Skip to content

Instantly share code, notes, and snippets.

@realFranco

realFranco/deploy_nginx_fastapi_systemd.sh

Last active May 5, 2021 03:10
Show Gist options
  • Save realFranco/15ac7a6b27af1a7d88fb84778de86a86 to your computer and use it in GitHub Desktop.
Save realFranco/15ac7a6b27af1a7d88fb84778de86a86 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
deploy_nginx_fastapi_systemd.sh
# References
# https://majornetwork.net/2020/10/webhook-listener-with-fastapi/
# https://majornetwork.net/2020/11/systemd-setup-for-fastapi-webhook-listener/
git clone https://gitlab.com/realFranco/some-rest-service.git
cd into_the_folder
nano .env
sudo apt-get install python3-venv
python3 -m venv env
source env/bin/activate
pip3 install -r requirements.txt
deactivate
# If some service is being deploy testing, use docker-compose to enable the Data Storage a soon as possible
docker-compose -up d
---------------------------------------------------------------------------------------------------------------------------------
sudo nano /etc/systemd/system/some.service
# Enabling the daemon
# TODO: Check if some improve can be done
[Unit]
Description=Service
After=network.target
[Service]
User=ubuntu
Group=ubuntu
WorkingDirectory=/home/ubuntu/.app/some-rest-service
Environment="PATH=/home/ubuntu/.app/some-rest-service/env/bin"
ExecStart=/home/ubuntu/.app/some-rest-service/env/bin/uvicorn main:app --reload --env-file /home/ubuntu/.app/some-rest-service/.env
[Install]
WantedBy=multi-user.target
# Certbot - SSL Generator
> https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
# Doing the modifications manually
sudo certbot certonly --nginx
- write email
- accept stuff
- add the domain name, csv format if more than one are required
- Certificate stored!
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/domain.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/domainc.com/privkey.pem
Your certificate will expire on 2222-08-03. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again. To non-interactively renew *all* of your
certificates, run "certbot renew"
# TODO Improve the crontab explanation
# Crontab the next command for renovations (every day)
sudo certbot renew
sudo nano /etc/nginx/sites-available/some
server {
listen 80;
server_name server_ip;
location / {
include proxy_params;
proxy_pass http://127.0.0.1:8000;
}
}
# activate the 443 port on the instance | server
# reverse proxy on 80 & 443
server {
# listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name ip; # Public ip v4 from the host
listen 443 ssl; # managed by Certbot
# RSA
ssl_certificate /etc/letsencrypt/live/[subdomain.]domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/[subdomain.]domain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
location / {
proxy_pass http://127.0.0.1:8000;
}
}
# Check the service and start up
sudo ln -s /etc/nginx/sites-available/some /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl daemon-reload
sudo service apache2 stop
sudo systemctl start some
sudo systemctl enable some
sudo systemctl restart nginx
sudo systemctl status nginx
# Check the website using curl or the website
------------------------------------------------------------------------------------------------------------------------
# Delete everything
sudo docker-compose down
cd ../
rm -r -f elektron-rest-service
sudo rm /etc/systemd/system/elektron.service
sudo rm /etc/nginx/sites-available/elektron
sudo rm /etc/nginx/sites-enabled/elektron
sudo rm -r -f /etc/letsencrypt/live/domain.com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment