Web Hook Forwarder
The idea is to run local commands on internal servers using SSH if you have external webhooks triggering it. The implementation currently runs the docker compose chain for updating existing images. This stupid simple setup assumes a server is configured in your ssh_config and can be called from http://<server_url>/hooks/<server_to_call>.
Configure
Create a ssh config file in /etc/ssh/ssh_config and add entries for the servers you want to be able to call. Make sure the key used to connect to the servers is readable by the uWSGI uid (in this case: www-data)
Host <hostname should match entries above>
HostName <ip address of internal development machine>
User <user that can execute docker-compose>
IdentityFile <path to the private key file for the specified user>
Install
Clone this repository in /usr/share/whf
, or modify the uwsgi.ini to reflect your location.
apt install python-virtualenv python3-pip uwsgi-plugin-python3 nginx
Virtual environment
cd /
mkdir venv
cd venv
virtualenv -p /usr/bin/python3 whf
source whf/bin/activate
pip3 install -r /usr/share/whf/requirements.txt
NGINX
/etc/nginx/sites-available/app.conf
server {
location / {
include uwsgi_params;
uwsgi_pass unix:///var/run/uwsgi.sock;
}
}
ln -sf /etc/nginx/sites-available/app.conf /etc/nginx/sites-enabled/default
uWSGI
/etc/uwsgi/uwsgi.ini
[uwsgi]
socket = /var/run/uwsgi.sock
plugins = python3
uid = www-data
gid = www-data
master = true
processes = 2
chown-socket = www-data:www-data
chmod-socket = 664
hook-master-start = unix_signal:15 gracefully_kill_them_all
chdir = /usr/share/whf
module = main
callable = app
logto = /var/log/uwsgi.log
systemd
/etc/systemd/system/uwsgi.service
[Unit]
Description=uWSGI instance to serve whf
After=network.target
[Service]
WorkingDirectory=/usr/share/whf
Environment="PATH=/venv/whf/bin"
ExecStart=/venv/whf/bin/uwsgi --ini /etc/uwsgi/uwsgi.ini
[Install]
WantedBy=multi-user.target
Reload, start and enable the systemd service.
systemctl daemon-reload
systemctl start uwsgi
systemctl enable uwsgi
systemctl restart nginx
logrotate
/etc/logrotate.d/uwsgi
/var/log/uwsgi.log {
daily
missingok
rotate 12
compress
delaycompress
notifempty
create 0644 root root
}