[infra] Status service (#1138)
- Add the service the serves status.ente.io - Support nginx configuration reloads
This commit is contained in:
commit
100fa04de7
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
This is a base Nginx service that terminates TLS, and can be used as a reverse
|
This is a base Nginx service that terminates TLS, and can be used as a reverse
|
||||||
proxy for arbitrary services by adding new entries in `/root/nginx/conf.d` and
|
proxy for arbitrary services by adding new entries in `/root/nginx/conf.d` and
|
||||||
`sudo systemctl restart nginx`.
|
`sudo systemctl reload nginx`.
|
||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
|
@ -16,12 +16,16 @@ sudo mv nginx.service /etc/systemd/system/nginx.service
|
||||||
|
|
||||||
Create a directory to house service specific configuration
|
Create a directory to house service specific configuration
|
||||||
|
|
||||||
sudo mkdir -p /root/nginx/conf.d
|
```sh
|
||||||
|
sudo mkdir -p /root/nginx/conf.d
|
||||||
|
```
|
||||||
|
|
||||||
Add the SSL certificate provided by Cloudflare
|
Add the SSL certificate provided by Cloudflare
|
||||||
|
|
||||||
sudo tee /root/nginx/cert.pem
|
```sh
|
||||||
sudo tee /root/nginx/key.pem
|
sudo tee /root/nginx/cert.pem
|
||||||
|
sudo tee /root/nginx/key.pem
|
||||||
|
```
|
||||||
|
|
||||||
Tell systemd to pick up new service definition, enable it (so that it
|
Tell systemd to pick up new service definition, enable it (so that it
|
||||||
automatically starts on boot going forward), and start it.
|
automatically starts on boot going forward), and start it.
|
||||||
|
@ -37,7 +41,7 @@ When adding new services that sit behind Nginx,
|
||||||
|
|
||||||
1. Add its nginx conf file to `/root/nginx/conf.d`
|
1. Add its nginx conf file to `/root/nginx/conf.d`
|
||||||
|
|
||||||
2. Restart nginx (`sudo systemctl restart nginx`)
|
2. Restart nginx (`sudo systemctl reload nginx`)
|
||||||
|
|
||||||
## Configuration files
|
## Configuration files
|
||||||
|
|
||||||
|
@ -56,4 +60,5 @@ We can see this in the default configuration of nginx:
|
||||||
> docker run --rm --entrypoint=cat nginx /etc/nginx/nginx.conf > /tmp/nginx.conf
|
> docker run --rm --entrypoint=cat nginx /etc/nginx/nginx.conf > /tmp/nginx.conf
|
||||||
|
|
||||||
This is a [handy tool](https://nginx-playground.wizardzines.com) to check the
|
This is a [handy tool](https://nginx-playground.wizardzines.com) to check the
|
||||||
syntax of the configuration files.
|
syntax of the configuration files. Alternatively, you can run `docker exec nginx
|
||||||
|
nginx -t` on the instance to ask nginx to check the configuration.
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
Documentation=https://www.docker.com/blog/how-to-use-the-official-nginx-docker-image/
|
Documentation=https://www.docker.com/blog/how-to-use-the-official-nginx-docker-image/
|
||||||
Requires=docker.service
|
Requires=docker.service
|
||||||
After=docker.service
|
After=docker.service
|
||||||
|
Requires=nginx.service
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
@ -17,3 +18,4 @@ ExecStart=docker run --name nginx \
|
||||||
-v /root/nginx/key.pem:/etc/ssl/private/key.pem:ro \
|
-v /root/nginx/key.pem:/etc/ssl/private/key.pem:ro \
|
||||||
-v /root/nginx/conf.d:/etc/nginx/conf.d:ro \
|
-v /root/nginx/conf.d:/etc/nginx/conf.d:ro \
|
||||||
nginx
|
nginx
|
||||||
|
ExecReload=docker exec nginx nginx -s reload
|
||||||
|
|
43
infra/services/status/README.md
Normal file
43
infra/services/status/README.md
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
# Status
|
||||||
|
|
||||||
|
Our status page ([status.ente.io](https://status.ente.io)) is a self-hosted
|
||||||
|
[Uptime Kuma](https://github.com/louislam/uptime-kuma).
|
||||||
|
|
||||||
|
## Installing
|
||||||
|
|
||||||
|
Install [nginx](../nginx/README.md).
|
||||||
|
|
||||||
|
Create a directory where Uptime Kuma will keep its state. This is the directory
|
||||||
|
we can optionally backup if we wish to preserve history and settings when moving
|
||||||
|
instances in the future.
|
||||||
|
|
||||||
|
```sh
|
||||||
|
sudo mkdir -p /root/uptime-kuma
|
||||||
|
```
|
||||||
|
|
||||||
|
Add the service definition and nginx configuration.
|
||||||
|
|
||||||
|
```sh
|
||||||
|
scp services/status/uptime-kuma.* <instance>:
|
||||||
|
|
||||||
|
sudo mv uptime-kuma.service /etc/systemd/system/
|
||||||
|
sudo mv uptime-kuma.nginx.conf /root/nginx/conf.d
|
||||||
|
```
|
||||||
|
|
||||||
|
Tell systemd to pick up new service definitions, enable the unit (so that it
|
||||||
|
automatically starts on boot), and start it this time around.
|
||||||
|
|
||||||
|
```sh
|
||||||
|
sudo systemctl daemon-reload
|
||||||
|
sudo systemctl enable --now uptime-kuma
|
||||||
|
```
|
||||||
|
|
||||||
|
Tell nginx to pick up the new configuration.
|
||||||
|
|
||||||
|
```sh
|
||||||
|
sudo systemctl reload nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
## Administration
|
||||||
|
|
||||||
|
Login into the [dashboard](https://status.ente.io/dashboard) for administration.
|
26
infra/services/status/uptime-kuma.nginx.conf
Normal file
26
infra/services/status/uptime-kuma.nginx.conf
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
# This file gets loaded in a top level http block by the default nginx.conf
|
||||||
|
# See infra/services/nginx/README.md for more details.
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
ssl_certificate /etc/ssl/certs/cert.pem;
|
||||||
|
ssl_certificate_key /etc/ssl/private/key.pem;
|
||||||
|
|
||||||
|
server_name status.ente.io;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://host.docker.internal:3001;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
|
||||||
|
# Recommended options from Uptime Kuma Wiki for Websockets.
|
||||||
|
#
|
||||||
|
# https://github.com/louislam/uptime-kuma/wiki/Reverse-Proxy#nginx
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
}
|
||||||
|
}
|
16
infra/services/status/uptime-kuma.service
Normal file
16
infra/services/status/uptime-kuma.service
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
[Unit]
|
||||||
|
Documentation=https://github.com/louislam/uptime-kuma
|
||||||
|
Requires=docker.service
|
||||||
|
After=docker.service
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStartPre=docker pull louislam/uptime-kuma:1
|
||||||
|
ExecStartPre=-docker stop uptime-kuma
|
||||||
|
ExecStartPre=-docker rm uptime-kuma
|
||||||
|
ExecStart=docker run --name uptime-kuma \
|
||||||
|
-p 3001:3001 \
|
||||||
|
-v /root/uptime-kuma:/app/data \
|
||||||
|
louislam/uptime-kuma:1
|
|
@ -87,7 +87,7 @@ To bring up an additional museum node:
|
||||||
scp scripts/deploy/museum.nginx.conf <instance>:
|
scp scripts/deploy/museum.nginx.conf <instance>:
|
||||||
|
|
||||||
sudo mv museum.nginx.conf /root/nginx/conf.d
|
sudo mv museum.nginx.conf /root/nginx/conf.d
|
||||||
sudo systemctl restart nginx
|
sudo systemctl reload nginx
|
||||||
|
|
||||||
## Starting
|
## Starting
|
||||||
|
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
Documentation=https://github.com/ente-io/ente/tree/main/server#readme
|
Documentation=https://github.com/ente-io/ente/tree/main/server#readme
|
||||||
Requires=docker.service
|
Requires=docker.service
|
||||||
After=docker.service
|
After=docker.service
|
||||||
|
Requires=nginx.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
|
|
Loading…
Reference in a new issue