forked from oscar.krause/fastapi-dls
improved debian installation
This commit is contained in:
parent
32b05808c4
commit
5f5569a0c7
27
.DEBIAN/env.default
Normal file
27
.DEBIAN/env.default
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
# Toggle debug mode
|
||||||
|
#DEBUG=false
|
||||||
|
|
||||||
|
# Where the client can find the DLS server
|
||||||
|
DLS_URL=127.0.0.1
|
||||||
|
DLS_PORT=443
|
||||||
|
|
||||||
|
# CORS configuration
|
||||||
|
## comma separated list without spaces
|
||||||
|
#CORS_ORIGINS="https://$DLS_URL:$DLS_PORT"
|
||||||
|
|
||||||
|
# Lease expiration in days
|
||||||
|
LEASE_EXPIRE_DAYS=90
|
||||||
|
LEASE_RENEWAL_PERIOD=0.2
|
||||||
|
|
||||||
|
# Database location
|
||||||
|
## https://docs.sqlalchemy.org/en/14/core/engines.html
|
||||||
|
DATABASE=sqlite:////etc/fastapi-dls/db.sqlite
|
||||||
|
|
||||||
|
# UUIDs for identifying the instance
|
||||||
|
#SITE_KEY_XID="00000000-0000-0000-0000-000000000000"
|
||||||
|
#INSTANCE_REF="10000000-0000-0000-0000-000000000001"
|
||||||
|
#ALLOTMENT_REF="20000000-0000-0000-0000-000000000001"
|
||||||
|
|
||||||
|
# Site-wide signing keys
|
||||||
|
INSTANCE_KEY_RSA=/etc/fastapi-dls/instance.private.pem
|
||||||
|
INSTANCE_KEY_PUB=/etc/fastapi-dls/instance.public.pem
|
25
.DEBIAN/fastapi-dls.service
Normal file
25
.DEBIAN/fastapi-dls.service
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Service for fastapi-dls
|
||||||
|
Documentation=https://git.collinwebdesigns.de/oscar.krause/fastapi-dls
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
User=www-data
|
||||||
|
Group=www-data
|
||||||
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||||
|
WorkingDirectory=/usr/share/fastapi-dls/app
|
||||||
|
EnvironmentFile=/etc/fastapi-dls/env
|
||||||
|
ExecStart=uvicorn main:app \
|
||||||
|
--env-file /etc/fastapi-dls/env \
|
||||||
|
--host $DLS_URL --port $DLS_PORT \
|
||||||
|
--app-dir /usr/share/fastapi-dls/app \
|
||||||
|
--ssl-keyfile /etc/fastapi-dls/webserver.key \
|
||||||
|
--ssl-certfile /etc/fastapi-dls/webserver.crt \
|
||||||
|
--proxy-headers
|
||||||
|
Restart=always
|
||||||
|
KillSignal=SIGQUIT
|
||||||
|
Type=simple
|
||||||
|
NotifyAccess=all
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
@ -3,89 +3,26 @@
|
|||||||
WORKING_DIR=/usr/share/fastapi-dls
|
WORKING_DIR=/usr/share/fastapi-dls
|
||||||
CONFIG_DIR=/etc/fastapi-dls
|
CONFIG_DIR=/etc/fastapi-dls
|
||||||
|
|
||||||
echo "> Create config directory ..."
|
if [[ ! -f $CONFIG_DIR/instance.private.pem ]]; then
|
||||||
mkdir -p $CONFIG_DIR
|
|
||||||
|
|
||||||
# normally we would define services in `conffiles` and as separate file, but we like to keep thinks simple.
|
|
||||||
echo "> Install service ..."
|
|
||||||
cat <<EOF >/etc/systemd/system/fastapi-dls.service
|
|
||||||
[Unit]
|
|
||||||
Description=Service for fastapi-dls
|
|
||||||
Documentation=https://git.collinwebdesigns.de/oscar.krause/fastapi-dls
|
|
||||||
After=network.target
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
User=www-data
|
|
||||||
Group=www-data
|
|
||||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
||||||
WorkingDirectory=$WORKING_DIR/app
|
|
||||||
EnvironmentFile=$CONFIG_DIR/env
|
|
||||||
ExecStart=uvicorn main:app \\
|
|
||||||
--env-file /etc/fastapi-dls/env \\
|
|
||||||
--host \$DLS_URL --port \$DLS_PORT \\
|
|
||||||
--app-dir $WORKING_DIR/app \\
|
|
||||||
--ssl-keyfile /etc/fastapi-dls/webserver.key \\
|
|
||||||
--ssl-certfile /etc/fastapi-dls/webserver.crt \\
|
|
||||||
--proxy-headers
|
|
||||||
Restart=always
|
|
||||||
KillSignal=SIGQUIT
|
|
||||||
Type=simple
|
|
||||||
NotifyAccess=all
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
systemctl daemon-reload
|
|
||||||
|
|
||||||
# normally we would define configfiles in `conffiles` and as separate file, but we like to keep thinks simple.
|
|
||||||
if [[ ! -f $CONFIG_DIR/env ]]; then
|
|
||||||
echo "> Writing initial config ..."
|
|
||||||
touch $CONFIG_DIR/env
|
|
||||||
cat <<EOF >$CONFIG_DIR/env
|
|
||||||
# Toggle debug mode
|
|
||||||
#DEBUG=false
|
|
||||||
|
|
||||||
# Where the client can find the DLS server
|
|
||||||
DLS_URL=127.0.0.1
|
|
||||||
DLS_PORT=443
|
|
||||||
|
|
||||||
# CORS configuration
|
|
||||||
## comma separated list without spaces
|
|
||||||
#CORS_ORIGINS="https://$DLS_URL:$DLS_PORT"
|
|
||||||
|
|
||||||
# Lease expiration in days
|
|
||||||
LEASE_EXPIRE_DAYS=90
|
|
||||||
|
|
||||||
# Database location
|
|
||||||
## https://docs.sqlalchemy.org/en/14/core/engines.html
|
|
||||||
DATABASE=sqlite:///$CONFIG_DIR/db.sqlite
|
|
||||||
|
|
||||||
# UUIDs for identifying the instance
|
|
||||||
#SITE_KEY_XID="00000000-0000-0000-0000-000000000000"
|
|
||||||
#INSTANCE_REF="00000000-0000-0000-0000-000000000000"
|
|
||||||
|
|
||||||
# Site-wide signing keys
|
|
||||||
INSTANCE_KEY_RSA=$CONFIG_DIR/instance.private.pem
|
|
||||||
INSTANCE_KEY_PUB=$CONFIG_DIR/instance.public.pem
|
|
||||||
|
|
||||||
EOF
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "> Create dls-instance keypair ..."
|
echo "> Create dls-instance keypair ..."
|
||||||
openssl genrsa -out $CONFIG_DIR/instance.private.pem 2048
|
openssl genrsa -out $CONFIG_DIR/instance.private.pem 2048
|
||||||
openssl rsa -in $CONFIG_DIR/instance.private.pem -outform PEM -pubout -out $CONFIG_DIR/instance.public.pem
|
openssl rsa -in $CONFIG_DIR/instance.private.pem -outform PEM -pubout -out $CONFIG_DIR/instance.public.pem
|
||||||
|
else
|
||||||
|
echo "> Create dls-instance keypair skipped! (exists)"
|
||||||
|
fi
|
||||||
|
|
||||||
while true; do
|
while true; do
|
||||||
read -p "> Do you wish to create self-signed webserver certificate? [Y/n]" yn
|
[[ -f $CONFIG_DIR/webserver.key ]] && default_answer="N" || default_answer="Y"
|
||||||
yn=${yn:-y} # ${parameter:-word} If parameter is unset or null, the expansion of word is substituted. Otherwise, the value of parameter is substituted.
|
[[ $default_answer == "Y" ]] && V="Y/n" || V="y/N"
|
||||||
|
read -p "> Do you wish to create self-signed webserver certificate? [${V}]" yn
|
||||||
|
yn=${yn:-$default_answer} # ${parameter:-word} If parameter is unset or null, the expansion of word is substituted. Otherwise, the value of parameter is substituted.
|
||||||
case $yn in
|
case $yn in
|
||||||
[Yy]*)
|
[Yy]*)
|
||||||
|
echo "> Generating keypair ..."
|
||||||
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout $CONFIG_DIR/webserver.key -out $CONFIG_DIR/webserver.crt
|
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout $CONFIG_DIR/webserver.key -out $CONFIG_DIR/webserver.crt
|
||||||
break
|
break
|
||||||
;;
|
;;
|
||||||
[Nn]*) break ;;
|
[Nn]*) echo "> Generating keypair skipped! (exists)"; break ;;
|
||||||
*) echo "Please answer [y] or [n]." ;;
|
*) echo "Please answer [y] or [n]." ;;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
@ -46,7 +46,10 @@ build:apt:
|
|||||||
- cp README.md version.env build/usr/share/fastapi-dls
|
- cp README.md version.env build/usr/share/fastapi-dls
|
||||||
# create conf file
|
# create conf file
|
||||||
- mkdir -p build/etc/fastapi-dls
|
- mkdir -p build/etc/fastapi-dls
|
||||||
- touch build/etc/fastapi-dls/env
|
- cp .DEBIAN/env.default build/etc/fastapi-dls/env
|
||||||
|
# create service file
|
||||||
|
- mkdir -p build/etc/systemd/system
|
||||||
|
- cp .DEBIAN/fastapi-dls.service build/etc/systemd/system
|
||||||
# cd into "build/"
|
# cd into "build/"
|
||||||
- cd build/
|
- cd build/
|
||||||
script:
|
script:
|
||||||
@ -142,6 +145,7 @@ test:
|
|||||||
--proxy-headers &
|
--proxy-headers &
|
||||||
- FASTAPI_DLS_PID=$!
|
- FASTAPI_DLS_PID=$!
|
||||||
- echo "Started service with pid $FASTAPI_DLS_PID"
|
- echo "Started service with pid $FASTAPI_DLS_PID"
|
||||||
|
- cat /etc/fastapi-dls/env
|
||||||
# testing service
|
# testing service
|
||||||
- if [ "`curl --insecure -s https://127.0.0.1/-/health | jq .status`" != "up" ]; then echo "Success"; else "Error"; fi
|
- if [ "`curl --insecure -s https://127.0.0.1/-/health | jq .status`" != "up" ]; then echo "Success"; else "Error"; fi
|
||||||
# cleanup
|
# cleanup
|
||||||
|
Loading…
Reference in New Issue
Block a user