From c37f9fbab4fd674ad3bb89c9518334d3cbcad172 Mon Sep 17 00:00:00 2001
From: "Pavel \"LEdoian\" Turinsky" <ledoian@matfyz.cz>
Date: Wed, 19 Aug 2020 03:43:21 +0200
Subject: [PATCH] =?UTF-8?q?P=C5=99id=C3=A1na=20slo=C5=BEka=20se=20v=C5=A1e?=
 =?UTF-8?q?mi=20konfigur=C3=A1ky=20k=20rozb=C4=9Bhnut=C3=AD=20webu=20na=20?=
 =?UTF-8?q?serveru?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 setup/README                                  |  3 ++
 setup/nginx/mam-test.ks.matfyz.cz             | 43 ++++++++++++++++
 setup/nginx/mam.mff.cuni.cz                   | 51 +++++++++++++++++++
 setup/systemd/mamweb-prod.service             | 10 ++++
 setup/systemd/mamweb-test.service             | 10 ++++
 .../uwsgi/mamweb_prod.ini                     |  0
 .../uwsgi/mamweb_test.ini                     |  0
 7 files changed, 117 insertions(+)
 create mode 100644 setup/README
 create mode 100644 setup/nginx/mam-test.ks.matfyz.cz
 create mode 100644 setup/nginx/mam.mff.cuni.cz
 create mode 100644 setup/systemd/mamweb-prod.service
 create mode 100644 setup/systemd/mamweb-test.service
 rename mamweb_prod.ini => setup/uwsgi/mamweb_prod.ini (100%)
 rename mamweb_test.ini => setup/uwsgi/mamweb_test.ini (100%)

diff --git a/setup/README b/setup/README
new file mode 100644
index 00000000..3b736cdc
--- /dev/null
+++ b/setup/README
@@ -0,0 +1,3 @@
+Tato složka obsahuje různé konfiguráky potřebné k rozběhnutí webu na serveru.
+
+TODO: Napsat sem i přehled toho, jak to funguje.
diff --git a/setup/nginx/mam-test.ks.matfyz.cz b/setup/nginx/mam-test.ks.matfyz.cz
new file mode 100644
index 00000000..27e90979
--- /dev/null
+++ b/setup/nginx/mam-test.ks.matfyz.cz
@@ -0,0 +1,43 @@
+server {
+    listen 195.113.20.177:80;
+    listen [2001:718:1e03:801::b1]:80;
+    server_name mam-test.ks.matfyz.cz;
+    return 301 https://$server_name$request_uri;
+
+}
+server {
+    # SSL configuration
+    listen 195.113.20.177:443 ssl;
+    listen [2001:718:1e03:801::b1]:443 ssl;
+
+    # SSL keys
+    ssl on;
+    ssl_certificate /etc/letsencrypt/live/mam-test.ks.matfyz.cz/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/mam-test.ks.matfyz.cz/privkey.pem; # managed by Certbot
+    ssl_dhparam /etc/ssl/dhparams.pem;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 5m;
+
+    server_name mam-test.ks.matfyz.cz;
+
+    client_max_body_size 50M;
+
+    auth_basic "MaMweb test - access restricted";
+    auth_basic_user_file /akce/mam/www/mamweb-test/.htpasswd;
+
+    location /static/ {
+        root /akce/mam/www/mamweb-test/;
+    }
+
+    location /media/ {
+        root /akce/mam/www/mamweb-test/;
+    }
+    
+    location / { try_files $uri @mamweb_test; }
+
+    location @mamweb_test {
+        include uwsgi_params;
+        uwsgi_pass unix:/tmp/uwsgi-mamweb_test.sock;
+    }
+
+}
diff --git a/setup/nginx/mam.mff.cuni.cz b/setup/nginx/mam.mff.cuni.cz
new file mode 100644
index 00000000..08996adf
--- /dev/null
+++ b/setup/nginx/mam.mff.cuni.cz
@@ -0,0 +1,51 @@
+
+server {
+    listen 195.113.20.177:80;
+    listen [2001:718:1e03:801::b1]:80;
+    server_name mam.mff.cuni.cz;
+    return 301 https://$server_name$request_uri;
+
+}
+server {
+    # SSL configuration
+    #
+    listen 195.113.20.177:443 ssl;
+    listen [2001:718:1e03:801::b1]:443 ssl;
+
+    # SSL keys
+    ssl on;
+    ssl_certificate /etc/ssl/domains/mam.mff.cuni.cz/bundle.pem;
+    ssl_certificate_key /etc/ssl/domains/mam.mff.cuni.cz/privkey.pem;
+    ssl_dhparam /etc/ssl/dhparams.pem;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 5m;
+    
+
+    server_name mam.mff.cuni.cz;
+    # server_name mamweb.bezva.org;
+
+    client_max_body_size 50M;
+
+    location /static/ {
+        root /akce/mam/www/mamweb-prod/;
+    }
+
+    location /media/ {
+        root /akce/mam/www/mamweb-prod/;
+    }
+
+    location /wiki/ {
+        proxy_pass http://127.0.0.1:5001/;
+        proxy_set_header X-Real_IP $remote_addr;
+        proxy_redirect off;
+        sub_filter 'href="/' 'href=/wiki/';
+        sub_filter 'src="/' 'src=/wiki/';
+    }
+    
+    location / { try_files $uri @mamweb_prod; }
+
+    location @mamweb_prod {
+        include uwsgi_params;
+        uwsgi_pass unix:/tmp/uwsgi-mamweb_prod.sock;
+    }
+}
diff --git a/setup/systemd/mamweb-prod.service b/setup/systemd/mamweb-prod.service
new file mode 100644
index 00000000..89af2a5c
--- /dev/null
+++ b/setup/systemd/mamweb-prod.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=uWSGI instance to serve mam.mff.cuni.cz
+After=network.target
+
+[Service]
+WorkingDirectory=/akce/mam/www/mamweb-prod
+ExecStart=/usr/bin/uwsgi --ini mamweb_prod.ini
+
+[Install]
+WantedBy=default.target
diff --git a/setup/systemd/mamweb-test.service b/setup/systemd/mamweb-test.service
new file mode 100644
index 00000000..616605bb
--- /dev/null
+++ b/setup/systemd/mamweb-test.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=uWSGI instance to serve mam-test.kam.mff.cuni.cz
+After=network.target
+
+[Service]
+WorkingDirectory=/akce/mam/www/mamweb-test
+ExecStart=/usr/bin/uwsgi --ini mamweb_test.ini
+
+[Install]
+WantedBy=default.target
diff --git a/mamweb_prod.ini b/setup/uwsgi/mamweb_prod.ini
similarity index 100%
rename from mamweb_prod.ini
rename to setup/uwsgi/mamweb_prod.ini
diff --git a/mamweb_test.ini b/setup/uwsgi/mamweb_test.ini
similarity index 100%
rename from mamweb_test.ini
rename to setup/uwsgi/mamweb_test.ini