conf/README.md at main · desertthunder.dev/pai

desertthunder.dev / pai
personal activity index (bluesky, leaflet, substack) pai.desertthunder.dev
rss bluesky
pai / conf / README.md
at main 307 lines 5.8 kB view raw view rendered
  1# Personal Activity Index - Reverse Proxy Configurations
  2
  3This directory contains example reverse proxy configurations for deploying the Personal Activity Index HTTP server behind nginx or Caddy.
  4
  5## Quick Start
  6
  7### Option 1: nginx
  8
  9#### macOS
 10
 111. Install nginx:
 12
 13   ```sh
 14   brew install nginx
 15   ```
 16
 172. Copy the configuration:
 18
 19   ```sh
 20   # For localhost testing
 21   cp nginx.conf /opt/homebrew/etc/nginx/servers/pai.conf
 22
 23   # Or symlink to keep it in sync
 24   ln -s $(pwd)/nginx.conf /opt/homebrew/etc/nginx/servers/pai.conf
 25   ```
 26
 273. Start the pai server:
 28
 29   ```sh
 30   pai serve -a 127.0.0.1:8080
 31   ```
 32
 334. Start nginx:
 34
 35   ```sh
 36   brew services start nginx
 37   ```
 38
 395. Access at <http://localhost>
 40
 41#### Linux
 42
 431. Install nginx:
 44
 45   ```sh
 46   # Debian/Ubuntu
 47   sudo apt install nginx
 48
 49   # RHEL/Fedora
 50   sudo dnf install nginx
 51   ```
 52
 532. Copy the configuration:
 54
 55   ```sh
 56   sudo cp nginx.conf /etc/nginx/sites-available/pai
 57   sudo ln -s /etc/nginx/sites-available/pai /etc/nginx/sites-enabled/
 58   ```
 59
 603. Start the pai server:
 61
 62   ```sh
 63   pai serve -a 127.0.0.1:8080
 64   ```
 65
 664. Test and reload nginx:
 67
 68   ```sh
 69   sudo nginx -t
 70   sudo systemctl reload nginx
 71   ```
 72
 735. Access at <http://localhost>
 74
 75### Option 2: Caddy
 76
 77#### macOS
 78
 791. Install Caddy:
 80
 81   ```sh
 82   brew install caddy
 83   ```
 84
 852. Copy the Caddyfile:
 86
 87   ```sh
 88   cp Caddyfile /opt/homebrew/etc/Caddyfile
 89   ```
 90
 913. Start the pai server:
 92
 93   ```sh
 94   pai serve -a 127.0.0.1:8080
 95   ```
 96
 974. Start Caddy:
 98
 99   ```sh
100   brew services start caddy
101   ```
102
1035. Access at <http://localhost>
104
105#### Linux
106
1071. Install Caddy:
108
109   ```sh
110   # See https://caddyserver.com/docs/install
111
112   # Debian/Ubuntu
113   sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
114   curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
115   curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
116   sudo apt update
117   sudo apt install caddy
118   ```
119
1202. Copy the Caddyfile:
121
122   ```sh
123   sudo cp Caddyfile /etc/caddy/Caddyfile
124   ```
125
1263. Start the pai server:
127
128   ```sh
129   pai serve -a 127.0.0.1:8080
130   ```
131
1324. Reload Caddy:
133
134   ```sh
135   sudo systemctl reload caddy
136   ```
137
1385. Access at <http://localhost>
139
140## Production Deployment with Custom Domain
141
142### nginx with SSL
143
1441. Edit `nginx.conf` and replace `localhost` with your domain (e.g., `pai.example.com`)
145
1462. Obtain SSL certificates using certbot:
147
148   ```sh
149   # macOS
150   brew install certbot
151
152   # Linux
153   sudo apt install certbot python3-certbot-nginx  # Debian/Ubuntu
154   sudo dnf install certbot python3-certbot-nginx  # RHEL/Fedora
155   ```
156
1573. Get certificates:
158
159   ```sh
160   sudo certbot --nginx -d pai.example.com
161   ```
162
1634. Certbot will automatically update your nginx configuration with SSL settings
164
1655. Set up auto-renewal:
166
167   ```sh
168   # Test renewal
169   sudo certbot renew --dry-run
170
171   # On Linux, certbot sets up a systemd timer automatically
172   # On macOS, add to crontab:
173   sudo crontab -e
174   # Add: 0 0 * * * certbot renew --quiet
175   ```
176
177### Caddy with Custom Domain
178
1791. Edit `Caddyfile` and uncomment the production section
180
1812. Replace `pai.example.com` with your actual domain
182
1833. Ensure DNS A/AAAA records point to your server
184
1854. Reload Caddy:
186
187   ```sh
188   sudo systemctl reload caddy  # Linux
189   brew services restart caddy  # macOS
190   ```
191
192Caddy automatically obtains and renews SSL certificates from Let's Encrypt - no additional configuration needed!
193
194## Running pai as a System Service
195
196### macOS (launchd)
197
198Create `/Library/LaunchDaemons/com.pai.server.plist`:
199
200```xml
201<?xml version="1.0" encoding="UTF-8"?>
202<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
203<plist version="1.0">
204<dict>
205    <key>Label</key>
206    <string>com.pai.server</string>
207    <key>ProgramArguments</key>
208    <array>
209        <string>/usr/local/bin/pai</string>
210        <string>serve</string>
211        <string>-a</string>
212        <string>127.0.0.1:8080</string>
213        <string>-d</string>
214        <string>/var/lib/pai/pai.db</string>
215    </array>
216    <key>RunAtLoad</key>
217    <true/>
218    <key>KeepAlive</key>
219    <true/>
220    <key>StandardOutPath</key>
221    <string>/var/log/pai/stdout.log</string>
222    <key>StandardErrorPath</key>
223    <string>/var/log/pai/stderr.log</string>
224    <key>WorkingDirectory</key>
225    <string>/var/lib/pai</string>
226</dict>
227</plist>
228```
229
230Load the service:
231
232```sh
233sudo launchctl load /Library/LaunchDaemons/com.pai.server.plist
234```
235
236### Linux (systemd)
237
238Create `/etc/systemd/system/pai.service`:
239
240```ini
241[Unit]
242Description=Personal Activity Index
243After=network.target
244
245[Service]
246Type=simple
247ExecStart=/usr/local/bin/pai serve -a 127.0.0.1:8080 -d /var/lib/pai/pai.db
248Restart=on-failure
249RestartSec=5
250User=pai
251Group=pai
252WorkingDirectory=/var/lib/pai
253
254[Install]
255WantedBy=multi-user.target
256```
257
258Create the pai user and directories:
259
260```sh
261sudo useradd -r -s /bin/false pai
262sudo mkdir -p /var/lib/pai
263sudo chown pai:pai /var/lib/pai
264```
265
266Enable and start the service:
267
268```sh
269sudo systemctl daemon-reload
270sudo systemctl enable pai
271sudo systemctl start pai
272```
273
274Check status:
275
276```sh
277sudo systemctl status pai
278```
279
280View logs:
281
282```sh
283sudo journalctl -u pai -f
284```
285
286## Testing
287
288Verify the proxy is working:
289
290```sh
291# Health check
292curl http://localhost/status
293
294# API endpoint
295curl http://localhost/api/feed?limit=5
296
297# Specific item
298curl http://localhost/api/item/some-item-id
299```
300
301## Additional Resources
302
303- [nginx documentation](https://nginx.org/en/docs/)
304- [Caddy documentation](https://caddyserver.com/docs/)
305- [Let's Encrypt](https://letsencrypt.org/)
306- [Personal Activity Index main documentation](../README.md)
307- [Deployment guide](../DEPLOYMENT.md)