adding configs and readme details
parent
08b2f484b3
commit
771d9698d1
@ -0,0 +1,19 @@
|
||||
[Unit]
|
||||
Description=InterPlanetary File System (IPFS) daemon
|
||||
Documentation=https://docs.ipfs.io/
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
MemorySwapMax=0
|
||||
TimeoutStartSec=infinity
|
||||
Type=notify
|
||||
User=ipfs
|
||||
Group=ipfs
|
||||
StateDirectory=ipfs
|
||||
Environment=IPFS_PATH=/opt/ipfs
|
||||
ExecStart=/usr/local/bin/ipfs daemon --init --migrate
|
||||
Restart=on-failure
|
||||
KillSignal=SIGINT
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
@ -0,0 +1,44 @@
|
||||
# Redirect inbound http to https
|
||||
server {
|
||||
listen 80;
|
||||
server_name suchwowx.xyz;
|
||||
return 301 https://suchwowx.xyz$request_uri;
|
||||
}
|
||||
|
||||
# Load SSL configs and serve SSL site
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name suchwowx.xyz;
|
||||
error_log /var/log/nginx/suchwowx.xyz-error.log warn;
|
||||
access_log /var/log/nginx/suchwowx.xyz-access.log;
|
||||
client_body_in_file_only clean;
|
||||
client_body_buffer_size 32K;
|
||||
# set max upload size
|
||||
client_max_body_size 8M;
|
||||
sendfile on;
|
||||
send_timeout 600s;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:4000;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Frame-Options "SAMEORIGIN";
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
location /ipfs/ {
|
||||
proxy_pass http://127.0.0.1:8080;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Frame-Options "SAMEORIGIN";
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
include conf.d/ssl.conf;
|
||||
ssl_certificate /etc/letsencrypt/live/suchwowx.xyz/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/suchwowx.xyz/privkey.pem;
|
||||
}
|
@ -0,0 +1,18 @@
|
||||
## SSL Certs are referenced in the actual Nginx config per-vhost
|
||||
# Disable insecure SSL v2. Also disable SSLv3, as TLS 1.0 suffers a downgrade attack, allowing an attacker to force a connection to use SSLv3 and therefore disable forward secrecy.
|
||||
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
# Strong ciphers for PFS
|
||||
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
|
||||
# Use server's preferred cipher, not the client's
|
||||
# ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
# Use ephemeral 4096 bit DH key for PFS
|
||||
#ssl_dhparam /etc/ssl/certs/dhparam.pem;
|
||||
# Use OCSP stapling
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
resolver 8.8.8.8 1.1.1.1 valid=300s;
|
||||
resolver_timeout 5s;
|
||||
# Enable HTTP Strict Transport
|
||||
add_header Strict-Transport-Security "max-age=0;";
|
||||
add_header X-Frame-Options "DENY";
|
@ -0,0 +1,25 @@
|
||||
[Unit]
|
||||
Description=SuchWowX meme service
|
||||
Documentation=https://suchwowx.xyz
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
PermissionsStartOnly = true
|
||||
PIDFile = /opt/suchwowx/data/gunicorn/suchwowx.pid
|
||||
User = suchwowx
|
||||
Group = suchwowx
|
||||
WorkingDirectory = /opt/suchwowx
|
||||
ExecStartPre = /bin/mkdir -p /opt/suchwowx/data/gunicorn
|
||||
ExecStartPre = /bin/chown -R suchwowx:suchwowx /opt/suchwowx/data/gunicorn
|
||||
Environment = FLASK_APP=suchwowx/app.py
|
||||
Environment = FLASK_SECRETS=config.py
|
||||
Environment = FLASK_ENV=production
|
||||
Environment = FLASK_DEBUG=0
|
||||
ExecStart = /opt/suchwowx/.venv/bin/gunicorn --bind 127.0.0.1:4000 "suchwowx.app:app" --log-file /opt/suchwowx/data/gunicorn/gunicorn.log --pid /opt/suchwowx/data/gunicorn/suchwowx.pid --reload
|
||||
ExecReload = /bin/kill -s HUP /opt/suchwowx/data/gunicorn/suchwowx.pid
|
||||
ExecStop = /bin/kill -s TERM /opt/suchwowx/data/gunicorn/suchwowx.pid
|
||||
ExecStopPost = /bin/rm -rf /opt/suchwowx/data/gunicorn/suchwowx.pid
|
||||
PrivateTmp = true
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
Loading…
Reference in New Issue