From f813682d3341613fa28493ff85deb66933dd5068 Mon Sep 17 00:00:00 2001 From: Denis Lehmann Date: Sun, 12 Jun 2022 12:07:31 +0200 Subject: [PATCH 01/10] use path for secret key --- README.org | 32 ++++++++++++++++---------------- flake.nix | 9 ++++++--- raincloud/raincloud.py | 8 ++++++-- 3 files changed, 28 insertions(+), 21 deletions(-) diff --git a/README.org b/README.org index 96431e5..2883f6f 100644 --- a/README.org +++ b/README.org @@ -50,7 +50,7 @@ First set up a [[https://redis.io/][Redis]] server which will be used for server-side session caching. Then a WSGI server like [[https://gunicorn.org/][Gunicorn]] can be used to serve /raincloud/ for example like this: - : $ gunicorn "raincloud:create_app(base_path='public', secret_key='i_am_a_key', redis_url='redis://127.0.0.1:6379/0')" + : $ gunicorn "raincloud:create_app(base_path='public', secret_key_path='secret_key', redis_url='redis://127.0.0.1:6379/0')" *** NixOS @@ -71,7 +71,7 @@ services.raincloud = { enable = true; basePath = "/var/lib/raincloud"; - secretKey = "i_am_a_key"; + secretKeyPath = "/var/lib/raincloud/secret_key"; redisUrl = "unix:/run/redis-raincloud/redis.sock"; }; } @@ -79,18 +79,18 @@ All configuration options are: - | Option | Description | Type | Default value | Example | - |-----------------+---------------------------------------------------------------+-------+----------------------------+-------------------------------| - | =address= | Bind address of the server | =str= | =127.0.0.1= | =0.0.0.0= | - | =port= | Port on which the server listens | =int= | =8000= | =5000= | - | =user= | User under which the server runs | =str= | =raincloud= | =alice= | - | =group= | Group under which the server runs | =str= | =raincloud= | =users= | - | =cloudName= | Name of the raincloud | =str= | =raincloud= | =bobsCloud= | - | =basePath= | Base path of the raincloud | =str= | | =/var/lib/raincloud= | - | =secretKey= | Flask secret key | =str= | | =i_am_a_key= | - | =redisUrl= | URL of Redis database | =str= | =redis://127.0.0.1:6379/0= | =redis://my_db_server:6379/0= | - | =numWorkers= | Number of Gunicorn workers (recommendation is: 2 x #CPUs + 1) | =int= | =5= | =17= | - | =workerTimeout= | Gunicorn worker timeout | =int= | =300= | =360= | + | Option | Description | Type | Default value | Example | + |-----------------+---------------------------------------------------------------+-------+----------------------------+----------------------------------------| + | =address= | Bind address of the server | =str= | =127.0.0.1= | =0.0.0.0= | + | =port= | Port on which the server listens | =int= | =8000= | =5000= | + | =user= | User under which the server runs | =str= | =raincloud= | =alice= | + | =group= | Group under which the server runs | =str= | =raincloud= | =users= | + | =cloudName= | Name of the raincloud | =str= | =raincloud= | =bobsCloud= | + | =basePath= | Base path of the raincloud | =str= | | =/var/lib/raincloud= | + | =secretKeyPath= | Path to file containing Flask secret key | =str= | | =/var/lib/raincloud/secret_key= | + | =redisUrl= | URL of Redis database | =str= | =redis://127.0.0.1:6379/0= | =unix:/run/redis-raincloud/redis.sock= | + | =numWorkers= | Number of Gunicorn workers (recommendation is: 2 x #CPUs + 1) | =int= | =5= | =17= | + | =workerTimeout= | Gunicorn worker timeout | =int= | =300= | =360= | *** Docker @@ -116,12 +116,12 @@ /raincloud/ provides four configuration options which can be passed to =raincloud.create_app()=: - =base_path= :: Base path of the raincloud - - =secret_key= :: Flask secret key + - =secret_key_path= :: Path to file containing Flask secret key - =redis_url= :: URL of redis database (default: =redis://127.0.0.1:6379/0=) - =cloud_name= :: Cloud name (default: =raincloud=) Set them for example like this: - : >>> app = raincloud.create_app(base_path='/home/alice/public', secret_key='i_am_a_key', redis_url='redis://127.0.0.1:6379/0', cloud_name='raincloud') + : >>> app = raincloud.create_app(base_path='/home/alice/public', secret_key_path='/var/lib/raincloud/secret_key', redis_url='redis://127.0.0.1:6379/0', cloud_name='raincloud') *** =rc.conf= :properties: diff --git a/flake.nix b/flake.nix index f6f81a1..e629ca6 100644 --- a/flake.nix +++ b/flake.nix @@ -59,17 +59,20 @@ basePath = mkOption { type = types.str; + example = "/var/lib/raincloud" description = "Base path of the raincloud"; }; - secretKey = mkOption { + secretKeyPath = mkOption { type = types.str; - description = "Flask secret key"; + example = "/var/lib/raincloud/secret_key"; + description = "Path to file containing Flask secret key"; }; redisUrl = mkOption { type = types.str; default = "redis://127.0.0.1:6379/0"; + example = "unix:/run/redis-raincloud/redis.sock"; description = "URL of Redis database"; }; @@ -115,7 +118,7 @@ PermissionsStartOnly = true; ExecStart = '' - ${gunicorn}/bin/gunicorn "raincloud:create_app('${cfg.basePath}', '${cfg.secretKey}', '${cfg.redisUrl}', '${cfg.cloudName}')" \ + ${gunicorn}/bin/gunicorn "raincloud:create_app('${cfg.basePath}', '${cfg.secretKeyPath}', '${cfg.redisUrl}', '${cfg.cloudName}')" \ --workers ${toString cfg.numWorkers} \ --timeout ${toString cfg.workerTimeout} \ --bind=${cfg.address}:${toString cfg.port} diff --git a/raincloud/raincloud.py b/raincloud/raincloud.py index aa06bf6..7938e7f 100755 --- a/raincloud/raincloud.py +++ b/raincloud/raincloud.py @@ -18,12 +18,16 @@ import werkzeug def create_app( - base_path, secret_key, redis_url="redis://127.0.0.1:6379/0", cloud_name="raincloud" + base_path, + secret_key_path, + redis_url="redis://127.0.0.1:6379/0", + cloud_name="raincloud", ): # Create app app = Flask(__name__) - app.config["SECRET_KEY"] = secret_key + with open(secret_key_path, "r") as secret_key_file: + app.config["SECRET_KEY"] = secret_key_file.readline() # Create handlers dh = DirectoryHandler(base_path) From 2e4270657cc8001a4c3839d996a1718ab02ba6b1 Mon Sep 17 00:00:00 2001 From: Denis Lehmann Date: Sun, 12 Jun 2022 12:10:03 +0200 Subject: [PATCH 02/10] typo --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index e629ca6..8e00d36 100644 --- a/flake.nix +++ b/flake.nix @@ -59,7 +59,7 @@ basePath = mkOption { type = types.str; - example = "/var/lib/raincloud" + example = "/var/lib/raincloud"; description = "Base path of the raincloud"; }; From 281eca0bb04a0667f20c11e2c02dc5f40a669b54 Mon Sep 17 00:00:00 2001 From: Denis Lehmann Date: Sun, 12 Jun 2022 12:24:21 +0200 Subject: [PATCH 03/10] update README --- README.org | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/README.org b/README.org index 2883f6f..7a00310 100644 --- a/README.org +++ b/README.org @@ -55,19 +55,11 @@ *** NixOS This repository is also a [[https://nixos.wiki/wiki/Flakes][Nix Flake]] which provides a [[https://nixos.org/][NixOS]] module. - It requres a running instance of a [[https://search.nixos.org/options?query=services.redis.servers][Redis server]]. + It requires a running instance of a [[https://search.nixos.org/options?query=services.redis.servers][Redis server]]. A minimal /raincloud/ instance can be setup for example like this: #+begin_src nix raincloud.nixosModule { - # Redis - services.redis.servers."raincloud" = { - enable = true; - databases = 1; - user="raincloud"; - }; - - # Raincloud services.raincloud = { enable = true; basePath = "/var/lib/raincloud"; From f1992596bcaafbcb4df86ba5b9ccad9484372c1f Mon Sep 17 00:00:00 2001 From: Denis Lehmann Date: Sun, 12 Jun 2022 12:26:06 +0200 Subject: [PATCH 04/10] add database parameter --- README.org | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.org b/README.org index 7a00310..8caefa3 100644 --- a/README.org +++ b/README.org @@ -64,7 +64,7 @@ enable = true; basePath = "/var/lib/raincloud"; secretKeyPath = "/var/lib/raincloud/secret_key"; - redisUrl = "unix:/run/redis-raincloud/redis.sock"; + redisUrl = "unix:/run/redis-raincloud/redis.sock?db=0"; }; } #+end_src @@ -80,7 +80,7 @@ | =cloudName= | Name of the raincloud | =str= | =raincloud= | =bobsCloud= | | =basePath= | Base path of the raincloud | =str= | | =/var/lib/raincloud= | | =secretKeyPath= | Path to file containing Flask secret key | =str= | | =/var/lib/raincloud/secret_key= | - | =redisUrl= | URL of Redis database | =str= | =redis://127.0.0.1:6379/0= | =unix:/run/redis-raincloud/redis.sock= | + | =redisUrl= | URL of Redis database | =str= | =redis://127.0.0.1:6379/0= | =unix:/run/redis-raincloud/redis.sock?db=0= | | =numWorkers= | Number of Gunicorn workers (recommendation is: 2 x #CPUs + 1) | =int= | =5= | =17= | | =workerTimeout= | Gunicorn worker timeout | =int= | =300= | =360= | From 2bd0a2db203709fa52c237857cc76089b4015a34 Mon Sep 17 00:00:00 2001 From: Denis Lehmann Date: Sun, 12 Jun 2022 12:53:31 +0200 Subject: [PATCH 05/10] add redis dependency --- requirements.txt | 2 -- setup.py | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) delete mode 100644 requirements.txt diff --git a/requirements.txt b/requirements.txt deleted file mode 100644 index 1a5dc97..0000000 --- a/requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -flask -redis diff --git a/setup.py b/setup.py index 73f62bc..506da8d 100644 --- a/setup.py +++ b/setup.py @@ -6,5 +6,5 @@ setup( packages=find_packages(), include_package_data=True, zip_safe=False, - install_requires=["flask"], + install_requires=["flask", "redis"], ) From e43b7f3550d2abcb2845700db1ce414503d61d1c Mon Sep 17 00:00:00 2001 From: Denis Lehmann Date: Sun, 12 Jun 2022 13:24:56 +0200 Subject: [PATCH 06/10] update flake --- flake.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 8e00d36..613b8f9 100644 --- a/flake.nix +++ b/flake.nix @@ -119,9 +119,9 @@ ExecStart = '' ${gunicorn}/bin/gunicorn "raincloud:create_app('${cfg.basePath}', '${cfg.secretKeyPath}', '${cfg.redisUrl}', '${cfg.cloudName}')" \ + --bind=${cfg.address}:${toString cfg.port} \ --workers ${toString cfg.numWorkers} \ - --timeout ${toString cfg.workerTimeout} \ - --bind=${cfg.address}:${toString cfg.port} + --timeout ${toString cfg.workerTimeout} ''; }; }; From 8ce7a5e7ebc7db5cddc777b7fbe47762282b7e20 Mon Sep 17 00:00:00 2001 From: Denis Lehmann Date: Sun, 12 Jun 2022 13:25:10 +0200 Subject: [PATCH 07/10] add redis to container --- Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 0b0757d..185687a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,12 @@ FROM python:3.11-rc-alpine ENV cloud_name raincloud +ENV num_workers 5 ENV worker_timeout 300 COPY . /tmp/raincloud +RUN apk add redis RUN python -m venv /opt/venv RUN . /opt/venv/bin/activate && cd /tmp/raincloud && python -m pip install . RUN . /opt/venv/bin/activate && python -m pip install gunicorn @@ -13,4 +15,4 @@ RUN rm -rf /tmp/raincloud EXPOSE 8000/tcp -ENTRYPOINT . /opt/venv/bin/activate && gunicorn --timeout ${worker_timeout} --bind=0.0.0.0:8000 "raincloud:create_app(base_path='/var/www/raincloud',cloud_name='${cloud_name}')" \ No newline at end of file +ENTRYPOINT redis-server & echo $RANDOM$RANDOM | base64 > /var/raincloud_secret_key && . /opt/venv/bin/activate && gunicorn --bind=0.0.0.0:8000 --workers ${num_workers} --timeout ${worker_timeout} "raincloud:create_app(base_path='/var/www/raincloud', secret_key_path='/var/raincloud_secret_key', cloud_name='${cloud_name}')" \ No newline at end of file From 827a892568bd993c18528a0ace524f73569086b1 Mon Sep 17 00:00:00 2001 From: Denis Lehmann Date: Sun, 12 Jun 2022 13:33:02 +0200 Subject: [PATCH 08/10] update README --- README.org | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.org b/README.org index 8caefa3..0e002bc 100644 --- a/README.org +++ b/README.org @@ -100,8 +100,7 @@ : $ docker run -p :8000 -v :/var/www/raincloud -e "cloud_name=podcloud" raincloud:latest - Similarly the environment variable =worker_timeout= can be set to increase the Gunicorn worker timeout in seconds. - It's default value is =300=. + The environment variables =num_workers= (default: =5=) and =worker_timeout= (default: =300=) can be set in the same way to set the number of Gunicorn workers and their timeout in seconds. ** Configuration From 08a21fd63d78b2819e068c1b4119101f4e87b27f Mon Sep 17 00:00:00 2001 From: Denis Lehmann Date: Sun, 12 Jun 2022 21:46:24 +0200 Subject: [PATCH 09/10] update README --- README.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.org b/README.org index 0e002bc..8fcb551 100644 --- a/README.org +++ b/README.org @@ -11,7 +11,7 @@ *Features* - No users, just password protectable dynamic HTTP routes - - No database backend, just a flat directory structure + - Routes are defined by a flat directory structure - Permissions per route individually configurable via plain-text files ** Example From 0d9801b2000e58c70d47c3025e1626573aa13221 Mon Sep 17 00:00:00 2001 From: Denis Lehmann Date: Sun, 12 Jun 2022 23:07:42 +0200 Subject: [PATCH 10/10] remove logo file --- raincloud/static/logo.svg | 15 --------------- 1 file changed, 15 deletions(-) delete mode 100644 raincloud/static/logo.svg diff --git a/raincloud/static/logo.svg b/raincloud/static/logo.svg deleted file mode 100644 index c06dcc2..0000000 --- a/raincloud/static/logo.svg +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - - - - - - - - - -