Nginx Integration¶
This guide shows how to run SmallBlock behind Nginx in production using a dedicated app process (e.g., Gunicorn/Uvicorn) listening on a local socket.
Systemd Service (Gunicorn example)¶
Create /etc/systemd/system/smallblock.service:
[Unit]
Description=SmallBlock CMS application
After=network.target
[Service]
Type=simple
User=smallblock
Group=smallblock
WorkingDirectory=/srv/smallblock/app
Environment=PYTHONUNBUFFERED=1
EnvironmentFile=-/srv/smallblock/app/.env
ExecStart=/usr/bin/python3 -m gunicorn --bind unix:/srv/smallblock/run/smallblock.sock wsgi:app
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
Permissions and SELinux¶
sudo mkdir -p /srv/smallblock/run
sudo chown -R smallblock:smallblock /srv/smallblock
sudo chmod 755 /srv/smallblock/run
# SELinux: label the socket directory so Nginx can connect
sudo semanage fcontext -a -t httpd_var_run_t "/srv/smallblock/run(/.*)?"
sudo restorecon -R /srv/smallblock/run
Enable and start:
sudo systemctl daemon-reload
sudo systemctl enable --now smallblock
systemctl status smallblock --no-pager
Nginx Site Configuration¶
Create /etc/nginx/conf.d/smallblock.conf:
server {
listen 80;
server_name smallblockcms.com;
# Proxy application via UNIX socket
location / {
proxy_pass http://unix:/srv/smallblock/run/smallblock.sock:;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Static & media files (served directly)
location /static/ {
alias /srv/smallblock/static/;
access_log off;
expires 1h;
}
location /media/ {
alias /srv/smallblock/media/;
access_log off;
expires 1h;
}
}
Test and reload Nginx:
sudo nginx -t
sudo systemctl reload nginx
TLS / HTTPS¶
Use a TLS terminator (e.g., Let’s Encrypt). With Certbot:
sudo dnf install -y certbot python3-certbot-nginx
sudo certbot --nginx -d smallblockcms.com