Skip to content

Deploy without Docker

Jump to bottom
Segolene-Albouy edited this page Apr 29, 2025 · 1 revision

https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu

Example of configuration /etc/nginx/sites-available/aikon Variables to modify: DOMAIN_NAME, APP_ROOT, SSL_CERT, SSL_KEY

server {
    listen 80;
    listen [::]:80;
    server_name DOMAIN_NAME;
    location /favicon.ico { 
        access_log off; log_not_found off; 
    }
    location /static/ {
        root APP_ROOT;
    }
    location / { 
        return 301 https://$host$request_uri; 
    }
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name DOMAIN_NAME;
    
    access_log /var/log/nginx/aikon.access.log; # reduce I/0 with buffer=10m flush=5m
    error_log  /var/log/nginx/aikon.error.log;
    
    location /favicon.ico { 
        access_log off; log_not_found off; 
    }

    location / {
        proxy_set_header        X-Real_IP           $remote_addr;
        proxy_set_header        X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto   $scheme;    
        proxy_set_header        X-NginX-Proxy       true;
        proxy_set_header        Host                $http_host;
        proxy_set_header        Upgrade             $http_upgrade;
        proxy_pass_header       Set-Cookie;
        client_max_body_size    5000M;
        proxy_connect_timeout   600;
        proxy_send_timeout      600;
        proxy_read_timeout      600;
        send_timeout            600;
        proxy_pass              http://0.0.0.0:8000/;
    }

    location /sas/ {
        proxy_ssl_server_name on;
        proxy_set_header         X-Real_IP           $remote_addr;
        proxy_set_header         X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header         X-Forwarded-Proto   $scheme;
        proxy_set_header         X-NginX-Proxy       true;
        proxy_set_header         Host                $host/sas;
        proxy_set_header         Upgrade             $http_upgrade;
        proxy_pass_header        Set-Cookie;
        proxy_pass               http://0.0.0.0:8888/;
        #auth_basic              "Restricted Content";
        #auth_basic_user_file    /etc/nginx/.htpasswd;
    }

    location /javax.faces.resource/ {
        proxy_pass http://0.0.0.0:8888/javax.faces.resource/;
    }

    location /static/ {
        autoindex off;
        alias APP_ROOT/front/app/staticfiles/; 
    }

    location /media/ {
        autoindex off;
        alias /data/mediafiles/;
    }

    location /iiif/ {
        proxy_pass http://0.0.0.0:8182/iiif/;
    }

    ssl_certificate      SSL_CERT;
    ssl_certificate_key  SSL_KEY;
    ssl_protocols             TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers               ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; # add ECDHE-RSA-AES256-SHA if you want compatibility with Android 4
    ssl_session_timeout       1d; # defaults to 5m
    ssl_session_cache         shared:SSL:10m; # estimated to 40k sessions
    ssl_session_tickets       off;
    ssl_stapling              on;
    ssl_stapling_verify       on;
}

configure services

Project overview

Deployment

Web application

Utils

Clone this wiki locally