Moved the web app to a separate directory.

.gitignore

@@ -1,2 +1,4 @@
-.env
+**/.venv
+**/.env
 **/__pycache__
+**/*.pem

Dockerfile

@@ -1,13 +0,0 @@
-FROM alpine:3.23
-
-RUN apk add --no-cache python3 py3-pip
-RUN pip3 install --break-system-packages flask flask-httpauth gunicorn requests jmespath
-# Clean up apk cache
-RUN rm -rf /var/cache/apk/*
-
-WORKDIR /app
-COPY app.py /app/app.py
-
-EXPOSE 8080
-
-CMD ["gunicorn", "--bind", "0.0.0.0:8080", "app:app"]

README.md

@@ -20,7 +20,7 @@ The repository contains a Flask-based API proxy that allows Omada controller to
 On an Ubuntu/Debian system, you can install the required packages using apt:
 
 ```bash
-sudo apt install -y python3 python3-dotenv python3-flask python3-flask-httpauth python3-requests
+sudo apt install -y python3 python3-dotenv python3-flask python3-flask-httpauth python3-requests gunicorn
 ```
 
 Copy the `app.py` file to your desired location, and run it using Python:
@@ -28,3 +28,41 @@ Copy the `app.py` file to your desired location, and run it using Python:
 ```bash
 flask run app.py
 ```
+
+or use Gunicorn for production:
+
+```bash
+gunicorn --bind 0.0.0.0:8080 app:app
+```
+
+## Self-Signed SSL Certificate (Optional)
+
+To run the Flask app with HTTPS, you can create a self-signed SSL certificate:
+
+```bash
+openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj "/CN=localhost" -addext "subjectAltName=DNS:localhost"
+```
+
+Then run the Flask app with SSL context:
+
+```bash
+flask run --cert=cert.pem --key=key.pem
+```
+
+To use the Mail In A Box server's SSL certificate, use the following files:
+
+- certificate: `/miab-data/ssl/ssl_certificate.pem`
+- private key: `/miab-data/ssl/ssl_private_key.pem`
+
+> **Note:** You have to run the web server as root to access the private key file.
+
+## Service Installation
+
+```
+sudo mkdir -p /opt/dns-updater
+sudo cp app.py /opt/dns-updater/
+sudo cp dns-updater.service /etc/systemd/system/
+sudo systemctl daemon-reload
+sudo systemctl enable --now dns-updater.service
+sudo systemctl status dns-updater.service
+```

app/Dockerfile

@@ -0,0 +1,22 @@
+FROM alpine:3.23
+
+RUN apk add --no-cache python3 py3-pip
+
+# Copy requirements and install Python packages
+COPY requirements.txt /tmp/requirements.txt
+RUN pip3 install --break-system-packages -r /tmp/requirements.txt
+
+# Clean up apk cache
+RUN rm -rf /var/cache/apk/*
+
+WORKDIR /app
+COPY app.py /app/app.py
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+ENV LISTEN_ADDRESS=0.0.0.0
+ENV LISTEN_PORT=8080
+
+EXPOSE 8080
+
+ENTRYPOINT [ "/entrypoint.sh" ]

app/dns-updater.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=dns-updater
+After=network.target
+
+[Service]
+User=root
+Group=root
+WorkingDirectory=/opt/dns-updater
+Environment="MIAB_HOST=box.koszewscy.waw.pl"
+ExecStart=/usr/bin/gunicorn --workers 4 --bind 0.0.0.0:8443 --certfile="/miab-data/ssl/ssl_certificate.pem" --keyfile="/miab-data/ssl/ssl_private_key.pem" app:app
+Restart=always
+
+[Install]
+WantedBy=multi-user.target

app/entrypoint.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+set -e
+
+LISTEN_ADDRESS="${LISTEN_ADDRESS:-0.0.0.0}"
+LISTEN_PORT="${LISTEN_PORT:-8080}"
+
+cd /app
+
+if [ -z "$CERT_FILE" ] || [ -z "$KEY_FILE" ]; then
+    exec gunicorn --bind ${LISTEN_ADDRESS}:${LISTEN_PORT} app:app
+else
+    exec gunicorn --bind ${LISTEN_ADDRESS}:${LISTEN_PORT} --certfile=${CERT_FILE} --keyfile=${KEY_FILE} app:app
+fi

app/install

@@ -0,0 +1,13 @@
+#!/usr/bin/bash
+
+if [[ $(id -u) -ne 0 ]]; then
+    echo "This script must be run as root" >&2
+    exit 1
+fi
+
+mkdir -p /opt/dns-updater
+cp app.py /opt/dns-updater/
+cp dns-updater.service /etc/systemd/system/
+systemctl daemon-reload
+systemctl enable --now dns-updater.service
+systemctl status dns-updater.service

app/requirements.txt

@@ -0,0 +1,5 @@
+flask
+flask-httpauth
+gunicorn
+requests
+jmespath

build

@@ -0,0 +1,4 @@
+#!/usr/bin/bash
+
+# Build the Docker image
+docker build -t skoszewski/omada-dyndns-miab-proxy app

dns-updater.service

@@ -1,14 +0,0 @@
-[Unit]
-Description=dns-updater
-After=network.target
-
-[Service]
-User=www-data
-Group=www-data
-WorkingDirectory=/home/slawek/src/dns-updater
-Environment="MIAB_HOST=box.koszewscy.waw.pl"
-ExecStart=/usr/bin/gunicorn --workers 4 --bind 0.0.0.0:8080 app:app
-Restart=always
-
-[Install]
-WantedBy=multi-user.target