From af3d1fd3cb9a04db74929d5d064d8258b49e7d15 Mon Sep 17 00:00:00 2001 From: Slawomir Koszewski Date: Sun, 28 Dec 2025 21:33:34 +0100 Subject: [PATCH] Update README and service configuration for Gunicorn usage and permissions --- README.md | 26 +++++++++++++++++++++++++- dns-updater.service | 3 +-- install | 0 3 files changed, 26 insertions(+), 3 deletions(-) mode change 100644 => 100755 install diff --git a/README.md b/README.md index 5c367d4..a062c71 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ The repository contains a Flask-based API proxy that allows Omada controller to On an Ubuntu/Debian system, you can install the required packages using apt: ```bash -sudo apt install -y python3 python3-dotenv python3-flask python3-flask-httpauth python3-requests +sudo apt install -y python3 python3-dotenv python3-flask python3-flask-httpauth python3-requests gunicorn ``` Copy the `app.py` file to your desired location, and run it using Python: @@ -29,6 +29,12 @@ Copy the `app.py` file to your desired location, and run it using Python: flask run app.py ``` +or use Gunicorn for production: + +```bash +gunicorn --bind 0.0.0.0:8080 app:app +``` + ## Self-Signed SSL Certificate (Optional) To run the Flask app with HTTPS, you can create a self-signed SSL certificate: @@ -42,3 +48,21 @@ Then run the Flask app with SSL context: ```bash flask run --cert=cert.pem --key=key.pem ``` + +To use the Mail In A Box server's SSL certificate, use the following files: + +- certificate: `/miab-data/ssl/ssl_certificate.pem` +- private key: `/miab-data/ssl/ssl_private_key.pem` + +> **Note:** You have to run the web server as root to access the private key file. + +## Service Installation + +``` +sudo mkdir -p /opt/dns-updater +sudo cp app.py /opt/dns-updater/ +sudo cp dns-updater.service /etc/systemd/system/ +sudo systemctl daemon-reload +sudo systemctl enable --now dns-updater.service +sudo systemctl status dns-updater.service +``` diff --git a/dns-updater.service b/dns-updater.service index deaca59..4841efa 100644 --- a/dns-updater.service +++ b/dns-updater.service @@ -7,8 +7,7 @@ User=root Group=root WorkingDirectory=/opt/dns-updater Environment="MIAB_HOST=box.koszewscy.waw.pl" -Environment="STORAGE_ROOT=/miab-data" -ExecStart=/bin/sh -c '/usr/bin/gunicorn --workers 4 --bind 0.0.0.0:8443 --certfile="$STORAGE_ROOT/ssl/ssl_certificate.pem" --keyfile="$STORAGE_ROOT/ssl/ssl_private_key.pem" app:app' +ExecStart=/usr/bin/gunicorn --workers 4 --bind 0.0.0.0:8443 --certfile="/miab-data/ssl/ssl_certificate.pem" --keyfile="/miab-data/ssl/ssl_private_key.pem" app:app Restart=always [Install] diff --git a/install b/install old mode 100644 new mode 100755