From dbb1b196927658d93cab590940c1844e30fdcf54 Mon Sep 17 00:00:00 2001 From: Purnendu Date: Sat, 4 Jan 2025 03:16:09 +0530 Subject: [PATCH] taken suggesion --- example/linux/installation.md | 2 +- example/linux/systemd/Talawa-api.sh | 3 ++ example/linux/systemd/talawa-api.service | 52 ++++++++---------------- 3 files changed, 21 insertions(+), 36 deletions(-) diff --git a/example/linux/installation.md b/example/linux/installation.md index 5786ec0e52..c263fbf400 100644 --- a/example/linux/installation.md +++ b/example/linux/installation.md @@ -55,7 +55,7 @@ id talawa ### 3. Set Up the `Talawa-api.sh` Script - Edit the script to specify: - - **Project directory** (e.g., `/path/to/your/talawa-api/talawa-api`) + - **Project directory** (e.g., `/path/to/your/talawa-api`) - **Log file path** (e.g., `/var/log/talawa-api.log`) - Ensure that the development (`src/index.ts`) and production (`dist/index.js`) paths are correctly set - Make sure `Talawa-api.sh` is executable and owned by user `talawa`. Log file should also be owned by user `talawa` diff --git a/example/linux/systemd/Talawa-api.sh b/example/linux/systemd/Talawa-api.sh index 1cba778527..b9f21ff454 100755 --- a/example/linux/systemd/Talawa-api.sh +++ b/example/linux/systemd/Talawa-api.sh @@ -3,8 +3,11 @@ # Description: Talawa API startup script # Don't use environment variables in this script, as when the script will run by systemd, it will not have access to the environment variables of the user. I have tried setting the environment variables in the systemd service file but it didn't work. So, directly use the absolute paths in the script. + #only Editable part is Project directory path PROJECT_DIR="/path/to/your/talawa-api" + +#static part LOG_FILE="/var/log/talawa-api.log" DEV_PATH="src/index.ts" PROD_PATH="dist/index.js" diff --git a/example/linux/systemd/talawa-api.service b/example/linux/systemd/talawa-api.service index 5cc26ba873..d11851d52b 100644 --- a/example/linux/systemd/talawa-api.service +++ b/example/linux/systemd/talawa-api.service @@ -4,63 +4,45 @@ # # README: # 1. Edit the paths in the `[Editable Configuration]` section to match your setup. -# 2. Do not modify the `[Static Configuration]` section unless necessary. -# 3. Make sure the `Talawa-api.sh` script and all necessary files are correctly configured. +# 2. `Environment=CODEROOT` specifies the root directory of the Talawa API project. +# 3. `ExecStart` should reference the absolute path to the Talawa-api.sh script. +# 4. `WorkingDirectory` must match the root project directory. +# 5. The service runs as the `talawa` user and group for better security. +# 6. The `RuntimeDirectory` creates a directory under `/run` for storing temporary runtime data. +# 7. `LimitNOFILE=15000` ensures the service has sufficient open file descriptors for typical usage patterns. +# 8. Do not modify the `[Static Configuration]` section unless absolutely necessary. +# 9. Use `journalctl` for service logs (`journalctl -u talawa-api.service`). +# 10. After editing, reload systemd with `sudo systemctl daemon-reload`. +# 11. In my case Environment did not worked properly in case if you faced error in readind directory path use absolute path. -[Unit] -# Description of the service -Description=Talawa-API Service -After=network.target - -[Service] ######################################### # [Editable Configuration] ######################################### +[Unit] +Description=Talawa-API Service -# Absolute path to the Talawa-api.sh script -ExecStart=/path/to/your/talawa-api/example/linux/systemd/Talawa-api.sh - -# The working directory for the service -WorkingDirectory=/path/to/your/talawa-api - -# The user to run the service as. You can find your username by running 'whoami'.Create a user named `talawa` for better understanding and Security.First create a user and group named 'talawa' for better Security. +[Service] +Environment=CODEROOT=/path/to/your/talawa-api +ExecStart=$CODEROOT/example/linux/systemd/Talawa-api.sh User=talawa Group=talawa - -# Runtime directory for storing temporary files RuntimeDirectory=talawa-api - -# Sets the maximum number of open files. Adjust this value based on application requirements. -# The current value of 15000 was determined based on the following considerations: -# - Typical number of open files required by the application, including log files, database connections, and network sockets. -# - Monitoring of current usage patterns using tools like 'lsof'(lsof -p | wc -l) and 'ulimit'. -# - Allowing some buffer for peak usage scenarios. -# Users should monitor the application and adjust this value if the demands change in the future. LimitNOFILE=15000 ######################################### # [Static Configuration] -# Do not modify unless necessary ######################################### - -# Service type and restart policy +After=network.target +WorkingDirectory=$CODEROOT Type=simple Restart=always RestartSec=5 - -# Output and error logging StandardOutput=journal+console StandardError=journal+console - -# Security-related configurations -# Uncomment the following if you want to enable stricter security but ensure paths and permissions allow writing logs -# ProtectSystem=strict -# ProtectHome=yes NoNewPrivileges=true PrivateTmp=true RestrictAddressFamilies=AF_INET AF_INET6 AmbientCapabilities=CAP_NET_BIND_SERVICE [Install] -# Target to start the service WantedBy=multi-user.target