django_etebase/signals.py

@@ -1,4 +1,3 @@
 from django.dispatch import Signal
 
-# Provides arguments "request" and "user"
-user_signed_up = Signal()
+user_signed_up = Signal(providing_args=["request", "user"])

etebase-server.ini.example

@@ -18,6 +18,3 @@ allowed_host1 = example.com
 [database]
 engine = django.db.backends.sqlite3
 name = db.sqlite3
-
-[database-options]
-; Add engine-specific options here, such as postgresql parameter key words

etebase_server/settings.py

@@ -164,9 +164,6 @@ if any(os.path.isfile(x) for x in config_locations):
     if "database" in config:
         DATABASES = {"default": {x.upper(): y for x, y in config.items("database")}}
 
-    if "database-options" in config:
-        DATABASES["default"]["OPTIONS"] = config["database-options"]
-
 ETEBASE_CREATE_USER_FUNC = "django_etebase.utils.create_user_blocked"
 
 # Efficient file streaming (for large files)

etebase_server/urls.py

@@ -1,13 +1,25 @@
 import os
 
 from django.conf import settings
+from django.conf.urls import url
 from django.contrib import admin
-from django.urls import path
+from django.urls import path, re_path
 from django.views.generic import TemplateView
 from django.views.static import serve
 from django.contrib.staticfiles import finders
 
 urlpatterns = [
-    path("admin/", admin.site.urls),
+    url(r"^admin/", admin.site.urls),
     path("", TemplateView.as_view(template_name="success.html")),
 ]
+
+if settings.DEBUG:
+
+    def serve_static(request, path):
+        filename = finders.find(path)
+        dirname = os.path.dirname(filename)
+        basename = os.path.basename(filename)
+
+        return serve(request, basename, dirname)
+
+    urlpatterns += [re_path(r"^static/(?P<path>.*)$", serve_static)]

etebase_server/utils.py

@@ -13,8 +13,6 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 
 from django.core.management import utils
-import os
-import stat
 
 
 def get_secret_from_file(path):
@@ -23,7 +21,6 @@ def get_secret_from_file(path):
             return f.read().strip()
     except EnvironmentError:
         with open(path, "w") as f:
-            os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
             secret_key = utils.get_random_secret_key()
             f.write(secret_key)
             return secret_key

example-configs/nginx-uwsgi/README.md

@@ -0,0 +1,22 @@
+# Running `etebase` under `nginx` and `uwsgi`
+
+This configuration assumes that etebase server has been installed in the home folder of a non privileged user
+called `EtebaseUser` following the instructions in <https://github.com/etesync/server>. Also that static
+files have been collected at `/srv/http/etebase_server` by running the following commands:
+
+```shell
+sudo mkdir -p /srv/http/etebase_server/static
+sudo chown -R EtebaseUser /srv/http/etebase_server
+sudo su EtebaseUser
+cd /path/to/etebase
+ln -s /srv/http/etebase_server/static static
+./manage.py collectstatic
+```
+
+It is also assumed that `nginx` and `uwsgi` have been installed system wide by `root`, and that `nginx` is running as user/group `www-data`.
+
+In this setup, `uwsgi` running as a `systemd` service as `root` creates a unix socket with read-write access
+to both `EtebaseUser` and `nginx`. It then drops its `root` privilege and runs `etebase` as `EtebaseUser`.
+
+`nginx` listens on the `https` port (or a non standard port `https` port if desired), delivers static pages directly
+and for everything else, communicates with `etebase` over the unix socket.

example-configs/nginx-uwsgi/etebase.ini

@@ -0,0 +1,15 @@
+# uwsgi configuration file
+# typical location of this file would be /etc/uwsgi/sites/etebase.ini
+
+[uwsgi]
+socket = /path/to/etebase_server.sock
+chown-socket = EtebaseUser:www-data
+chmod-socket = 660
+vacuum = true
+
+
+uid = EtebaseUser
+chdir = /path/to/etebase
+home = %(chdir)/.venv
+module = etebase_server.wsgi
+master = true

example-configs/nginx-uwsgi/etesync.ini

@@ -0,0 +1,15 @@
+# uwsgi configuration file
+# typical location of this file would be /etc/uwsgi/sites/etesync.ini
+
+[uwsgi]
+socket = /path/to/etesync_server.sock
+chown-socket = EtesyncUser:www-data
+chmod-socket = 660
+vacuum = true
+
+
+uid = EtesyncUser
+chdir = /path/to/etesync
+home = %(chdir)/.venv
+module = etesync_server.wsgi
+master = true

example-configs/nginx-uwsgi/my.server.name.conf

@@ -0,0 +1,36 @@
+# nginx configuration for etebase server running on https://my.server.name 
+# typical location of this file would be /etc/nginx/sites-available/my.server.name.conf
+
+server {
+    server_name my.server.name;
+
+    root /srv/http/etebase_server;
+
+    client_max_body_size 20M;
+
+    location /static {
+        expires 1y;
+        try_files $uri $uri/ =404;
+    }
+
+    location /media {
+        expires 1y;
+        try_files $uri $uri/ =404;
+    }
+
+    location / {
+        uwsgi_pass      unix:/path/to/etebase_server.sock;
+        include         uwsgi_params;
+    }
+
+    # change 443 to say 9443 to run on a non standard port
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    # Enable these two instead of the two above if your nginx supports http2
+    # listen 443 ssl http2;
+    # listen [::]:443 ssl http2;
+
+    ssl_certificate /path/to/certificate-file
+    ssl_certificate_key /path/to/certificate-key-file
+    # other ssl directives as needed
+}

example-configs/nginx-uwsgi/uwsgi.service

@@ -0,0 +1,15 @@
+# systemd unit for running uwsgi in emperor mode
+# typical location of this file would be /etc/systemd/system/uwsgi.service
+
+[Unit]
+Description=uWSGI Emperor service
+
+[Service]
+ExecStart=/usr/local/bin/uwsgi --emperor /etc/uwsgi/sites
+Restart=always
+KillSignal=SIGQUIT
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=multi-user.target