1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
. ${BUILDFILE%/*}/common.sh
pkgver=20161111.5
package() {
preamble
# #### process management
# Wherever possible, we should use uWSGI for process management of our
# HTTP services. This allows for much more consistent management and
# configuration than the hodge-podge of PHP-FPM, manage.py, fcgiwrap,
# et c. that we used to have on Proton.
depends+=(uwsgi)
# uWSGI is the program, uwsgi is the protocol it speaks with nginx. A
# pool of workers is called a vassal, and is configured in
# `/etc/uwsgi/${vassal}.ini`, and activated by
# `uwsgi@${vassal}.socket`; a socket speaking the uwsgi protocol is
# created at `/var/run/uwsgi/${vassal}.sock`.
# We use systemd socket activation rather than a uWSGI emperor because
# they provide largely the same functionality; the only real advantage
# that a uWSGI emperor would provide over systemd socket activation is
# if you ran it in tyrant mode, it lets you do some cool things with
# unpriveleged access, which would be useful for a shared web host.
# We aren't a shared web host, and have no reason to run emperor in
# tyrant mode.
# Since the `uwsgi@.service` vassal unit is written to support
# socket-activated or non-socket-activated use, it is normally
# possible to accidentally start it without the associated `.socket`
# unit; which is an error with how our vassal configurations are
# written. To fix this, `uwsgi@.service.d/socket.conf` overrides the
# unit a bit to disable non-socket-activated use.
add-file etc/systemd/system/uwsgi@.service.d/socket.conf <<EOF
# Avoid accidentally starting the service without the socket
[Unit]
Requires=uwsgi@%i.socket
After=uwsgi@%i.socket
EOF
# The ownership and permissions for the socket are configured in
# `uwsgi@.socket.d/owner.conf`, which sets the owner to `http:http`
# and the mode to 0600.
add-file etc/systemd/system/uwsgi@.socket.d/owner.conf <<EOF
[Socket]
SocketUser=http
SocketGroup=http
SocketMode=0600
EOF
# uWSGI supports thread pools in addition to process pools, but many
# of the actual workers you'll want to use aren't thread safe, so
# stick to process pools unless you specifically know that your worker
# is thread-safe (for example, PHP, at least with the modules needed
# for MediaWiki, is not thread-safe).
# Individual vassal configurations are documented in the section for
# the service that they provide, not here.
postamble
}
|