personal-site/HACKING.md

# Personal-site

> Production [Tested on server with Hyperbola GNU + Linux-libre]

## Python dependencies

- Django
- Pillow
- psycopg2-binary
- pytz

## Production Installation

- Clone **Personal-site**

```console
$ git clone https://git.sr.ht/~heckyel/personal-site
```

- Run `virtualenv`.

```console
$ cd personal-site && virtualenv ./venv/
```

- Activate the virtualenv.

```console
$ source ./venv/bin/activate
```

- Install dependencies through `pip`.

```console
$ pip install -r requirements_prod.txt
```

## Configuration Postgres

- Login as postgres

```console
$ sudo su - postgres
```

- Create base

```console
$ createdb namebase
```

- Create User (place a password for our user)

```console
$ createuser -P username
```

- Inside the database

```console
$ psql -d namebase
```

- Give permissions to the created user

```console
$ GRANT ALL PRIVILEGES ON DATABASE namebase TO username;
```

## Tips of Postgres

- List database

```console
$ psql -l
```

- Delete database

```console
$ dropdb namebase
```

## Conecting to Postgres

- Copy `settings.py.example` to `settings.py` and modify.
  Make sure to uncomment the appropriate database section (either sqlite or
  PostgreSQL).

```console
$ cp -v personalsite/settings.py.example personalsite/settings.py
```

Replace sqlite configuartion to postgres, example:

```python
DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
        'NAME': 'namebase',
        'USER': 'username',
        'PASSWORD': 'pass',
        'HOST': '127.0.0.1',
        'PORT': '5432',
    }
}
```

- Check syntax.

```console
$ python manage.py check --deploy
```

- Make migrations

```console
$ python manage.py makemigrations
```

- Migrate changes.

```console
$ python manage.py migrate
```

- Create superUSER

```console
$ python manage.py createsuperuser
```


## Run with Apache server and wsgi

- Install WSGI for Apache

```console
$ sudo pacman -S mod_wsgi
```

- To install mod_wsgi, add the following line in `httpd.conf`, example:

```console
$ sudo nano -w /etc/httpd/conf/httpd.conf
```

   Added line:

```apacheconf
LoadModule wsgi_module modules/mod_wsgi.so
```

- Create vhosts, for example:

```console
$ sudo nano -w /etc/httpd/conf/extra/httpd-vhosts.conf
```

   and inside write the configuration, example:

```apacheconf
<IfModule ssl_module>
    <VirtualHost *:80>
        ServerAdmin example@dominio.com
        ServerName example.com
        ServerAlias example.com

        Alias /media /path/to/site/media/
        Alias /static /path/to/site/core/static/
        <Directory /path/to/site/core/static>
            Require all granted
        </Directory>

        <Directory /path/to/site/media>
            Require all granted
        </Directory>

        <Directory /path/to/site/personalsite>
            <Files wsgi.py>
                Require all granted
            </Files>
        </Directory>

        WSGIDaemonProcess personalsite python-home=/path/to/site/venv python-path=/path/to/site
        WSGIProcessGroup personalsite
        WSGIScriptAlias / /path/to/site/wsgi.py

    </VirtualHost>
</IfModule>
```

- Replace `ALLOWED_HOSTS = []`

   on setting.py to:

```python
ALLOWED_HOSTS = ["example.com", "localhost"]
```

- Added on setting.py:

```python
STATIC_ROOT = '/path/to/site/core/static'
```

- Generated files static of Admin Django (you must be inside the virtualenv).

```console
$ python manage.py collectstatic
```

- Create the media/ directory

```console
$ cd /path/to/personalsite
```

```console
$ mkdir media/
```

- Change Permition to media/ at group http

```console
$ sudo chown -R http:http media/
```

- Restart Apache server

```console
$ sudo rc-service httpd restart
```

- Done!

## Security on settings.py [SSL, HTTPS, COOKIE, etc]

```bash
# security.W004
SECURE_HSTS_SECONDS = 31536000
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True

# security.W006
SECURE_CONTENT_TYPE_NOSNIFF = True

# security.W007
SECURE_BROWSER_XSS_FILTER = True

# security.W008
SECURE_SSL_REDIRECT = True

# security.W012
SESSION_COOKIE_SECURE = True

# security.W016、security.W017
CSRF_COOKIE_SECURE = True
CSRF_COOKIE_HTTPONLY = True

# security.W019
X_FRAME_OPTIONS = 'DENY'
```

## Validation subdomain in eepsite

Uncomment in `project/urls.py`

```python
from django.urls import path
from . import views

urlpatterns = [
    path('', views.home, name="home"),
    path('filename', views.i2pfile, name='i2pfile') # eepsite
]
```

also `project/views.py`

```python
def i2pfile(request):
    return render(request, 'trabajo/filename')
```

and add `project/templates/trabajo/filename`