Skip to content

deployment.md

Latest commit

 

History

History
219 lines (156 loc) · 5.35 KB

deployment.md

File metadata and controls

219 lines (156 loc) · 5.35 KB

App deployment on Ubuntu 22.04 LTS

Install a recent version of Node

curl -sL https://deb.nodesource.com/setup_18.x -o nodesource_setup.sh
sudo bash nodesource_setup.sh
sudo apt install nodejs -y

Can check version with:

node -v

Install SASS

Not sure if this is necessary on production...

npm install node-sass

Install Python 3.12

This requires some manual steps, I don't know how to automate some of them. Probably easiest to use a later version of Ubuntu. We don't really need 3.12.

sudo apt update
sudo apt upgrade -y
sudo apt install software-properties-common -y
sudo add-apt-repository ppa:deadsnakes/ppa
sudo apt update
sudo apt install python3.12 python3.12-venv python3.12-dev -y

Create venv

mkdir venvs
python3.12 -m venv venvs/registration
source venvs/registration/bin/activate

Download registration app

Eventually should be release on pypi

wget https://github.com/Depart-de-Sentier/dds_registration/archive/refs/heads/main.zip
unzip main.zip
rm main.zip
mv dds_registration-main registration
pip install uwsgi
cd registration
pip install -e .

Copy static content to /var/www:

Tomás please fix this :)

You also need to run the SASS preprocessor, which will create the static/CACHE directory. This also needs to be copied over to var/www.

npm install gulp
npm run update-assets

Set up NGINX config

Create /etc/nginx/sites-available/events.d-d-s.ch with the following content:

server {
        server_name events.d-d-s.ch;
        access_log  /var/log/nginx/events.d-d-s.ch.access.log;
        error_log  /var/log/nginx/events.d-d-s.ch.error.log;
        location ~ /.well-known {
                allow all;
        }

       location /static {
                alias /var/www/registration/static;
        }

        location / {
                proxy_pass http://127.0.0.1:8076;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                proxy_buffering off;
        }
}

Enable the site

sudo ln -s /etc/nginx/sites-available/events.d-d-s.ch /etc/nginx/sites-enabled/
sudo systemctl restart nginx

Set up HTTPS certificate

sudo certbot --nginx -d events.d-d-s.ch --agree-tos --email cmutel@gmail.com

Authenticating with Google email server and generate token.json

The registration site needs a token.json filepath specified as the environment variable in the same directory as the running script (this is how the "simple" Google OAuth system works...). Generating this file needs to be done on a system where you can use the web browser to authenticate yourself. The base "credentials.json" file was generated following the defined procedure and can be downloaded from Google Cloud.

You can generate token.json with (needs credentials.json):

from google_auth_oauthlib.flow import InstalledAppFlow

# If modifying these scopes, delete the file token.json.
SCOPES = ["https://www.googleapis.com/auth/gmail.modify"]

flow = InstalledAppFlow.from_client_secrets_file(
  "credentials.json", SCOPES
)

# Opens web browser
creds = flow.run_local_server(port=0)

with open("token.json", "w") as token:
    token.write(creds.to_json())

Running the app

Export necessary environment variables

Can generate secret keys via

python -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())'

export GOOGLE_TOKEN_FILEPATH=""
export DEBUG=0
export SECRET_KEY=""
export REGISTRATION_SALT=""

Set up database

Initial database creation and admin user setup:

python manage.py migrate
python manage.py createsuperuser

Run the uWSGI app

To run as a one-off for testing (in the venv):

uwsgi --http :8076 --wsgi-file wsgi.py

(run from the source directory or adjust path of wsgi.py)

Better to set up a system.d service. Create /etc/systemd/system/dds-registration.service with content:

# /etc/systemd/system/dds-registration.service
[Unit]
Description=DdS events registration
After=network.target

[Service]
Type=simple
User=registration
WorkingDirectory=/home/registration
ExecStart=/home/registration/venvs/registration/bin/uwsgi --http :8076 --wsgi-file /home/registration/registration/dds_registration/wsgi.py
Restart=always
Environment=GOOGLE_TOKEN_FILEPATH=""
Environment=DEBUG=0
Environment=SECRET_KEY=""
Environment=REGISTRATION_SALT=""

[Install]
WantedBy=multi-user.target

Get the permissions right:

sudo chmod 755 /etc/systemd/system/dds-registration.service
sudo chown root:root /etc/systemd/system/dds-registration.service

If this is your first time, you need to enable the service:

sudo systemctl enable dds-registration

Otherwise, if you changed the config, you need to reload the system.d config:

sudo systemctl daemon-reload

Then you can start the service:

sudo systemctl start dds-registration

Configure the Django site

You must login to the admin portal and configure the Site or the URLs will break!