mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-11-25 02:47:04 +00:00
Replace Flask built-in WSGI server with gunicorn (#2158)
This commit is contained in:
parent
7cda439c80
commit
3fd2e3efa9
@ -4,6 +4,7 @@ After=multi-user.target
|
||||
|
||||
[Service]
|
||||
Type=idle
|
||||
IgnoreSIGPIPE=False
|
||||
ExecStart=/usr/local/lib/mailinabox/start
|
||||
|
||||
[Install]
|
||||
|
@ -22,20 +22,8 @@ class AuthService:
|
||||
def init_system_api_key(self):
|
||||
"""Write an API key to a local file so local processes can use the API"""
|
||||
|
||||
def create_file_with_mode(path, mode):
|
||||
# Based on answer by A-B-B: http://stackoverflow.com/a/15015748
|
||||
old_umask = os.umask(0)
|
||||
try:
|
||||
return os.fdopen(os.open(path, os.O_WRONLY | os.O_CREAT, mode), 'w')
|
||||
finally:
|
||||
os.umask(old_umask)
|
||||
|
||||
self.key = secrets.token_hex(32)
|
||||
|
||||
os.makedirs(os.path.dirname(self.key_path), exist_ok=True)
|
||||
|
||||
with create_file_with_mode(self.key_path, 0o640) as key_file:
|
||||
key_file.write(self.key + '\n')
|
||||
with open(self.key_path, 'r') as file:
|
||||
self.key = file.read()
|
||||
|
||||
def authenticate(self, request, env, login_only=False, logout=False):
|
||||
"""Test if the HTTP Authorization header's username matches the system key, a session key,
|
||||
|
7
management/wsgi.py
Normal file
7
management/wsgi.py
Normal file
@ -0,0 +1,7 @@
|
||||
from daemon import app
|
||||
import auth, utils
|
||||
|
||||
app.logger.addHandler(utils.create_syslog_handler())
|
||||
|
||||
if __name__ == "__main__":
|
||||
app.run(port=10222)
|
@ -50,7 +50,7 @@ hide_output $venv/bin/pip install --upgrade pip
|
||||
# NOTE: email_validator is repeated in setup/questions.sh, so please keep the versions synced.
|
||||
hide_output $venv/bin/pip install --upgrade \
|
||||
rtyaml "email_validator>=1.0.0" "exclusiveprocess" \
|
||||
flask dnspython python-dateutil expiringdict \
|
||||
flask dnspython python-dateutil expiringdict gunicorn \
|
||||
qrcode[pil] pyotp \
|
||||
"idna>=2.0.0" "cryptography==37.0.2" psutil postfix-mta-sts-resolver \
|
||||
b2sdk boto3
|
||||
@ -90,6 +90,7 @@ rm -f /tmp/bootstrap.zip
|
||||
|
||||
# Create an init script to start the management daemon and keep it
|
||||
# running after a reboot.
|
||||
# Note: Authentication currently breaks with more than 1 gunicorn worker.
|
||||
cat > $inst_dir/start <<EOF;
|
||||
#!/bin/bash
|
||||
# Set character encoding flags to ensure that any non-ASCII don't cause problems.
|
||||
@ -98,8 +99,13 @@ export LC_ALL=en_US.UTF-8
|
||||
export LANG=en_US.UTF-8
|
||||
export LC_TYPE=en_US.UTF-8
|
||||
|
||||
mkdir -p /var/lib/mailinabox
|
||||
tr -cd '[:xdigit:]' < /dev/urandom | head -c 32 > /var/lib/mailinabox/api.key
|
||||
chmod 640 /var/lib/mailinabox/api.key
|
||||
|
||||
source $venv/bin/activate
|
||||
exec python $(pwd)/management/daemon.py
|
||||
export PYTHONPATH=$(pwd)/management
|
||||
exec gunicorn -b localhost:10222 -w 1 wsgi:app
|
||||
EOF
|
||||
chmod +x $inst_dir/start
|
||||
cp --remove-destination conf/mailinabox.service /lib/systemd/system/mailinabox.service # target was previously a symlink so remove it first
|
||||
|
Loading…
Reference in New Issue
Block a user