Setting up Serles with Gunicorn¶
In this document we will describe a production-ready setup of Serles using Gunicorn.
Installation¶
python3 -m venv /opt/serles_venv
. /opt/serles_venv/bin/activate
python3 -m pip install serles-acme
In order to run Serles in production, you will need a WSGI HTTP(s) server. We have chosen gunicorn for this example, which ships with Serles. You do not have to use a virtual environment; all dependencies should also be packaged by your distribution.
Configuration¶
Copy the (fully commented) sample configuration file config.ini.example
to
/etc/serles/config.ini
and modify it to suit your environment.
The included /bin/serles
executable will load gunicorn configuration from
/etc/serles/gunicorn_config.py
.
For gunicorn, the APP_MODULE
string is serles:create_app()
.
Please see the gunicorn configuration documentation for TLS and port binding.
Below is an example systemd unit file, that uses its own gunicorn from a virtual environment:
[Unit]
Description=gunicorn daemon for Serles
After=network.target
[Service]
PIDFile=/run/acmeproxy/pid
RuntimeDirectory=acmeproxy
Environment="PATH=/opt/serles_venv/bin:/usr/bin"
ExecStart=/opt/serles_venv/bin/gunicorn -c /etc/serles/gunicorn_config.py "serles:create_app()"
ExecReload=/bin/kill -HUP $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
Note that the selected backend will have to be configured as well; for the included EJBCA backend see for example EJBCA Dev Environment Quickstart.