~krystianch/buyfriend

69ee0bc6ac55b117614acf0211330b1acb020527 — Krystian ChachuĊ‚a 3 months ago fcf795f master
Add production deployment info
1 files changed, 117 insertions(+), 1 deletions(-)

M README.md
M README.md => README.md +117 -1
@@ 6,8 6,124 @@ Live demo available at <https://demo.buyfriend.org/>.

![Screenshot](https://files.krystianch.com/buyfriend.png)

## Running
## Running (development)

```sh
flask --app buyfriend init-db
flask --app buyfriend create-user user@localhost "User Name"
flask --app buyfriend run
```

## Deploying (production)

We recommend to use [Alpine Linux](https://alpinelinux.org/),
[NGINX](https://www.nginx.com/) and [Gunicorn](https://gunicorn.org/) to serve
buyfriend in production environments.

Buyfriend is available in a third party package repository:
[alpine.krystianch.com](https://alpine.krystianch.com/).
You'll need to add it (refer to the link above for instructions) in order to
install buyfriend from the package manager.

```sh
doas apk add nginx gunicorn buyfriend
```

Create socket and instance directories and give ownership to the buyfriend user.

```sh
doas mkdir -p /var/run/buyfriend /var/lib/buyfriend
doas chown buyfriend:buyfriend /var/run/buyfriend /var/lib/buyfriend
```

Use the following NGINX configuration.
Replace `demo.buyfriend.org` with your domain.

```text
server {
	listen 80 default_server;
	listen [::]:80 default_server;

	location / {
		return 302 https://$host$request_uri;
	}

	location ^~ /.well-known {
		root /var/www;
	}
}

server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	server_name demo.buyfriend.org;
	ssl_certificate /etc/ssl/uacme/demo.buyfriend.org/cert.pem;
	ssl_certificate_key /etc/ssl/uacme/private/demo.buyfriend.org/key.pem;

	location / {
		error_page 502 /502.html;

		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header Host $http_host;
		proxy_redirect off;
		proxy_pass http://unix:/var/run/buyfriend/buyfriend.sock;
	}

	location /photos {
		root /var/lib/buyfriend/;
		expires 1d;
	}

	location /static {

		# Keep me up to date
		root /usr/lib/python3.11/site-packages/buyfriend/;

		gzip_types text/css;
		expires 1h;
	}

	location = /502.html {
		internal;
		return 502 "Site temporarily unavailable. Please try again in a moment.";
	}
}
```

Edit `/etc/conf.d/buyfriend`:

```sh
BUYFRIEND_USER=buyfriend
BUYFRIEND_BIND="unix:/var/run/buyfriend/buyfriend.sock"
BUYFRIEND_GUNICORN_ARGS="--worker-class gevent --workers 2 --keep-alive 5"

export BUYFRIEND_LOG_LEVEL=INFO  # set log level early to see config loading logs
#export BUYFRIEND_CONFIG=/etc/buyfriend/buyfriend.toml  # default value
```

Edit `/etc/buyfriend/buyfriend.toml` to your liking.
It is required to change the secret key, server name, admin email and SMTP
details.
You can generate the secret key like this:

```sh
python -c 'import secrets; print(secrets.token_hex())'
```

Initialize database and create your first user account.

```sh
export BUYFRIEND_CONFIG=/etc/buyfriend/buyfriend.toml
doas -u buyfriend flask --app buyfriend init-db
doas -u buyfriend flask --app buyfriend create-user user@localhost "User Name"
```

Start buyfriend and NGINX and make them start on boot.

```sh
doas rc-service buyfriend start
doas rc-service nginx reload
doas rc-update add buyfriend
doas rc-update add nginx
```