Scripts and configuration files for deploying Fileglancer in production at Janelia. This deploys the fileglancer FastAPI server behind Uvicorn, as well as an Nginx reverse proxy server.

This assumes you have a working Pixi installation.

1. Clone this repository

git clone git@github.com:JaneliaSciComp/fileglancer-hub.git cd fileglancer-hub

2. Start the Fileglancer server

pixi run start

When working with a shared server, make sure to set your umask so that everything is writeable by the group:

umask 002

In production the servers need to run as root in order to allow for setuid priviledge.

1. Download and install Pixi into /usr/local/bin

curl -fsSL https://pixi.sh/install.sh | sh sudo cp $HOME/.pixi/bin/pixi /usr/local/bin/

2. Create the working directories

sudo install -d -m 2775 -o $USER -g $(id -gn) /opt/deploy /opt/data mkdir -p /opt/deploy/fileglancer-hub mkdir -p /opt/data/fileglancer # optional, if you want to use a sqlite database

3. Clone the repository into /opt/deploy/fileglancer-hub

cd /opt/deploy/ git clone git@github.com:JaneliaSciComp/fileglancer-hub.git cd fileglancer-hub

4. Create a file at /opt/deploy/fileglancer-hub/.env with the following content (modify the FGC_EXTERNAL_PROXY_URL to use the server hostname):

FGC_EXTERNAL_PROXY_URL=https://fileglancer-dev.int.janelia.org/files FGC_DB_URL=sqlite:////opt/data/fileglancer/sqlite.db # FGC_DB_URL=postgresql://<username>:<password>@<host>:<port>/<database> FGC_DB_POOL_SIZE=5 FGC_DB_MAX_OVERFLOW=0 FGC_LOG_LEVEL=DEBUG FGC_ATLASSIAN_URL=https://wikis.janelia.org FGC_ATLASSIAN_USERNAME=<username here> FGC_ATLASSIAN_TOKEN=<token here> FGC_ENABLE_OKTA_AUTH=True // set to False to enable simple insecure auth for testing FGC_OAUTH_CLIENT_ID=<client id from okta> FGC_OAUTH_CLIENT_SECRET=<client secret from okta> FGC_OAUTH_DOMAIN=<okta domain, e.g. hhmi.okta.com> FGC_OAUTH_CALLBACK_DOMAIN=<the domain of the hub, e.g. fileglancer.int.janelia.org>

6. Install the systemd service files

sudo cp fileglancer.service /etc/systemd/system/fileglancer.service

7. Enable the services

sudo systemctl enable fileglancer

8. Start the service

sudo systemctl start fileglancer

1. Install nginx

sudo yum install nginx

2. Copy the nginx configuration file to /etc/nginx/conf.d/fileglancer.conf

sudo cp nginx.conf /etc/nginx/conf.d/fileglancer.conf

3. Set up the static path for the Fileglancer assets

find /opt/deploy/fileglancer-hub/ -name "assets"

Use this path to replace the <path_to_fileglancer_assets> placeholder in the Nginx configuration file (/etc/nginx/conf.d/fileglancer.conf).

find /opt/deploy/fileglancer-hub/ -name "ui"

Use this path to replace the <path_to_fileglancer_ui_directory> placeholder in the Nginx configuration file (/etc/nginx/conf.d/fileglancer.conf).

4. Disable the default server block

• comment out the default server block in the main Nginx configuration file

sudo nano /etc/nginx/nginx.conf

5. Obtain the SSL certificate for *.int.janelia.org and install it in /etc/nginx/certs/

sudo mkdir -p /etc/nginx/certs/ sudo cp cert.pem /etc/nginx/certs/default.crt sudo cp key.pem /etc/nginx/certs/default.key

• Make sure the permissions are correct

sudo chown root:root /etc/nginx/certs/default.crt sudo chown root:root /etc/nginx/certs/default.key sudo chmod 644 /etc/nginx/certs/default.crt sudo chmod 600 /etc/nginx/certs/default.key

6. Enable the service

sudo systemctl enable nginx

7. Start the service

sudo systemctl start nginx

First, update to the version of Fileglancer you want to deploy:

cd /opt/deploy/fileglancer-hub git pull

Then restart the services:

sudo systemctl restart fileglancer sudo systemctl restart nginx

Make sure to check the logs and smoketest the service to ensure everything came up correctly.

sudo systemctl status fileglancer sudo systemctl status nginx

sudo journalctl -o cat -fu fileglancer sudo journalctl -fu nginx

The nginx configuration includes maintenance mode functionality that will display a maintenance page when needed.

1. Copy the example maintenance page to the nginx html directory:

sudo cp maintenance.html.example /etc/nginx/html/maintenance.html

2. If desired, edit the maintenance page to uncomment the estimated completion time section:

sudo nano /etc/nginx/html/maintenance.html

Replace [UPDATE WITH ACTUAL TIME] with the actual estimated completion time.

3. Reload nginx to activate maintenance mode:

sudo systemctl reload nginx

1. Remove the maintenance page:

sudo rm /etc/nginx/html/maintenance.html

2. Reload nginx:

sudo systemctl reload nginx

Note: When maintenance mode is active, all requests to the main site and /fc/files/ endpoints will show the maintenance page instead of the normal application. Static assets like /fg/assets/ and /fg/logo.svg will continue to work normally to ensure the maintenance page displays correctly.