diff options
Diffstat (limited to '_deploy/debian-server')
-rw-r--r-- | _deploy/debian-server/apache2.conf | 227 | ||||
-rw-r--r-- | _deploy/debian-server/envvars | 47 | ||||
-rw-r--r-- | _deploy/debian-server/localsettingsserver-old.py | 121 | ||||
-rw-r--r-- | _deploy/debian-server/localsettingsserver2023-01-secret.py | 164 | ||||
-rw-r--r-- | _deploy/debian-server/requirements-server.txt | 23 | ||||
-rw-r--r-- | _deploy/debian-server/serversetup | 93 | ||||
-rw-r--r-- | _deploy/debian-server/sitecustomize.py | 7 | ||||
-rw-r--r-- | _deploy/debian-server/this-is-the-live-expo.survex.com-system.txt | 0 | ||||
-rw-r--r-- | _deploy/debian-server/wookey-exposerver-recipe.txt | 103 |
9 files changed, 785 insertions, 0 deletions
diff --git a/_deploy/debian-server/apache2.conf b/_deploy/debian-server/apache2.conf new file mode 100644 index 0000000..ae4b2c3 --- /dev/null +++ b/_deploy/debian-server/apache2.conf @@ -0,0 +1,227 @@ +# This is the main Apache server configuration file. It contains the +# configuration directives that give the server its instructions. +# See http://httpd.apache.org/docs/2.4/ for detailed information about +# the directives and /usr/share/doc/apache2/README.Debian about Debian specific +# hints. +# +# +# Summary of how the Apache 2 configuration works in Debian: +# The Apache 2 web server configuration in Debian is quite different to +# upstream's suggested way to configure the web server. This is because Debian's +# default Apache2 installation attempts to make adding and removing modules, +# virtual hosts, and extra configuration directives as flexible as possible, in +# order to make automating the changes and administering the server as easy as +# possible. + +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf-enabled +# | `-- *.conf +# `-- sites-enabled +# `-- *.conf +# +# +# * apache2.conf is the main configuration file (this file). It puts the pieces +# together by including all remaining configuration files when starting up the +# web server. +# +# * ports.conf is always included from the main configuration file. It is +# supposed to determine listening ports for incoming connections which can be +# customized anytime. +# +# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/ +# directories contain particular configuration snippets which manage modules, +# global configuration fragments, or virtual host configurations, +# respectively. +# +# They are activated by symlinking available configuration files from their +# respective *-available/ counterparts. These should be managed by using our +# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See +# their respective man pages for detailed information. +# +# * The binary is called apache2. Due to the use of environment variables, in +# the default configuration, apache2 needs to be started/stopped with +# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not +# work with the default configuration. + + +# Global configuration +# + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# NOTE! If you intend to place this on an NFS (or otherwise network) +# mounted filesystem then please read the Mutex documentation (available +# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>); +# you will save yourself a lot of trouble. +# +# Do NOT add a slash at the end of the directory path. +# +#ServerRoot "/etc/apache2" + +# +# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. +# +#Mutex file:${APACHE_LOCK_DIR} default + +# +# The directory where shm and other runtime files will be stored. +# + +DefaultRuntimeDir ${APACHE_RUN_DIR} + +# +# PidFile: The file in which the server should record its process +# identification number when it starts. +# This needs to be set in /etc/apache2/envvars +# +PidFile ${APACHE_PID_FILE} + +# +# Timeout: The number of seconds before receives and sends time out. +# +Timeout 300 + +# +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +# +KeepAlive On + +# +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +# +MaxKeepAliveRequests 100 + +# +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +# +KeepAliveTimeout 5 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} + +# +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +# +HostnameLookups Off + +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a <VirtualHost> +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a <VirtualHost> +# container, that host's errors will be logged there and not here. +# +ErrorLog ${APACHE_LOG_DIR}/error.log + +# +# LogLevel: Control the severity of messages logged to the error_log. +# Available values: trace8, ..., trace1, debug, info, notice, warn, +# error, crit, alert, emerg. +# It is also possible to configure the log level for particular modules, e.g. +# "LogLevel info ssl:warn" +# +LogLevel warn + +# Include module configuration: +IncludeOptional mods-enabled/*.load +IncludeOptional mods-enabled/*.conf + +# Include list of ports to listen on +Include ports.conf + + +# Sets the default security model of the Apache2 HTTPD server. It does +# not allow access to the root filesystem outside of /usr/share and /var/www. +# The former is used by web applications packaged in Debian, +# the latter may be used for local directories served by the web server. If +# your system is serving content from a sub-directory in /srv you must allow +# access here, or in any related virtual host. +<Directory /> + Options FollowSymLinks + AllowOverride None + Require all denied +</Directory> + +<Directory /usr/share> + AllowOverride None + Require all granted +</Directory> + +<Directory /var/www/> + Options Indexes FollowSymLinks + AllowOverride None + Require all granted +</Directory> + +#<Directory /srv/> +# Options Indexes FollowSymLinks +# AllowOverride None +# Require all granted +#</Directory> + + + + +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +# +AccessFileName .htaccess + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# +<FilesMatch "^\.ht"> + Require all denied +</FilesMatch> + + +# +# The following directives define some format nicknames for use with +# a CustomLog directive. +# +# These deviate from the Common Log Format definitions in that they use %O +# (the actual bytes sent including headers) instead of %b (the size of the +# requested file), because the latter makes it impossible to detect partial +# requests. +# +# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended. +# Use mod_remoteip instead. +# +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent + +# Include of directories ignores editors' and dpkg's backup files, +# see README.Debian for details. + +# Include generic snippets of statements +IncludeOptional conf-enabled/*.conf + +# Include the virtual host configurations: +IncludeOptional sites-enabled/*.conf + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/_deploy/debian-server/envvars b/_deploy/debian-server/envvars new file mode 100644 index 0000000..d3e69a6 --- /dev/null +++ b/_deploy/debian-server/envvars @@ -0,0 +1,47 @@ +# envvars - default environment variables for apache2ctl + +# this won't be correct after changing uid +unset HOME + +# for supporting multiple apache2 instances +if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then + SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}" +else + SUFFIX= +fi + +# Since there is no sane way to get the parsed apache2 config in scripts, some +# settings are defined via environment variables and then used in apache2ctl, +# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc. +export APACHE_RUN_USER=expo +export APACHE_RUN_GROUP=expo +# temporary state file location. This might be changed to /run in Wheezy+1 +export APACHE_PID_FILE=/var/run/apache2$SUFFIX/apache2.pid +export APACHE_RUN_DIR=/var/run/apache2$SUFFIX +export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX +# Only /var/log/apache2 is handled by /etc/logrotate.d/apache2. +export APACHE_LOG_DIR=/var/log/apache2$SUFFIX + +## The locale used by some modules like mod_dav +#export LANG=C +## Uncomment the following line to use the system default locale instead: +. /etc/default/locale + +export LANG + +## The command to get the status for 'apache2ctl status'. +## Some packages providing 'www-browser' need '--dump' instead of '-dump'. +#export APACHE_LYNX='www-browser -dump' + +## If you need a higher file descriptor limit, uncomment and adjust the +## following line (default is 8192): +#APACHE_ULIMIT_MAX_FILES='ulimit -n 65536' + +## If you would like to pass arguments to the web server, add them below +## to the APACHE_ARGUMENTS environment. +#export APACHE_ARGUMENTS='' + +## Enable the debug mode for maintainer scripts. +## This will produce a verbose output on package installations of web server modules and web application +## installations which interact with Apache +#export APACHE2_MAINTSCRIPT_DEBUG=1 diff --git a/_deploy/debian-server/localsettingsserver-old.py b/_deploy/debian-server/localsettingsserver-old.py new file mode 100644 index 0000000..72ab0f0 --- /dev/null +++ b/_deploy/debian-server/localsettingsserver-old.py @@ -0,0 +1,121 @@ +import os +import sys +import urllib.parse + +"""Settings for a troggle installation which may vary among different +installations: for development or deployment, in a docker image or +python virtual environment (venv), on ubuntu, debian or in Windows +System for Linux (WSL), on the main server or in the potato hut, +using SQLite or mariaDB. + +It sets the directory locations for the major parts of the system so +that e.g. expofiles can be on a different filesystem. + +This file is included at the end of the main troggle/settings.py file so that +it overwrites defaults in that file. +""" + +print(" * importing troggle/localsettings.py") + +# DO NOT check this file into the git repo - it contains real passwords. [not this copy] +SECRET_KEY = "zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz" +EXPOUSERPASS = "nope" +EXPOADMINUSERPASS = "nope" +EMAIL_HOST_PASSWORD = "nope" + + +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.mysql', # 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'. + 'NAME' : 'troggle', # Or path to database file if using sqlite3. + 'USER' : 'expo', # Not used with sqlite3. + 'PASSWORD' : 'not a real password', # Not used with sqlite3. + 'HOST' : '', # Set to empty string for localhost. Not used with sqlite3. + 'PORT' : '', # Set to empty string for default. Not used with sqlite3. + } +} + + +EXPOUSER = 'expo' +EXPOUSERPASS = "nnn:gggggg" +EXPOUSER_EMAIL = 'wookey@wookware.org' + +REPOS_ROOT_PATH = '/home/expo/' +sys.path.append(REPOS_ROOT_PATH) +sys.path.append(REPOS_ROOT_PATH + 'troggle') +# Define the path to the django app (troggle in this case) +PYTHON_PATH = REPOS_ROOT_PATH + 'troggle/' + +TEMPLATES = [ + { + 'BACKEND': 'django.template.backends.django.DjangoTemplates', + 'DIRS': [ + PYTHON_PATH + "templates" + ], + 'OPTIONS': { + 'debug': 'DEBUG', + 'context_processors': [ + 'django.contrib.auth.context_processors.auth', + 'core.context.troggle_context', + 'django.template.context_processors.debug', + 'django.template.context_processors.i18n', + 'django.template.context_processors.media', + 'django.template.context_processors.static', + 'django.template.context_processors.tz', + 'django.contrib.messages.context_processors.messages', + ], + 'loaders': [ + 'django.template.loaders.filesystem.Loader', + 'django.template.loaders.app_directories.Loader', + # insert your TEMPLATE_LOADERS here + ] + }, + }, +] + +PUBLIC_SITE = True + +# This should be False for normal running +DEBUG = True + +SURVEX_DATA = REPOS_ROOT_PATH + 'loser/' +DRAWINGS_DATA = REPOS_ROOT_PATH + 'drawings/' + +CAVERN = 'cavern' +THREEDTOPOS = 'survexport' +EXPOWEB = REPOS_ROOT_PATH + 'expoweb/' +SURVEYS = REPOS_ROOT_PATH +SURVEY_SCANS = REPOS_ROOT_PATH + 'expofiles/surveyscans/' +FILES = REPOS_ROOT_PATH + 'expofiles' +CAVEDESCRIPTIONS = os.path.join(EXPOWEB, "cave_data") +ENTRANCEDESCRIPTIONS = os.path.join(EXPOWEB, "entrance_data") + +CACHEDIR = REPOS_ROOT_PATH + 'expowebcache/' +THREEDCACHEDIR = CACHEDIR + '3d/' +THUMBNAILCACHE = CACHEDIR + 'thumbs' + +PYTHON_PATH = REPOS_ROOT_PATH + 'troggle/' + +URL_ROOT = 'http://expo.survex.com/' +DIR_ROOT = ''#this should end in / if a value is given +EXPOWEB_URL = '/' +SURVEYS_URL = '/survey_scans/' +EXPOFILES = urllib.parse.urljoin(REPOS_ROOT_PATH, 'expofiles/') +PHOTOS_URL = urllib.parse.urljoin(URL_ROOT, '/photos/') + +# MEDIA_URL is used by urls.py in a regex. See urls.py & core/views/surveys.py +MEDIA_URL = '/site_media/' + +MEDIA_ROOT = REPOS_ROOT_PATH + '/troggle/media/' + +STATIC_URL = urllib.parse.urljoin(URL_ROOT , '/static/') # used by Django admin pages. Do not delete. +JSLIB_URL = urllib.parse.urljoin(URL_ROOT , '/javascript/') # always fails, try to revive it ? + +#TINY_MCE_MEDIA_ROOT = STATIC_ROOT + '/tiny_mce/' # not needed while TinyMCE not installed +#TINY_MCE_MEDIA_URL = STATIC_URL + '/tiny_mce/' # not needed while TinyMCE not installed + +LOGFILE = '/var/log/troggle/troggle.log' +IMPORTLOGFILE = '/var/log/troggle/import.log' + +# add in 290, 291, 358 when they don't make it crash horribly +NOTABLECAVESHREFS = [ "264", "258", "204", "76", "107"] diff --git a/_deploy/debian-server/localsettingsserver2023-01-secret.py b/_deploy/debian-server/localsettingsserver2023-01-secret.py new file mode 100644 index 0000000..d99e61d --- /dev/null +++ b/_deploy/debian-server/localsettingsserver2023-01-secret.py @@ -0,0 +1,164 @@ +import os +import sys +import urllib.parse +from pathlib import Path + +"""Settings for a troggle installation which may vary among different +installations: for development or deployment, in a docker image or +python virtual environment (venv), on ubuntu, debian or in Windows +System for Linux (WSL), on the main server or in the potato hut, +using SQLite or mariaDB. + +It sets the directory locations for the major parts of the system so +that e.g. expofiles can be on a different filesystem, or /javascript/ can be in +a system-wide location rather than just a local directory. + +This file is included at the end of the main troggle/settings.py file so that +it overwrites defaults in that file. + +Read https://realpython.com/python-pathlib/ +Read https://adamj.eu/tech/2020/03/16/use-pathlib-in-your-django-project/ +""" + +print(" * importing troggle/localsettings.py") + +# DO NOT check this file into the git repo - it contains real passwords. + +EXPOFILESREMOTE = False # if True, then re-routes urls in expofiles to remote sever +#SECURE_SSL_REDIRECT = True # breaks 7 tests in test suite 301 not 200 (or 302) and runserver fails completely + +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.mysql', # 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'. + 'NAME' : 'troggle', # Or path to database file if using sqlite3. + 'USER' : 'expo', # Not used with sqlite3. + 'PASSWORD' : 'uFqP56B4XleeyIW', # Not used with sqlite3. + 'HOST' : '', # Set to empty string for localhost. Not used with sqlite3. + 'PORT' : '', # Set to empty string for default. Not used with sqlite3. + } +} + + +EXPOUSER = 'expo' +EXPOADMINUSER = 'expoadmin' +EXPOUSER_EMAIL = 'wookey@wookware.org' +EXPOADMINUSER_EMAIL = 'wookey@wookware.org' + +SECRET_KEY = "zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz" +EXPOUSERPASS = "nope" +EXPOADMINUSERPASS = "nope" +EMAIL_HOST_PASSWORD = "nope" + +REPOS_ROOT_PATH = '/home/expo/' +sys.path.append(REPOS_ROOT_PATH) +sys.path.append(REPOS_ROOT_PATH + 'troggle') +# Define the path to the django app (troggle in this case) +PYTHON_PATH = REPOS_ROOT_PATH + 'troggle/' +PHOTOS_YEAR = "2022" +TEMPLATES = [ + { + 'BACKEND': 'django.template.backends.django.DjangoTemplates', + 'DIRS': [ + PYTHON_PATH + "templates" + ], + 'OPTIONS': { + 'debug': 'DEBUG', + 'context_processors': [ + # django.template.context_processors.csrf, # is always enabled and cannot be removed, sets csrf_token + 'django.contrib.auth.context_processors.auth', # knowledge of logged-on user & permissions + 'core.context.troggle_context', # in core/troggle.py + 'django.template.context_processors.debug', + #'django.template.context_processors.request', # copy of current request, added in trying to make csrf work + 'django.template.context_processors.i18n', + 'django.template.context_processors.media', # includes a variable MEDIA_URL + 'django.template.context_processors.static', # includes a variable STATIC_URL + 'django.template.context_processors.tz', + 'django.contrib.messages.context_processors.messages', + ], + 'loaders': [ + 'django.template.loaders.filesystem.Loader', + 'django.template.loaders.app_directories.Loader', #For each app, inc admin, in INSTALLED_APPS, loader looks for /templates + # insert your own TEMPLATE_LOADERS here + ] + }, + }, +] + +PUBLIC_SITE = True + +# This should be False for normal running +DEBUG = True +CACHEDPAGES = True # experimental page cache for a handful of page types + +SURVEX_DATA = REPOS_ROOT_PATH + 'loser/' +DRAWINGS_DATA = REPOS_ROOT_PATH + 'drawings/' + +# executables: +CAVERN = 'cavern' # for parsing .svx files and producing .3d files +SURVEXPORT = 'survexport' # for parsing .3d files and producing .pos files + +EXPOWEB = REPOS_ROOT_PATH + 'expoweb/' +#SURVEYS = REPOS_ROOT_PATH +SCANS_ROOT = REPOS_ROOT_PATH + 'expofiles/surveyscans/' +FILES = REPOS_ROOT_PATH + 'expofiles' +PHOTOS_ROOT = REPOS_ROOT_PATH + 'expofiles/photos/' + +TROGGLE_PATH = Path(__file__).parent +TEMPLATE_PATH = TROGGLE_PATH / 'templates' +MEDIA_ROOT = TROGGLE_PATH / 'media' +JSLIB_ROOT = TROGGLE_PATH / 'media' / 'jslib' # used for CaveViewer JS utility + + +CAVEDESCRIPTIONS = os.path.join(EXPOWEB, "cave_data") +ENTRANCEDESCRIPTIONS = os.path.join(EXPOWEB, "entrance_data") + +# CACHEDIR = REPOS_ROOT_PATH + 'expowebcache/' +# THREEDCACHEDIR = CACHEDIR + '3d/' +# THUMBNAILCACHE = CACHEDIR + 'thumbs' + +PYTHON_PATH = REPOS_ROOT_PATH + 'troggle/' +PV = "python" + str(sys.version_info.major) + "." + str(sys.version_info.minor) +LIBDIR = Path(REPOS_ROOT_PATH) / 'lib' / PV + +#Note that all these *_URL constants are not actually used in urls.py, they should be.. +#URL_ROOT = 'http://expo.survex.com/' +URL_ROOT = '/' +DIR_ROOT = ''#this should end in / if a value is given +EXPOWEB_URL = '/' +SCANS_URL = '/survey_scans/' +EXPOFILES = urllib.parse.urljoin(REPOS_ROOT_PATH, 'expofiles/') +PHOTOS_URL = urllib.parse.urljoin(URL_ROOT, '/photos/') + +# MEDIA_URL is used by urls.py in a regex. See urls.py & core/views_surveys.py +MEDIA_URL = '/site_media/' + + +STATIC_URL = urllib.parse.urljoin(URL_ROOT , '/static/') # used by Django admin pages. Do not delete. +JSLIB_URL = urllib.parse.urljoin(URL_ROOT , '/javascript/') # always fails, try to revive it ? + +#TINY_MCE_MEDIA_ROOT = STATIC_ROOT + '/tiny_mce/' # not needed while TinyMCE not installed +#TINY_MCE_MEDIA_URL = STATIC_URL + '/tiny_mce/' # not needed while TinyMCE not installed + +LOGFILE = '/var/log/troggle/troggle.log' +IMPORTLOGFILE = '/var/log/troggle/import.log' + +# add in 358 when they don't make it crash horribly +NOTABLECAVESHREFS = [ "290", "291", "359", "264", "258", "204", "76", "107"] + +# Sanitise these to be strings as all other code is expecting strings +# and we have not made the change to pathlib Path type in the other localsettings-* variants yet. +CAVEDESCRIPTIONS = os.fspath(CAVEDESCRIPTIONS) +ENTRANCEDESCRIPTIONS = os.fspath(ENTRANCEDESCRIPTIONS) +LOGFILE = os.fspath(LOGFILE) +#SURVEYS = os.fspath(SURVEYS) +EXPOWEB = os.fspath(EXPOWEB) +DRAWINGS_DATA = os.fspath(DRAWINGS_DATA) +SURVEX_DATA = os.fspath(SURVEX_DATA) +REPOS_ROOT_PATH = os.fspath(REPOS_ROOT_PATH) +TEMPLATE_PATH = os.fspath(TROGGLE_PATH) +MEDIA_ROOT = os.fspath(MEDIA_ROOT) +JSLIB_ROOT = os.fspath(JSLIB_ROOT) +SCANS_ROOT = os.fspath(SCANS_ROOT) +LIBDIR = os.fspath(LIBDIR) + +print(" + finished importing troggle/localsettings.py")
\ No newline at end of file diff --git a/_deploy/debian-server/requirements-server.txt b/_deploy/debian-server/requirements-server.txt new file mode 100644 index 0000000..1a5abb1 --- /dev/null +++ b/_deploy/debian-server/requirements-server.txt @@ -0,0 +1,23 @@ +#This requirements txt matches the libaries as of 2023-07-09 on expo.survex.com <Debian GNU/Linux 11 (bullseye)> + +#Nb on the server asgiref==3.3.0, however this conflicts with the Django==3.2.12 requirement +asgiref==3.3.2 +Django==3.2.12 +docutils==0.16 +packaging==20.9 +Pillow==8.1.2 +pytz==2021.1 +sqlparse==0.4.1 +Unidecode==1.2.0 +beautifulsoup4==4.9.3 +piexif==1.1.3 + +#Not installed on expo.survex.com +#black==23.3 +#click==8.1.3 +#coverage==7.2 +#isort==5.12.0 +#mypy-extensions==1.0.0 +#pathspec==0.11 +#platformdirs==3.8 +#ruff==0.0.245 diff --git a/_deploy/debian-server/serversetup b/_deploy/debian-server/serversetup new file mode 100644 index 0000000..1c54546 --- /dev/null +++ b/_deploy/debian-server/serversetup @@ -0,0 +1,93 @@ +Instructions for setting up new expo debian server/VM +For Debian Stretch, June 2019. + +[Note added March 2021: +See also http://expo.survex.com/handbook/troggle/serverconfig.html +and troggle/README.txt +] + +adduser expo +apt install openssh-server mosh tmux mc zile emacs-nox mc most ncdu +apt install python-django apache2 mysql-server survex make rsync +apt install libjs-openlayers make +apt install git mercurial mercurial-server? + +for boe: +apt install libcgi-session-perl libcrypt-passwdmd5-perl libfile-slurp-perl libgit-wrapper-perl libhtml-template-perl libhtml-template-pro-perl libmime-lite-perl libtext-password-pronounceable-perl libtime-parsedate-perl libuuid-tiny-perl libcrypt-cracklib-perl + +obsolete-packages: + bins (move to jigl?) (for photos) + python-django 1.7 +backports: survex therion +not-packaged: caveview + +make these dirs available at top documentroot: +cuccfiles +expofiles +loser (link to repo) +tunneldata (link to repo) +troggle (link to repo) +expoweb (link to repo) +boc/boe + + +config +containing: + +setup apache configs for cucc and expo +#disable default website +a2dissite 000-default +a2ensite cucc +a2ensite expo +a2enmod cgid + + +Boe config: +Alias /boe /home/expo/boe/boc/boc.pl +<Directory /home/expo/boe/boc> + AddHandler cgi-script .pl + SetHandler cgi-script + Options +ExecCGI + Require all granted +</Directory> +And remember to set both program and data dir to be +www-data:www-data +(optionally make file group read/write by treasurer account) +create empty repo by clicking create in boe interface +then set names in 'settings' + +Set up mysql (as root) +mysql -p +CREATE DATABASE troggle; +GRANT ALL PRIVILEGES ON troggle.* TO 'expo'@'localhost' IDENTIFIED BY 'somepassword'; + +install django: +NO! +This was:sudo apt install python-django python-django-registration python-django-imagekit python-django-tinymce fonts-freefont-ttf libapache2-mod-wsgi +Should be ? +sudo apt install python-django python-django-tinymce fonts-freefont-ttf libapache2-mod-wsgi + +CHeck if this is correct: +python-django-tinymce comes from https://salsa.debian.org/python-team/modules/python-django-tinymce +(both modified for stretch/python2). packages under /home/wookey/packages/ + +need fonts-freefont-ttf (to have truetype freesans available for troggle via PIL) +need libapache2-mod-wsgi for apache wsgi support. + +On stretch the django 1.10 is no use so get rid of that: +apt remove python3-django python-django python-django-common python-django-doc + +Then replace with django 1.7 (Needs to be built for stretch) +apt install python-django python-django-common python-django-doc +apt install python-django-registration python-django-imagekit python-django-tinymce + +then hold them to stop them being upgraded by unattended upgrades: +echo "python-django hold" | sudo dpkg --set-selections +echo "python-django-common hold" | sudo dpkg --set-selections +echo "python-django-doc hold" | sudo dpkg --set-selections + +#troggle has to have a writable logfile otherwise the website explodes +# 500 error on the server, and apache error log has non-rentrant errors +create /var/log/troggle/troggle.log +chown www-data:adm /var/log/troggle/troggle.log +chmod 660 /var/log/troggle/troggle.log diff --git a/_deploy/debian-server/sitecustomize.py b/_deploy/debian-server/sitecustomize.py new file mode 100644 index 0000000..89c6712 --- /dev/null +++ b/_deploy/debian-server/sitecustomize.py @@ -0,0 +1,7 @@ +# install the apport exception handler if available +try: + import apport_python_hook +except ImportError: + pass +else: + apport_python_hook.install() diff --git a/_deploy/debian-server/this-is-the-live-expo.survex.com-system.txt b/_deploy/debian-server/this-is-the-live-expo.survex.com-system.txt new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/_deploy/debian-server/this-is-the-live-expo.survex.com-system.txt diff --git a/_deploy/debian-server/wookey-exposerver-recipe.txt b/_deploy/debian-server/wookey-exposerver-recipe.txt new file mode 100644 index 0000000..6bcdc57 --- /dev/null +++ b/_deploy/debian-server/wookey-exposerver-recipe.txt @@ -0,0 +1,103 @@ +adduser expo +apt install openssh-server mosh tmux mc zile emacs-nox mc most ncdu +apt install python-django apache2 mysql-server survex make rsync +apt install libjs-openlayers make +apt install git mercurial mercurial-server? + +for boe: +apt install libcgi-session-perl libcrypt-passwdmd5-perl libfile-slurp-perl libgit-wrapper-perl libhtml-template-perl libhtml-template-pro-perl libmime-lite-perl libtext-password-pronounceable-perl libtime-parsedate-perl libuuid-tiny-perl libcrypt-cracklib-perl + +apt install ufraw for PEF image decoding. +sudo apt install python-django python-django-registration e fonts-freefont-ttf libapache2-mod-wsgi python3-gdbm +# sudo apt install python-django-imagekit python-django-tinymc + +obsolete-packages: bins (move to jigl?) + older python-django? +backports: survex therion +not-packaged: caveview + + +make these dirs available at top documentroot: +cuccfiles +expofiles +loser +tunneldata +troggle +expoweb +boc/boe + +config +containing: + +setup apache configs for cucc and expo +#disable default website +a2dissite 000-default +a2ensite cucc +a2ensite expo +a2enmod cgid + + +Boe config: +Alias /boe /home/expo/boe/boc/boc.pl +<Directory /home/expo/boe/boc> + AddHandler cgi-script .pl + SetHandler cgi-script + Options +ExecCGI + Require all granted +</Directory> +And remember to set both program and data dir to be +www-data:www-data +(optionally make file group read/write by treasurer account) +create empty repo by clicking create in boe interface +then set names in 'settings' + +Set up mysql (as root) +mysql -p +CREATE DATABASE troggle; +GRANT ALL PRIVILEGES ON troggle.* TO 'expo'@'localhost' IDENTIFIED BY 'somepassword'; +Ctrl-D to exit + +somepassword is set in localsettings.py +sudo service mariadb stop +sudo service mariadb start + +to delete the database, it is +DROP DATABASE troggle; + +install django: +sudo apt install python-django python-django-registration python-django-imagekit python-django-tinymce fonts-freefont-ttf libapache2-mod-wsgi + +python-django-imagekit comes from https://salsa.debian.org/python-team/modules/python-django-imagekit +python-django-tinymce comes from https://salsa.debian.org/python-team/modules/python-django-tinymce + +need fonts-freefont-ttf (to have truetype freesans available for troggle via PIL) +need libapache2-mod-wsgi for apache wsgi support. + +On stretch the django 1.10 is no use so get rid of that: +apt remove python3-django python-django python-django-common python-django-doc + +Then replace with django 1.7 (Needs to be built for stretch) +apt install python-django python-django-common python-django-doc +apt install python-django-registration python-django-imagekit python-django-tinymce + +then hold them to stop them being upgraded by unattended upgrades: +echo "python-django hold" | sudo dpkg --set-selections +echo "python-django-common hold" | sudo dpkg --set-selections +echo "python-django-doc hold" | sudo dpkg --set-selections + +Optimizing server +I've tweaked the apache and mysql settings to make them a bit more suitable for a small machine. Seems to have shaved 200MB or so off the idling footprint. +https://www.narga.net/optimizing-apachephpmysql-low-memory-server/ + +(just discovered 'ab' for running apache performance tests - handy). + +Do the edit to site-packages/django/db/backends/base.py +to comment out the requirement for mysqlclient >1.3.13 +as we run perfectly happily with Django 2.2.19 & mysqlite 1.3.10 +: + +version = Database.version_info +#test nobbled by Wookey 2021-04-08 as 1.3.13 is not available on stable +#if version < (1, 3, 13): +# raise ImproperlyConfigured('mysqlclient 1.3.13 or newer is required; you have %s.' % Database.__version__) + |