Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 01615e2

Browse files
mosenmosen
committed
expanded on the ubuntu guide
1 parent 55b6f89 commit 01615e2

1 file changed

Lines changed: 108 additions & 73 deletions

File tree

doc/installing/ubuntu-server.rst

Lines changed: 108 additions & 73 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ This guide assumes you are a regular user who is part of the sudoers group.
99

1010
Install packages::
1111

12+
sudo apt-get update
1213
sudo apt install -y python3 python3-venv nginx uwsgi uwsgi-plugin-python3 nodejs npm pipenv
1314

1415
Clone the project into /var/www::
@@ -18,14 +19,14 @@ Clone the project into /var/www::
1819
Install backend dependencies::
1920

2021
$ cd /var/www/commandment
21-
$ python3 -m venv virtualenv
22+
$ sudo python3 -m venv virtualenv
2223
$ . ./virtualenv/bin/activate
23-
(virtualenv)$ pipenv --python /usr/bin/python3 install
24+
(virtualenv)$ sudo -E pipenv --python /usr/bin/python3 install
2425

2526
Install frontend dependencies::
2627

2728
$ cd /var/www/commandment/ui
28-
$ npm install
29+
$ sudo npm install
2930

3031
2. Backend
3132
----------
@@ -40,26 +41,29 @@ Create a new uWSGI configuration in /etc/uwsgi/apps-available/commandment.ini
4041
If you are following this guide use the template below, which you can adjust later if you want to move locations of
4142
various components::
4243

43-
[uwsgi]
44-
base = /var/www/commandment
45-
pythonpath = %(base)
46-
module = commandment:create_app()
44+
cat <<EOF |sudo tee /etc/uwsgi/apps-available/commandment.ini
4745

48-
home = /var/www/commandment/virtualenv
49-
plugins = python3
46+
[uwsgi]
47+
base = /var/www/commandment
48+
pythonpath = %(base)
49+
module = commandment:create_app()
5050

51-
env = COMMANDMENT_SETTINGS=/var/www/commandment/settings.cfg
52-
master = true
53-
processes = 4
54-
enable-threads = true
51+
home = /var/www/commandment/virtualenv
52+
plugins = python3
5553

56-
socket = /var/run/uwsgi-commandment.sock
57-
chmod-socket = 660
54+
env = COMMANDMENT_SETTINGS=/var/www/commandment/settings.cfg
55+
master = true
56+
processes = 4
57+
enable-threads = true
5858

59-
die-on-term = true
59+
socket = /var/run/uwsgi-commandment.sock
60+
chmod-socket = 660
6061

61-
# Use this log to debug startup or app failures
62-
logto = /var/log/uwsgi/app/commandment.log
62+
die-on-term = true
63+
64+
# Use this log to debug startup or app failures
65+
logto = /var/log/uwsgi/app/commandment.log
66+
EOF
6367

6468

6569
Symlink to **apps-enabled**::
@@ -68,77 +72,108 @@ Symlink to **apps-enabled**::
6872

6973
Verify that the backend actually starts::
7074

71-
systemctl restart uwsgi
75+
$ sudo systemctl restart uwsgi
76+
$ sudo tail -f /var/log/uwsgi/app/commandment.log
77+
78+
You will see errors about the settings file missing, because we haven't configured commandment yet!
79+
You should at least see something like::
80+
81+
Sun Jun 9 12:55:41 2019 - spawned uWSGI master process (pid: 13435)
82+
Sun Jun 9 12:55:41 2019 - spawned uWSGI worker 1 (pid: 13442, cores: 1)
83+
7284

7385
2.2 NGiNX
7486
^^^^^^^^^
7587

76-
Configure NGiNX to pass requests to uWSGI.
88+
Configure NGiNX to pass requests to uWSGI (if backend is required), or static assets (for frontend).
7789

7890
Decide on a DNS name for your installation. This will later require certificates, and your devices cannot be moved without
79-
re-enrollment. So it's going to be a pain to change.
91+
re-enrollment. So it's going to be a pain to change. For a sandbox LAN install you might even choose a bonjour name
8092

8193
Generate a self-signed or properly signed SSL certificate for your fqdn.
8294

8395
Add an NGiNX configuration accordingly to /etc/nginx/sites-available/commandment.conf, using the following as a guide::
8496

85-
server {
86-
listen 443 ssl;
87-
ssl_certificate /etc/ssl/certs/commandment.crt;
88-
ssl_certificate_key /etc/ssl/private/commandment.key;
89-
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
90-
91-
root /var/www/commandment/commandment/static;
92-
index index.html;
93-
94-
access_log /var/log/nginx/commandment-access.log;
95-
error_log /var/log/nginx/commandment-error.log;
96-
97-
location /api {
98-
include uwsgi_params;
99-
uwsgi_param HTTP_X_CLIENT_CERT $ssl_client_cert;
100-
uwsgi_pass unix:/var/run/uwsgi-commandment.sock;
101-
}
102-
103-
location /enroll {
104-
include uwsgi_params;
105-
uwsgi_param HTTP_X_CLIENT_CERT $ssl_client_cert;
106-
uwsgi_pass unix:/var/run/uwsgi-commandment.sock;
107-
}
108-
109-
location /checkin {
110-
include uwsgi_params;
111-
uwsgi_param HTTP_X_CLIENT_CERT $ssl_client_cert;
112-
uwsgi_pass unix:/var/run/uwsgi-commandment.sock;
113-
}
114-
115-
location /mdm {
116-
include uwsgi_params;
117-
uwsgi_param HTTP_X_CLIENT_CERT $ssl_client_cert;
118-
uwsgi_pass unix:/var/run/uwsgi-commandment.sock;
119-
}
120-
121-
location /scep {
122-
include uwsgi_params;
123-
uwsgi_param HTTP_X_CLIENT_CERT $ssl_client_cert;
124-
uwsgi_pass unix:/var/run/uwsgi-commandment.sock;
125-
}
126-
127-
location / {
128-
try_files $uri /index.html;
129-
}
130-
131-
location /static {
132-
alias /var/www/commandment/commandment/static;
133-
}
134-
}
97+
cat <<"EOF" |sudo tee /etc/nginx/sites-available/commandment.conf
98+
server {
99+
listen 443 ssl;
100+
ssl_certificate /etc/ssl/certs/commandment.crt;
101+
ssl_certificate_key /etc/ssl/private/commandment.key;
102+
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
103+
104+
root /var/www/commandment/commandment/static;
105+
index index.html;
106+
107+
access_log /var/log/nginx/commandment-access.log;
108+
error_log /var/log/nginx/commandment-error.log;
109+
110+
location /api {
111+
include uwsgi_params;
112+
uwsgi_param HTTP_X_CLIENT_CERT $ssl_client_cert;
113+
uwsgi_pass unix:/var/run/uwsgi-commandment.sock;
114+
}
115+
116+
location /enroll {
117+
include uwsgi_params;
118+
uwsgi_param HTTP_X_CLIENT_CERT $ssl_client_cert;
119+
uwsgi_pass unix:/var/run/uwsgi-commandment.sock;
120+
}
121+
122+
location /checkin {
123+
include uwsgi_params;
124+
uwsgi_param HTTP_X_CLIENT_CERT $ssl_client_cert;
125+
uwsgi_pass unix:/var/run/uwsgi-commandment.sock;
126+
}
127+
128+
location /mdm {
129+
include uwsgi_params;
130+
uwsgi_param HTTP_X_CLIENT_CERT $ssl_client_cert;
131+
uwsgi_pass unix:/var/run/uwsgi-commandment.sock;
132+
}
133+
134+
location /scep {
135+
include uwsgi_params;
136+
uwsgi_param HTTP_X_CLIENT_CERT $ssl_client_cert;
137+
uwsgi_pass unix:/var/run/uwsgi-commandment.sock;
138+
}
139+
140+
location / {
141+
try_files $uri /index.html;
142+
}
143+
144+
location /static {
145+
alias /var/www/commandment/commandment/static;
146+
}
147+
}
148+
EOF
135149

136150
Symlink to **sites-enabled**::
137151

138152
sudo ln -s /etc/nginx/sites-available/commandment.conf /etc/nginx/sites-enabled/commandment.conf
139153

140-
Verify that NGiNX actually starts::
154+
2.3 SSL Certificate(s)
155+
^^^^^^^^^^^^^^^^^^^^^^
156+
157+
NGiNX will fail to start until we actually create an SSL certificate for this site.
158+
159+
If this is a non-public, development, sandbox environment you can use a self-signed certificate. If you ever intend to
160+
make it public (internet) facing, you need to sort out SSL certificates, maybe with LetsEncrypt.
161+
162+
163+
To use self-signed certificates, first check that your hostname will be the fqdn that devices can access your machine with::
164+
165+
$ hostnamectl
166+
167+
If the **Static hostname:** can't be resolved from another computer or device, the SSL cert generated in the next section
168+
won't work.
169+
170+
Generate self-signed certificates::
171+
172+
$ sudo apt install ssl-cert
173+
$ sudo make-ssl-cert generate-default-snakeoil --force-overwrite
174+
175+
This will generate a cert/key pair in /etc/ssl/certs/ssl-cert-snakeoil.pem and /etc/ssl/private/ssl-cert-snakeoil.key
176+
respectively. Update the ``ssl_certificate`` and ``ssl_certificate_key`` directives in the NGiNX config.
141177

142-
systemctl restart uwsgi
143178

144179

0 commit comments

Comments
 (0)