Replace Flask built-in WSGI server with gunicorn (#2158)
This commit is contained in:
parent
7cda439c80
commit
3fd2e3efa9
|
@ -4,6 +4,7 @@ After=multi-user.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=idle
|
Type=idle
|
||||||
|
IgnoreSIGPIPE=False
|
||||||
ExecStart=/usr/local/lib/mailinabox/start
|
ExecStart=/usr/local/lib/mailinabox/start
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
|
|
|
@ -22,20 +22,8 @@ class AuthService:
|
||||||
def init_system_api_key(self):
|
def init_system_api_key(self):
|
||||||
"""Write an API key to a local file so local processes can use the API"""
|
"""Write an API key to a local file so local processes can use the API"""
|
||||||
|
|
||||||
def create_file_with_mode(path, mode):
|
with open(self.key_path, 'r') as file:
|
||||||
# Based on answer by A-B-B: http://stackoverflow.com/a/15015748
|
self.key = file.read()
|
||||||
old_umask = os.umask(0)
|
|
||||||
try:
|
|
||||||
return os.fdopen(os.open(path, os.O_WRONLY | os.O_CREAT, mode), 'w')
|
|
||||||
finally:
|
|
||||||
os.umask(old_umask)
|
|
||||||
|
|
||||||
self.key = secrets.token_hex(32)
|
|
||||||
|
|
||||||
os.makedirs(os.path.dirname(self.key_path), exist_ok=True)
|
|
||||||
|
|
||||||
with create_file_with_mode(self.key_path, 0o640) as key_file:
|
|
||||||
key_file.write(self.key + '\n')
|
|
||||||
|
|
||||||
def authenticate(self, request, env, login_only=False, logout=False):
|
def authenticate(self, request, env, login_only=False, logout=False):
|
||||||
"""Test if the HTTP Authorization header's username matches the system key, a session key,
|
"""Test if the HTTP Authorization header's username matches the system key, a session key,
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
from daemon import app
|
||||||
|
import auth, utils
|
||||||
|
|
||||||
|
app.logger.addHandler(utils.create_syslog_handler())
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
app.run(port=10222)
|
|
@ -50,7 +50,7 @@ hide_output $venv/bin/pip install --upgrade pip
|
||||||
# NOTE: email_validator is repeated in setup/questions.sh, so please keep the versions synced.
|
# NOTE: email_validator is repeated in setup/questions.sh, so please keep the versions synced.
|
||||||
hide_output $venv/bin/pip install --upgrade \
|
hide_output $venv/bin/pip install --upgrade \
|
||||||
rtyaml "email_validator>=1.0.0" "exclusiveprocess" \
|
rtyaml "email_validator>=1.0.0" "exclusiveprocess" \
|
||||||
flask dnspython python-dateutil expiringdict \
|
flask dnspython python-dateutil expiringdict gunicorn \
|
||||||
qrcode[pil] pyotp \
|
qrcode[pil] pyotp \
|
||||||
"idna>=2.0.0" "cryptography==37.0.2" psutil postfix-mta-sts-resolver \
|
"idna>=2.0.0" "cryptography==37.0.2" psutil postfix-mta-sts-resolver \
|
||||||
b2sdk boto3
|
b2sdk boto3
|
||||||
|
@ -90,6 +90,7 @@ rm -f /tmp/bootstrap.zip
|
||||||
|
|
||||||
# Create an init script to start the management daemon and keep it
|
# Create an init script to start the management daemon and keep it
|
||||||
# running after a reboot.
|
# running after a reboot.
|
||||||
|
# Note: Authentication currently breaks with more than 1 gunicorn worker.
|
||||||
cat > $inst_dir/start <<EOF;
|
cat > $inst_dir/start <<EOF;
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
# Set character encoding flags to ensure that any non-ASCII don't cause problems.
|
# Set character encoding flags to ensure that any non-ASCII don't cause problems.
|
||||||
|
@ -98,8 +99,13 @@ export LC_ALL=en_US.UTF-8
|
||||||
export LANG=en_US.UTF-8
|
export LANG=en_US.UTF-8
|
||||||
export LC_TYPE=en_US.UTF-8
|
export LC_TYPE=en_US.UTF-8
|
||||||
|
|
||||||
|
mkdir -p /var/lib/mailinabox
|
||||||
|
tr -cd '[:xdigit:]' < /dev/urandom | head -c 32 > /var/lib/mailinabox/api.key
|
||||||
|
chmod 640 /var/lib/mailinabox/api.key
|
||||||
|
|
||||||
source $venv/bin/activate
|
source $venv/bin/activate
|
||||||
exec python $(pwd)/management/daemon.py
|
export PYTHONPATH=$(pwd)/management
|
||||||
|
exec gunicorn -b localhost:10222 -w 1 wsgi:app
|
||||||
EOF
|
EOF
|
||||||
chmod +x $inst_dir/start
|
chmod +x $inst_dir/start
|
||||||
cp --remove-destination conf/mailinabox.service /lib/systemd/system/mailinabox.service # target was previously a symlink so remove it first
|
cp --remove-destination conf/mailinabox.service /lib/systemd/system/mailinabox.service # target was previously a symlink so remove it first
|
||||||
|
|
Loading…
Reference in New Issue