The following assumes your server is running Ubuntu 20.04 and you have a user account named 'ubuntu'. However the procedure for other Linux distributions will be similar. Please not that "$" is a command prompt and does not need to be typed in.
Docker:
Install Docker and Docker Compose as per https://docs.docker.com/
Enable IPv6 in docker as per https://docs.docker.com/
Docker Containers:
$ sudo mkdir /opt/roster $ sudo chown -R ubuntu:ubuntu /opt/roster $ cd /opt/roster $ wget --no-cache https://raw.githubusercontent.com/galojix/roster-wizard/master/docker-compose.yml $ wget --no-cache https://raw.githubusercontent.com/galojix/roster-wizard/master/docker-compose.production.yml $ cp docker-compose.production.yml docker-compose.override.yml
$ touch .env
Add the following to .env (this ensures that the Docker containers run as a non-root user):
USERID=<insert a UID that is unused on the docker host> GROUPID=<insert a GID that is unused on the docker host>
Example:
USERID=12345 GROUPID=12345
$ touch .env_prod_db
Add the following to .env_prod_db (use a unique DB password and remove the <> brackets) :
POSTGRES_DB=postgres POSTGRES_USER=postgres POSTGRES_PASSWORD=<insert DB password here>
$ touch .env_prod_web
Add the following to .env_prod_web (set the secret key, DB password, domain name and URL as specified and remove the <> brackets):
DEBUG=False TOOLBAR=False SECRET_KEY=<insert any text here for now> DATABASE_URL=postgresql://postgres:<insert DB password here>@db:5432/postgres ALLOWED_HOSTS=<insert full domain name of site here> LOGLEVEL=INFO LOGFORMAT=simple LOGTOFILE=False SECURE=True CELERY_BROKER_URL=pyamqp://guest@rabbitmq// CELERY_RESULT_BACKEND=rpc:// CSRF_TRUSTED_ORIGINS=<insert full URL here (including https://)> CORS_ALLOWED_ORIGINS=<insert full URL here (including https://)>:3000
Start docker containers:
$ docker-compose up -d
Django:
$ cd /opt/roster $ docker-compose exec web python manage.py migrate $ docker-compose exec web python manage.py createsuperuser $ docker-compose exec web python manage.py collectstatic
Secret key:
Generate secret key:
$ cd /opt/roster $ docker exec -it roster_web_1 bash /roster# python manage.py shell >>> from django.core.management.utils import get_random_secret_key >>> get_random_secret_key() '<secret key will appear here>' Ctrl-D exit
Add new secret key to .env_prod_web
Restart docker containers:
$ docker-compose down $ docker-compose up -d
Nginx:
$ sudo apt install nginx $ sudo systemctl enable nginx.service $ sudo touch /etc/nginx/conf.d/<insert full domain name of site here>.conf
Add to /etc/nginx/conf.d/<insert full domain name of site here>.conf:
upstream gunicorn { server [::1]:8000; } server { listen 80; listen [::]:80; server_name <insert full domain name of site here>; location / { proxy_bind ::1; proxy_pass http://gunicorn; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_redirect off; } location /static/ { alias /opt/roster/static/; } }
$ sudo rm /etc/nginx/sites-enabled/default $ sudo nginx -t $ sudo systemctl restart nginx.service
$ sudo snap install --classic certbot $ sudo certbot --nginx
Browser:
Navigate to https://<insert_full_domain_name_of_site_here>.
Application:
Log in using the superuser account you created above.
Follow the instructions in the user guide: Roster Wizard User Guide
Private Networks
If you will be running Roster Wizard on a server in a private network, you may not wish to use DNS and SSL. Please note that if you do not use SSL, passwords will pass over the network unencrypted.
If you do not want to use DNS:
If you do not wish to use SSL: