This repo details how to deploy and make applications deployable on the moravian webapps system.
- Install Nginx on the host machine according to your distributions instructions. For
aptbased systems:
apt install nginx-full python3-certbot-nginx- Clone this repository and copy configuration files over to
/etc/nginx/
git clone https://github.com/cs334f24/Webapps
cd Webapps
cp webapps /etc/nginx/sites-available
cp -r webapps-mixins /etc/nginx/
cp -r webapps-available /etc/nginx/
mkdir /etc/nginx/webapps-enabled- Disable the default site
rm /etc/nginx/sites-enabled/default- Update the server configuration in
/etc/nginx/sites-available/webappsby setting<subdomains.domain.tld>to the url to serve content out of (ex.learn-git.cs.moravian.edu) and<your-dashboard-root>to the directory to serve an application dashboard out of (ex./home/webapps/dashboard
Before proceeding any further with the Nginx config, you must first setup the OAuth2 service OAuth2 Proxy as described below.
- Install OAuth2 Proxy
cp -r oauth2-proxy /opt/
cp /opt/oauth2-proxy/oauth2-proxy.socket /etc/systemd/system
cp /opt/oauth2-proxy/oauth2-proxy.service /etc/systemd/system- Generate secret keys for OAuth2 Proxy
python3 -c 'import os,base64; print(base64.urlsafe_b64encode(os.urandom(32)).decode())' > /opt/oauth2-proxy/oauth_client_secret.env
python3 -c 'import os,base64; print(base64.urlsafe_b64encode(os.urandom(32)).decode())' > /opt/oauth2-proxy/secure_cookie_secret.env- Configure OAuth2 Proxy
sed -i 's/^client_id =.*$/client_id = <YOUR_OAUTH2_CLIENT_ID>/' /opt/oauth2-proxy/config/oauth2-proxy.cfg
sed -i 's/^cookie_domains =.*$/cookie_domains = <subdomains.domain.tld>/' /opt/oauth2-proxy/config/oauth2-proxy.cfg- Launch OAuth2 Proxy
systemctl enable --now oauth2-proxy.serviceNow the Nginx setup can be completed.
It is recommended that Docker is installed to help manage web applications.
-
to be deployable on
webapps.cs.moravian.eduyour application must be able to accept traffic via a TCP socket (standard ip address and port combination) or a Unix Domain Socket (a path to a socket file on the system) -
TCP sockets are easier to configure, but can have accidental collusions due to ports
-
Unix Domain sockets require additional application configuration, but provide better performance per request
-
you provide two files, a configuration file for the location of the server and one for the configuration of routes
If you are using absolute paths in your application you must prepend them with /<your_app>.
For flask the most convenient way is to set the environment variable SCRIPT_NAME to /<your_app>, then adjust any hardcoded absolute urls to use url_for in a template.
Here is an example
templated html example
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" type="text/css" href="{{ url_for('static', filename='style.css') }}">
<!-- DO NOT DO THIS <link rel="stylesheet" type="text/css" href="/static/style.css"> -->
<!-- Remote resources do not need to be adjusted -->
<script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
</head>
<body>
...
</body>Alternatively for purely static content the html <base> element can be used.
See MDN for more details.