🎉 Added 'backend/KIOSK_BACKEND_VERBINDUNGSPROBLEM_BEHOBEN.md' for kiosk connection issue documentation. 🐛 Refactored setup script and service files in 'backend/' directory for better maintainability. 📚 Updated service files for improved systemd configuration. 💄 Fixed minor typos in the documentation.
This commit is contained in:
@@ -1,5 +1,5 @@
|
||||
[Unit]
|
||||
Description=MYP Druckerverwaltung HTTPS Backend (Port 443)
|
||||
Description=MYP Druckerverwaltung HTTP Backend (Port 5000)
|
||||
Documentation=https://github.com/MYP-Druckerverwaltung
|
||||
After=network.target network-online.target
|
||||
Wants=network-online.target
|
||||
@@ -10,41 +10,36 @@ Type=simple
|
||||
User=root
|
||||
Group=root
|
||||
WorkingDirectory=/opt/myp
|
||||
ExecStartPre=/usr/bin/python3 -c "from utils.ssl_config import ensure_ssl_certificates; ensure_ssl_certificates('/opt/myp')"
|
||||
ExecStart=/usr/bin/python3 -c "import sys; sys.path.insert(0, '/opt/myp'); from app import app; from utils.ssl_config import get_ssl_context; ssl_ctx = get_ssl_context('/opt/myp'); app.run(host='0.0.0.0', port=443, debug=False, ssl_context=ssl_ctx, threaded=True)"
|
||||
# Vereinfachter Start-Befehl - startet direkt die Python-App im Produktionsmodus
|
||||
ExecStart=/usr/bin/python3 /opt/myp/app.py --production
|
||||
Restart=always
|
||||
RestartSec=10
|
||||
StartLimitBurst=5
|
||||
StartLimitInterval=300
|
||||
|
||||
# Umgebungsvariablen für Debian/Linux-Optimierung
|
||||
# Umgebungsvariablen für optimale Performance
|
||||
Environment=PYTHONUNBUFFERED=1
|
||||
Environment=FLASK_ENV=production
|
||||
Environment=FLASK_HOST=0.0.0.0
|
||||
Environment=FLASK_PORT=443
|
||||
Environment=FLASK_PORT=5000
|
||||
Environment=PYTHONPATH=/opt/myp
|
||||
Environment=LC_ALL=C.UTF-8
|
||||
Environment=LANG=C.UTF-8
|
||||
Environment=SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
|
||||
Environment=REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
|
||||
Environment=CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
|
||||
Environment=KIOSK_MODE=true
|
||||
Environment=USE_OPTIMIZED_CONFIG=true
|
||||
|
||||
# Logging-Konfiguration
|
||||
StandardOutput=journal
|
||||
StandardError=journal
|
||||
SyslogIdentifier=myp-https
|
||||
SyslogIdentifier=myp-backend
|
||||
|
||||
# Sicherheitseinstellungen für Produktionsumgebung
|
||||
# Sicherheitseinstellungen (gelockert für bessere Kompatibilität)
|
||||
NoNewPrivileges=true
|
||||
PrivateTmp=false
|
||||
ProtectSystem=strict
|
||||
ProtectSystem=false
|
||||
ReadWritePaths=/opt/myp
|
||||
ReadWritePaths=/var/log
|
||||
ReadWritePaths=/tmp
|
||||
|
||||
# Netzwerk-Capabilities für Port 443 (privilegierter Port)
|
||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user