...
Code Block |
---|
$ sudo rm /var/lib/neo4j/data/dbms/auth # Note the extra space before the command to avoid saving password in bash history $ sudo -u neo4j neo4j-admin set-initial-password your_awesome_password $ sudo service neo4j restart |
Install Postgres database
Set password for database user and create a new database
...
Code Block |
---|
# Missing ! since bash is sad when you use ! in anything, and pyton thinks \! is to be read as both \ and ! $ python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789@#$%^&*(-_=+)') for i in range(50)]))" |
Migrate databases and check config
Code Block |
---|
# To make it easier for yourself set DJANGO_SETTINGS_MODULE=niweb.settings.prod in your bashprofile/bashrc $ cd norduni/src/niweb $ python manage.py migrate $ python manage.py collectstatic $ python manage.py runserver |
Deploying NOCLook
Start by installing uwsgi and nginx.
Code Block |
---|
$ sudo apt-get install nginx-full uwsgi uwsgi-plugin-python |
UWSGI
Code Block |
---|
$ sudo vi /etc/uwsgi/apps-available/noclook.ini
The following configuration should be a good start.
[uwsgi]
# Django-related settings
plugins = python
protocol = uwsgi
# the base directory (full path)
chdir = /var/opt/norduni/norduni/src/niweb/
# Django's wsgi file
wsgi-file = /var/opt/norduni/norduni/src/niweb/niweb/wsgi.py
env = DJANGO_SETTINGS_MODULE=niweb.settings.prod
# the virtualenv (full path)
home = /var/opt/norduni/norduni_environment
# logging
daemonize = /var/log/uwsgi/app/noclook.log
# process-related settings
# master
master = true
# maximum number of worker processes
processes = 5
#threads = 2
max-requests = 5000
# the socket (use the full path to be safe
socket = 127.0.0.1:8001
# clear environment on exit
vacuum = true |
Link the configuration in to the correct directory.
Code Block |
---|
$ sudo ln -s /etc/uwsgi/apps-available/noclook.ini /etc/uwsgi/apps-enabled/noclook.ini |
Make temp dir and log dir writable by the uwsgi user (www-data on ubuntu)
Code Block |
---|
sudo chown -R ni:www-data /tmp/django_cache
sudo chmod -R g+w /tmp/django_cache
sudo chown -R ni:www-data /var/opt/norduni/norduni/src/niweb/logs/
sudo chmod -R g+w /var/opt/norduni/norduni/src/niweb/logs/ |
NGINX
Setup new dhparam file 2048 should suffice, but if you like you can go with 4096 instead:
Code Block |
---|
$ sudo openssl dhparam -out /etc/ssl/dhparams.pem 2048 |
Configure nginx.
Code Block |
---|
$ sudo vi /etc/nginx/sites-available/default
The following configuration should be a good start.
upstream django {
server 127.0.0.1:8001; # for a web port socket
}
server {
listen 80;
listen [::]:80;
server_name ni.nordu.net;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
listen [::]:443 default ipv6only=on; ## listen for ipv6
ssl on;
ssl_certificate /etc/ssl/ni_nordu_net.crt;
ssl_certificate_key /etc/ssl/ni_nordu_net.key;
# https://cipherli.st
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_session_cache shared:SSL:10m;
ssl_ecdh_curve secp384r1;
ssl_dhparam /etc/ssl/dhparams.pem;
server_name ni.nordu.net;
location /static/ {
alias /var/opt/norduni/norduni/src/niweb/niweb/static/;
autoindex on;
access_log off;
expires 30d;
}
location / {
include /etc/nginx/uwsgi_params;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
uwsgi_pass django;
}
} |