diff --git a/infra/services/listmonk/README.md b/infra/services/listmonk/README.md new file mode 100644 index 000000000..d357cc672 --- /dev/null +++ b/infra/services/listmonk/README.md @@ -0,0 +1,54 @@ +# Listmonk + +We use [Listmonk](https://listmonk.app/) to manage our mailing lists. + +- Museum lets Listmonk know about new users and account deletion (this allows + Listmonk to create corresponding accounts). + +- Subsequently, Listmonk handles user subscription / unsubscription etc + (Listmonk stores its data in an external Postgres). + +## Installing + +Install [nginx](../nginx/README.md). + +Add Listmonk's configuration. + +```sh +sudo mkdir -p /root/listmonk +sudo tee /root/listmonk/config.toml +``` + +Add the service definition and nginx configuration. + +```sh +scp services/listmonk/listmonk.* : + +sudo mv listmonk.service /etc/systemd/system/ +sudo mv listmonk.nginx.conf /root/nginx/conf.d +``` + +> The very first time we ran Listmonk, at this point we also needed to get it to +> install the tables it needs in the Postgres DB. For this, we used the +> `initialize-db.sh` script. +> +> ```sh +> scp services/listmonk/initialize-db.sh : +> +> sudo ./initialize-db.sh +> rm initialize-db.sh +> ``` + +Tell systemd to pick up new service definitions, enable the unit (so that it +automatically starts on boot), and start it this time around. + +```sh +sudo systemctl daemon-reload +sudo systemctl enable --now listmonk +``` + +Tell nginx to pick up the new configuration. + +```sh +sudo systemctl reload nginx +``` diff --git a/infra/services/listmonk/initialize-db.sh b/infra/services/listmonk/initialize-db.sh new file mode 100644 index 000000000..7c94a12cf --- /dev/null +++ b/infra/services/listmonk/initialize-db.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +# This script needs to be manually run the once (and only once) before starting +# Listmonk for the first time. It uses the provided credentials to initialize +# its database. + +set -o errexit +set -o xtrace + +docker pull listmonk/listmonk + +docker run --rm --name listmonk \ + -p 9000:9000 \ + -v /root/listmonk/config.toml:/listmonk/config.toml:ro \ + listmonk/listmonk ./listmonk --install diff --git a/infra/services/listmonk/listmonk.nginx.conf b/infra/services/listmonk/listmonk.nginx.conf new file mode 100644 index 000000000..fd59a2980 --- /dev/null +++ b/infra/services/listmonk/listmonk.nginx.conf @@ -0,0 +1,24 @@ +# This file gets loaded in a top level http block by the default nginx.conf +# See infra/services/nginx/README.md for more details. + +server { + listen 443 ssl; + listen [::]:443 ssl; + http2 on; + ssl_certificate /etc/ssl/certs/cert.pem; + ssl_certificate_key /etc/ssl/private/key.pem; + + server_name lists.ente.io; + + location / { + proxy_pass http://host.docker.internal:9000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Use HTTP/1.1 when talking to upstream + proxy_http_version 1.1; + proxy_set_header Connection ""; + } +} diff --git a/infra/services/listmonk/listmonk.service b/infra/services/listmonk/listmonk.service new file mode 100644 index 000000000..95a352bdd --- /dev/null +++ b/infra/services/listmonk/listmonk.service @@ -0,0 +1,16 @@ +[Unit] +Documentation=https://listmonk.app/docs/installation/ +Requires=docker.service +After=docker.service + +[Install] +WantedBy=multi-user.target + +[Service] +ExecStartPre=docker pull listmonk/listmonk +ExecStartPre=-docker stop listmonk +ExecStartPre=-docker rm listmonk +ExecStart=docker run --name listmonk \ + -p 9000:9000 \ + -v /root/listmonk/config.toml:/listmonk/config.toml:ro \ + listmonk/listmonk diff --git a/infra/services/status/uptime-kuma.nginx.conf b/infra/services/status/uptime-kuma.nginx.conf index c45c7b660..a67f5e101 100644 --- a/infra/services/status/uptime-kuma.nginx.conf +++ b/infra/services/status/uptime-kuma.nginx.conf @@ -2,8 +2,9 @@ # See infra/services/nginx/README.md for more details. server { - listen 443 ssl http2; - listen [::]:443 ssl http2; + listen 443 ssl; + listen [::]:443 ssl; + http2 on; ssl_certificate /etc/ssl/certs/cert.pem; ssl_certificate_key /etc/ssl/private/key.pem;