From 3f6dd74e33fbecfeb8dba40570e6dc41477f9e4e Mon Sep 17 00:00:00 2001
From: "Prof. Jayanth R Varma" <jrvarma@gmail.com>
Date: Wed, 7 Nov 2018 02:18:46 +0530
Subject: [PATCH] Add example config for using using nginx with uwsgi

---
 example-configs/nginx-uwsgi/etesync.ini       | 15 ++++++++++
 .../nginx-uwsgi/my.server.name.conf           | 30 +++++++++++++++++++
 example-configs/nginx-uwsgi/readme.md         | 20 +++++++++++++
 example-configs/nginx-uwsgi/uwsgi.service     | 15 ++++++++++
 4 files changed, 80 insertions(+)
 create mode 100644 example-configs/nginx-uwsgi/etesync.ini
 create mode 100644 example-configs/nginx-uwsgi/my.server.name.conf
 create mode 100644 example-configs/nginx-uwsgi/readme.md
 create mode 100644 example-configs/nginx-uwsgi/uwsgi.service

diff --git a/example-configs/nginx-uwsgi/etesync.ini b/example-configs/nginx-uwsgi/etesync.ini
new file mode 100644
index 0000000..e79eeee
--- /dev/null
+++ b/example-configs/nginx-uwsgi/etesync.ini
@@ -0,0 +1,15 @@
+# uwsgi configuration file
+# typical location of this file would be /etc/uwsgi/sites/etesync.ini
+
+[uwsgi]
+socket = /path/to/etesync_server.sock
+chown-socket = EtesyncUser:www-data
+chmod-socket = 660
+vacuum = true
+
+
+uid = EtesyncUser
+chdir = /path/to/etesync
+home = %(chdir)/.venv
+module = etesync_server.wsgi
+master = true
diff --git a/example-configs/nginx-uwsgi/my.server.name.conf b/example-configs/nginx-uwsgi/my.server.name.conf
new file mode 100644
index 0000000..b5b019d
--- /dev/null
+++ b/example-configs/nginx-uwsgi/my.server.name.conf
@@ -0,0 +1,30 @@
+# nginx configuration for etesync server running on https://my.server.name 
+# typical location of this file would be /etc/nginx/sites-available/my.server.name.conf
+
+server {
+    server_name my.server.name;
+
+    root /srv/http/etesync_server;
+
+    client_max_body_size 5M;
+    
+    location /static {
+        expires 1y;
+        try_files $uri $uri/ =404;
+    }
+
+    location / {
+        uwsgi_pass      unix:/path/to/etesync_server.sock;
+        include         uwsgi_params;
+    }
+
+    # change 443 to say 9443 to run on a non standard port
+    listen 443 ssl;                                                            
+    listen [::]:443 ssl; 
+    # Enable these two instead of the two above if your nginx supports http2
+    # listen 443 ssl http2;
+    # listen [::]:443 ssl http2;
+    
+    ssl_certificate /path/to/certificate-file
+    ssl_certificate_key /path/to/certificate-key-file
+    # other ssl directives as needed
diff --git a/example-configs/nginx-uwsgi/readme.md b/example-configs/nginx-uwsgi/readme.md
new file mode 100644
index 0000000..dad98b6
--- /dev/null
+++ b/example-configs/nginx-uwsgi/readme.md
@@ -0,0 +1,20 @@
+# Running `etesync` under `nginx` and `uwsgi`
+
+This configuration assumes that etesync server has been installed in the home folder of a non privileged user 
+called `EtesyncUser` following the instructions in <https://github.com/etesync/server-skeleton>. Also that static 
+files have been collected at `/srv/http/etesync_server` by running the following commands:
+
+    sudo mkdir -p /srv/http/etesync_server/static
+    sudo chown -R EtesyncUser /srv/http/etesync_server
+    sudo su EtesyncUser
+    cd /path/to/etesync
+    ln -s /srv/http/etesync_server/static static
+    ./manage.py collectstatic
+
+It is also assumed that `nginx` and `uwsgi` have been installed system wide by `root`, and that `nginx` is running as user/group `www-data`. 
+
+In this setup, `uwsgi` running as a `systemd` service as `root` creates a unix socket with read-write access 
+to both `EtesyncUser` and `nginx`. It then drops its `root` privilege and runs `etesync` as `EtesyncUser`.
+
+`nginx` listens on the `https` port (or a non standard port `https` port if desired), delivers static pages directly 
+and for everything else, communicates with `etesync` over the unix socket.
diff --git a/example-configs/nginx-uwsgi/uwsgi.service b/example-configs/nginx-uwsgi/uwsgi.service
new file mode 100644
index 0000000..9941ec3
--- /dev/null
+++ b/example-configs/nginx-uwsgi/uwsgi.service
@@ -0,0 +1,15 @@
+# systemd unit for running uwsgi in emperor mode
+# typical location of this file would be /etc/systemd/system/uwsgi.service
+
+[Unit]
+Description=uWSGI Emperor service
+
+[Service]
+ExecStart=/usr/local/bin/uwsgi --emperor /etc/uwsgi/sites
+Restart=always
+KillSignal=SIGQUIT
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=multi-user.target