{"id":17658632,"url":"https://github.com/ruuda/miniserver","last_synced_at":"2025-05-07T10:34:20.547Z","repository":{"id":49586857,"uuid":"126481117","full_name":"ruuda/miniserver","owner":"ruuda","description":"Nginx and Lego on Flatcar Linux","archived":false,"fork":false,"pushed_at":"2025-02-24T19:39:35.000Z","size":319,"stargazers_count":5,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-05-07T10:33:17.053Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ruuda.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-03-23T12:18:35.000Z","updated_at":"2025-02-24T19:39:38.000Z","dependencies_parsed_at":"2024-06-10T23:47:06.978Z","dependency_job_id":"da74e618-1064-4012-99ef-195152596525","html_url":"https://github.com/ruuda/miniserver","commit_stats":{"total_commits":354,"total_committers":2,"mean_commits":177.0,"dds":"0.0028248587570621764","last_synced_commit":"ddbce5a4c2f286c56518dc72fb5b5185a3b9e0a6"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruuda%2Fminiserver","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruuda%2Fminiserver/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruuda%2Fminiserver/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruuda%2Fminiserver/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ruuda","download_url":"https://codeload.github.com/ruuda/miniserver/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252860122,"owners_count":21815473,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-23T15:27:41.878Z","updated_at":"2025-05-07T10:34:20.483Z","avatar_url":"https://github.com/ruuda.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Miniserver\n\nTools to build a minimal webserver, as a self-contained archive that contains\nNginx and Lego, with configuration to run it under systemd on\n[Flatcar Container Linux][flatcar] (formerly [CoreOS][coreos]).\nA secure and simple way to host a static site.\n\nFeatures:\n\n * A recent Nginx, with Brotli support.\n * [Lego][lego] to refresh your Letsencrypt certificates.\n * Bit by bit reproducible.\n * Packaged as a squashfs file system, runs using systemd's isolation features.\n\n[lego]: https://go-acme.github.io/lego/\n\n## Building\n\nBuilding of the image is automated using [Nix][nix], a purely functional\npackage manager:\n\n    nix build --out-link result\n    systemd-nspawn --image result/miniserver.img --ephemeral -- /usr/bin/nginx -V\n\nThe build involves the following:\n\n * Take the package definitions for `nginx` and `lego` from a pinned version\n   of [Nixpkgs][nixpkgs].\n * Override `nginx` package to disable unused features (to reduce the number\n   of dependencies, and thereby attack surface and image size). Add the\n   [`ngx_brotli`][ngx-brotli] module for `brotli_static` support.\n * Build a self-contained squashfs image.\n\n[nix]:        https://nixos.org/nix/\n[nixpkgs]:    https://github.com/NixOS/nixpkgs\n[ngx-brotli]: https://github.com/google/ngx_brotli\n\n## Deploying\n\nThis repository includes a simple deployment tool, `miniserver.py` for updating\nan existing installation. It will:\n\n * Create a `/var/lib/miniserver` on a target machine to hold deployed images.\n * Copy the current image to the server over `sshfs` into a directory named\n   after the current version's Nix hash.\n * Put systemd units `nginx.service` and `lego.service` next to the image.\n * Symlink `/var/lib/miniserver/current` to the latest version.\n * Daemon-reload `systemd` and restart `nginx.service`.\n\nBefore the first deployment, perform the following initial setup.\nIt is recommended to encode these steps in your Ignition config.\n\n * Create a `www` system group.\n * Create `nginx` and `lego` system users with their own group,\n   and also part of the `www` group.\n * Create `/var/log/nginx` and `chown` it to `nginx:nginx`.\n   This directory will be mounted read-write inside the unit's chroot.\n * Create `/var/www`, chown it to `$USER:www`, and put your static site in\n   there. This directory will be mounted read-only inside the unit's chroot.\n * Create `/etc/nginx/sites-enabled/` and put at least one Nginx configuration\n   file in there. `/etc/nginx` will be mounted read-only inside the unit's\n   chroot. Files in `sites-enabled` will be loaded by the master config.\n * Create `/var/lib/lego/certificates` and chown it and its parent to `lego:www`.\n   Set the file mode on `/var/lib/lego/certificates` to 0750, to enable the\n   `www` group to enter the directory.\n * Put your Lego flags environment file at `/etc/lego.conf`.\n\nThen to install or update:\n\n    ./miniserver.py install \u003chostname\u003e\n\nYou need to have built the image before it can be deployed. The `install`\ncommand will symlink `/etc/systemd/system/{nginx,lego}.service` to the\nones in the installation directory, and enable and start the `nginx` unit. The\ninstallation command is idempotent, it is safe to run it multiple times. (Each\ntime will create an entry in the deploy log, however.)\n\nAfter the initial installation, you can update with:\n\n    ./miniserver.py deploy \u003chostname\u003e\n\nThis will restart `nginx.service` after uploading a new version.\n\n## License\n\nThe code in this repository is licensed under the\n[GNU General Public License][gplv3], version 3.\n\n[flatcar]: https://www.flatcar.org/\n[coreos]:  https://www.redhat.com/en/technologies/cloud-computing/openshift/what-was-coreos\n[gplv3]:   https://www.gnu.org/licenses/gpl-3.0.html\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fruuda%2Fminiserver","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fruuda%2Fminiserver","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fruuda%2Fminiserver/lists"}