Advanced Installation

This page shows the steps to install the mini apps directly, without using docker.

This assumes you have followed the initial installation steps from the basic installation page.

System Dependencies

apt install -y python3 python3-virtualenv supervisor apache2

Python Dependencies

Set up a virtual environment and install dependencies:

cd /opt/miniapps.example.com
virtualenv --prompt "(miniapps) " env
. env/bin/activate
pip install -r server/requirements.txt

Supervisor

Supervisor is a tool that allows you to keep running scripts in the background, and it provides commands to start and stop them. Here we use it to run the python script that manages the server-side web socket.

The supervisor config will be in /etc/supervisor/conf.d/miniapps.conf with the following content:

[program:miniapps]
user=www-data
group=www-data
stderr_logfile=/var/log/apache2/miniapps.example.com/supervisor-err.log
redirect_stderr=true
stdout_logfile=/var/log/apache2/miniapps.example.com/supervisor.log
directory=/opt/miniapps.example.com/
command=/opt/miniapps.example.com/env/bin/python server/server.py

Then run supervisorctl reload to load the new job, you can see whether it’s running with supervisor status.

Front-End (Apache)

This step is what makes the app accessible from outside the server machine.

You will have to ensure apache has read access to the client directory, if /opt/miniapps.example.com doesn’t work, you can move over client-side files to something like /var/www/miniapps.example.com and change the apache config accordingly.

To ensure everything is secured, we’ll use certbot to generate certificates.

Create a new site on apache as /etc/apache2/sites-available/miniapps.example.com.conf:

# This sets up the SSL (encrypted) virtual host, which actually hosts the website
<VirtualHost *:443>
    # Basic Setup (domain and directory)
    ServerName miniapps.example.com
    DocumentRoot /opt/miniapps.example.com/client

    # Makes the local websocket available as wss://miniapps.example.com/wss/
    ProxyRequests Off
    ProxyPass /wss/ ws://localhost:2536

    # SSL settings
    SSLEngine on
    SSLCertificateFile      /etc/letsencrypt/live/miniapps.example.com/cert.pem
    SSLCertificateKeyFile   /etc/letsencrypt/live/miniapps.example.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/miniapps.example.com/chain.pem
    Header always set Strict-Transport-Security "max-age=2678400"
</VirtualHost>

# This is the non-encrypted virtual host, which redirects all requests from http to https
# only giving access to the certbot
<VirtualHost *:80>
    ServerName miniapps.example.com

    <Location ~ "^(?!/.well-known)">
        Redirect permanent / "https://miniapps.example.com/"
    </Location>

    Alias "/.well-known" "/opt/miniapps.example.com/.well-known"
    <Directory /opt/miniapps.example.com/.well-known>
        Allow from all
        Options -Indexes
    </Directory>
</VirtualHost>

The above assumes you set up SSL certificates with certbot.

Here is an example certbot invocation:

certbot --authenticator webroot --installer apache certonly -w /opt/miniapps.example.com --domains miniapps.example.com

Enable the new site and restart Apache

a2enmod proxy
a2enmod proxy_http
a2ensite miniapps.example.com
apache2ctl restart