Merge pull request #292 from mariusa/master

fix nginx setup for centos
tail logs
2023-04-06 17:20:32 +01:00 · 2023-04-04 14:25:24 +03:00 · 2023-03-28 16:28:02 +03:00 · 2023-03-28 15:51:19 +03:00 · 2023-03-25 11:11:31 +02:00 · 2023-03-24 18:17:03 +02:00
--- a/docs/INSTALL-centos-9.md
+++ b/docs/INSTALL-centos-9.md
@ -2,21 +2,23 @@

 > This is a standalone, distribution-specific version of `INSTALL.md`. You do not need to read or follow the original file, but can refer to it for generic steps like setting up SSH keys (which are assumed to be common knowledge here)

+All steps done as root (or add sudo if you prefer).
+
 ## Dependencies

 Before installing `piku`, you need to install the following packages:

 ```bash
-dnf in -y ansible nginx nodejs npm postgresql postgresql-server python3 uwsgi
+dnf in -y ansible-core ansible-collection-ansible-posix ansible-collection-ansible-utils nginx nodejs npm openssl postgresql postgresql-server postgresql-contrib python3 python3-pip uwsgi uwsgi-logger-file uwsgi-logger-systemd
+pip install click
 ```

 ## Set up the `piku` user

 ```bash
-export PAAS_USERNAME=piku
-adduser --groups nginx $PAAS_USERNAME
+adduser --groups nginx piku
 # copy & setup piku.py
-sudo su - $PAAS_USERNAME -c "wget https://raw.githubusercontent.com/piku/piku/master/piku.py && python3 ~/piku.py setup"
+su - piku -c "wget https://raw.githubusercontent.com/piku/piku/master/piku.py && python3 ~/piku.py setup"
 ```

 ## Set up SSH access
@ -28,8 +30,10 @@ See INSTALL.md
 [FYI The uWSGI Emperor – multi-app deployment](https://uwsgi-docs.readthedocs.io/en/latest/Emperor.html)

 ```bash
-sudo ln -s /home/$PAAS_USERNAME/.piku/uwsgi/uwsgi.ini /etc/uwsgi.d/piku.ini
-sudo systemctl restart uwsgi
+mv /home/piku/.piku/uwsgi/uwsgi.ini /etc/uwsgi.d/piku.ini # linking alone increases the host attack service if one can get inside the piku user or one of its apps, so moving is safer
+chown piku:piku /etc/uwsgi.d/piku.ini # In Tyrant mode (set by default in /etc/uwsgi.ini) the Emperor will run the vassal using the UID/GID of the vassal configuration file
+systemctl restart uwsgi
+journalctl -feu uwsgi # see logs
 ```

 ## `nginx` Configuration
@ -37,15 +41,16 @@ sudo systemctl restart uwsgi
 [FYI Setting up and configuring NGINX](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/deploying_web_servers_and_reverse_proxies/setting-up-and-configuring-nginx_deploying-web-servers-and-reverse-proxies)

 ```bash
-echo "include /home/$PAAS_USERNAME/.piku/nginx/*.conf;" > /usr/share/nginx/modules/piku.conf
-sudo systemctl restart nginx
+echo "include /home/piku/.piku/nginx/*.conf;" > /etc/nginx/conf.d/piku.conf
+systemctl restart nginx
+journalctl -feu nginx # see logs
 ```

 ## Set up systemd.path to reload nginx upon config changes

 ```bash
 # Set up systemd.path to reload nginx upon config changes
-sudo su -
+su -
 git clone https://github.com/piku/piku.git # need a copy of some files
 cp -v piku/piku-nginx.{path,service} /etc/systemd/system/
 systemctl enable piku-nginx.{path,service}
Autor	SHA1	Wiadomość	Data
Rui Carmo	4306aad22a	Merge pull request #292 from mariusa/master fix nginx setup for centos	2023-04-06 17:20:32 +01:00
Marius	6e4b5959c7	tail logs	2023-04-04 14:25:24 +03:00
Marius	d284875db4	piku is referenced in too many places to use var	2023-03-28 16:28:02 +03:00
Marius	82e9a62025	deps	2023-03-28 15:51:19 +03:00
Marius	6e5667ddc2	fix uwsgi setup	2023-03-25 11:11:31 +02:00
Marius	d1f2682377	better	2023-03-24 18:17:03 +02:00
Marius	989c46f586	Merge branch 'master' of github.com:mariusa/piku	2023-03-24 16:01:26 +02:00
Marius	0614ff4f58	fix nginx setup	2023-03-24 16:01:11 +02:00