# Preparing - [ ] Install and configure Mailsystem (postfix) so it is possible to send mails - [ ] Install python ```apt install python3 python3-pip python3-venv python3-virtualenv``` - [ ] Install uwsgi ```apt install uwsgi uwsgi-plugin-python3``` - [ ] Install and configure mariadb-server ```mysql_secure_installation``` - [ ] Install and configure nginx und let's encrypt or similar - [ ] Install git ```apt install git``` # Installation - [ ] Create databases for carom and carom-int ``` -- carom CREATE DATABASE carom DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; CREATE USER 'carom'@'localhost' IDENTIFIED BY 'xxx'; GRANT ALL PRIVILEGES ON carom.* TO 'carom'@'localhost'; CREATE DATABASE carom-int DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; CREATE USER 'carom-int'@'localhost' IDENTIFIED BY 'xxx'; GRANT ALL PRIVILEGES ON carom-int.* TO 'carom-int'@'localhost'; FLUSH PRIVILEGES; ``` Passphrases should be replaced by useful characters - [ ] Create systemd unit file for uwsgi (/etc/systemd/system/uwsgi.service): ``` [Unit] Description=uWSGI Emperor service [Service] ExecStartPre=/bin/bash -c 'mkdir -p /run/uwsgi; chown www-data:www-data /run/uwsgi' ExecStart=/usr/bin/uwsgi --emperor /etc/uwsgi/apps-enabled Restart=always KillSignal=SIGQUIT Type=notify NotifyAccess=all [Install] WantedBy=multi-user.target ``` - [ ] Reread systemd configs for uwsgi ``` systemctl daemon-reload systemctl enable uwsgi.service systemctl restart uwsgi.service ``` - [ ] Checkout carom ``` cd /srv git clone http://git.einsle.de/carom/carom-server.git carom git clone http://git.einsle.de/carom/carom-server.git carom-int cd carom-int git checkout develop git pull cd .. ``` - [ ] Install pipenv ``` Pip3 install –upgrade pipenv ``` - [ ] Install mysqlclient apt install libmariadbclient-dev In environments carom run ``` pipenv install mysqlclient ``` ``` git checkout -- Pipfile git checkout -- Pipfile.locl git status ``` - [ ] Create caromserver/local_settings.py for both environments: ``` cd caromserver cp local_settings_example.py local_settings.py vi local_settings.py ALLOWED_HOSTS, ADMINS, DEBUG should be filled SECRET_KEY use pwgen 50 1 to create content for DATABASES settings cd .. mkdir .venv pipenv install pipenv run python manage.py migrate pipenv run python manage.py collectstatic ``` Do it for /srv/carom and /srv/carom-int - [ ] Create Superuser Accounts using: ``` pipenv run python manage.py createsuperuser ``` - [ ] Create config File for uwsgi/carom ``` # carom...ini file [uwsgi] plugin = python3 chdir = /srv/carom/ module = caromserver.wsgi:application home = /srv/carom/.venv/ master = true processes = 5 vacuum = true uid = www-data gid = www-data workers = 2 socket = /run/uwsgi/app/carom.socket chmod-socket = 660 log-date = true ``` Create it for /etc/uwsgi/apps-available/carom.ini and carom-int.ini and link it to /etc/uwsgi/apps-enabled/ ``` systemctl restart uwsgi.service ``` Show at syslog for errors and fix it. - [ ] Create Config File for nginx/carom ``` upstream socket_carom { server unix:///run/uwsgi/app/carom.sock; } server { listen 80; listen [::]:80; server_name carom...; return 301 https://$host$request_uri; } server { listen 443 ssl; listen [::]:443 ssl; server_name carom...; ssl_certificate /etc/ssl/certs/xxx; ssl_certificate_key /etc/ssl/private/xxx; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; charset utf-8; client_max_body_size 75M; # adjust to taste location /media { alias /srv/carom/media; } location /static { alias /srv/carom/static; } location / { uwsgi_pass socket_carom; include /etc/nginx/uwsgi_params; } } ``` Create it for /etc/ngin/sites-available/carom... and carom-int... and link it to /etc/ngin/sites-enabled/ Path to certificates must be modified. ``` systemctl restart nginx ``` - [ ] Create update.sh in carom and carom-int root dir ``` pushd /srv/carom/ git pull pipenv update pipenv run ./manage.py migrate pipenv run ./manage.py collectstatic --noinput touch /etc/uwsgi/apps-enabled/carom.ini popd ``` Path to uwsgi config file (in apps-enabled) musst be matching.