PR#4853: Add nginx configuration variant and split webserver configuration in packaging - pagure

pagure

#4853 Add nginx configuration variant and split webserver configuration in packaging

Merged 3 years ago by pingou. Opened 3 years ago by ngompa.

ngompa/pagure nginx-config into master

Add nginx configuration variant and split webserver configuration in packaging

Neal Gompa • 3 years ago

21c6267

Rename the apache httpd configuration file

Neal Gompa • 3 years ago

9392ab3

files/pagure-apache-httpd.conf ~~files/pagure.conf~~

file renamed

file was moved with no change to the file

files/pagure-nginx.conf

file added

+75

		`@@ -0,0 +1,75 @@`
		`+ #server {`
		`+ #listen 80;`
		`+ #server_name docs.localhost.localdomain;`
		`+ #return 301 https://docs.localhost.localdomain$request_uri;`
		`+ #}`
		`+`
		`+ #server {`
		`+ #listen 443 ssl;`
		`+`
		`+ #server_name docs.localhost.localdomain;`
		`+`
		`+ #access_log /var/log/nginx/pagure_docs.access.log;`
		`+ #error_log /var/log/nginx/pagure_docs.error.log;`
		`+`
		`+ #ssl_certificate /etc/pki/tls/....crt`
		`+ #ssl_certificate_key /etc/pki/tls/....key`
		`+`
		`+ #location @pagure_docs {`
		`+ #proxy_set_header Host $http_host;`
		`+ #proxy_set_header X-Real-IP $remote_addr;`
		`+ #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
		`+ #proxy_set_header X-Forwarded-Proto $scheme;`
		`+ #proxy_pass http://unix:/tmp/pagure_docs_web.sock;`
		`+ #}`
		`+`
		`+ #location / {`
		`+ #try_files $uri @pagure_docs;`
		`+ #}`
		`+`
		`+ #location /static {`
		`+ #alias /usr/lib/pythonX.Y/site-packages/pagure/static/;`
		`+ #try_files $uri $uri/;`
		`+ #}`
		`+`
		`+ #}`
		`+`
		`+ #server {`
		`+ #listen 80;`
		`+ #server_name localhost.localdomain;`
		`+ #return 301 https://localhost.localdomain$request_uri;`
		`+ #}`
		`+`
		`+ #server {`
		`+ #listen 443 ssl;`
		`+`
		`+ #server_name localhost.localdomain;`
		`+`
		`+ #access_log /var/log/nginx/pagure.access.log;`
		`+ #error_log /var/log/nginx/pagure.error.log;`
		`+`
		`+ #ssl_certificate /etc/pki/tls/....crt`
		`+ #ssl_certificate_key /etc/pki/tls/....key`
		`+`
		`+ #location @pagure {`
		`+ #proxy_set_header Host $http_host;`
		`+ #proxy_set_header X-Real-IP $remote_addr;`
		`+ #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
		`+ #proxy_set_header X-Forwarded-Proto $scheme;`
		`+ #proxy_pass http://unix:/tmp/pagure_web.sock;`
		`+ #}`
		`+`
		`+ #location / {`
		`+ #try_files $uri @pagure;`
		`+ #}`
		`+`
		`+ #location /static {`
		`+ #alias /usr/lib/pythonX.Y/site-packages/pagure/static/;`
		`+ #}`
		`+`
		`+ #location /releases {`
		`+ #alias /var/www/releases/;`
		`+ #autoindex on;`
		`+ #}`
		`+`
		`+ #}`

files/pagure.spec

file modified

+85 -13

		`@@ -78,12 +78,6 @@`
		`Requires: python%{python_pkgversion}-wtforms`
		`%endif`

		`- %if 0%{?rhel} && 0%{?rhel} < 8`
		`- Requires: mod_wsgi`
		`- %else`
		`- Requires: python%{python_pkgversion}-mod_wsgi`
		`- %endif`
		`-`
		`%{?systemd_requires}`

		`# No dependency of the app per se, but required to make it working.`
		`@@ -97,6 +91,32 @@`
		`create/merge pull-requests across or within projects.`


		`+ %package web-apache-httpd`
		`+ Summary: Apache HTTPD configuration for Pagure`
		`+ BuildArch: noarch`
		`+ Requires: %{name} = %{version}-%{release}`
		`+ Requires: httpd-filesystem`
		`+ %if 0%{?rhel} && 0%{?rhel} < 8`
		`+ Requires: mod_wsgi`
		`+ %else`
		`+ Requires: python%{python_pkgversion}-mod_wsgi`
		`+ %endif`
		`+ %description web-apache-httpd`
		`+ This package provides the configuration files for deploying`
		`+ a Pagure server using the Apache HTTPD server.`
		`+`
		`+`
		`+ %package web-nginx`
		`+ Summary: Nginx configuration for Pagure`
		`+ BuildArch: noarch`
		`+ Requires: %{name} = %{version}-%{release}`
		`+ Requires: nginx-filesystem`
		`+ Requires: python%{python_pkgversion}-gunicorn`
		`+ %description web-nginx`
		`+ This package provides the configuration files for deploying`
		`+ a Pagure server using the Nginx web server.`
		`+`
		`+`
		`%package theme-pagureio`
		`Summary: Web interface theme used for Pagure.io`
		`BuildArch: noarch`
		`@@ -227,7 +247,11 @@`

		`# Install apache configuration file`
		`mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/`
		`- install -p -m 644 files/pagure.conf $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/pagure.conf`
		`+ install -p -m 644 files/pagure-apache-httpd.conf $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/pagure.conf`
		`+`
		`+ # Install nginx configuration file`
		`+ mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/nginx/conf.d/`
		`+ install -p -m 644 files/pagure-nginx.conf $RPM_BUILD_ROOT/%{_sysconfdir}/nginx/conf.d/pagure.conf`

		`# Install configuration file`
		`mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/pagure`
		`@@ -258,6 +282,16 @@`
		`# Install the alembic revisions`
		`cp -r alembic $RPM_BUILD_ROOT/%{_datadir}/pagure`

		`+ # Install the systemd file for the web frontend`
		`+ mkdir -p $RPM_BUILD_ROOT/%{_unitdir}`
		`+ install -p -m 644 files/pagure_web.service \`
		`+ $RPM_BUILD_ROOT/%{_unitdir}/pagure_web.service`
		`+`
		`+ # Install the systemd file for the docs web frontend`
		`+ mkdir -p $RPM_BUILD_ROOT/%{_unitdir}`
		`+ install -p -m 644 files/pagure_docs_web.service \`
		`+ $RPM_BUILD_ROOT/%{_unitdir}/pagure_docs_web.service`
		`+`
		`# Install the systemd file for the worker`
		`mkdir -p $RPM_BUILD_ROOT/%{_unitdir}`
		`install -p -m 644 files/pagure_worker.service \`
		`@@ -332,16 +366,32 @@`
		`sed -e "s\|/usr/bin/python\|%{__python}\|g" -i $RPM_BUILD_ROOT/%{_unitdir}/*.service`

		`%if 0%{?rhel} && 0%{?rhel} < 8`
		`- # Change to correct static file path for apache httpd`
		`- sed -e "s/pythonX.Y/python%{python2_version}/g" -i $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/pagure.conf`
		`+ # Change to correct static file path for apache httpd and nginx`
		`+ sed -e "s/pythonX.Y/python%{python2_version}/g" -i \`
		`+ $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/pagure.conf \`
		`+ $RPM_BUILD_ROOT/%{_sysconfdir}/nginx/conf.d/pagure.conf`
		`%else`
		`# Switch all systemd units to use the correct celery`
		`sed -e "s\|/usr/bin/celery\|/usr/bin/celery-3\|g" -i $RPM_BUILD_ROOT/%{_unitdir}/*.service`

		`- # Change to correct static file path for apache httpd`
		`- sed -e "s/pythonX.Y/python%{python3_version}/g" -i $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/pagure.conf`
		`+ # Switch all systemd units to use the correct gunicorn`
		`+ sed -e "s\|/usr/bin/gunicorn\|/usr/bin/gunicorn-3\|g" -i $RPM_BUILD_ROOT/%{_unitdir}/*.service`
		`+`
		`+ # Change to correct static file path for apache httpd and nginx`
		`+ sed -e "s/pythonX.Y/python%{python3_version}/g" -i \`
		`+ $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/pagure.conf \`
		`+ $RPM_BUILD_ROOT/%{_sysconfdir}/nginx/conf.d/pagure.conf`
		`%endif`

		`+ # Make log directories`
		`+ mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/log/pagure`
		`+ logfiles="web docs_web"`
		`+`
		`+ for logfile in $logfiles; do`
		`+ touch $RPM_BUILD_ROOT/%{_localstatedir}/log/pagure/access_${logfile}.log`
		`+ touch $RPM_BUILD_ROOT/%{_localstatedir}/log/pagure/error_${logfile}.log`
		`+ done`
		`+`
		`# Regenerate missing symlinks (really needed for upgrades from pagure < 5.0)`
		`runnerhooks="post-receive pre-receive"`

		`@@ -355,6 +405,9 @@`
		`%systemd_post pagure_gitolite_worker.service`
		`%systemd_post pagure_api_key_expire_mail.timer`
		`%systemd_post pagure_mirror_project_in.timer`
		`+ %post web-nginx`
		`+ %systemd_post pagure_web.service`
		`+ %systemd_post pagure_docs_web.service`
		`%post milters`
		`%systemd_post pagure_milter.service`
		`%post ev`
		`@@ -375,6 +428,9 @@`
		`%systemd_preun pagure_gitolite_worker.service`
		`%systemd_preun pagure_api_key_expire_mail.timer`
		`%systemd_preun pagure_mirror_project_in.timer`
		`+ %preun web-nginx`
		`+ %systemd_preun pagure_web.service`
		`+ %systemd_preun pagure_docs_web.service`
		`%preun milters`
		`%systemd_preun pagure_milter.service`
		`%preun ev`
		`@@ -395,6 +451,9 @@`
		`%systemd_postun_with_restart pagure_gitolite_worker.service`
		`%systemd_postun pagure_api_key_expire_mail.timer`
		`%systemd_postun pagure_mirror_project_in.timer`
		`+ %postun web-nginx`
		`+ %systemd_postun_with_restart pagure_web.service`
		`+ %systemd_postun_with_restart pagure_docs_web.service`
		`%postun milters`
		`%systemd_postun_with_restart pagure_milter.service`
		`%postun ev`
		`@@ -414,12 +473,10 @@`
		`%files`
		`%doc README.rst UPGRADING.rst doc/`
		`%license LICENSE`
		`- %config(noreplace) %{_sysconfdir}/httpd/conf.d/pagure.conf`
		`%config(noreplace) %{_sysconfdir}/pagure/pagure.cfg`
		`%config(noreplace) %{_sysconfdir}/pagure/alembic.ini`
		`%dir %{_sysconfdir}/pagure/`
		`%dir %{_datadir}/pagure/`
		`- %config(noreplace) %{_datadir}/pagure/*.wsgi`
		`%{_datadir}/pagure/.py`
		`%if ! (0%{?rhel} && 0%{?rhel} < 8)`
		`%{_datadir}/pagure/__pycache__/`
		`@@ -440,6 +497,21 @@`
		`%{_unitdir}/pagure_mirror_project_in.timer`


		`+ %files web-apache-httpd`
		`+ %license LICENSE`
		`+ %config(noreplace) %{_sysconfdir}/httpd/conf.d/pagure.conf`
		`+ %config(noreplace) %{_datadir}/pagure/*.wsgi`
		`+`
		`+`
		`+ %files web-nginx`
		`+ %license LICENSE`
		`+ %config(noreplace) %{_sysconfdir}/nginx/conf.d/pagure.conf`
		`+ %{_unitdir}/pagure_web.service`
		`+ %{_unitdir}/pagure_docs_web.service`
		`+ %dir %{_localstatedir}/log/pagure`
		`+ %ghost %{_localstatedir}/log/pagure/*.log`
		`+`
		`+`
		`%files theme-pagureio`
		`%license LICENSE`
		`%{python_sitelib}/pagure/themes/pagureio/`

files/pagure_docs_web.service

file added

+16

		`@@ -0,0 +1,16 @@`
		`+ [Unit]`
		`+ Description=Pagure docs web application`
		`+ After=postgresql.service mariadb.service mysqld.service redis.target`
		`+ Documentation=https://pagure.io/pagure`
		`+`
		`+`
		`+ [Service]`
		`+ ExecStart=/usr/bin/gunicorn --workers 4 --env PAGURE_CONFIG=/etc/pagure/pagure.cfg --access-logfile /var/log/pagure/access_docs_web.log --error-logfile /var/log/pagure/error_docs_web.log --bind unix:/tmp/pagure_docs_web.sock pagure.docs_server:APP`
		`+ Type=simple`
		`+ User=git`
		`+ Group=git`
		`+ Restart=on-failure`
		`+`
		`+`
		`+ [Install]`
		`+ WantedBy=multi-user.target`

files/pagure_web.service

file added

+16

		`@@ -0,0 +1,16 @@`
		`+ [Unit]`
		`+ Description=Pagure web application`
		`+ After=postgresql.service mariadb.service mysqld.service redis.target`
		`+ Documentation=https://pagure.io/pagure`
		`+`
		`+`
		`+ [Service]`
		`+ ExecStart=/usr/bin/gunicorn --workers 4 --env PAGURE_CONFIG=/etc/pagure/pagure.cfg --access-logfile /var/log/pagure/access_web.log --error-logfile /var/log/pagure/error_web.log --bind unix:/tmp/pagure_web.sock "pagure.flask_app:create_app()"`
		`+ Type=simple`
		`+ User=git`
		`+ Group=git`
		`+ Restart=on-failure`
		`+`
		`+`
		`+ [Install]`
		`+ WantedBy=multi-user.target`

ngompa commented 3 years ago

This change adds a working nginx configuration for Pagure using
nginx and gunicorn. In addition, to support Pagure deployments
using either configuration, the webserver configuration files
have been split out into their own subpackages.

ngompa commented 3 years ago

This is built on top of #4848, as this configuration requires the changes in that code.

9 new commits added

Add nginx configuration variant and split webserver configuration in packaging
Rename the apache httpd configuration file
Drop the proxying to git-http-backend via the apache configuration file
Adjust the realm sent back based on the auth configured
Add tests for the http-base push
Make the tests PagureFlaskApiIssuetests.test_api_assign_issue more robust
If pagure is set up for local auth, allow git push via https using it
Move the logic checking if the username and password are valid to pagure.lib
Add support for git push via http using basic auth relying on API token

3 years ago

9 new commits added

Add nginx configuration variant and split webserver configuration in packaging
Rename the apache httpd configuration file
Drop the proxying to git-http-backend via the apache configuration file
Adjust the realm sent back based on the auth configured
Add tests for the http-base push
Make the tests PagureFlaskApiIssuetests.test_api_assign_issue more robust
If pagure is set up for local auth, allow git push via https using it
Move the logic checking if the username and password are valid to pagure.lib
Add support for git push via http using basic auth relying on API token

3 years ago

9 new commits added

Add nginx configuration variant and split webserver configuration in packaging
Rename the apache httpd configuration file
Drop the proxying to git-http-backend via the apache configuration file
Adjust the realm sent back based on the auth configured
Add tests for the http-base push
Make the tests PagureFlaskApiIssuetests.test_api_assign_issue more robust
If pagure is set up for local auth, allow git push via https using it
Move the logic checking if the username and password are valid to pagure.lib
Add support for git push via http using basic auth relying on API token

3 years ago

9 new commits added

Add nginx configuration variant and split webserver configuration in packaging
Rename the apache httpd configuration file
Drop the proxying to git-http-backend via the apache configuration file
Adjust the realm sent back based on the auth configured
Add tests for the http-base push
Make the tests PagureFlaskApiIssuetests.test_api_assign_issue more robust
If pagure is set up for local auth, allow git push via https using it
Move the logic checking if the username and password are valid to pagure.lib
Add support for git push via http using basic auth relying on API token

3 years ago

9 new commits added

Add nginx configuration variant and split webserver configuration in packaging
Rename the apache httpd configuration file
Drop the proxying to git-http-backend via the apache configuration file
Adjust the realm sent back based on the auth configured
Add tests for the http-base push
Make the tests PagureFlaskApiIssuetests.test_api_assign_issue more robust
If pagure is set up for local auth, allow git push via https using it
Move the logic checking if the username and password are valid to pagure.lib
Add support for git push via http using basic auth relying on API token