u/chaoticbean14

Howdy everyone!

Deploying on Windows (non-negotiable) - there is no IIS but instead, Caddy as a reverse proxy in front of Waitress as the server.

How best to create this a as a service in Windows so it will be able to automatically restart?

I've googled and found NSSM, but to the best of my additional googling - it looks like it's no longer maintained and is not the best way to go about that.

What other options exist for something like this?

Caddy was setup as a service simply by using the built-in sc.exe.

I created a 'serve.py' (which serves the wsgi application via waitress) - from the command line it works great. When I add it as a service via sc.exe, it times out (because a Python script won't return the signal it's ready to the Windows Service Control Manager).

I realize this is a pretty niche thing - but has anyone else done this? What are you using?

We're building a house and were looking at different options.

Someone mentioned a steel building (I am only familiar with stick build); we got a quote from a steel building place - but it doesn't include anything (no drywall, windows, doors, cabinets, etc.) just the building materials. They have some local guys they recommend for building it.

We also had some numbers on stick built from some builders.

Is there a way to compare the two? Are there general ballpark ways for someone who isn't a builder to know how to compare them?

Is one better than the other? It would be in a cold climate area (not quite UP Michigan, but north central Wi.) but most places are spray foamed - which I think you can do to steel, too?

I'm literally just investigating the steel building side of this for the first time, so any info, is useful.

I see a lot of hate on GitHub, I see GitLab recently announced a lot of layoffs and it seems they've joined the 'people you love to hate' club in terms of public opinion.

That leaves who for hosting private repos? Bitbucket?

Who does everyone actively recommend someone use for their private git repos if self-hosting is not an option?

Our company was thinking about migrating off of Bitbucket and moving to GitHub; but recently everyone has kind of splintered on opinions of where to go.

A little backstory:

I've got an app that allows users to upload files. They can create a "Thing" and upload media that supports that thing.

Currently it's working locally, but it just serves media using runserver. In our urls we have static & media served by the server when in DEBUG mode. When not debug, Apache is configured to just serve up the media and static stuff from their respective directories (not controlled via Django).

I am now switching use Caddy as my reverse proxy and Waitress as my wsgi server. I'm switching to Whitenoise for the static stuff, and in their documentation they state they don't handle user uploads (nor should they). So I gotta figure out how to handle that - hence this post.

I don't want to go with S3 or anything else cloud based and would prefer to keep the files stored locally. Cloud is just not an option for me.

I also have another app developed previous with similar functionality (user creates a 'thing' and can upload supporting documents/images to that thing).

The problem is anyone with the URL can just 'get the file', so I've been trying to consider something to serve up media in a better way and am curious if this sounds like the way to move forward or if this is just silly.

My idea:

Since I use this same functionality in multiple projects (various apps); I was considering making an installable app that handled the media serving for various things.

I would have caddy proxy `my-project.com` and `media.my-project.com` to django - but since they would be of different origin, it should help protect against XSS if my MEDIA_URL would be something like `https://media.<domain>/media\` and then in the project urls I had `media/` route to the installable media app, which would then handle returning the media via it's view that would have `@login_required` decorator, for example. Additionally, I could extend that to check for permissions if needed or whatever.

I'm really only considering this because I just don't want some of these files 'accessible by anyone', and want only logged in users or correctly permed users to be able to download certain files. For example if a user uploaded a file to: `<domain>/media/path/to/file.jpg` I would only want logged-in users to be able to view/download that (or whomever I choose).

This would essentially make any download take up a Waitress thread in order to initiate the download (the same as any request, really); so I suppose if our apps were getting hammered it might make a difference, but we're pretty low traffic for these overall, generally less than 250-500 users online at any one time so I don't think it would matter.

Thoughts?

Are there things out there that do this currently? Am I grossly over-thinking this?

My users should never be uploading anything confidential in these cases - but if someone did, I'm just thinking in terms of best practices and ways to protect the files given my stack.