192 lines
3.9 KiB
Markdown
192 lines
3.9 KiB
Markdown
# Personal-site | Production [Tested on server with Hyperbola GNU + Linux-libre]
|
|
|
|
# Python dependencies
|
|
|
|
- Django
|
|
- Pillow
|
|
- psycopg2-binary
|
|
- pytz
|
|
|
|
# Production Installation
|
|
|
|
1. Clone **Personal-site**
|
|
|
|
git clone https://gitlab.com/heckyel-ng/personal-site /path/to/site
|
|
|
|
2. Run `virtualenv`.
|
|
|
|
cd /path/to/site && virtualenv ./venv/
|
|
|
|
3. Activate the virtualenv.
|
|
|
|
source ./env/bin/activate
|
|
|
|
4. Install dependencies through `pip`.
|
|
|
|
pip install -r requirements_prod.txt
|
|
|
|
# Configuration Postgres
|
|
|
|
1. Logion as postgres
|
|
|
|
sudo su - postgres
|
|
|
|
2. Create base
|
|
|
|
createdb namebase
|
|
|
|
3. Create User (place a password for our user)
|
|
|
|
createuser -P username
|
|
|
|
4. Inside the database
|
|
|
|
psql -d namebase
|
|
|
|
5. Give permissions to the created user
|
|
|
|
GRANT ALL PRIVILEGES ON DATABASE namebase TO username;
|
|
|
|
# Conecting to Postgres
|
|
|
|
1. Copy `settings.py.example` to `settings.py` and modify.
|
|
Make sure to uncomment the appropriate database section (either sqlite or
|
|
PostgreSQL).
|
|
|
|
Replace sqlite configuartion to postgres, example:
|
|
|
|
DATABASES = {
|
|
'default': {
|
|
'ENGINE': 'django.db.backends.postgresql',
|
|
'NAME': 'namebase',
|
|
'USER': 'username',
|
|
'PASSWORD': 'pass',
|
|
'HOST': '127.0.0.1',
|
|
'PORT': '5432',
|
|
}
|
|
}
|
|
|
|
2. Check syntax.
|
|
|
|
./manage.py check --deploy
|
|
|
|
3. Migrate changes.
|
|
|
|
./manage.py migrate
|
|
|
|
4. Create superUSER
|
|
|
|
./manage.py createsuperuser
|
|
|
|
|
|
# Run with Apache server and wsgi
|
|
|
|
1. Install WSGI for Apache
|
|
|
|
sudo pacman -S mod_wsgi
|
|
|
|
2. To install mod_wsgi, add the following line in `httpd.conf`, example:
|
|
|
|
sudo nano /etc/httpd/conf/httpd.conf
|
|
|
|
Added line:
|
|
|
|
LoadModule wsgi_module modules/mod_wsgi.so
|
|
|
|
3. Create vhosts, for example:
|
|
|
|
sudo emacs /etc/httpd/conf/extra/httpd-vhosts.conf
|
|
|
|
and inside write the configuration, example:
|
|
|
|
<IfModule ssl_module>
|
|
<VirtualHost *:80>
|
|
ServerAdmin example@dominio.com
|
|
ServerName example.com
|
|
ServerAlias example.com
|
|
|
|
Alias /media /path/to/site/media/
|
|
Alias /static /path/to/site/core/static/
|
|
<Directory /path/to/site/core/static>
|
|
Require all granted
|
|
</Directory>
|
|
|
|
<Directory /path/to/site/media>
|
|
Require all granted
|
|
</Directory>
|
|
|
|
<Directory /path/to/site/personalsite>
|
|
<Files wsgi.py>
|
|
Require all granted
|
|
</Files>
|
|
</Directory>
|
|
|
|
WSGIDaemonProcess personalsite python-home=/path/to/site/venv python-path=/path/to/site
|
|
WSGIProcessGroup personalsite
|
|
WSGIScriptAlias / /path/to/site/wsgi.py
|
|
|
|
</VirtualHost>
|
|
</IfModule>
|
|
|
|
4. Replace `ALLOWED_HOSTS = []`
|
|
|
|
on setting.py to:
|
|
|
|
ALLOWED_HOSTS = ["example.com", "localhost"]
|
|
|
|
5. Added on setting.py:
|
|
|
|
STATIC_ROOT = '/path/to/site/core/static'
|
|
|
|
6. Generated files static of Admin Django (you must be inside the virtualenv).
|
|
|
|
./manage.py collectstatic
|
|
|
|
7. Create the media/ directory
|
|
|
|
```
|
|
cd /path/to/personalsite
|
|
```
|
|
|
|
```
|
|
mkdir media/
|
|
```
|
|
|
|
8. Change Permition to media/ at group http
|
|
|
|
sudo chown -R http:http media/
|
|
|
|
9. Restart Apache server
|
|
|
|
sudo service httpd restart
|
|
|
|
10. Done!
|
|
|
|
# Security on settings.py [SSL, HTTPS, COOKIE, etc]
|
|
|
|
```
|
|
# security.W004
|
|
SECURE_HSTS_SECONDS = 31536000
|
|
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
|
|
SECURE_HSTS_PRELOAD = True
|
|
|
|
# security.W006
|
|
SECURE_CONTENT_TYPE_NOSNIFF = True
|
|
|
|
# security.W007
|
|
SECURE_BROWSER_XSS_FILTER = True
|
|
|
|
# security.W008
|
|
SECURE_SSL_REDIRECT = True
|
|
|
|
# security.W012
|
|
SESSION_COOKIE_SECURE = True
|
|
|
|
# security.W016、security.W017
|
|
CSRF_COOKIE_SECURE = True
|
|
CSRF_COOKIE_HTTPONLY = True
|
|
|
|
# security.W019
|
|
X_FRAME_OPTIONS = 'DENY'
|
|
```
|