billisdead/la-voix-du-peuple
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add self-hosting capabilities and deployment guide for the application

Browse Source 
Implement self-hosting for RockyLinux by adding systemd and Nginx configurations, updating API models to support standard OpenAI keys, and providing a comprehensive deployment guide.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 923ae0e3-a363-4db8-b04a-e8baca2a1330
Replit-Commit-Checkpoint-Type: full_checkpoint
Replit-Commit-Event-Id: f8aa455f-f180-4964-94dd-11cfb1a42383
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/8af7d2ec-2cc3-4ece-8af3-9f071488d072/923ae0e3-a363-4db8-b04a-e8baca2a1330/VnHW0bR
Replit-Helium-Checkpoint-Created: true
This commit is contained in:
pironantoine
2026-04-03 17:06:07 +00:00
parent ae970b2a32
commit c0322d5c8e
9 changed files with 656 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deploy/nginx.conf
+75
View File
@@ -0,0 +1,75 @@
server {
listen 80;
server_name voix-du-peuple.example.com;
# Redirection HTTPS (décommentez après avoir configuré Certbot)
# return 301 https://$host$request_uri;
root /opt/voix-du-peuple/artifacts/voix-du-peuple/dist/public;
index index.html;
# Sécurité
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "DENY" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# API Flask — proxy vers Gunicorn
location /api/ {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 60s;
}
# Frontend React — Single Page Application
location / {
try_files $uri $uri/ /index.html;
}
# Assets statiques — cache long
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff2?)$ {
expires 1y;
add_header Cache-Control "public, immutable";
}
}
# HTTPS — décommentez et adaptez après avoir obtenu votre certificat SSL
# server {
# listen 443 ssl http2;
# server_name voix-du-peuple.example.com;
#
# ssl_certificate /etc/letsencrypt/live/voix-du-peuple.example.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/voix-du-peuple.example.com/privkey.pem;
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers HIGH:!aNULL:!MD5;
#
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# add_header X-Content-Type-Options "nosniff" always;
# add_header X-Frame-Options "DENY" always;
# add_header X-XSS-Protection "1; mode=block" always;
# add_header Referrer-Policy "strict-origin-when-cross-origin" always;
#
# root /opt/voix-du-peuple/artifacts/voix-du-peuple/dist/public;
# index index.html;
#
# location /api/ {
# proxy_pass http://127.0.0.1:8000;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_read_timeout 60s;
# }
#
# location / {
# try_files $uri $uri/ /index.html;
# }
#
# location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff2?)$ {
# expires 1y;
# add_header Cache-Control "public, immutable";
# }
# }
deploy/voix-du-peuple-api.service
+29
View File
@@ -0,0 +1,29 @@
[Unit]
Description=La Voix du Peuple — API Flask
After=network.target postgresql.service
Requires=postgresql.service
[Service]
Type=exec
User=voixdupeuple
Group=voixdupeuple
WorkingDirectory=/opt/voix-du-peuple/artifacts/flask-api
EnvironmentFile=/opt/voix-du-peuple/.env
ExecStart=/opt/voix-du-peuple/.venv/bin/gunicorn \
--workers 4 \
--bind 127.0.0.1:8000 \
--access-logfile /var/log/voix-du-peuple/api-access.log \
--error-logfile /var/log/voix-du-peuple/api-error.log \
--timeout 60 \
app:app
Restart=always
RestartSec=5
# Sécurité
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ReadWritePaths=/var/log/voix-du-peuple
[Install]
WantedBy=multi-user.target