- Make sudoer account if needed.
- Stay authenticated as root from sudoer account:
sudo -s - Lock root account:
passwd -l root - Edit SSH config:
nano /etc/ssh/sshd_config- Disable RootLogin and change SSH port if desired.
- Setup an SSH key and disable PasswordAuthentication.
- Install Nginx:
apt install -y nginx - Configure firewall:
ufw allow [YOUR-SSH-PORT]; ufw allow 'Nginx Full' - Start firewall:
ufw enable - Install dependencies needed to compile uWSGI later:
apt install build-essential gcc python3-dev - Make user account for the app:
adduser --system --home /srv/website website
- Switch to
websiteuser and directory:sudo -su website && cd ~website - Clone repo from GitHub:
git clone https://github.com/tassaron/muffin-shop - Install nvm
- Install latest NodeJS:
nvm install node - Run
npm installto create a giganticnode_modulesdirectory because ya gotta have a giganticnode_modulesdirectory - Run
npm run buildto compile the React components intostatic/js/dist/bundle.js - Make Python virtual environment:
python3 -m venv env - Activate virtual environment:
source env/bin/activate - Install using Pip:
pip install .
- Be the
websiteuser with venv active - Copy template for
.envfile:cp .env.example .env - Edit
.envto setSITE_NAME - Each instance has a
configandstatictree which is decided byCONFIG_PATHin.env - Example:
CONFIG_PATH=config/client/<instance_name> - Create instance directories by copying
config/client/skelto the aforementioned config dir - Create
static/client/<instance_name>for static assets - Customize
config/client/<instance_name>/modules.json,config/client/<instance_name>/markdown/about.md, etc. as needed - Set any other variables in
.envas needed for the modules enabled- For example, you need to set
STRIPE_variables to take payments for a shop module - The security of your
.envfile is very important. It should not be readable by anonymous Unix users nor be committed to source control
- For example, you need to set
- Customize HTML inside
config/client/<instance_name>/templatesas needed.
- Be the
websiteuser with venv active - Install pytest with
pip install pytest. - Run tests without hitting APIs:
pytest -k 'not payment and not email'- If your
EMAIL_API_KEYis undefined/empty, it is safe to run the email tests (emails will be printed in the log instead of being sent) - If you have a testing API key or
STRIPE_API_KEYis undefined/empty, then payment tests can be included. - Do not run payment tests with a production API key.
- If your
- Be the
websiteuser with venv active - Initialize app with
python3 scripts/manage.py init(optional; this creates a secret key but the app also creates one if it's missing) - Make database:
python3 scripts/database.py new. Copy the admin user's password (change it later using the website)
- Be the sudo user again (exit from website user if following chronologically)
- Edit your domain name into this file:
nano install/website.nginx - Edit
install/website.serviceandinstall/huey.serviceif the website directory is not/srv/website/ - Set permissions:
chown -R website:nogroup /srv/website; chmod -R 644 /srv/website - Place Nginx config:
cp install/website.nginx /etc/nginx/sites-available/<instance_name>.nginx- Standard practice is to name Nginx config files after the domain name, so you may want to do that instead
- Enable Nginx config:
ln -s /etc/nginx/sites-available/website.nginx /etc/nginx/sites-enabled/website.nginx - Delete default Nginx config:
rm /etc/nginx/sites-enabled/default - Place Systemd units:
cp install/*.service /etc/systemd/system - Start uWSGI service:
systemctl start website.service - Start Huey consumer service:
systemctl start huey.service - Restart Nginx:
systemctl restart nginx - Enable the services to start at boot:
systemctl enable website.service huey.service
- Use Certbot to get an SSL cert that renews automatically, which also has a handy option to convert the Nginx config for you.
- If you get a 500 error, double-check that
/srv/website/website.sockis owned by thewww-datagroup