Roster Wizard Production Environment

How to Install a Roster Wizard Production Environment

How to Install a Roster Wizard Production Environment

The following assumes your server is running Ubuntu 22.04 LTS and you have a user account named 'ubuntu'. However the procedure for other Linux distributions will be similar.


Install Docker Engine as per

Follow Linux post installation steps for Docker Engine as per

Install Docker Compose as per

Enable IPv6 in docker as per

Docker Containers:

sudo mkdir /opt/roster
sudo chown -R ubuntu:ubuntu /opt/roster
cd /opt/roster
wget --no-cache
wget --no-cache
cp docker-compose.production.yml docker-compose.override.yml
touch .env

Add the following to .env (this ensures that the Docker containers run as a non-root user):

USERID=<insert a UID that is unused on the docker host>
GROUPID=<insert a GID that is unused on the docker host>


mkdir -p /opt/roster/static

Using the same USERID and GROUPID as above:

sudo chown -R <insert USERID here>:<insert GROUPID here> /opt/roster/static


sudo chown -R 12345:12345 /opt/roster/static
touch .env_prod_db

Add the following to .env_prod_db (use a unique DB password and remove the <> brackets) :

POSTGRES_PASSWORD=<insert DB password here>
touch .env_prod_web

Add the following to .env_prod_web (set the secret key, DB password, domain name and URL as specified and remove the <> brackets):

SECRET_KEY=<insert any text here for now>
DATABASE_URL=postgresql://postgres:<insert DB password here>@db:5432/postgres
ALLOWED_HOSTS=<insert full domain name of site here>
CSRF_TRUSTED_ORIGINS=<insert full URL here (including https://)>
CORS_ALLOWED_ORIGINS=<insert full URL here (including https://)>

Start docker containers:

docker compose up -d


Make sure you specify an email address when creating the super user. This is the user account that has full access to the roster.

cd /opt/roster
docker compose exec web python migrate
docker compose exec web python createsuperuser
docker compose exec web python collectstatic

Secret key:

Generate secret key:

cd /opt/roster
docker exec -it roster-web-1 bash
python shell
from import get_random_secret_key
'<secret key will appear here>'

Add new secret key to .env_prod_web

Restart docker containers:

docker compose down
docker compose up -d


sudo apt install nginx
sudo systemctl enable nginx.service
sudo touch /etc/nginx/conf.d/<insert full domain name of site here>.conf

Add to /etc/nginx/conf.d/<insert full domain name of site here>.conf:

upstream gunicorn {
    server [::1]:8000;
server {
    listen 80;
    listen [::]:80;
    server_name <insert full domain name of site here>;

    if ( $host !~* ^(<insert full domain name of site here>)$ ) {
    return 444;
    location / {
        proxy_bind ::1;
        proxy_pass http://gunicorn;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_redirect off;
    location /static/ {
        alias /opt/roster/static/;

sudo rm /etc/nginx/sites-enabled/default
sudo nginx -t
sudo systemctl restart nginx.service


This will make nginx SSL only

Install certbot as per

sudo snap install --classic certbot
sudo certbot --nginx

Host System Tuning:

Add the following to the bottom of /etc/sysctl.conf and reboot:

vm.overcommit_memory = 1


Navigate to https://<insert_full_domain_name_of_site_here>.


Log in using the superuser account you created above.

Follow the instructions in the user guide: Roster Wizard User Guide

Private Networks:

If you will be running Roster Wizard on a server in a private network, you may not wish to use DNS and SSL. Please note that if you do not use SSL, passwords will pass over the network unencrypted.

If you do not want to use DNS:

  1. Replace "full domain name of site" with whatever host name you choose.
  2. Add the host name in the hosts file of each workstation that will be accessing Roster Wizard.

If you do not wish to use SSL:

  1. Skip the Certbot installation step.
  2. Edit .env_prod_web and change the setting for SECURE to False.
  3. Restart the docker containers.