Skip to content

Deployment

Yasser Tahiri edited this page May 16, 2021 · 2 revisions

Follow the installation instructions before continuing. If you are running the Django server, press Control-C to close it.

Make sure you have root privileges.

Django configuration

  1. Collect the static files (by default in /var/www/my-buisness/static/) using $ python manage.py collectstatic.

  2. Generate a SECRET_KEY using $ python -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())'.

  3. Copy the returned key to your clipboard because we will need it soon.

  4. Edit config.ini with your preferred text editor and replace the current SECRET_KEY with the one you generated earlier (it's in your clipboard, right!?).

Firewall configuration

If you have a firewall set up (recommended), make sure to open ports 80 and 443.

  • If you have UFW set up:

    • Run $ ufw allow http.
    • Run $ ufw allow https.
  • If don't have UFW and have only iptables set up:

    • Open /etc/sysconfig/iptables for editing using your preferred text editor.
    • Add the following lines to the file if they do not already exist, then save and exit:
-A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT

Installing additional dependencies

  • Install Gunicorn using $ pip install gunicorn.
  • Install Nginx using $ apt install nginx.
  • Install Certbot using $ apt install python3-certbot-nginx.

Note: Make sure to edit the file and directory paths accordingly in the instructions below.

Setting up the Gunicorn service

  • Edit /etc/systemd/system/gunicorn_bt.socket using your preferred text editor and add the following to the file:
[Unit]
Description=gunicorn bt socket

[Socket]
ListenStream=/run/gunicorn_bt.sock

[Install]
WantedBy=sockets.target
  • Edit /etc/systemd/system/gunicorn_bt.service using your preferred text editor and add the following to the file:
[Unit]
Description=gunicorn bt daemon
Requires=gunicorn_bt.socket
After=network.target

[Service]
User=www-data
Group=www-data
WorkingDirectory=/srv/my-buisness
ExecStart=/srv/business-tracer/venv/bin/gunicorn \
          --access-logfile - \
          --workers 3 \
          --bind unix:/run/gunicorn_bt.sock \
          common.wsgi:application

[Install]
WantedBy=multi-user.target
  • Start the Gunicorn socket using $ systemctl start gunicorn_bt.socket.
  • Enable the Gunicorn socket (to run at startup) using $ systemctl enable gunicorn_bt.socket.

Setting up Nginx

  • Remove the default configuration from sites-enabled using $ rm /etc/nginx/sites-enabled/default.
  • Edit /etc/nginx/sites-available/blog using your preferred text editor and add the following to the file:

*Note: Make sure to replace YOUR_FULLY_QUALIFIED_DOMAIN_NAME with your FQDN.

server {
    listen 80;
    server_name YOUR_FULLY_QUALIFIED_DOMAIN_NAME;

    location = /favicon.ico { access_log off; log_not_found off; }

    location /static/ {
        root /var/www/my-buisness;
    }

    location /media/ {
        root /var/www/my-buisness;
    }

    location / {
        include proxy_params;
        proxy_pass http://unix:/run/gunicorn_bt.sock;
    }
}
  • Enable the Nginx config using $ ln -s /etc/nginx/sites-available/my-buisness /etc/nginx/sites-enabled/my-buisness.
  • Restart Nginx using $ systemctl restart nginx.

Setting up the HTTPS certificate

*Note: Make sure to replace YOUR_FULLY_QUALIFIED_DOMAIN_NAME with your FQDN.

  • Create an HTTPS certificate with Certbot using $ certbot --nginx -d YOUR_FULLY_QUALIFIED_DOMAIN_NAME.
  • Follow the script instructions.
  • You should choose option 2 (Redirect) when the script asks if you want users to be redirected to the HTTPS version of the website if they try accessing the HTTP version.

Good job! You should now have a running instance of My Buisness.