Skip to content

Deployment

Jump to bottom
sachin soman edited this page Jul 21, 2020 · 16 revisions

Deployment is tough for me not going to lie so this page will not be the definitive guide to deployment but rather a documentation of all stuff I tried doing to get Django working the first step is trying to get it deployed in Ucd server.

Ucd Linux Server

Step 1:
First step I tried to do was to update all the packages and security patches using the command

apt-get update && apt-get upgrade

I did not have the privilege for it so might use sudo and see if it will work but that will be only in later stage. Next I change the host name by using the command

hostnamectl set-hostname dublin-bus

To change the hostname to dublin-bus. If we type 'hostname' now it should display 'dublin-bus'.

Step 2:
Set host name Next we got /etc/ and edit the host file. The backup file is like this:

127.0.0.1	localhost
127.0.1.1	mastervm-c-ryan.ucd.ie	mastervm-c-ryan

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

The edited file is like this

127.0.0.1	localhost
127.0.1.1	mastervm-c-ryan.ucd.ie	mastervm-c-ryan
137.43.49.25	dublin-bus
# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

To edit is to add our server IP name then host-name so we add 137.43.49.25 dublin-bus. If the edit requires root address add sudo vim filename.

Step 3:
Usually, we should create a new user who doesn't have admin privileges but since we are using UCD server we are already are user will less privilage. To create new user type

adduser user_name

and follow the prompts. then to allow new user to use sudo we use

adduser user_name sudo

Now logout and login as a new user using ssh

Step 4:
SSH login via key authentication We need to do key-based authentication as it is faster and safer as it cannot be brute-forced and much more convenient.Also good for running remote scripts. Go to home folder and make a directory called '.ssh'

mkdir -p ~/.ssh

Now if we do 'ls -la' we see that .ssh folder is made in home directory.

Now open up your local terminal in your local machine and type the following commands

ssh-keygen -b 4096

4096 makes the stuff more secure now it will ask location to save I'll leave it in default location and then it will ask for a passphrase we can use anything but I decided to leave it blank and it will generate all the stuff.

and we see this

Your identification has been saved in /Users/sachinsoman/.ssh/id_rsa. ---> the private ket
Your public key has been saved in /Users/sachinsoman/.ssh/id_rsa.pub. ---> public key

So we need to put our public key in the server so that we can log in to the server without a password. Now we need to send the public key to the server we can do this using 'scp' command

so it will be

scp ~/.ssh/id_rsa.pub student@137.43.49.25:~/.ssh/authorized_keys

so SCP our local host location of public key then our server username@ip_address:location where we store it. This will upload the document to given location. After that, we need to set the permissions. We need to give the owner of the directory read, write and execute permission while the file will have read, write permissions. so we execute

700 ~/.ssh
600 ~/.ssh/*

where hundredth place stands for the owner, tens place stands for group and ones place stands for everyone else (700) Now we can log in without any password. Now we can disable password-based authentication but it is not a good idea as we have other members using the server. But for knowledge sake we will put it here. We can do that by configuring ssh config file.

So

vim /etc/ssh/sshd_config

and change two stuff

  1. PermitRootLogin yes to no
  2. PasswordAuthentication set to no (it is initially commented first uncomment it)

Set-up Firewall

Install ufw (uncomplicated fire wall) 
sudo apt-get install ufw

I will not make any firewall changes until talking to the admin as I don't want to lock everyone out but what we should do is first allow outgoing and allow ssh and http otherwise we lock ourself out.

sudo ufw default allow outgoing
sudo ufw default deny incomming
sudo ufw allow ssh

Later we will allow http over the port 80.

Also for testing we can have ufw allow port 8000 (sudo ufw allow 8000)

To enable all the stuff do

sudo ufw enable

Quick tip use

sudo ufw status

to see all available ports we will use port 8000 for testing.

Part 2

Now we push our application before that we generate a requirments.txt and use it to install all dependencies so activate the environment then

pip freeze > requirments.txt

Now use scp to upload the files

scp -r dublin_bus_official student@137.43.49.25:~/

so scp recursive take directory dublin_bus_official and paste it to our vm

Now install python and python venv

sudo apt-get install python3-pip
sudo apt-get install python3-venv

NOTE in our case we needed to install venv for python 3.7

apt install python3.7-venv

now run

python3 -m venv dublin_bus_official/venv

Ie create a environment call venv in dublin_bus_official, We can install venv where ever we want. Now activate our environment with

source venv/bin/activate

Now run pip install using our requirments.txt by

pip install -r requirements.txt

May need to run sudo apt-get install python3.6-gdbm and pip install pandas Now we need to do some modifications to our djangos settings.py so vim there go to allowed host and put it in a string format.so ALLOWED_HOSTS = ['137.43.49.25'] now add this line STATIC_ROOT = os.path.join(BASE_DIR,'static') after that run python manage.py collectstatic

Now finally run

python manage.py runserver 0.0.0.0:8000

Now go to browser and put ipaddress:8000 and voila we have website yaay!!!

Part 3

Now the deployment above was on django server for development purposes. We need to use something like Apache or Nginx for real deployment. Step 1:

we will start of by installing Apache2. so

sudo apt-get install apache2

Step 2:

Now install mod-wsgi by

sudo apt-get install libapache2-mod-wsgi-py3

Now we need to configure apache server. Now cd /etc/apache2/sites-available/ this is where all the cofigs are store if we look at the files there are already some default files present there we will just create another file by copying one of the configs

sudo cp 000-default.conf django_dublin_bus.conf

we will edit it using vim so vim django_dublin_bus.conf

we see something like this in the beginning <VirtualHost *:80> this means port 80 is used for http so whenever we put ip address of our server we will follow the following rules. It is a handful so I will write it line by line with explanation and then the final config file itself.

so all the things we about add is just above </VirtualHost> The first thing we going to do is add an alias to our static file so it is

Alias /static /home/student/dublin_bus_offical/django_server/dublin_bus/static

So go to our project directory where our static file is located. Now provide permission for the files by writting the following lines of codes.

<Directory /home/student/dublin_bus_offical/django_server/dublin_bus/static>
Require all granted
  </Directory>

Next, we need to do something similar for our media folder as well

Alias /media /home/student/dublin_bus_offical/django_server/dublin_bus/media
  <Directory /home/student/dublin_bus_offical/django_server/dublin_bus/media>
Require all granted
  </Directory>

Next, we need to give access to the wsgi.py file. As Apache is going to talk to our app via wsgi.py file. so that will be

<Directory /home/student/dublin_bus_offical/django_server/dublin_bus/dublin_bus>
    <Files wsgi.py>
        Require all granted
    </Files>
  </Directory>

Now we need to say how we are going to handle the wsgi. As per Django docs DAEMON mode is the preferred method

WSGIScriptAlias / /home/student/dublin_bus_offical/django_server/dublin_bus/dublin_bus/wsgi.py
# dublin_bus will be the process name
#venv points to location of virtual environment
WSGIDaemonProcess dublin_bus python-path=/home/student/dublin_bus_official/django_server python-home=/home/student/dublin_bus_official/venv
#process group will same as daemon process
WSGIProcessGroup dublin_bus

so the full thing would look like this

Alias /static /home/student/dublin_bus_offical/django_server/dublin_bus/static
  <Directory /home/student/dublin_bus_offical/django_server/dublin_bus/static>
        Require all granted
  </Directory>

Alias /media /home/student/dublin_bus_offical/django_server/dublin_bus/media
  <Directory /home/student/dublin_bus_offical/django_server/dublin_bus/media>
        Require all granted
  </Directory>

  <Directory /home/student/dublin_bus_offical/django_server/dublin_bus/dublin_bus>
    <Files wsgi.py>
        Require all granted
    </Files>
  </Directory>

        WSGIScriptAlias / /home/student/dublin_bus_offical/django_server/dublin_bus/dublin_bus/wsgi.py
        WSGIDaemonProcess dublin_bus python-path=/home/student/dublin_bus_official/django_server python-home=/home/student/dublin_bus_official/venv
        WSGIProcessGroup dublin_bus

Next, save the document and run the config file to enable the site through apache so apache2 enable site the project

sudo a2ensite django_dublin_bus.conf

After that disable default site by running which is 000-default and we saw it to had a config file

sudo a2dissite 000-default

Next we need to give access for apache to our other resources like our database, media folder with read and write permission.

sudo chown :www-data /home/student/dublin_bus_official/django_server/dublin_bus/db.sqlite3

chown changes the owner of the directory www-data is the apache user. Basically make apache the group owner on the file

after that chnage permission

sudo chmod 664 /home/student/dublin_bus_official/django_server/dublin_bus/db.sqlite3

Next change owner of entire project directory by

sudo chown :www-data dublin_bus_official/

We need to do this for media folder and static files as well.

sudo chown -R :www-data /home/student/dublin_bus_official/django_server/dublin_bus/media/
sudo chmod -R 775 /home/student/dublin_bus_official/django_server/dublin_bus/media

this will allow apach to write and read from media folder (-R for recursive)

Next we need to do the configuration for environment variable but we will write a config file instead. so make it

sudo touch /etc/config.json

Go to our settings.py in django_project and look for secret key and remove the secret key from the file to make the setting look like this SECRET_KEY =''.

Now go back to the config.json and write

{

        "SECRET_KEY":"YOUR_KEY"
}

Now vim into settings.py and add the following to load the json file

import json

with open('/etc/config.json') as config_file:
    config = json.load(config_file)

and set your secret key as follows

SECRET_KEY = config['SECRET_KEY']

Diable port 8000

sudo ufw delete allow 8000

restart apache server

sudo service apache2 restart

Read log files

sudo tail /var/log/apache2/error.log
  1. Django installation
  2. Django Project creation
  3. Package Directories
  4. Hello,World
  5. Setting up projects
  6. Routing
  7. Templating
  8. Django templating Engine syntax
  9. Passing variable to template
  10. Template inheritance
  11. Static file linking
  12. Admin page
  13. Django ORM
  14. Making DB
  15. ORM based queries
  16. Django Model set
  17. Use of ORM DB with Django
Clone this wiki locally