Skip to content
This repository was archived by the owner on Sep 26, 2023. It is now read-only.

Deployment

Jump to bottom
Márki-Zay Ferenc edited this page Sep 14, 2022 · 3 revisions

An example deployment on a debian 9.9 server.

1. Download and compile python 3.7

Compiling requires the following packages to be installed: zlib1g-dev libffi-dev libssl-dev libbz2-dev libncursesw5-dev libgdbm-dev liblzma-dev libsqlite3-dev tk-dev uuid-dev libreadline-dev

The latest python 3.7 source code can be downloaded here.

Unpack the archive and run the following commands:

./configure --enable-optimizations
make
make install

This will replace the built in python3 executable.

2. Install postgresql

  • Install the following packages: libpq-dev postgresql postgresql-contrib
  • Create a database and a user that has all privileges on that database

3. Install redis

  • Install the redis-server package.
  • Edit the /etc/redis/redis.conf file: set supervised to systemd

4. Clone the repository

In this example the repository is located in the /srv/wargame-web directory.

5. Install Python dependencies

Run the following commands:

  • pip install pipenv
  • pipenv install --system --ignore-pipfile --deploy
  • pip install gunicorn

6. Create config file

Copy the example-config.yaml file as config.yaml and fill out the following information:

  • Replace secret_key with a new one
  • Set debug to False
  • Set the parameters of the postgres account and database under the database tag.
  • Set the parameters of the email server under the email tag (only required for importing users)
  • Add all host names from which the server should be accessible to allowed_hosts

7. Django setup

Run the following commands:

  • python3 ./manage.py migrate --settings wargame_web.settings.production
  • python3 ./manage.py collectstatic --settings wargame_web.settings.production
  • python3 ./manage.py createsuperuser --settings wargame_web.settings.production

8. Access rights setup

  • Create a new system user called wargame-web in the www-data group. (sudo useradd -r -M -G www-data wargame-web)
  • Change the group of the wargame-web folder to www-data to give nginx and django read access to the files
  • Create the /srv/wargame-web/media folder with the wargame-web user as the owner and www-data as the group. This will allow django to place uploaded files here.
  • Make sure the wargame-web user has write access to the directory used by gunicorn and daphne for their sockets. (See next step)

9. Create services

  • Create the base service file: /etc/systemd/system/wargame-web.service:
[Unit]
Description=Wargame-web main application

[Service]
Type=oneshot
ExecStart=/bin/true
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target
  • Create the gunicorn service file: /etc/systemd/system/wargame-web-gunicorn.service:
[Unit]
Description=wargame-web gunicorn daemon
After=network.target
PartOf=wargame-web.service
After=wargame-web.service

[Service]
User=wargame-web
Group=www-data
WorkingDirectory=/srv/wargame-web
ExecStart=/usr/local/bin/gunicorn --bind unix:/srv/wargame-web/wargame-web-gunicorn.sock wargame_web.wsgi:application
Restart=on-failure

[Install]
WantedBy=wargame-web.service
  • Create the daphne service file /etc/systemd/system/wargame-web-daphne.service:
[Unit]
Description=wargame-web daphne daemon
After=network.target
PartOf=wargame-web.service
After=wargame-web.service

[Service]
User=wargame-web
Group=www-data
WorkingDirectory=/srv/wargame-web
ExecStart=/usr/local/bin/daphne -u /srv/wargame-web/wargame-web-daphne.sock wargame_web.asgi:application
Restart=on-failure

[Install]
WantedBy=wargame-web.service
  • Enable all three services and start the wargame-web service

10. Install nginx

Example nginx site config:

server {
        listen 80 default_server;
        server_name 192.168.80.128;
        return 301 https://$server_name$request_uri;
}
server {
        listen 443 ssl http2 default_server;

        include snippets/self-signed.conf;
        include snippets/ssl-params.conf;

        server_name 192.168.80.128;
        client_max_body_size 2g;

        location /static/ {
                alias /srv/wargame-web/static/;
        }

        location /media/ {
                internal;
                alias /srv/wargame-web/media/;
        }

        location /ws/ {
                include proxy_params;
                proxy_pass http://unix:/srv/wargame-web/wargame-web-daphne.sock;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";

                proxy_redirect off;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Host $server_name;
        }

        location / {
                include proxy_params;
                proxy_pass http://unix:/srv/wargame-web/wargame-web-gunicorn.sock;
        }
}
Clone this wiki locally