aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--content/blog/201610-uwsgi.rst140
1 files changed, 140 insertions, 0 deletions
diff --git a/content/blog/201610-uwsgi.rst b/content/blog/201610-uwsgi.rst
new file mode 100644
index 0000000..ab0ad6d
--- /dev/null
+++ b/content/blog/201610-uwsgi.rst
@@ -0,0 +1,140 @@
+Securely serving webapps using uWSGI
+####################################
+
+:date: 2016-10-02 20:00
+:modified: 2016-10-03 04:00
+:tags: application server, archlinux, cgit, mediawiki, nginx, owncloud, php, python, roundcube, security, sockets, systemd, uwsgi, webapps, wordpress
+:category: admin
+:slug: securely-serving-webapps-using-uwsgi
+:summary: An introductory on how to securely serve all your webapps using |website-nginx| and |website-uwsgi| with |website-systemd| on |website-archlinux|
+:authors: David Runge
+
+| Ever since I'm running my own |website-archlinux| box to serve my services, I have been using |website-nginx| in conjunction with |website-uwsgi|.
+| So instead of using |website-php-fpm| and be limited to just |website-php|, I can use a single application server to do all of them (|wiki-cgi|, |website-python|, |website-php| and even the stuff I don't use, such as |website-ruby|, |website-mono|, |website-java|, |website-lua|, |website-perl|, |website-webdav|). They are all separately installable as plugins.
+| Static sites, such as this, default to being served by |website-nginx| directly of course.
+| Over time I found |website-uwsgi| to be a very versatile and powerful piece of software that has many advantages (over e.g. |website-apache|):
+
+* socket activation
+* webapp encapsulation and jailing
+* self-healing
+* being able to separetely manage services
+* close after idle
+
+| I'll explain the services I use (|website-roundcube|, |website-owncloud|, |website-mailman|, |website-stikked|, |website-wordpress|, |website-postfixadmin|, |website-phpmyadmin|, |website-cgit|, |website-mediawiki|, |website-mantisbt| ) along with configuration examples and their possible pitfalls.
+| In my last post about `Let's Encrypt <../2016/lets-encrypt-it-all>`_ I already showed some examples on how to configure |website-nginx| for the use with |website-uwsgi|. Let's jump right in.
+|
+
+Preparing nginx
+_______________
+
+
+
+
+.. |website-letsencrypt| raw:: html
+
+ <a href="https://letsencrypt.org" target="_blank">Let's Encrypt</a>
+
+.. |website-archlinux| raw:: html
+
+ <a href="https://archlinux.org" target="_blank">Arch Linux</a>
+
+.. |website-python| raw:: html
+
+ <a href="https://www.python.org/" target="_blank">Python</a>
+
+.. |website-nginx| raw:: html
+
+ <a href="https://www.nginx.org/" target="_blank">nginx</a>
+
+.. |website-roundcube| raw:: html
+
+ <a href="https://roundcube.net/" target="_blank">roundcube</a>
+
+.. |website-uwsgi| raw:: html
+
+ <a href="https://projects.unbit.it/uwsgi" target="_blank">uWSGI</a>
+
+.. |readthedocs-uwsgi| raw:: html
+
+ <a href="https://uwsgi-docs.readthedocs.io/en/latest/" target="_blank">uWSGI</a>
+
+.. |website-owncloud| raw:: html
+
+ <a href="https://owncloud.org" target="_blank">ownCloud</a>
+
+.. |website-systemd| raw:: html
+
+ <a href="https://www.freedesktop.org/wiki/Software/systemd/" target="_blank">systemd</a>
+
+.. |website-php-fpm| raw:: html
+
+ <a href="https://php-fpm.org/" target="_blank">php-fpm</a>
+
+.. |website-php| raw:: html
+
+ <a href="https://secure.php.net/" target="_blank">PHP</a>
+
+.. |wiki-cgi| raw:: html
+
+ <a href="https://en.wikipedia.org/wiki/Common_Gateway_Interface" target="_blank">CGI</a>
+
+.. |website-ruby| raw:: html
+
+ <a href="https://rack.github.io/" target="_blank">Ruby Rack</a>
+
+.. |website-mono| raw:: html
+
+ <a href="http://www.mono-project.com/" target="_blank">Mono</a>
+
+.. |website-java| raw:: html
+
+ <a href="https://www.java.com/en/" target="_blank">Java</a>
+
+.. |website-lua| raw:: html
+
+ <a href="https://www.lua.org/" target="_blank">Lua</a>
+
+.. |website-perl| raw:: html
+
+ <a href="https://www.perl.org/" target="_blank">Perl</a>
+
+.. |website-webdav| raw:: html
+
+ <a href="http://www.webdav.org/" target="_blank">WebDAV</a>
+
+.. |website-apache| raw:: html
+
+ <a href="https://httpd.apache.org/" target="_blank">Apache</a>
+
+.. |website-mailman| raw:: html
+
+ <a href="http://list.org/" target="_blank">Mailman</a>
+
+.. |website-stikked| raw:: html
+
+ <a href="https://github.com/claudehohl/Stikked" target="_blank">Stikked</a>
+
+.. |website-wordpress| raw:: html
+
+ <a href="https://wordpress.org" target="_blank">Wordpress</a>
+
+.. |website-postfixadmin| raw:: html
+
+ <a href="http://postfixadmin.sourceforge.net/" target="_blank">Postfixadmin</a>
+
+.. |website-phpmyadmin| raw:: html
+
+ <a href="https://www.phpmyadmin.net/" target="_blank">phpMyAdmin</a>
+
+.. |website-cgit| raw:: html
+
+ <a href="https://git.zx2c4.com/cgit/" target="_blank">cgit</a>
+
+.. |website-mediawiki| raw:: html
+
+ <a href="https://www.mediawiki.org/wiki/MediaWiki" target="_blank">MediaWiki</a>
+
+.. |website-mantisbt| raw:: html
+
+ <a href="https://mantisbt.org/" target="_blank">MantisBT</a>
+