commit 5b2a6d0e560dcf5a7eca3b3d37ca3504170c954f
parent 1554330bce1add0459eee1ded71f75d0c78d1cc9
Author: Andreas Gruhler <agruhl@gmx.ch>
Date: Sun, 16 Mar 2025 20:28:40 +0100
feat(meta): use uwsgi
Diffstat:
6 files changed, 45 insertions(+), 6 deletions(-)
diff --git a/docker/docker-meta/Dockerfile b/docker/docker-meta/Dockerfile
@@ -1,11 +1,18 @@
# https://man.sr.ht/hacking.md
FROM docker.io/alpine:3.20
+# Set sr.ht versions
ARG CORE_VERSION="0.75.7"
ENV CORE_VERSION="$CORE_VERSION"
ARG META_VERSION="0.72.1"
ENV META_VERSION="$META_VERSION"
+# Set user and group
+ARG user=meta
+ARG group=meta
+ARG uid=1000
+ARG gid=1000
+
# Install the officially documented dependencies
RUN apk update && apk add --no-cache git make go sassc minify
@@ -37,3 +44,5 @@ RUN mkdir -p /etc/sr.ht
RUN cp /meta/config.example.ini /etc/sr.ht/config.ini
ENV PYTHONPATH=/core:/meta
+
+USER ${uid}:${gid}
diff --git a/docker/docker-todo/Dockerfile b/docker/docker-todo/Dockerfile
@@ -1,11 +1,18 @@
# https://man.sr.ht/hacking.md
FROM docker.io/alpine:3.20
+# Set sr.ht versions
ARG CORE_VERSION="0.75.7"
ENV CORE_VERSION="$CORE_VERSION"
ARG TODO_VERSION="0.77.4"
ENV TODO_VERSION="$TODO_VERSION"
+# Set user and group
+ARG user=meta
+ARG group=meta
+ARG uid=1000
+ARG gid=1000
+
# Install the officially documented dependencies
RUN apk update && apk add --no-cache git make go sassc minify
@@ -41,3 +48,5 @@ RUN mkdir -p /etc/sr.ht
RUN cp /todo/config.example.ini /etc/sr.ht/config.ini
ENV PYTHONPATH=/core:/todo
+
+USER ${uid}:${gid}
diff --git a/hcl/default/meta/meta.nomad b/hcl/default/meta/meta.nomad
@@ -77,8 +77,8 @@ job "meta" {
config {
image = "127.0.0.1:5000/meta:0.72.1"
- command = "python3"
- args = ["/meta/run.py"]
+ command = "uwsgi"
+ args = ["${NOMAD_TASK_DIR}/uwsgi.ini"]
force_pull = true
ports = ["web"]
volumes = [
@@ -88,6 +88,10 @@ job "meta" {
}
template {
+ destination = "${NOMAD_TASK_DIR}/uwsgi.ini"
+ data = file("./templates/uwsgi.ini.tmpl")
+ }
+ template {
destination = "${NOMAD_TASK_DIR}/config.ini"
data = file("./templates/config.ini.tmpl")
}
diff --git a/hcl/default/meta/templates/config.ini.tmpl b/hcl/default/meta/templates/config.ini.tmpl
@@ -12,7 +12,7 @@ site-info=https://p0c.ch
site-blurb=proof of concepts for fun and profit
#
# If this != production, we add a banner to each page
-environment=development
+environment=production
#
# Contact information for the site owners
owner-name=Andreas Gruhler
@@ -50,6 +50,10 @@ security-address=contact@p0c.ch
# from the service URL: each service is assumed to be a sub-domain of the global
# domain, i.e. of the form `meta.globaldomain.com`.
global-domain=
+#
+# Path to static asses (default PREFIX from make installation)
+# https://git.sr.ht/~sircmpwn/core.sr.ht/tree/master/item/Makefile
+assets=/usr/local/share/sourcehut
[abused]
#
@@ -116,8 +120,8 @@ private-key={{with secret "kv/meta"}}{{index .Data.data.webhook_private_key}}{{e
origin=https://meta.p0c.ch
#
# Address and port to bind the debug server to
-debug-host=0.0.0.0
-debug-port={{ env "NOMAD_PORT_web" }}
+#debug-host=0.0.0.0
+#debug-port={{ env "NOMAD_PORT_web" }}
#
# Configures the SQLAlchemy connection string for the database.
connection-string=postgresql://meta:{{with secret "kv/meta"}}{{index .Data.data.postgresql_password}}{{end}}:@turris/meta
diff --git a/hcl/default/meta/templates/nginx.conf.tmpl b/hcl/default/meta/templates/nginx.conf.tmpl
@@ -8,14 +8,18 @@ server {
ssl_certificate_key /etc/letsencrypt/live/meta.p0c.ch/privkey.pem;
location / {
- proxy_pass http://{{ env "NOMAD_ADDR_web" }};
+ # https://uwsgi-docs.readthedocs.io/en/latest/WSGIquickstart.html#putting-behind-a-full-webserver
+ include uwsgi_params;
+ uwsgi_pass {{ env "NOMAD_ADDR_web" }};
}
location /query {
+ # the API is a binary, no uwsgi app
proxy_pass http://{{ env "NOMAD_ADDR_api" }};
}
location /static {
+ # static assets are served from the allocations ephemeral disk
root /alloc/data;
}
}
diff --git a/hcl/default/meta/templates/uwsgi.ini.tmpl b/hcl/default/meta/templates/uwsgi.ini.tmpl
@@ -0,0 +1,9 @@
+[uwsgi]
+# https://uwsgi-docs.readthedocs.io/en/latest/WSGIquickstart.html#putting-behind-a-full-webserver
+plugins = python3
+socket = :{{ env "NOMAD_PORT_web" }}
+wsgi-file = /meta/metasrht/app.py
+callable = app
+master = true
+processes = 2
+threads = 1
