[infra] Status service (#1138)

- Add the service the serves status.ente.io
- Support nginx configuration reloads

infra/services/nginx/README.md

@@ -2,7 +2,7 @@
 
 This is a base Nginx service that terminates TLS, and can be used as a reverse
 proxy for arbitrary services by adding new entries in `/root/nginx/conf.d` and
-`sudo systemctl restart nginx`.
+`sudo systemctl reload nginx`.
 
 ## Installation
 
@@ -16,12 +16,16 @@ sudo mv nginx.service /etc/systemd/system/nginx.service
 
 Create a directory to house service specific configuration
 
-    sudo mkdir -p /root/nginx/conf.d
+```sh
+sudo mkdir -p /root/nginx/conf.d
+```
 
 Add the SSL certificate provided by Cloudflare
 
-    sudo tee /root/nginx/cert.pem
+```sh
-    sudo tee /root/nginx/key.pem
+sudo tee /root/nginx/cert.pem
+sudo tee /root/nginx/key.pem
+```
 
 Tell systemd to pick up new service definition, enable it (so that it
 automatically starts on boot going forward), and start it.
@@ -37,7 +41,7 @@ When adding new services that sit behind Nginx,
 
 1. Add its nginx conf file to `/root/nginx/conf.d`
 
-2. Restart nginx (`sudo systemctl restart nginx`)
+2. Restart nginx (`sudo systemctl reload nginx`)
 
 ## Configuration files
 
@@ -56,4 +60,5 @@ We can see this in the default configuration of nginx:
 >     docker run --rm --entrypoint=cat nginx /etc/nginx/nginx.conf > /tmp/nginx.conf
 
 This is a [handy tool](https://nginx-playground.wizardzines.com) to check the
-syntax of the configuration files.
+syntax of the configuration files. Alternatively, you can run `docker exec nginx
+nginx -t` on the instance to ask nginx to check the configuration.

infra/services/nginx/nginx.service

@@ -2,6 +2,7 @@
 Documentation=https://www.docker.com/blog/how-to-use-the-official-nginx-docker-image/
 Requires=docker.service
 After=docker.service
+Requires=nginx.service
 
 [Install]
 WantedBy=multi-user.target
@@ -17,3 +18,4 @@ ExecStart=docker run --name nginx \
     -v /root/nginx/key.pem:/etc/ssl/private/key.pem:ro \
     -v /root/nginx/conf.d:/etc/nginx/conf.d:ro \
     nginx
+ExecReload=docker exec nginx nginx -s reload

infra/services/status/README.md

@@ -0,0 +1,43 @@
+# Status
+
+Our status page ([status.ente.io](https://status.ente.io)) is a self-hosted
+[Uptime Kuma](https://github.com/louislam/uptime-kuma).
+
+## Installing
+
+Install [nginx](../nginx/README.md).
+
+Create a directory where Uptime Kuma will keep its state. This is the directory
+we can optionally backup if we wish to preserve history and settings when moving
+instances in the future.
+
+```sh
+sudo mkdir -p /root/uptime-kuma
+```
+
+Add the service definition and nginx configuration.
+
+```sh
+scp services/status/uptime-kuma.* <instance>:
+
+sudo mv uptime-kuma.service /etc/systemd/system/
+sudo mv uptime-kuma.nginx.conf /root/nginx/conf.d
+```
+
+Tell systemd to pick up new service definitions, enable the unit (so that it
+automatically starts on boot), and start it this time around.
+
+```sh
+sudo systemctl daemon-reload
+sudo systemctl enable --now uptime-kuma
+```
+
+Tell nginx to pick up the new configuration.
+
+```sh
+sudo systemctl reload nginx
+```
+
+## Administration
+
+Login into the [dashboard](https://status.ente.io/dashboard) for administration.

infra/services/status/uptime-kuma.nginx.conf

@@ -0,0 +1,26 @@
+# This file gets loaded in a top level http block by the default nginx.conf
+# See infra/services/nginx/README.md for more details.
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    ssl_certificate         /etc/ssl/certs/cert.pem;
+    ssl_certificate_key     /etc/ssl/private/key.pem;
+
+    server_name status.ente.io;
+
+    location / {
+        proxy_pass http://host.docker.internal:3001;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # Recommended options from Uptime Kuma Wiki for Websockets.
+        #
+        # https://github.com/louislam/uptime-kuma/wiki/Reverse-Proxy#nginx
+        proxy_http_version 1.1;
+        proxy_set_header   Upgrade $http_upgrade;
+        proxy_set_header   Connection "upgrade";
+    }
+}

infra/services/status/uptime-kuma.service

@@ -0,0 +1,16 @@
+[Unit]
+Documentation=https://github.com/louislam/uptime-kuma
+Requires=docker.service
+After=docker.service
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+ExecStartPre=docker pull louislam/uptime-kuma:1
+ExecStartPre=-docker stop uptime-kuma
+ExecStartPre=-docker rm uptime-kuma
+ExecStart=docker run --name uptime-kuma \
+    -p 3001:3001 \
+    -v /root/uptime-kuma:/app/data \
+    louislam/uptime-kuma:1

server/scripts/deploy/README.md

@@ -87,7 +87,7 @@ To bring up an additional museum node:
       scp scripts/deploy/museum.nginx.conf <instance>:
 
       sudo mv museum.nginx.conf /root/nginx/conf.d
-      sudo systemctl restart nginx
+      sudo systemctl reload nginx
 
 ## Starting
 

server/scripts/deploy/museum.nginx.service

@@ -2,6 +2,7 @@
 Documentation=https://github.com/ente-io/ente/tree/main/server#readme
 Requires=docker.service
 After=docker.service
+Requires=nginx.service
 
 [Service]
 Restart=on-failure