Moved the web app to a separate directory.

.gitignore

@@ -1,3 +1,4 @@
-.env
+**/.venv
+**/.env
 **/__pycache__
 **/*.pem

README.md

@@ -20,7 +20,7 @@ The repository contains a Flask-based API proxy that allows Omada controller to
 On an Ubuntu/Debian system, you can install the required packages using apt:
 
 ```bash
-sudo apt install -y python3 python3-dotenv python3-flask python3-flask-httpauth python3-requests
+sudo apt install -y python3 python3-dotenv python3-flask python3-flask-httpauth python3-requests gunicorn
 ```
 
 Copy the `app.py` file to your desired location, and run it using Python:
@@ -29,6 +29,12 @@ Copy the `app.py` file to your desired location, and run it using Python:
 flask run app.py
 ```
 
+or use Gunicorn for production:
+
+```bash
+gunicorn --bind 0.0.0.0:8080 app:app
+```
+
 ## Self-Signed SSL Certificate (Optional)
 
 To run the Flask app with HTTPS, you can create a self-signed SSL certificate:
@@ -42,3 +48,21 @@ Then run the Flask app with SSL context:
 ```bash
 flask run --cert=cert.pem --key=key.pem
 ```
+
+To use the Mail In A Box server's SSL certificate, use the following files:
+
+- certificate: `/miab-data/ssl/ssl_certificate.pem`
+- private key: `/miab-data/ssl/ssl_private_key.pem`
+
+> **Note:** You have to run the web server as root to access the private key file.
+
+## Service Installation
+
+```
+sudo mkdir -p /opt/dns-updater
+sudo cp app.py /opt/dns-updater/
+sudo cp dns-updater.service /etc/systemd/system/
+sudo systemctl daemon-reload
+sudo systemctl enable --now dns-updater.service
+sudo systemctl status dns-updater.service
+```

app/Dockerfile

@@ -1,7 +1,11 @@
 FROM alpine:3.23
 
 RUN apk add --no-cache python3 py3-pip
-RUN pip3 install --break-system-packages flask flask-httpauth gunicorn requests jmespath
+
+# Copy requirements and install Python packages
+COPY requirements.txt /tmp/requirements.txt
+RUN pip3 install --break-system-packages -r /tmp/requirements.txt
+
 # Clean up apk cache
 RUN rm -rf /var/cache/apk/*
 

app/dns-updater.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=dns-updater
+After=network.target
+
+[Service]
+User=root
+Group=root
+WorkingDirectory=/opt/dns-updater
+Environment="MIAB_HOST=box.koszewscy.waw.pl"
+ExecStart=/usr/bin/gunicorn --workers 4 --bind 0.0.0.0:8443 --certfile="/miab-data/ssl/ssl_certificate.pem" --keyfile="/miab-data/ssl/ssl_private_key.pem" app:app
+Restart=always
+
+[Install]
+WantedBy=multi-user.target

app/install

@@ -0,0 +1,13 @@
+#!/usr/bin/bash
+
+if [[ $(id -u) -ne 0 ]]; then
+    echo "This script must be run as root" >&2
+    exit 1
+fi
+
+mkdir -p /opt/dns-updater
+cp app.py /opt/dns-updater/
+cp dns-updater.service /etc/systemd/system/
+systemctl daemon-reload
+systemctl enable --now dns-updater.service
+systemctl status dns-updater.service

app/requirements.txt

@@ -0,0 +1,5 @@
+flask
+flask-httpauth
+gunicorn
+requests
+jmespath

build

@@ -1,4 +1,4 @@
 #!/usr/bin/bash
 
 # Build the Docker image
-docker build -t skoszewski/omada-dyndns-miab-proxy .
+docker build -t skoszewski/omada-dyndns-miab-proxy app

dns-updater.service

@@ -1,14 +0,0 @@
-[Unit]
-Description=dns-updater
-After=network.target
-
-[Service]
-User=www-data
-Group=www-data
-WorkingDirectory=/home/slawek/src/dns-updater
-Environment="MIAB_HOST=box.koszewscy.waw.pl"
-ExecStart=/usr/bin/gunicorn --workers 4 --bind 0.0.0.0:8080 app:app
-Restart=always
-
-[Install]
-WantedBy=multi-user.target