environment=FLASK_MOTHERSHIP="https://api.example.com/api/staticshield"
+Environment=FLASK_SESSION_COOKIE_NAME="staticshield"
+ExecStart=/application/venvs/staticshield/bin/gunicorn -b localhost:8000 -w 4 staticshield:app
+#ExecStart=/application/venvs/staticshield/bin/gunicorn -b unix:staticshield.sock -m 007 -w 4 staticshield:app
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+```
+
+```bash
+systemctl enable staticshield.service
+systemctl start staticshield.service
+```
+
+
+nginx configuration for webserver:
+
+```ini
+server {
+    listen 80;
+    listen [::]:80;
+    server_name docs.example.com;
+
+    # Optimisations
+    gzip on;
+    gzip_disable "MSIE [1-6]\.(?!.*SV1)";
+    gzip_http_version 1.1;
+    gzip_vary on;
+    gzip_comp_level 6;
+    gzip_proxied any;
+    gzip_buffers 16 8k;
+    gzip_min_length 256;
+    gzip_types
+        application/atom+xml
+        application/geo+json
+        application/javascript
+        application/x-javascript
+        application/json
+        application/ld+json
+        application/manifest+json
+        application/rdf+xml
+        application/rss+xml
+        application/xhtml+xml
+        application/xml
+        font/eot
+        font/otf
+        font/ttf
+        image/svg+xml
+        text/css
+        text/javascript
+        text/plain
+        text/xml;
+
+    # Do not show nginx version
+    server_tokens off;
+
+    # set_real_ip_from    192.168.1.254; # IP Address of HAProxy
+    # real_ip_header      X-Forwarded-For;
+
+    access_log  /var/log/nginx/access_docs.example.com.log;
+    error_log  /var/log/nginx/error_docs.example.com.log  warn;
+
+    # Show server host name as header
+    # add_header X-Backend-Server $hostname;
+
+    location / {
+        if ($request_method = OPTIONS ) {
+            add_header Content-Length 0;
+            add_header Content-Type text/plain;
+            return 200;
+        }
+        include proxy_params;
+        # proxy_pass http://unix:/application/staticshield/staticshield.sock;
+        proxy_pass http://127.0.0.1:8000;
+    }
+
+    location /favicon.ico {
+        alias /srv/whatever/_static/favicon.ico;
+    }
+
+    location  /robots.txt {
+        alias /srv/whatever/robots_disallow_all.txt;
+    }
+}
+```
diff --git a/requirements.in b/requirements.in
index 5c1bea9..a8725a4 100644
--- a/requirements.in
+++ b/requirements.in
@@ -1,2 +1,3 @@
 flask
 flask-session
+gunicorn