Facere/FacereWeb
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Switch nginx config to directory mount and add webhook listener

Browse Source 
- Move deploy/nginx.conf -> deploy/conf.d/default.conf and mount the
  directory so future config changes can be hot-reloaded with
  `nginx -s reload` instead of a full container restart.
- Add deploy/hook.py: a tiny stdlib HMAC-validated webhook listener that
  runs pull.sh on Gitea push events. Bound to 127.0.0.1:9528 and
  fronted by openresty at /_hook/deploy.
- Add the matching systemd unit at deploy/facere-deploy-hook.service.
- Teach pull.sh the new layout (reload vs. restart vs. compose up -d)
  and self-restart the hook listener if hook.py changes.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Knowit
2026-05-03 02:04:02 +08:00
parent 942a0096ba
commit 5029c5db6f
5 changed files with 144 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
deploy/conf.d/default.conf Normal file
View File

@@ -0,0 +1,45 @@
server {
listen 80;
server_name web.facere.cc _;
root /usr/share/nginx/html;
index facere.html index.html;
charset utf-8;
# Deny access to repo metadata, deploy scripts/configs, and dotfiles
location ~ /\.git { deny all; return 404; }
location ~ /\. { deny all; return 404; }
location ^~ /deploy/ { deny all; return 404; }
location = /deploy-pull.sh { deny all; return 404; }
location = / {
try_files /facere.html =404;
}
location / {
try_files $uri $uri/ /facere.html;
}
# CSS/JS/JSX: short cache so future deploys are picked up promptly
location ~* \.(?:css|js|jsx)$ {
expires 5m;
add_header Cache-Control "public, max-age=300, must-revalidate";
types { text/css css; application/javascript js; application/javascript jsx; }
try_files $uri =404;
}
# Static media: long cache (filenames are stable / change when content changes)
location ~* \.(?:png|jpe?g|gif|webp|svg|mp4|webm|woff2?|ttf|otf|ico)$ {
expires 7d;
add_header Cache-Control "public, max-age=604800";
try_files $uri =404;
}
gzip on;
gzip_types text/plain text/css application/javascript application/json image/svg+xml;
gzip_min_length 1024;
access_log /var/log/nginx/facere.access.log;
error_log /var/log/nginx/facere.error.log;
}