Roster Wizard Production Environment

How to Install a Roster Wizard Production Environment

How to Install a Roster Wizard Production Environment

The following assumes your server is running Ubuntu 20.04 and you have a user account named 'ubuntu'. However the procedure for other Linux distributions will be similar. Please not that "$" is a command prompt and does not need to be typed in.

Docker:

Install Docker and Docker Compose as per https://docs.docker.com/

Enable IPv6 in docker as per https://docs.docker.com/

Docker Containers:

$ sudo mkdir /opt/roster
$ sudo chown -R ubuntu:ubuntu /opt/roster
$ cd /opt/roster
$ wget --no-cache https://raw.githubusercontent.com/galojix/roster-wizard/master/docker-compose.yml
$ wget --no-cache https://raw.githubusercontent.com/galojix/roster-wizard/master/docker-compose.production.yml
$ cp docker-compose.production.yml docker-compose.override.yml
$ touch .env

Add the following to .env (this ensures that the Docker containers run as a non-root user):

USERID=<insert a UID that is unused on the docker host>
GROUPID=<insert a GID that is unused on the docker host>

Example:

USERID=12345
GROUPID=12345
$ touch .env_prod_db

Add the following to .env_prod_db (use a unique DB password and remove the <> brackets) :

POSTGRES_DB=postgres
POSTGRES_USER=postgres
POSTGRES_PASSWORD=<insert DB password here>
$ touch .env_prod_web

Add the following to .env_prod_web (set the secret key, DB password, domain name and URL as specified and remove the <> brackets):

DEBUG=False
TOOLBAR=False
SECRET_KEY=<insert any text here for now>
DATABASE_URL=postgresql://postgres:<insert DB password here>@db:5432/postgres
ALLOWED_HOSTS=<insert full domain name of site here>
LOGLEVEL=INFO
LOGFORMAT=simple
LOGTOFILE=False
SECURE=True
CELERY_BROKER_URL=pyamqp://guest@rabbitmq//
CELERY_RESULT_BACKEND=rpc://
CSRF_TRUSTED_ORIGINS=<insert full URL here (including https://)>
CORS_ALLOWED_ORIGINS=<insert full URL here (including https://)>:3000

Start docker containers:

$ docker-compose up -d

Django:

$ cd /opt/roster
$ docker-compose exec web python manage.py migrate
$ docker-compose exec web python manage.py createsuperuser
$ docker-compose exec web python manage.py collectstatic

Secret key:

Generate secret key:

$ cd /opt/roster
$ docker exec -it roster_web_1 bash
/roster# python manage.py shell
>>> from django.core.management.utils import get_random_secret_key
>>> get_random_secret_key()
'<secret key will appear here>'
Ctrl-D
exit

Add new secret key to .env_prod_web

Restart docker containers:

$ docker-compose down
$ docker-compose up -d

Nginx:

$ sudo apt install nginx
$ sudo systemctl enable nginx.service
$ sudo touch /etc/nginx/conf.d/<insert full domain name of site here>.conf

Add to /etc/nginx/conf.d/<insert full domain name of site here>.conf:

upstream gunicorn {
    server [::1]:8000;
}
 
server {
 
    listen 80;
    listen [::]:80;
    server_name <insert full domain name of site here>;
 
    location / {
        proxy_bind ::1;
        proxy_pass http://gunicorn;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_redirect off;
    }
 
    location /static/ {
        alias /opt/roster/static/;
    }

}
$ sudo rm /etc/nginx/sites-enabled/default
$ sudo nginx -t
$ sudo systemctl restart nginx.service

Certbot:

This will make nginx SSL only

Install certbot as per https://certbot.eff.org/instructions:

$ sudo snap install --classic certbot
$ sudo certbot --nginx

Browser:

Navigate to https://<insert_full_domain_name_of_site_here>.

Application:

Log in using the superuser account you created above.

Follow the instructions in the user guide: Roster Wizard User Guide

Private Networks

If you will be running Roster Wizard on a server in a private network, you may not wish to use DNS and SSL. Please note that if you do not use SSL, passwords will pass over the network unencrypted.

If you do not want to use DNS:

  1. Replace "full domain name of site" with whatever host name you choose.
  2. Add the host name in the hosts file of each workstation that will be accessing Roster Wizard.

If you do not wish to use SSL:

  1. Skip the Certbot installation step.
  2. Edit .env_prod_web and change the setting for SECURE to False.
  3. Restart the docker containers.