200 lines
4.3 KiB
Markdown
200 lines
4.3 KiB
Markdown
# Preparing
|
||
|
||
- [ ] Install and configure Mailsystem (postfix) so it is possible to send mails
|
||
- [ ] Install python ```apt install python3 python3-pip python3-venv python3-virtualenv```
|
||
- [ ] Install uwsgi ```apt install uwsgi uwsgi-plugin-python3```
|
||
- [ ] Install and configure mariadb-server ```mysql_secure_installation```
|
||
- [ ] Install and configure nginx und let's encrypt or similar
|
||
- [ ] Install git ```apt install git```
|
||
|
||
|
||
# Installation
|
||
|
||
- [ ] Create databases for carom and carom-int
|
||
|
||
```
|
||
-- carom
|
||
CREATE DATABASE carom DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
|
||
CREATE USER 'carom'@'localhost' IDENTIFIED BY 'xxx';
|
||
GRANT ALL PRIVILEGES ON carom.* TO 'carom'@'localhost';
|
||
CREATE DATABASE `carom-int` DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
|
||
CREATE USER 'carom-int'@'localhost' IDENTIFIED BY 'xxx';
|
||
GRANT ALL PRIVILEGES ON `carom-int`.* TO 'carom-int'@'localhost';
|
||
FLUSH PRIVILEGES;
|
||
```
|
||
|
||
Passphrases should be replaced by useful characters
|
||
|
||
- [ ] Create systemd unit file for uwsgi (/etc/systemd/system/uwsgi.service):
|
||
|
||
```
|
||
[Unit]
|
||
Description=uWSGI Emperor service
|
||
|
||
[Service]
|
||
ExecStartPre=/bin/bash -c 'mkdir -p /run/uwsgi; chown www-data:www-data /run/uwsgi'
|
||
ExecStart=/usr/bin/uwsgi --emperor /etc/uwsgi/apps-enabled
|
||
Restart=always
|
||
KillSignal=SIGQUIT
|
||
Type=notify
|
||
NotifyAccess=all
|
||
|
||
[Install]
|
||
WantedBy=multi-user.target
|
||
```
|
||
|
||
- [ ] Reread systemd configs for uwsgi
|
||
|
||
```
|
||
systemctl daemon-reload
|
||
systemctl enable uwsgi.service
|
||
systemctl restart uwsgi.service
|
||
```
|
||
|
||
- [ ] Checkout carom
|
||
|
||
```
|
||
cd /srv
|
||
git clone http://git.einsle.de/carom/carom-server.git carom
|
||
git clone http://git.einsle.de/carom/carom-server.git carom-int
|
||
cd carom-int
|
||
git checkout develop
|
||
git pull
|
||
cd ..
|
||
```
|
||
|
||
- [ ] Install pipenv
|
||
|
||
```
|
||
pip3 install –upgrade pipenv
|
||
```
|
||
|
||
- [ ] Install mysqlclient
|
||
|
||
```
|
||
apt install libmariadbclient-dev
|
||
```
|
||
|
||
In environments carom run
|
||
|
||
```
|
||
pipenv install mysqlclient
|
||
```
|
||
|
||
```
|
||
git checkout -- Pipfile Pipfile.lock
|
||
git status
|
||
```
|
||
|
||
- [ ] Create caromserver/local_settings.py for both environments:
|
||
|
||
```
|
||
cd caromserver
|
||
cp local_settings_example.py local_settings.py
|
||
vi local_settings.py
|
||
ALLOWED_HOSTS, ADMINS, DEBUG should be filled
|
||
SECRET_KEY use pwgen 50 1 to create content for
|
||
DATABASES settings
|
||
cd ..
|
||
mkdir .venv
|
||
pipenv install
|
||
pipenv run python manage.py migrate
|
||
pipenv run python manage.py collectstatic
|
||
```
|
||
|
||
Do it for /srv/carom and /srv/carom-int
|
||
|
||
- [ ] Create Superuser Accounts using:
|
||
|
||
```
|
||
pipenv run python manage.py createsuperuser
|
||
```
|
||
|
||
- [ ] Create config File for uwsgi/carom
|
||
|
||
```
|
||
# carom...ini file
|
||
[uwsgi]
|
||
plugin = python3
|
||
chdir = /srv/carom/
|
||
module = caromserver.wsgi:application
|
||
home = /srv/carom/.venv/
|
||
master = true
|
||
processes = 5
|
||
vacuum = true
|
||
uid = www-data
|
||
gid = www-data
|
||
workers = 2
|
||
socket = /run/uwsgi/carom.socket
|
||
chmod-socket = 660
|
||
log-date = true
|
||
```
|
||
|
||
Create it for /etc/uwsgi/apps-available/carom.ini and carom-int.ini and link it
|
||
to /etc/uwsgi/apps-enabled/
|
||
|
||
```
|
||
systemctl restart uwsgi.service
|
||
```
|
||
|
||
Show at syslog for errors and fix it.
|
||
|
||
- [ ] Create Config File for nginx/carom
|
||
|
||
```
|
||
upstream socket_carom {
|
||
server unix:///run/uwsgi/carom.socket;
|
||
}
|
||
|
||
server {
|
||
listen 80;
|
||
listen [::]:80;
|
||
server_name carom...;
|
||
return 301 https://$host$request_uri;
|
||
}
|
||
|
||
server {
|
||
listen 443 ssl;
|
||
listen [::]:443 ssl;
|
||
server_name carom...;
|
||
ssl_certificate /etc/ssl/certs/xxx;
|
||
ssl_certificate_key /etc/ssl/private/xxx;
|
||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||
charset utf-8;
|
||
client_max_body_size 75M; # adjust to taste
|
||
location /media {
|
||
alias /srv/carom/media;
|
||
}
|
||
location /static {
|
||
alias /srv/carom/staticfiles;
|
||
}
|
||
location / {
|
||
uwsgi_pass socket_carom;
|
||
include /etc/nginx/uwsgi_params;
|
||
}
|
||
}
|
||
```
|
||
|
||
Create it for /etc/ngin/sites-available/carom... and carom-int... and link it
|
||
to /etc/ngin/sites-enabled/
|
||
|
||
Path to certificates must be modified.
|
||
|
||
```
|
||
systemctl restart nginx
|
||
```
|
||
|
||
- [ ] Create update.sh in carom and carom-int root dir
|
||
|
||
```
|
||
pushd /srv/carom/
|
||
git pull
|
||
pipenv update
|
||
pipenv run python manage.py migrate
|
||
pipenv run python manage.py collectstatic --noinput
|
||
touch /etc/uwsgi/apps-enabled/carom.ini
|
||
popd
|
||
```
|
||
|
||
Path to uwsgi config file (in apps-enabled) musst be matching. |