personal-site/HACKING.md

Personal-site | Production [Tested on server with Hyperbola GNU + Linux-libre]

Python dependencies

• Django
• Pillow
• psycopg2-binary
• pytz

Production Installation

1. Clone Personal-site

    git clone https://gitlab.com/heckyel-ng/personal-site /path/to/site
   

2. Run virtualenv.

    cd /path/to/site && virtualenv ./venv/
   

3. Activate the virtualenv.

    source ./env/bin/activate
   

4. Install dependencies through pip.

    pip install -r requirements_prod.txt
   

Configuration Postgres

1. Logion as postgres

    sudo su - postgres
   

2. Create base

    createdb namebase
   

3. Create User (place a password for our user)

    createuser -P username
   

4. Inside the database

    psql -d namebase
   

5. Give permissions to the created user

    GRANT ALL PRIVILEGES ON DATABASE namebase TO username;
   

Conecting to Postgres

1. Copy settings.py.example to settings.py and modify. Make sure to uncomment the appropriate database section (either sqlite or PostgreSQL).

   Replace sqlite configuartion to postgres, example:

    DATABASES = {
        'default': {
            'ENGINE': 'django.db.backends.postgresql',
            'NAME': 'namebase',
            'USER': 'username',
            'PASSWORD': 'pass',
            'HOST': '127.0.0.1',
            'PORT': '5432',
        }
    }
   

2. Check syntax.

    ./manage.py check --deploy
   

3. Migrate changes.

    ./manage.py migrate
   

4. Create superUSER

    ./manage.py createsuperuser
   

Run with Apache server and wsgi

1. Install WSGI for Apache

    sudo pacman -S mod_wsgi
   

2. To install mod_wsgi, add the following line in httpd.conf, example:

    sudo nano /etc/httpd/conf/httpd.conf
   

   Added line:

    LoadModule wsgi_module modules/mod_wsgi.so
   

3. Create vhosts, for example:

    sudo emacs /etc/httpd/conf/extra/httpd-vhosts.conf
   

   and inside write the configuration, example:

    <IfModule ssl_module>
        <VirtualHost *:80>
            ServerAdmin example@dominio.com
            ServerName example.com
            ServerAlias example.com
   
            Alias /media /path/to/site/media/
            Alias /static /path/to/site/core/static/
        <Directory /path/to/site/core/static>
            Require all granted
        </Directory>
   
        <Directory /path/to/site/media>
            Require all granted
        </Directory>
   
        <Directory /path/to/site/personalsite>
            <Files wsgi.py>
                Require all granted
            </Files>
        </Directory>
   
        WSGIDaemonProcess personalsite python-home=/path/to/site/venv python-path=/path/to/site
        WSGIProcessGroup personalsite
        WSGIScriptAlias / /path/to/site/wsgi.py
   
        </VirtualHost>
    </IfModule>
   

4. Replace ALLOWED_HOSTS = []

   on setting.py to:

    ALLOWED_HOSTS = ["example.com", "localhost"]
   

5. Added on setting.py:

    STATIC_ROOT = '/path/to/site/core/static'
   

6. Generated files static of Admin Django (you must be inside the virtualenv).

    ./manage.py collectstatic
   

7. Create the media/ directory

    ```
    cd /path/to/personalsite
    ```
   
    ```
    mkdir media/
    ```
   

8. Change Permition to media/ at group http

    sudo chown -R http:http media/
   

9. Restart Apache server

    sudo service httpd restart
   

10. Done!

Security on settings.py [SSL, HTTPS, COOKIE, etc]

# security.W004
SECURE_HSTS_SECONDS = 31536000
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True

# security.W006
SECURE_CONTENT_TYPE_NOSNIFF = True

# security.W007
SECURE_BROWSER_XSS_FILTER = True

# security.W008
SECURE_SSL_REDIRECT = True

# security.W012
SESSION_COOKIE_SECURE = True

# security.W016、security.W017
CSRF_COOKIE_SECURE = True
CSRF_COOKIE_HTTPONLY = True

# security.W019
X_FRAME_OPTIONS = 'DENY'