Compare commits
2 Commits
12b8f797c5
...
a610da0887
Author | SHA1 | Date |
---|---|---|
barnold | a610da0887 | |
barnold | e84ebaee7a |
|
@ -1 +1,2 @@
|
|||
local-override.yml
|
||||
public/favicon.ico
|
||||
|
|
|
@ -0,0 +1,155 @@
|
|||
There are numerous ways of deploying a Mojolicious app, so this
|
||||
is just one way.
|
||||
|
||||
0. Dependencies
|
||||
|
||||
libmojolicious-perl
|
||||
pgc-db <https://tildegit.org/barnold/pgc-db>
|
||||
|
||||
1. Create a user to run the perl process.
|
||||
|
||||
The name is at your discretion, here I'm using pgc-www.
|
||||
|
||||
# adduser --no-create-home --home /var/www \
|
||||
--shell /usr/sbin/nologin --disabled-login pgc-www
|
||||
|
||||
2. Configure postgres.
|
||||
|
||||
Create a postgres user for pgc-www.
|
||||
|
||||
# su - postgres
|
||||
$ createuser --connection-limit=10 --role=pgc_user pgc-www
|
||||
|
||||
If you're using the simplest case, 'peer' authentication, then add a
|
||||
line in pg_ident.conf into the map you used for pgc-db.
|
||||
|
||||
# MAPNAME SYSTEM-USERNAME PG-USERNAME
|
||||
... ... ...
|
||||
irulanmap pgc-www pgc-www
|
||||
|
||||
Tell postgres about your edit.
|
||||
|
||||
# systemctl reload postgresql
|
||||
|
||||
At this point, pgc-www should have access to the database. Test with
|
||||
|
||||
# sudo -u pgc-www psql pg_book_catalog
|
||||
|
||||
3. Install the source code.
|
||||
|
||||
# cd /opt
|
||||
# git clone https://tildegit.org/barnold/pgc-www.git
|
||||
|
||||
At this point, the user 'pgc-www' should be able to run the app. Test with
|
||||
|
||||
# sudo -u pgc-www morbo /opt/pgc-www/script/my_app
|
||||
|
||||
and visit <http://localhost:3000> in your browser.
|
||||
|
||||
4. Optionally, provide a contact email address to site visitors.
|
||||
|
||||
Add /opt/pgc-www/local-override.yml containing e.g.
|
||||
|
||||
email-address: webmaster@example.net?Subject=Love your site!
|
||||
email-name: webmaster@example.net
|
||||
|
||||
Likewise, you can place your own favicon.ico into public/.
|
||||
|
||||
After you restart the app, your address should appear on the 'about' page
|
||||
and your favicon should appear instead of Mojolicious's.
|
||||
|
||||
5. Configure systemd to run the app under fastcgi, via socket activation.
|
||||
|
||||
Suggested unit files follow, to go into /etc/systemd/system.
|
||||
|
||||
= pgc.socket ================================
|
||||
[Unit]
|
||||
Description = PG Catalog socket
|
||||
PartOf = pgc.service
|
||||
|
||||
[Socket]
|
||||
Accept = false
|
||||
ListenStream = 127.0.0.1:8080
|
||||
RestrictAddressFamilies = AF_INET
|
||||
|
||||
[Install]
|
||||
WantedBy = sockets.target
|
||||
=============================================
|
||||
= pgc.service ===============================
|
||||
# After edit, check syntax with
|
||||
#
|
||||
# systemd-analyze verify /etc/systemd/system/pgc.service
|
||||
#
|
||||
# and load the change with
|
||||
#
|
||||
# systemctl daemon-reload
|
||||
|
||||
[Unit]
|
||||
Description = PG Catalog
|
||||
Requires = pgc.socket
|
||||
|
||||
[Service]
|
||||
User = pgc-www
|
||||
Type = simple
|
||||
Environment = MOJO_MODE="production"
|
||||
ExecStart = /opt/pgc-www/script/my_app fastcgi
|
||||
StandardInput = socket
|
||||
StandardError = journal
|
||||
|
||||
CapabilityBoundingSet =
|
||||
LockPersonality = yes
|
||||
MemoryDenyWriteExecute = yes
|
||||
NoNewPrivileges = yes
|
||||
PrivateDevices = yes
|
||||
PrivateNetwork = yes
|
||||
PrivateTmp = yes
|
||||
PrivateUsers = yes
|
||||
ProcSubset = pid
|
||||
ProtectClock = yes
|
||||
ProtectControlGroups = yes
|
||||
ProtectHome = yes
|
||||
ProtectHostname = yes
|
||||
ProtectKernelLogs = yes
|
||||
ProtectKernelModules = yes
|
||||
ProtectKernelTunables = yes
|
||||
ProtectProc = invisible
|
||||
ProtectSystem = strict
|
||||
RemoveIPC = yes
|
||||
RestrictAddressFamilies = AF_UNIX
|
||||
RestrictNamespaces = yes
|
||||
RestrictRealtime = yes
|
||||
RestrictSUIDSGID = yes
|
||||
SystemCallArchitectures = native
|
||||
SystemCallFilter = @system-service
|
||||
SystemCallFilter = ~ @privileged @resources
|
||||
UMask = 0066
|
||||
|
||||
[Install]
|
||||
WantedBy = default.target
|
||||
=============================================
|
||||
|
||||
Run
|
||||
|
||||
# systemctl daemon-reload
|
||||
# systemctl start pgc.socket
|
||||
|
||||
You can apply resource limits by running
|
||||
|
||||
# systemctl set-property pgc.socket \
|
||||
IPAddressAllow=localhost IPAddressDeny=any
|
||||
|
||||
# systemctl set-property pgc.service \
|
||||
CPUQuota=50% CPUWeight=50 MemoryHigh=128M MemoryMax=256M
|
||||
|
||||
(The values for pgc.service are wild guesses.)
|
||||
|
||||
Enable the service to start on boot.
|
||||
|
||||
# systemctl enable pgc.socket
|
||||
|
||||
6. Configure your web server
|
||||
|
||||
I use lighttpd and followed the guidance in
|
||||
<https://github.com/mojolicious/mojo/wiki/Deploying-on-Lighttpd-with-FastCGI>.
|
||||
|
||||
Comments and questions are welcome at <barnold@tilde.club>.
|
7
README
7
README
|
@ -1,9 +1,9 @@
|
|||
ABOUT
|
||||
|
||||
This is a Mojolicious web site app for looking through the catalog
|
||||
provided by Project Gutenberg <https://www.gutenberg.org/>. It uses
|
||||
the database and perl modules provided by
|
||||
<https://tildegit.org/barnold/pgc-db>.
|
||||
provided by Project Gutenberg <https://www.gutenberg.org/>. It has no
|
||||
affiliation with Project Gutenberg, it just gratefully uses the
|
||||
catalog they provide.
|
||||
|
||||
COPYING
|
||||
|
||||
|
@ -12,4 +12,3 @@ Public License, version 3
|
|||
<https://www.gnu.org/licenses/agpl-3.0.html>.
|
||||
|
||||
Comments are welcome at <barnold@tilde.club>.
|
||||
|
||||
|
|
|
@ -12,11 +12,11 @@
|
|||
</li>
|
||||
|
||||
<li>
|
||||
<%= link_to("Authors" => 'authors') %>
|
||||
<%= link_to("Authors" => 'authors', { page_number => 1}) %>
|
||||
</li>
|
||||
|
||||
<li>
|
||||
<%= link_to("Books" => 'books') %>
|
||||
<%= link_to("Books" => 'books', { page_number => 1 }) %>
|
||||
</li>
|
||||
|
||||
<li>
|
||||
|
|
Loading…
Reference in New Issue