From 6b1ce4116baac7f0436b412d0175b5ea5f1806f5 Mon Sep 17 00:00:00 2001
From: decentral1se <hi@decentral1.se>
Date: Tue, 18 May 2021 10:48:01 +0200
Subject: [PATCH] Add more deployment docs

---
 README.md | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)

diff --git a/README.md b/README.md
index 4ea750a..e121015 100644
--- a/README.md
+++ b/README.md
@@ -54,6 +54,74 @@ $ make offline       # https://offline.voicegardens.org
 $ make voicegardens  # https://voicegardens.org
 ```
 
+Here is an example Supervisor configuration:
+
+```
+[group:voicegardens]
+programs=online,offline
+
+[program:online]
+directory=/var/www/voicegardens.org
+user=www-data
+autostart=true
+autorestart=true
+environment=PATH="/var/www/voicegardens.org/.venv/lib/python3.7/site-packages:%(ENV_PATH)s"
+command=/var/www/voicegardens.org/.venv/bin/gunicorn --workers 1 --bind 127.0.0.1:9090 voicegardens.server:app
+
+[program:offline]
+directory=/var/www/offline.voicegardens.org
+user=www-data
+autostart=true
+autorestart=true
+environment=PATH="/var/www/offline.voicegardens.org/.venv/lib/python3.7/site-packages:%(ENV_PATH)s"
+command=/var/www/offline.voicegardens.org/.venv/bin/gunicorn --workers 1 --bind 127.0.0.1:9091 voicegardens.server:app
+```
+
+And an Nginx configuration (after running `cerbot --nginx -d voicegardens.org`):
+
+```
+upstream voicegardens {
+    server 127.0.0.1:9090;
+}
+
+server {
+    root /var/www/voicegardens.org;
+
+    server_name voicegardens.org; # managed by Certbot
+
+    location / {
+       try_files $uri @proxy_to_app;
+    }
+
+    location @proxy_to_app {
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header Host $http_host;
+      proxy_redirect off;
+      proxy_pass http://voicegardens;
+    }
+
+    listen [::]:443 ssl ipv6only=on; # managed by Certbot
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/voicegardens.org/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/voicegardens.org/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+
+server {
+    if ($host = voicegardens.org) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+    listen 80 ;
+    listen [::]:80 ;
+    server_name voicegardens.org;
+    return 404; # managed by Certbot
+}
+```
+
 ## Layers of the Onion
 
 - [Flask](http://flask.palletsprojects.com/en/1.1.x/)