"quakecoresoft.canterbury.ac.nz" is a UC domain for sw team.  This can serve users from off-campus, and has a potential to be a home to many non-commercial web services we develop.


All the traffic to this domain is forwarded to 443 port of quakecoresoft first, then redirected to 80 port (http) of ucquakecore1p, and depending on the exact URI, the nginx running on ucquakecore1p can decide which web service to serve.


Hosting a uWSGI instance

For example, if user enters https://quakecoresoft.canterbury.ac.nz/dashboard, the traffic is routed to port 80 of ucquakecore1p, and the location /dashboard is matched. The traffic is going through the socket /run/dashboard.sock.

NGINX configuration
server {
        listen 80 ;
        server_name quakecoresoft.canterbury.ac.nz;
        include /etc/nginx/default.d/*.conf;

        location ~ /dashboard {
                include uwsgi_params;
                uwsgi_pass unix:/run/dashboard.sock;
        }
...
}


This socket file was created when UWSGI launches this web service. The following command means the dashboard service is running locally on port 5090 with a socket file /run/dashboard.sock, which is monitored by the NGINX setting above.

/home/seb56/py37env/bin/uwsgi --http 0.0.0.0:5090 --mount /=dashboard_webserver:server --master -b 8192 --socket /run/dashboard.sock --chmod-socket=777 --vacuum --die-on-term


Running a web service under a subdirectory can be a bit tricker than running at a subdomain.  One may need to give a correct path to various resources to avoid 404 errors. 

To be able to run dashboard under a subdirectory /dashboard, I had to create Dash object with an extra argument url_base_pathname to enforce Dash to read .js files and .css from https://quakecoresoft.canterbury.ac.nz/dashboard/XXXX, instead of https://quakecoresoft.canterbury.ac.nz/XXXX

app = dash.Dash(__name__, server=server, external_stylesheets=EXTERNAL_STYLESHEETS, url_base_pathname='/dashboard/')


uWSGI should be called with --manage-script-name --mount XXX option. This option removes the need for SCRIPT_NAME to be specified in nginx configuration, and ensures that the entire URL including the subdirectory name is seen as a URL prefix.

/home/seb56/py37env/bin/uwsgi --http 0.0.0.0:5080 --plugins python  --manage-script-name --mount /sim_atlas=server:app --master -b 8192 --socket /run/sim_atlas.sock --chmod-socket=777 --vacuum --die-on-term

NGINX configuration can be as simple as this.

        location ~ /sim_atlas {
                include uwsgi_params;
                uwsgi_pass unix:/run/sim_atlas.sock;
        }

Alternatively, one may wish to modify how the Flask object initialised. Without this, it ran into 404 error as it was not able to find files from https://quakecoresoft.canterbury.ac.nz/static/XXXX while it should be looking at https://quakecoresoft.canterbury.ac.nz/sim_atlas/static/XXXX. The solution above made this change unnecessary, but I'm keeping the below as a reference.

app = Flask(__name__, static_url_path='/sim_atlas/static/', static_folder=os.path.join(os.path.abspath(os.path.curdir), 'static/'))


Hosting a static page

A static index page does not need to be launched by uWSGI, as it can be directly served by NGINX. However, the files are preferred to be located under /var/www, while uWSGI-driven services can be user's home directory.  Once permissions are properly set (755, preferably), point to the location where the index.html is with "alias" directive.

server {
...        
	location  /vs30 {
       alias /var/www/Vs30/server/webroot/;
	}
...
}


Redirection from seistech.nz


Old urls at seistech.nz are redirected to quakecoresoft.canterbury.ac.nz

https://dashboard.seistech.nz  → https://quakecoresoft.canterbury.ac.nz/dashboard

https://atlas.seistech.nz → https://quakecoresoft.canterbury.ac.nz/sim_atlas

https://vs30.seistech.nz  → https://quakecoresoft.canterbury.ac.nz/vs30


On EC2, related bit in nginx.conf looks like:

   server {
        listen       443 ssl http2 ;
        listen       [::]:443 ssl http2 ;
        server_name  vs30.seistech.nz;
        root         /usr/share/nginx/html;
        include /etc/nginx/default.d/*.conf;

        return 301 https://quakecoresoft.canterbury.ac.nz/vs30;

   }


Initially the redirection was done with proxy_pass, but the redirection was blocked if accessed from off-campus.


Hosting a static page on EC2 

All the http traffics are redirected to https, and the home page for seistech.nz is located at /var/www/seistech_root.  Static resources such as image files can be accessed via seistech.nz/static/images.

   #Redirect all HTTP to HTTPS
    server {
    listen [::]:80 default_server ipv6only=off;
    return 301 https://$host$request_uri;
    }
# Settings for a TLS enabled server.

    server {
        listen       443 ssl http2 ;
        listen       [::]:443 ssl http2 ;
        server_name  seistech.nz,www.seistech.nz;
        include /etc/nginx/default.d/*.conf;

        root /var/www/seistech_root/;
        index index.html;

        location /static/images/ {
            autoindex on;
        }
....
   }
  • No labels