-
Notifications
You must be signed in to change notification settings - Fork 64
Ubuntu 14.04
These instructions were written for Ununtu 14.04.4 LTS, but should be able to be adapted for other versions.
We are going to run Sal using the Gunicorn server - this is a server that is designed to run Python apps, and will sit behind your web server of choice (nginx or Apache if you're old school), and we are also going to set up the PostgreSQL database for Sal.
First off, let's get Python and PostgreSQL installed.
$ sudo apt-get update
$ sudo apt-get install python-pip python-dev software-properties-common libpq-dev postgresql postgresql-contrib git libffi-dev
Next off is to set up the database and the user that Sal will connect to it with. First switch to the postgres
user and then log into PostgreSQL
$ sudo su - postgres
$ psql
Now we can create the database:
CREATE DATABASE sal;
And you can choose your own username and password here:
CREATE USER sal_admin WITH PASSWORD 'sal_password';
Finally, give them permissions and quit, and exit out of the postgres
user:
GRANT ALL PRIVILEGES ON DATABASE sal TO sal_admin;
\q
exit
Now we're going to install pip and create the virtual environment for Sal to run.
$ sudo pip install virtualenv
And now we need to set up a service user (as it's bad form to run these things as root)
$ sudo useradd -M sal_user
$ sudo usermod -L sal_user
Finally, let's make somewhere for our stuff to live and make our service account the user:
$ sudo mkdir -p /usr/local/sal_install
$ sudo chown sal_user /usr/local/sal_install
Now elevate yourself to root and switch to the sal_user:
$ sudo -i
$ su - sal_user
Let's create the virtualenv and activate it:
$ cd /usr/local/sal_install
$ virtualenv sal_env
$ source sal_env/bin/activate
Now let's download the latest release of Sal (please refer to the releases for the latest version number):
$ git clone https://github.com/salopensource/sal.git
$ cd sal
$ git checkout tags/3.0.3
Install Sal's dependencies:
$ pip install -r setup/requirements.txt
$ pip install psycopg2==2.5.3
$ pip install gunicorn==19.4.5
We need to make a copy of the default settings file and open it in a text editor (I like nano, you can use whatever you want)
$ cp sal/example_settings.py sal/settings.py
$ nano sal/settings.py
You will see a section for configuring your database. Make it look like the below:
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql_psycopg2',
'NAME': 'sal',
'USER': 'sal_admin',
'PASSWORD': 'sal_password',
'HOST': 'localhost',
'PORT': '',
}
}
Now we can populate the database:
$ python manage.py migrate
$ python manage.py collectstatic
And create the admin user:
$ python manage.py createsuperuser
We're done with our service account for now, so let's go back to root:
$ deactivate
$ exit
As mentioned previously, we're using Gunicorn to run the app behind a web server. In your favourite editor, open up /etc/init/gunicorn.conf
, and make it look like the below. You should change the number of workers to be the number of cores in your server + 1 (e.g. 3 workers for a 2 core server).
description "Gunicorn application server handling Sal"
start on runlevel [2345]
stop on runlevel [!2345]
respawn
setuid sal_user
setgid www-data
chdir /usr/local/sal_install/sal
exec /usr/local/sal_install/sal_env/bin/gunicorn --workers 3 -b 127.0.0.1:8000 sal.wsgi:application
It is recommended that if you're setting up from scratch, you should use nginx. Only use Apache if you are integrating with an existing install. This config will only set you up to use HTTP. It is recommended you get set up with SSL though - Digital Ocean has a great tutorial on that. This is assuming your server has the hostname sal.example.com
.
$ sudo apt-get install nginx
And let's configure nginx.
$ sudo nano /etc/nginx/sites-available/sal.conf
And make it look like:
server {
listen 80;
server_name sal.example.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
alias /usr/local/sal_install/sal/static/;
}
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
port_in_redirect off;
proxy_connect_timeout 300s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
}
}
If Sal is the only app running on this server, you could make the section just inside the server block look like:
server {
listen 80 default_server;
server_name _;
# More things down here...
Now finally we need to activate the nginx configuration:
$ ln -s /etc/nginx/sites-available/sal.conf /etc/nginx/sites-enabled/sal.conf
Now to start the services:
$ service gunicorn restart
$ service nginx restart
Finally, we need to set up the task in cron to perform the search maintenance. Assuming you haven't changed any paths, you can just use the script in setup/search_maint.sh
- if you have, you will need to update the paths to reflect what you have changed them to.
sudo contab -e
And add in:
*/5 * * * * sal_user /usr/local/sal_install/sal/setup/search_maint.sh > /dev/null 2>&1
An example configuration file for Nginx with Letsencrypt could look something like this:
Where sal.example.com is the FQDN (/website address) of your site.
server {
listen 80;
server_name _;
location / {
return 301 https://$server_name$request_uri;
}
}
server {
server_name _;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_certificate /etc/letsencrypt/live/sal.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sal.example.com/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/sal.example.com/chain.pem;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
location /.well-known/acme-challenge {
root /var/www/letsencrypt;
}
location /static/ {
alias /usr/local/sal_install/sal/static/;
}
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
port_in_redirect off;
proxy_connect_timeout 300s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
}
}
Updating to the latest version of Sal follows almost all of the parts under the 'Setting up Python' section.
Start by elevating to root, and switching to the sal_user:
sudo -i
su - sal_user
Change to the sal_install directory
cd /usr/local/sal_install/
Activate the sal_env
source sal_env/bin/activate
Ensure you are in the sal/ directory
cd sal/
Run Git pull to get the latest code
git pull https://github.com/salopensource/sal.git
Migrate the database to enable new columns
source ../sal_env/bin/activate
python manage.py migrate
Refresh Sal in your browser and check that the version has changed.
- Brute force protection
- LDAP integration
- Active Directory integration
- API
- Usage reporting
- License Management
- Maintenance
- Search
- Troubleshooting
- SAML
- IAM Authentication for AWS RDS Postgres
- Docker
- Ubuntu 14.04
- Ubuntu 16.04
- RHEL 7
- Kubernetes
- Heroku?