carom-server/INSTALL.md

# Preparing

- [ ] Install and configure Mailsystem (postfix) so it is possible to send mails
- [ ] Install python ```apt install python3 python3-pip python3-venv python3-virtualenv```
- [ ] Install uwsgi ```apt install uwsgi uwsgi-plugin-python3```
- [ ] Install and configure mariadb-server ```mysql_secure_installation```
- [ ] Install and configure nginx und let's encrypt or similar


# Installation

- [ ] Create databases for carom and carom-int

```
-- carom
CREATE DATABASE carom DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
CREATE USER 'carom'@'localhost' IDENTIFIED BY 'xxx';
GRANT ALL PRIVILEGES ON carom.* TO 'carom'@'localhost';
CREATE DATABASE carom-int DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
CREATE USER 'carom-int'@'localhost' IDENTIFIED BY 'xxx';
GRANT ALL PRIVILEGES ON carom-int.* TO 'carom-int'@'localhost';
FLUSH PRIVILEGES;
```

Passphrases should be replaced by useful characters

- [ ] Create systemd unit file for uwsgi (/etc/systemd/system/uwsgi.service):

```
[Unit]
Description=uWSGI Emperor service

[Service]
ExecStartPre=/bin/bash -c 'mkdir -p /run/uwsgi; chown www-data:www-data /run/uwsgi'
ExecStart=/usr/bin/uwsgi --emperor /etc/uwsgi/apps-enabled
Restart=always
KillSignal=SIGQUIT
Type=notify
NotifyAccess=all

[Install]
WantedBy=multi-user.target
```

- [ ] Reread systemd configs for uwsgi

```
systemctl daemon-reload
systemctl enable uswgi.service
systemctl restart uswgi.service
```

- [ ] Checkout carom

```
cd /srv
git clone http://git.einsle.de/carom/carom-server.git carom
git clone http://git.einsle.de/carom/carom-server.git carom-int
cd carom-int
git checkout develop
git pull
cd ..
```

- [ ] Install pipenv

```
Pip3 install –upgrade pipenv
```

- [ ] Create caromserver/local_settings.py for both environments:

```
cd caromserver
cp local_settings_example.py local_settings.py
vi local_settings.py
ALLOWED_HOSTS, ADMINS, DEBUG should be filled
SECRET_KEY use pwgen 50 1 to create content for
DATABASES settings
cd ..
mkdir .venv
pipenv install
pipenv run python manage.py migrate
pipenv run python manage.py collectstatic
```

Do it for /srv/carom and /srv/carom-int

- [ ] Create Superuser Accounts using:

```
pipenv run python manage.py createsuperuser
```

- [ ] Create config File for uwsgi/carom

```
# carom...ini file
[uwsgi]
plugin          = python3
chdir           = /srv/carom/
module          = caromserver.wsgi:application
home            = /srv/carom/.venv/
master          = true
processes       = 5
vacuum          = true
uid             = www-data
gid             = www-data
workers         = 2
socket          = /run/uwsgi/app/carom.socket
chmod-socket    = 660
log-date        = true
```

Create it for /etc/uwsgi/apps-available/carom.ini and carom-int.ini and link it
to /etc/uwsgi/apps-enabled/

```
systemctl restart uwsgi.service
```

Show at syslog for errors and fix it.

- [ ] Create Config File for nginx/carom

```
upstream socket_carom {
    server unix:///run/uwsgi/app/carom.sock;
}

server {
    listen 80;
    listen [::]:80;
    server_name carom...;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name carom...;
    ssl_certificate     /etc/ssl/certs/xxx;
    ssl_certificate_key /etc/ssl/private/xxx;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    charset     utf-8;
    client_max_body_size 75M;   # adjust to taste
    location /media  {
        alias /srv/carom/media;
    }
    location /static {
        alias /srv/carom/static;
    }
    location / {
        uwsgi_pass  socket_carom;
        include     /etc/nginx/uwsgi_params;
    }
}
```

Create it for /etc/ngin/sites-available/carom... and carom-int... and link it
to /etc/ngin/sites-enabled/

Path to certificates must be modified.

```
systemctl restart nginx
```

- [ ] Create update.sh in carom and carom-int root dir

```
pushd /srv/carom/
git pull
pipenv update
pipenv run ./manage.py migrate
pipenv run ./manage.py collectstatic --noinput
touch /etc/uwsgi/apps-enabled/carom.ini
popd
```

Path to uwsgi config file (in apps-enabled) musst be matching.