-
Notifications
You must be signed in to change notification settings - Fork 64
Ubuntu 16.04
These instructions were written for Ubuntu 16.04 LTS, but they should be adaptable for other versions.
This installation method is not recommended unless you have a particular use case. Docker is the most widely used installation method.
We are going to run Sal using the Gunicorn server - this is a server that is designed to run Python apps, and will sit behind your web server (nginx). We are also going to set up the PostgreSQL database for Sal.
First off, let's get Python and PostgreSQL installed.
$ sudo apt-get update
$ sudo apt-get install python-pip python-dev software-properties-common libpq-dev postgresql postgresql-contrib git libffi-dev nginx
Next off is to set up the database and the user that Sal will connect to it with. First switch to the postgres
user and then log into PostgreSQL
$ sudo su - postgres
$ psql
Now we can create the database by typing:
CREATE DATABASE sal;
And you can choose your own username and password here:
CREATE USER sal_admin WITH PASSWORD 'sal_password';
Finally, give them permissions and quit, and exit out of the postgres
user:
GRANT ALL PRIVILEGES ON DATABASE sal TO sal_admin;
\q
exit
Now we're going to install pip and create the virtual environment for Sal to run.
$ sudo pip install virtualenv
And now we need to set up a service user (as it's bad form to run these things as root)
$ sudo useradd -M sal_user
$ sudo usermod -L sal_user
Finally, let's make somewhere for our stuff to live and make our service account the user:
$ sudo mkdir -p /usr/local/sal_install
$ sudo chown sal_user /usr/local/sal_install
Now elevate yourself to root and switch to the sal_user:
$ sudo -i
$ su - sal_user
Let's create the virtualenv and activate it:
$ cd /usr/local/sal_install
$ virtualenv sal_env
$ source sal_env/bin/activate
Now let's download the latest release of Sal (please refer to the releases for the latest version number):
$ git clone https://github.com/salopensource/sal.git
$ cd sal
$ git checkout tags/3.0.3
Install Sal's dependencies:
$ pip install -r requirements.txt
We need to make a copy of the default settings file and open it in a text editor (I like nano, you can use whatever you want)
$ cp sal/example_settings.py sal/settings.py
$ nano sal/settings.py
You will see a section for configuring your database. Make it look like the below:
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql_psycopg2',
'NAME': 'sal',
'USER': 'sal_admin',
'PASSWORD': 'sal_password',
'HOST': 'localhost',
'PORT': '',
}
}
Now we can populate the database:
$ python manage.py migrate
$ python manage.py collectstatic
And create the admin user:
$ python manage.py createsuperuser
We're done with our service account for now, so let's go back to root:
$ deactivate
$ exit
As mentioned previously, we're using Gunicorn to run the app behind a web server. In your favourite editor, open up /etc/systemd/system/gunicorn.service
, and make it look like the below.
You should change the number of workers to be the number of cores in your server + 1 (e.g. 3 workers for a 2 core server).
[Unit]
Description=gunicorn daemon
After=network.target
[Service]
User=sal_user
Group=www-data
WorkingDirectory=/usr/local/sal_install/sal
ExecStart=/usr/local/sal_install/sal_env/bin/gunicorn --workers 3 -b 127.0.0.1:8000 sal.wsgi:application
[Install]
WantedBy=multi-user.target
Now we need to start the service, and enable it so it will start at boot:
sudo systemctl start gunicorn
sudo systemctl enable gunicorn
It is recommended that if you're setting up from scratch, you should use nginx. Only use Apache if you are integrating with an existing install. This config will only set you up to use HTTP.
It is recommended you get set up with SSL though - Digital Ocean has a great tutorial on that.
This is assuming your server has the hostname sal.example.com
.
$ sudo apt-get install nginx
And let's configure nginx.
$ sudo nano /etc/nginx/sites-available/sal.conf
And make it look like:
server {
listen 80;
server_name sal.example.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
alias /usr/local/sal_install/sal/static/;
}
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
port_in_redirect off;
proxy_connect_timeout 300s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
}
}
If Sal is the only app running on this server, you could make the section just inside the server block look like:
server {
listen 80 default_server;
server_name _;
# More things down here...
Now finally we need to activate the nginx configuration:
$ sudo ln -s /etc/nginx/sites-available/sal.conf /etc/nginx/sites-enabled/sal.conf
And remove the default nginx configuration:
$ sudo rm /etc/nginx/sites-enabled/default
Now to restart the nginx service:
$ sudo systemctl restart nginx
And open up port 80 on the firewall.
$ sudo ufw allow 'Nginx Full'
Finally, we need to set up the task in cron to perform the search maintenance. Assuming you haven't changed any paths, you can just use the script in setup/search_maint.sh
- if you have, you will need to update the paths to reflect what you have changed them to.
sudo contab -e
And add in:
*/5 * * * * sal_user /usr/local/sal_install/sal/setup/search_maint.sh > /dev/null 2>&1
An example configuration file for Nginx with Letsencrypt could look something like this:
Where sal.example.com is the FQDN (/website address) of your site.
server {
listen 80;
server_name _;
location / {
return 301 https://$server_name$request_uri;
}
}
server {
server_name _;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_certificate /etc/letsencrypt/live/sal.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sal.example.com/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/sal.example.com/chain.pem;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
location /.well-known/acme-challenge {
root /var/www/letsencrypt;
}
location /static/ {
alias /usr/local/sal_install/sal/static/;
}
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
port_in_redirect off;
proxy_connect_timeout 300s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
}
}
Updating to the latest version of Sal follows almost all of the parts under the 'Setting up Python' section.
Start by elevating to root, and switching to the sal_user:
sudo -i
su - sal_user
Change to the sal_install directory
cd /usr/local/sal_install/
Activate the sal_env
source sal_env/bin/activate
Ensure you are in the sal/ directory
cd sal/
Run Git pull to get the latest code
git pull https://github.com/salopensource/sal.git
Make sure you have the right pip dependencies
$ pip install -r requirements.txt
Migrate the database to enable new columns
cd /usr/local/sal_install/sal
source ../sal_env/bin/activate
python manage.py migrate
Refresh Sal in your browser and check that the version has changed.
- Brute force protection
- LDAP integration
- Active Directory integration
- API
- Usage reporting
- License Management
- Maintenance
- Search
- Troubleshooting
- SAML
- IAM Authentication for AWS RDS Postgres
- Docker
- Ubuntu 14.04
- Ubuntu 16.04
- RHEL 7
- Kubernetes
- Heroku?