Little Test with HTMX & Nginx recently, i saw the Keynote - “Full-Stack Python” (Andy “Pandy” Knight) and i read an article about html & websockets. So I thought why not give it a try?
Preview Requirements the usual stuff:
Virtual Machine (here: OpenBSD VM) FQDN Pointing to your Box SSL Cert Webroot on your webserver, create a new webroot wherever you have your pages located.
su - webmaster mkdir -p /var/www/virtual/your.
Flask & JWT getting your hands dirty with Flask and JWT
Source https://dev.to/grahammorby/jwt-auth-in-flask-python-18i4 with some modifications by myself …
Environment Test under macOS & OpenBSD, Poetry installed and working
Script build virtual env
export app="app100" export FLASK_APP="${app}/app" poetry new ${app} cd ${app} set python 3.10
poetry env use $(which python3.10) gsed -i "s/python = \"^3.*$/python = \"^3.10\"/" pyproject.toml poetry lock add packages
wget -4 -O requirements.txt https://raw.githubusercontent.com/GrahamMorbyDev/jwt-flask/master/requirements.txt echo "marshmallow-sqlalchemy" >> requirements.
How to enable Logging with Headers for Nginx Assuming you have a running setup and you want to enable logging with headers for debug and learning purposes ?
Add Lua doas pkg_add nginx-lua-- and you get …
doas pkg_info -L nginx-lua-- Information for inst:nginx-lua-1.20.1p0 Files: /var/www/modules/ndk_http_module.so /var/www/modules/ngx_http_lua_module.so Enable Modules in /etc/nginx/nginx.conf add two lines on Top
load_module "modules/ndk_http_module.so"; load_module "modules/ngx_http_lua_module.so"; Enhance Logging add the following to the “http” Section
log_format log_req_resp '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" ' '$request_time req_header:"$req_header" ' 'resp_header:"$resp_header"'; Enable Logging add the following lines to your virtual Host Section
Assuming you have a Website with some higher load, higher demand for availability, or both of them. You can do the following:
Duplicate your Webserver (and the Content of Course) as much as you need Put a Loadbalancer in Front the Webserver, best in Combination with a Firewall Ruleset Terminate TLS on the Loadbalancer once, or on each Webserver directly. Whatever you prefer. You can also double the Loadbalancer with two Boxes the get redundancy on this level.
Install NGINX & PHP pkg_add nginx php--%7.4 rcctl enable nginx php74_fpm Edit php.ini sed -i s'/date.timezone = UTC.*/date.timezone = Europe\/Zurich/' /etc/php-7.4.ini sed -i s'/short_open_tag = Off.*/short_open_tag = On/' /etc/php-7.4.ini Stop 7.3 & Start 7.4 rcctl stop php73_fpm rcctl restart nginx php74_fpm Uninstall PHP 7.3 pkg_del php--%7.3 pkg_del -a Any Comments ? sha256: 850d0140d76843ff867fcf764ff3313d19cf8d967c611e180b6a264e7bc274c4
… and you thought that cgi is dead …
nginx.conf cat << 'EOF' > /etc/nginx/nginx.conf worker_processes 1; worker_rlimit_nofile 1024; events { worker_connections 800; } http { include mime.types; default_type application/octet-stream; index index.html index.htm; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; access_log syslog:server=unix:/dev/log,severity=notice main; keepalive_timeout 65; server_tokens off; server { listen 80; listen [::]:80; server_name localhost; root /var/www/htdocs; # FastCGI to CGI wrapper server # location /cgi-bin/ { #error_log /var/log/slowcgi/errors; fastcgi_pass unix:run/slowcgi.
Install NGINX & PHP pkg_add nginx php--%7.3 rcctl enable nginx php73_fpm Edit php.ini sed -i s'/date.timezone = UTC.*/date.timezone = Europe\/Zurich/' /etc/php-7.3.ini sed -i s'/short_open_tag = Off.*/short_open_tag = On/' /etc/php-7.3.ini nginx.conf mkdir /var/log/nginx cat << 'EOF' > /etc/nginx/nginx.conf worker_processes 1; worker_rlimit_nofile 1024; events { worker_connections 800; } http { include mime.types; default_type application/octet-stream; index index.php index.html index.htm; keepalive_timeout 65; server_tokens off; proxy_cache_valid any 0s; log_format main '$remote_addr - $ssl_client_serial - [$time_local] - "$request" - $status - $body_bytes_sent'; map $ssl_client_serial $ssl_access { default 0; WFuDgzQBZXV740D3 1; # Hans Muster EDugUslEX1Et90WX 0; # Beat Breu 2DF3C663741296F5 1; # Ruedi Ruessel } # # HTTP -> Redirect to HTTPS # server { listen 80; server_name localhost; access_log logs/host.
Requirement Webserver http Webserver https Protected Folder https://egal.com/protected with Client Certificate /etc/httpd.conf # $OpenBSD: httpd.conf,v 1.20 2018/06/13 15:08:24 reyk Exp $ server "*" { listen on * port 8080 location "/.well-known/acme-challenge/*" { root "/acme" request strip 2 } } /etc/nginx/nginx.conf # Take note of http://wiki.nginx.org/Pitfalls #user www; worker_processes 1; #load_module "modules/ngx_stream_module.so"; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #error_log syslog:server=unix:/dev/log,severity=notice; #pid logs/nginx.pid; worker_rlimit_nofile 1024; events { worker_connections 800; } http { include mime.
NGINX with Client Certificates root@debian:/etc/nginx/sites-available# server { listen 80; listen [::]:80; server_name host198.planet; root /var/www/host198.planet; access_log /var/log/nginx/host198.planet; index index.html; location / { try_files $uri $uri/ =404; } } server { listen 443 ssl; listen [::]:443 ssl; server_name host198.planet; root /var/www/host198.planet; ssl_certificate /etc/ssl/private/fullchain.crt; ssl_certificate_key /etc/ssl/private/host198.planet.key; ssl_protocols TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; ssl_client_certificate /etc/ssl/private/ca.crt; ssl_verify_client optional; access_log /var/log/nginx/host198.planet; index index.html; #location / { # try_files $uri $uri/ =404; #} location / { # if the client-side certificate failed to authenticate, show a 403 # message to the client if ($ssl_client_verify !