Wrapping a python script for "live" use

I have a internal python app that I want to expose to people on my LAN.  It doesn't need to be enterprise level HA or anything, but I'd like it to have good (i.e. >98%) availability and behave like proper app most of the time and do stuff like starting properly follow reboots.

Create a service to run the script

On CentOS 7, use systemd to create the service

Adapted from article here:
http://www.raspberrypi-spy.co.uk/2015/10/how-to-autorun-a-python-script-on-boot-using-systemd/

(updated 24/09/2018 with restart setting based on this article https://singlebrook.com/2017/10/23/auto-restart-crashed-service-systemd/ )

sudo nano /lib/systemd/system/myscript.service


Description=Garage
ServiceAfter=multi-user.target

[Service]
Type=idle
WorkingDirectory=/home/pi/garage
ExecStart=/usr/bin/python3 /home/pi/garage/runserver.py > /home/pi/garage/garage.systemd.log 2>&1
StandardOutput=syslog
StandardError=syslog
Restart=always

RestartSec=10

[Install]
WantedBy=multi-user.target




sudo systemctl daemon-reload
sudo systemctl enable myscript.service
sudo reboot

nginx

Install nginx with yum

Config file (/etc/nginx/nginx.conf)


# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80 default_server;
        #listen       [::]:80 default_server;
        server_name  www.whateveryoulike.com;

        # Load configuration files for the default server block.
        #include /etc/nginx/default.d/*.conf;

        location / {
                proxy_pass http://localhost:5555;
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
}


If there is a 502 Bad Gateway error, it may be secure Linux settings in CentOS :

sudo /usr/sbin/setsebool httpd_can_network_connect true -P

Firewalld

sudo firewall-cmd --get-active-zones

public
  interfaces: eth0

sudo firewall-cmd --zone=public --add-service=http --permanent

sudo firewall-cmd --reload