3.2 KiB
3.2 KiB
staticshield session proxy
Running it locally
Create a file (e.g., called run.sh) with the following:
#!/bin/bash
export FLASK_SERVE_DIR="/home/YOURUSER/workspace/somesite/build/html"
export FLASK_MOTHERSHIP="http://localhost:8888/api/staticshield"
export FLASK_SESSION_COOKIE_NAME="staticshield"
flask --app staticshield run
ruff check and fix
ruff check --fix --select I .
Deploying
Create a virtualenv with flask, gunicorn:
# Example, create wherever you like
mkdir /srv/venvs/staticshield
cd /srv/venvs/staticshield
python3 -m venv .
source bin/activate
# Optional if you don't have uv installed globally yet (you should ;) )
pip install uv
uv pip install -r requirements.in
Create a /etc/systemd/system/staticshield.service file to run the application:
[Unit]
Description=staticshield web application
After=network.target
[Service]
User=divault
WorkingDirectory=/srv/staticshield
Environment=FLASK_SERVE_DIR="/srv/a_static_website/html"
Environment=FLASK_MOTHERSHIP="https://api.example.com/api/staticshield"
Environment=FLASK_SESSION_COOKIE_NAME="staticshield"
ExecStart=/application/venvs/staticshield/bin/gunicorn -b localhost:8000 -w 4 staticshield:app
#ExecStart=/application/venvs/staticshield/bin/gunicorn -b unix:staticshield.sock -m 007 -w 4 staticshield:app
Restart=always
[Install]
WantedBy=multi-user.target
systemctl enable staticshield.service
systemctl start staticshield.service
nginx configuration for webserver:
server {
listen 80;
listen [::]:80;
server_name docs.example.com;
# Optimisations
gzip on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
gzip_buffers 16 8k;
gzip_min_length 256;
gzip_types
application/atom+xml
application/geo+json
application/javascript
application/x-javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/xhtml+xml
application/xml
font/eot
font/otf
font/ttf
image/svg+xml
text/css
text/javascript
text/plain
text/xml;
# Do not show nginx version
server_tokens off;
# set_real_ip_from 192.168.1.254; # IP Address of HAProxy
# real_ip_header X-Forwarded-For;
access_log /var/log/nginx/access_docs.example.com.log;
error_log /var/log/nginx/error_docs.example.com.log warn;
# Show server host name as header
# add_header X-Backend-Server $hostname;
location / {
if ($request_method = OPTIONS ) {
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
include proxy_params;
# proxy_pass http://unix:/application/staticshield/staticshield.sock;
proxy_pass http://127.0.0.1:8000;
}
location /favicon.ico {
alias /srv/whatever/_static/favicon.ico;
}
location /robots.txt {
alias /srv/whatever/robots_disallow_all.txt;
}
}