staticshield session proxy ========================== ## Running it locally Create a file (e.g., called `run.sh`) with the following: ```bash #!/bin/bash export FLASK_SERVE_DIR="/home/YOURUSER/workspace/somesite/build/html" export FLASK_MOTHERSHIP="http://localhost:8888/api/staticshield" # Optional path to 403.html, 404.html to show on those errors; leave empty to use default messages export FLASK_ERROR_PAGES_DIR="" #export FLASK_ERROR_PAGES_DIR="/home/YOURUSER/workspace/errorpages/" export FLASK_SESSION_COOKIE_NAME="staticshield" export FLASK_PERMANENT_SESSION_LIFETIME=7200 flask --app staticshield run ``` ## ruff check and fix ```bash ruff check --fix --select I . ``` ## Deploying Create a virtualenv with Flask and gunicorn to run it: ```bash # Example, create wherever you like mkdir /srv/venvs/staticshield cd /srv/venvs/staticshield python3 -m venv . source bin/activate # Optional if you don't have uv installed globally yet (you should ;) ) pip install uv uv pip install -r requirements.in ``` Create a `/etc/systemd/system/staticshield.service` file to run the application: ```ini [Unit] Description=staticshield web application After=network.target [Service] User=divault WorkingDirectory=/srv/staticshield #StandardOutput=file:/srv/logs/staticshield.log Environment=FLASK_SERVE_DIR="/srv/some_static_website/html" Environment=FLASK_MOTHERSHIP="https://api.example.com/api/staticshield" # Optional path to 403.html, 404.html to show on those errors; leave empty to use default messages Environment=FLASK_ERROR_PAGES_DIR="" #Environment=FLASK_ERROR_PAGES_DIR="/srv/shared/errorpages/" Environment=FLASK_SESSION_COOKIE_NAME="staticshield" # Max session length of 2h Environment=FLASK_PERMANENT_SESSION_LIFETIME=7200 ExecStart=/application/venvs/staticshield/bin/gunicorn -b localhost:8000 -w 4 staticshield:app #ExecStart=/application/venvs/staticshield/bin/gunicorn -b unix:staticshield.sock -m 007 -w 4 staticshield:app Restart=always [Install] WantedBy=multi-user.target ``` ```bash systemctl enable staticshield.service systemctl start staticshield.service ``` nginx configuration for webserver: ```nginx server { listen 80; listen [::]:80; server_name docs.example.com; # Optimisations gzip on; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; gzip_http_version 1.1; gzip_vary on; gzip_comp_level 6; gzip_proxied any; gzip_buffers 16 8k; gzip_min_length 256; gzip_types application/atom+xml application/geo+json application/javascript application/x-javascript application/json application/ld+json application/manifest+json application/rdf+xml application/rss+xml application/xhtml+xml application/xml font/eot font/otf font/ttf image/svg+xml text/css text/javascript text/plain text/xml; # Do not show nginx version server_tokens off; # set_real_ip_from 192.168.1.254; # IP Address of HAProxy # real_ip_header X-Forwarded-For; access_log /var/log/nginx/access_docs.example.com.log; error_log /var/log/nginx/error_docs.example.com.log warn; # Show server host name as header # add_header X-Backend-Server $hostname; location / { if ($request_method = OPTIONS ) { add_header Content-Length 0; add_header Content-Type text/plain; return 200; } include proxy_params; # proxy_pass http://unix:/application/staticshield/staticshield.sock; proxy_pass http://127.0.0.1:8000; } # Optional, when using the FLASK_ERROR_PAGES_DIR # location /404images/ { # alias /srv/shared/errorpages/; # } location /favicon.ico { alias /srv/whatever/_static/favicon.ico; } location /robots.txt { alias /srv/whatever/robots_disallow_all.txt; } } ```