Skip to content

docs: update rustfava documentation #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
rustledger-bot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

docs: update rustfava documentation #3

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
251 changes: 227 additions & 24 deletions public/rustfava/docs/deployment/index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -428,10 +428,93 @@
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>

<li class="md-nav__item">
<a href="#apache-with-reverse-proxy" class="md-nav__link">
<a href="#desktop-app" class="md-nav__link">
<span class="md-ellipsis">

Apache with reverse proxy
Desktop App

</span>
</a>

</li>

<li class="md-nav__item">
<a href="#docker" class="md-nav__link">
<span class="md-ellipsis">

Docker

</span>
</a>

</li>

<li class="md-nav__item">
<a href="#systemd-service" class="md-nav__link">
<span class="md-ellipsis">

Systemd Service

</span>
</a>

</li>

<li class="md-nav__item">
<a href="#reverse-proxy" class="md-nav__link">
<span class="md-ellipsis">

Reverse Proxy

</span>
</a>

<nav class="md-nav" aria-label="Reverse Proxy">
<ul class="md-nav__list">

<li class="md-nav__item">
<a href="#apache" class="md-nav__link">
<span class="md-ellipsis">

Apache

</span>
</a>

</li>

<li class="md-nav__item">
<a href="#nginx" class="md-nav__link">
<span class="md-ellipsis">

Nginx

</span>
</a>

</li>

<li class="md-nav__item">
<a href="#caddy" class="md-nav__link">
<span class="md-ellipsis">

Caddy

</span>
</a>

</li>

</ul>
</nav>

</li>

<li class="md-nav__item">
<a href="#security-considerations" class="md-nav__link">
<span class="md-ellipsis">

Security Considerations

</span>
</a>
Expand Down Expand Up @@ -500,10 +583,93 @@
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>

<li class="md-nav__item">
<a href="#apache-with-reverse-proxy" class="md-nav__link">
<a href="#desktop-app" class="md-nav__link">
<span class="md-ellipsis">

Desktop App

</span>
</a>

</li>

<li class="md-nav__item">
<a href="#docker" class="md-nav__link">
<span class="md-ellipsis">

Docker

</span>
</a>

</li>

<li class="md-nav__item">
<a href="#systemd-service" class="md-nav__link">
<span class="md-ellipsis">

Systemd Service

</span>
</a>

</li>

<li class="md-nav__item">
<a href="#reverse-proxy" class="md-nav__link">
<span class="md-ellipsis">

Reverse Proxy

</span>
</a>

<nav class="md-nav" aria-label="Reverse Proxy">
<ul class="md-nav__list">

<li class="md-nav__item">
<a href="#apache" class="md-nav__link">
<span class="md-ellipsis">

Apache

</span>
</a>

</li>

<li class="md-nav__item">
<a href="#nginx" class="md-nav__link">
<span class="md-ellipsis">

Nginx

</span>
</a>

</li>

<li class="md-nav__item">
<a href="#caddy" class="md-nav__link">
<span class="md-ellipsis">

Caddy

</span>
</a>

</li>

</ul>
</nav>

</li>

<li class="md-nav__item">
<a href="#security-considerations" class="md-nav__link">
<span class="md-ellipsis">

Apache with reverse proxy
Security Considerations

</span>
</a>
Expand Down Expand Up @@ -531,29 +697,66 @@


<h1 id="deployment">Deployment<a class="headerlink" href="#deployment" title="Permanent link">&para;</a></h1>
<p>There are a number of deployment options for persistently running rustfava on
the Web, depending on your Web server and WSGI deployment choices. Below you
can find some examples.</p>
<h2 id="apache-with-reverse-proxy">Apache with reverse proxy<a class="headerlink" href="#apache-with-reverse-proxy" title="Permanent link">&para;</a></h2>
<p>Apache configuration:</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-0-1" name="__codelineno-0-1" href="#__codelineno-0-1"></a><span class="nb">ProxyPass</span><span class="w"> </span><span class="s2">&quot;/rustfava&quot;</span><span class="w"> </span><span class="s2">&quot;http://localhost:5000/rustfava&quot;</span>
<p>There are several ways to deploy rustfava depending on your needs.</p>
<h2 id="desktop-app">Desktop App<a class="headerlink" href="#desktop-app" title="Permanent link">&para;</a></h2>
<p>For personal use, the <a href="https://github.com/rustledger/rustfava/releases">desktop app</a> is the simplest option. It runs entirely locally with no server setup required.</p>
<h2 id="docker">Docker<a class="headerlink" href="#docker" title="Permanent link">&para;</a></h2>
<p>For server deployments, Docker is recommended:</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-0-1" name="__codelineno-0-1" href="#__codelineno-0-1"></a>docker<span class="w"> </span>run<span class="w"> </span>-p<span class="w"> </span><span class="m">5000</span>:5000<span class="w"> </span>-v<span class="w"> </span>/path/to/ledger:/data<span class="w"> </span>ghcr.io/rustledger/rustfava<span class="w"> </span>/data/main.beancount
</code></pre></div>
<p>For advanced Docker configurations (authentication, HTTPS, docker-compose), see the <a href="../contrib/docker/README.md">Docker deployment guide</a>.</p>
<h2 id="systemd-service">Systemd Service<a class="headerlink" href="#systemd-service" title="Permanent link">&para;</a></h2>
<p>To run rustfava as a system service on Linux:</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-1-1" name="__codelineno-1-1" href="#__codelineno-1-1"></a><span class="c1"># /etc/systemd/system/rustfava.service</span>
<a id="__codelineno-1-2" name="__codelineno-1-2" href="#__codelineno-1-2"></a><span class="k">[Unit]</span>
<a id="__codelineno-1-3" name="__codelineno-1-3" href="#__codelineno-1-3"></a><span class="na">Description</span><span class="o">=</span><span class="s">rustfava Web UI for Beancount</span>
<a id="__codelineno-1-4" name="__codelineno-1-4" href="#__codelineno-1-4"></a><span class="na">After</span><span class="o">=</span><span class="s">network.target</span>
<a id="__codelineno-1-5" name="__codelineno-1-5" href="#__codelineno-1-5"></a>
<a id="__codelineno-1-6" name="__codelineno-1-6" href="#__codelineno-1-6"></a><span class="k">[Service]</span>
<a id="__codelineno-1-7" name="__codelineno-1-7" href="#__codelineno-1-7"></a><span class="na">Type</span><span class="o">=</span><span class="s">simple</span>
<a id="__codelineno-1-8" name="__codelineno-1-8" href="#__codelineno-1-8"></a><span class="na">ExecStart</span><span class="o">=</span><span class="s">/usr/bin/rustfava --host 127.0.0.1 --port 5000 /path/to/main.beancount</span>
<a id="__codelineno-1-9" name="__codelineno-1-9" href="#__codelineno-1-9"></a><span class="na">User</span><span class="o">=</span><span class="s">your-user</span>
<a id="__codelineno-1-10" name="__codelineno-1-10" href="#__codelineno-1-10"></a><span class="na">Restart</span><span class="o">=</span><span class="s">on-failure</span>
<a id="__codelineno-1-11" name="__codelineno-1-11" href="#__codelineno-1-11"></a>
<a id="__codelineno-1-12" name="__codelineno-1-12" href="#__codelineno-1-12"></a><span class="k">[Install]</span>
<a id="__codelineno-1-13" name="__codelineno-1-13" href="#__codelineno-1-13"></a><span class="na">WantedBy</span><span class="o">=</span><span class="s">multi-user.target</span>
</code></pre></div>
<p>Then:</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-2-1" name="__codelineno-2-1" href="#__codelineno-2-1"></a>sudo<span class="w"> </span>systemctl<span class="w"> </span><span class="nb">enable</span><span class="w"> </span>rustfava
<a id="__codelineno-2-2" name="__codelineno-2-2" href="#__codelineno-2-2"></a>sudo<span class="w"> </span>systemctl<span class="w"> </span>start<span class="w"> </span>rustfava
</code></pre></div>
<h2 id="reverse-proxy">Reverse Proxy<a class="headerlink" href="#reverse-proxy" title="Permanent link">&para;</a></h2>
<h3 id="apache">Apache<a class="headerlink" href="#apache" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-3-1" name="__codelineno-3-1" href="#__codelineno-3-1"></a><span class="nb">ProxyPass</span><span class="w"> </span><span class="s2">&quot;/rustfava&quot;</span><span class="w"> </span><span class="s2">&quot;http://localhost:5000/rustfava&quot;</span>
<a id="__codelineno-3-2" name="__codelineno-3-2" href="#__codelineno-3-2"></a><span class="nb">ProxyPassReverse</span><span class="w"> </span><span class="s2">&quot;/rustfava&quot;</span><span class="w"> </span><span class="s2">&quot;http://localhost:5000/rustfava&quot;</span>
</code></pre></div>
<p>Run rustfava with the <code>--prefix</code> option:</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-4-1" name="__codelineno-4-1" href="#__codelineno-4-1"></a>rustfava<span class="w"> </span>--prefix<span class="w"> </span>/rustfava<span class="w"> </span>/path/to/main.beancount
</code></pre></div>
<p>The above will make rustfava accessible at the <code>/rustfava</code> URL and proxy requests
arriving there to a locally running rustfava. To make rustfava work properly in
that context, you should run it using the <code>--prefix</code> command line option, like
this:</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-1-1" name="__codelineno-1-1" href="#__codelineno-1-1"></a>rustfava<span class="w"> </span>--prefix<span class="w"> </span>/rustfava<span class="w"> </span>/path/to/your/main.beancount
<h3 id="nginx">Nginx<a class="headerlink" href="#nginx" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-5-1" name="__codelineno-5-1" href="#__codelineno-5-1"></a><span class="k">location</span><span class="w"> </span><span class="s">/rustfava/</span><span class="w"> </span><span class="p">{</span>
<a id="__codelineno-5-2" name="__codelineno-5-2" href="#__codelineno-5-2"></a><span class="w"> </span><span class="kn">proxy_pass</span><span class="w"> </span><span class="s">http://127.0.0.1:5000/rustfava/</span><span class="p">;</span>
<a id="__codelineno-5-3" name="__codelineno-5-3" href="#__codelineno-5-3"></a><span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">Host</span><span class="w"> </span><span class="nv">$host</span><span class="p">;</span>
<a id="__codelineno-5-4" name="__codelineno-5-4" href="#__codelineno-5-4"></a><span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Real-IP</span><span class="w"> </span><span class="nv">$remote_addr</span><span class="p">;</span>
<a id="__codelineno-5-5" name="__codelineno-5-5" href="#__codelineno-5-5"></a><span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-For</span><span class="w"> </span><span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span>
<a id="__codelineno-5-6" name="__codelineno-5-6" href="#__codelineno-5-6"></a><span class="w"> </span><span class="kn">proxy_set_header</span><span class="w"> </span><span class="s">X-Forwarded-Proto</span><span class="w"> </span><span class="nv">$scheme</span><span class="p">;</span>
<a id="__codelineno-5-7" name="__codelineno-5-7" href="#__codelineno-5-7"></a><span class="p">}</span>
</code></pre></div>
<p>To have rustfava run automatically at boot and manageable as a system service
you might want to define a systemd unit file for it, for example:</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-2-1" name="__codelineno-2-1" href="#__codelineno-2-1"></a><span class="k">[Unit]</span>
<a id="__codelineno-2-2" name="__codelineno-2-2" href="#__codelineno-2-2"></a><span class="na">Description</span><span class="o">=</span><span class="s">Rustfava Web UI for Beancount</span>
<a id="__codelineno-2-3" name="__codelineno-2-3" href="#__codelineno-2-3"></a>
<a id="__codelineno-2-4" name="__codelineno-2-4" href="#__codelineno-2-4"></a><span class="k">[Service]</span>
<a id="__codelineno-2-5" name="__codelineno-2-5" href="#__codelineno-2-5"></a><span class="na">Type</span><span class="o">=</span><span class="s">simple</span>
<a id="__codelineno-2-6" name="__codelineno-2-6" href="#__codelineno-2-6"></a><span class="na">ExecStart</span><span class="o">=</span><span class="s">/usr/bin/rustfava --host localhost --port 5000 --prefix /rustfava /path/to/your/main.beancount</span>
<a id="__codelineno-2-7" name="__codelineno-2-7" href="#__codelineno-2-7"></a><span class="na">User</span><span class="o">=</span><span class="s">your-user</span>
<h3 id="caddy">Caddy<a class="headerlink" href="#caddy" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-6-1" name="__codelineno-6-1" href="#__codelineno-6-1"></a>your-domain.com {
<a id="__codelineno-6-2" name="__codelineno-6-2" href="#__codelineno-6-2"></a> reverse_proxy localhost:5000
<a id="__codelineno-6-3" name="__codelineno-6-3" href="#__codelineno-6-3"></a>}
</code></pre></div>
<p>Caddy automatically handles HTTPS with Let's Encrypt.</p>
<h2 id="security-considerations">Security Considerations<a class="headerlink" href="#security-considerations" title="Permanent link">&para;</a></h2>
<p>When exposing rustfava to the internet:</p>
<ol>
<li><strong>Use HTTPS</strong> - Never expose plain HTTP to the public internet</li>
<li><strong>Add authentication</strong> - Use a reverse proxy with OAuth2 or basic auth</li>
<li><strong>Restrict access</strong> - Use firewall rules to limit access to trusted IPs</li>
<li><strong>Keep updated</strong> - Regularly update rustfava for security patches</li>
</ol>
<p>See <a href="../SECURITY.md">SECURITY.md</a> for more security best practices.</p>



Expand Down
Loading