psono/psono-fileserver
psono/psono-fileserver
1
0
Fork 0
mirror of https://gitlab.com/psono/psono-fileserver synced 2025-04-18 12:24:05 +03:00
Code

Migrated from uwsgi to Daphne

Browse Source 
Signed-off-by: Sascha Pfeiffer <sascha.pfeiffer@esaqa.com>
This commit is contained in:
Sascha Pfeiffer 2024-04-15 10:18:24 +02:00
parent 67c6985dd5
commit fed75d3de0
11 changed files with 68 additions and 160 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
DockerfileAlpine
View File

@ -20,7 +20,6 @@ RUN apk upgrade --no-cache && \
linux-headers && \
pip3 install --upgrade pip && \
pip3 install -r requirements.txt && \
pip3 install uwsgi && \
mkdir -p /root/.psono_fileserver /var/log/cron /opt/psono-shard && \
echo "*/5 * * * * ( touch /tmp/psono_fileserver_cleanup && curl --header \"Authorization: Token \$(cat /root/PSONOFS_CRON_ACCESS_KEY)\" -f http://localhost/cron/cleanup/chunks/ && touch /tmp/psono_fileserver_cleanup_success )" >> /etc/crontabs/root && \
echo "@reboot ( touch /tmp/psono_fileserver_ping && python3 /root/psono/cron.py --token \"\$(cat /root/PSONOFS_CRON_ACCESS_KEY)\" --url http://localhost && touch /tmp/psono_fileserver_ping_success )" >> /etc/crontabs/root && \

61
configs/apache/psono.pw.conf
View File

@ -1,61 +0,0 @@
ServerSignature Off
ServerTokens Prod
SSLStaplingCache shmcb:/var/run/ocsp(128000)
WSGIPythonPath /path/to/psono-fileserver/psono
<VirtualHost *:80>
ServerName dev.psono.pw
ServerSignature Off
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
</VirtualHost>
<virtualhost *:443>
ServerName dev.psono.pw
ServerAdmin webmaster@localhost
Header always add Strict-Transport-Security "max-age=15768000"
Header always append X-Frame-Options DENY
Header set X-Content-Type-Options nosniff
Header set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "same-origin"
Header set Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'self'; form-action 'self'"
SSLEngine on
# from https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=apache-2.4.18&openssl=1.0.2g&hsts=yes&profile=modern
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLCertificateKeyFile /certificate_path/to/privkey.pem
SSLCertificateFile /certificate_path/to/certificate.pem
SSLCertificateChainFile /certificate_path/to/certificate_chain.pem
ServerSignature Off
WSGIDaemonProcess dev.psono.pw python-path=/path/to/psono-fileserver/psono
WSGIProcessGroup dev.psono.pw
WSGIScriptAlias / /path/to/psono-fileserver/psono/psono/wsgi.py process-group=dev.psono.pw
WSGIPassAuthorization On
<Directory /path/to/psono-fileserver/psono/psono>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
ErrorLog /path/to/log/error.log
CustomLog /path/to/log/access.log combined
</virtualhost>

2
configs/docker/cmd.sh
View File

@ -2,4 +2,4 @@ PSONOFS_CRON_ACCESS_KEY=$(</dev/urandom tr -dc A-Za-z0-9 | head -c32)
echo "$PSONOFS_CRON_ACCESS_KEY" > /root/PSONOFS_CRON_ACCESS_KEY
crond -b -L /var/log/cron/cron.log
# tail -f /var/log/cron/cron.log &
python3 /root/psono/manage.py migrate && uwsgi --ini /root/configs/docker/psono_uwsgi_port.ini
python3 /root/psono/manage.py migrate && cd /root/psono && daphne -b 0.0.0.0 -p 80 psono.asgi:application

8
configs/docker/psono_uwsgi_port.ini
View File

@ -1,8 +0,0 @@
[uwsgi]
http-socket = :80
chdir = /root/psono
module = psono.wsgi
master = true
processes = 10
die-on-term = true

46
configs/nginx/psono.pw.conf
View File

@ -1,46 +0,0 @@
upstream django {
server unix:///tmp/psono.sock;
}
server {
listen 80;
server_name dev.psono.pw;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name dev.psono.pw;
# from https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.10.0&openssl=1.0.2g&hsts=yes&profile=modern
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_session_timeout 1d;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
# Enable the following line only if you know what you are doing :)
# add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header Referrer-Policy same-origin;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'self'; form-action 'self'";
ssl_certificate /path/to/fullchain.pem;
ssl_certificate_key /path/to/privkey.pem;
location / {
uwsgi_pass django;
include /path/to/psono-fileserver/configs/nginx/uwsgi_params;
}
}

20
configs/nginx/psono_uwsgi_socket.ini
View File

@ -1,20 +0,0 @@
[uwsgi]
# Django-related settings
# the base directory (full path)
chdir = /root/psono
# Django's wsgi file
module = psono.wsgi
# the virtualenv (full path)
# home = /path/to/virtualenv
# process-related settings
# master
master = true
# maximum number of worker processes
processes = 10
# the socket (use the full path to be safe
socket = /tmp/psono.sock
# ... with appropriate permissions - may be needed
chmod-socket = 666
# clear environment on exit
vacuum = true

16
configs/nginx/uwsgi_params
View File

@ -1,16 +0,0 @@
uwsgi_param QUERY_STRING $query_string;
uwsgi_param REQUEST_METHOD $request_method;
uwsgi_param CONTENT_TYPE $content_type;
uwsgi_param CONTENT_LENGTH $content_length;
uwsgi_param REQUEST_URI $request_uri;
uwsgi_param PATH_INFO $document_uri;
uwsgi_param DOCUMENT_ROOT $document_root;
uwsgi_param SERVER_PROTOCOL $server_protocol;
uwsgi_param REQUEST_SCHEME $scheme;
uwsgi_param HTTPS $https if_not_empty;
uwsgi_param REMOTE_ADDR $remote_addr;
uwsgi_param REMOTE_PORT $remote_port;
uwsgi_param SERVER_PORT $server_port;
uwsgi_param SERVER_NAME $server_name;

16
psono/psono/asgi.py Normal file
View File

@ -0,0 +1,16 @@
"""
ASGI config for mysite project.
It exposes the ASGI callable as a module-level variable named ``application``.
For more information on this file, see
https://docs.djangoproject.com/en/3.2/howto/deployment/asgi/
"""
import os
from django.core.asgi import get_asgi_application
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "psono.settings")
application = get_asgi_application()

3
psono/psono/settings.py
View File

@ -125,6 +125,7 @@ AVAILABLE_FILESYSTEMS = {
# Application definition
INSTALLED_APPS = [
'daphne',
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
@ -262,7 +263,7 @@ TEMPLATES = [
]
WSGI_APPLICATION = 'psono.wsgi.application'
ASGI_APPLICATION = "psono.asgi.application"
# Database
# https://docs.djangoproject.com/en/2.0/ref/settings/#databases

1
requirements.in
View File

@ -1,3 +1,4 @@
daphne==4.1.2
django==4.2.11
djangorestframework==3.14.0
django-rest-auth==0.9.5

54
requirements.txt
View File

@ -1,6 +1,6 @@
#
# This file is autogenerated by pip-compile with python 3.10
# To update, run:
# This file is autogenerated by pip-compile with Python 3.11
# by the following command:
#
# pip-compile --output-file=requirements.txt requirements.in
#
@ -9,9 +9,20 @@ apache-libcloud==3.8.0
# -r requirements.in
# django-storages
asgiref==3.7.2
# via django
# via
# daphne
# django
async-timeout==4.0.2
# via redis
attrs==23.2.0
# via
# automat
# service-identity
# twisted
autobahn==23.6.2
# via daphne
automat==22.10.0
# via twisted
azure-core==1.26.1
# via
# azure-storage-blob
@ -41,11 +52,18 @@ cffi==1.15.1
# pynacl
charset-normalizer==2.0.12
# via requests
constantly==23.10.4
# via twisted
cryptography==42.0.4
# via
# autobahn
# azure-storage-blob
# paramiko
# pyjwt
# pyopenssl
# service-identity
daphne==4.1.2
# via -r requirements.in
defusedxml==0.7.1
# via python3-openid
django==4.2.11
@ -97,8 +115,17 @@ google-resumable-media==2.7.0
# via google-cloud-storage
googleapis-common-protos==1.56.4
# via google-api-core
hyperlink==21.0.0
# via
# autobahn
# twisted
idna==3.7
# via requests
# via
# hyperlink
# requests
# twisted
incremental==22.10.0
# via twisted
isodate==0.6.1
# via msrest
jmespath==0.10.0
@ -127,8 +154,11 @@ pyasn1==0.4.8
# via
# pyasn1-modules
# rsa
# service-identity
pyasn1-modules==0.2.8
# via google-auth
# via
# google-auth
# service-identity
pycparser==2.21
# via cffi
pyjwt[crypto]==2.7.0
@ -137,6 +167,8 @@ pynacl==1.5.0
# via
# -r requirements.in
# paramiko
pyopenssl==24.1.0
# via twisted
python-dateutil==2.8.2
# via
# -r requirements.in
@ -167,21 +199,31 @@ rsa==4.9
# via google-auth
s3transfer==0.10.0
# via boto3
service-identity==24.1.0
# via twisted
six==1.16.0
# via
# automat
# azure-core
# django-rest-auth
# isodate
# python-dateutil
sqlparse==0.4.4
# via django
twisted[tls]==24.3.0
# via daphne
txaio==23.1.1
# via autobahn
typing-extensions==4.4.0
# via
# asgiref
# azure-core
# twisted
urllib3==1.26.18
# via
# botocore
# requests
zope-interface==6.3
# via twisted
# The following packages are considered to be unsafe in a requirements file:
# setuptools