Feel free to Add/modify anything
Here we are using digitalocean Debian 11 droplet ($5/month)
-
π₯οΈrefers to you server IP address -
π€refers to your user name -
π§π½βπ€βπ§πΎis the group name your user belongs to.It mostly is the same name as the π€
-
πis the password you'll use with various settings.You can generate a strong password for this with the command
openssl rand -hex 8Don't forget to save it somewhere safe
-
πis your website domain (Or subdomain)
I personally prefer
vimovernanobut you can use whatever text editor you want.
So If you see (Edit some_file), You need to do
vim some_fileornano some_file
-
Login as root to your server IP
ssh root@π₯οΈ
-
Add
unstablerepo to be able to install some dependencies we'll need laterecho 'deb http://ftp.uk.debian.org/debian/ unstable non-free contrib main' >> /etc/apt/sources.list
-
Now update your system with
apt update && apt upgrade -y
- First create a new user with a password (You can use the π you generated before)
This command is interactive
adduser π€- Add sudo privileges to the new user.
usermod -aG sudo π€- Copy authorized keys to the new user home directory
cp -r /root/.ssh/ /home/π€/.ssh- Change ownership to the new user
chown -R π€ /home/π€/.ssh- Logout then login again to the new user account:
ssh π€@π₯οΈ
- Modify
/etc/ssh/sshd_config: (Usenanoorvim)Search these options and modify them
- Use different port (Optional but recommended to reduce brute force attacks)
Careful here: If you choose a different port other than the default
22, Remember to allow it in firewall settings in the next section, or else you won't be able to login with SSHPort 1234 # Or any number 1-65535
- Disallow root login (highly recommended)
PermitRootLogin no
- Disable login with password (Optional but recommended to reduce brute force attacks)
PasswordAuthentication no
- Use different port (Optional but recommended to reduce brute force attacks)
- Finally, restart SSH server with
sudo systemctl restart ssh- Now logout then login again
Note If you configured a new port, you'll use that port while connecting as follows:
ssh -p PORT π€NAME@π₯οΈ
- Add
.local/bin/to path:echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.bashrc
- If you installed and using ZSH:
echo 'export PATH=$HOME/.local/bin:$PATH' >> ~/.zshrc
- Install with
sudo apt install ufw. - Allow SSH, 80 and 443 ports using these commands:
sudo ufw allow ssh # Or the new port you chose above (e.g: sudo ufw allow 1234) sudo ufw allow nginx sudo ufw enable- Check if it's working with
sudo ufw status
echo "LC_ALL=en_US.UTF-8" >> /etc/environment
echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
echo "LANG=en_US.UTF-8" > /etc/locale.conf
sudo locale-gen en_US.UTF-8sudo apt install git python3-dev python3-setuptools \
python3-pip virtualenv nginx wkhtmltopdf redis-server- Make sure python3 is the default by typing
python --version.If it's not:
- Delete the old one which is probably just a symbolic link to
python2in this case.
- Delete the old one which is probably just a symbolic link to
sudo rm /usr/bin/python- Create a new symlink
sudo ln -s /usr/bin/python3 /usr/bin/python-
Use
nvmfollowing official guide -
Install node.js
Check the required node version for erpnext branch (In the time of writing this document, it is recommended to install version 14)
nvm install 14npm install -g yarnsudo apt install mariadb-server libmysqlclient-dev- Setup mysql
sudo mysql_secure_installation-
Edit
/etc/mysql/my.cnfto add the following linesIf these sections
[mysqld]andmysqlexist, Type below them respectivelyNote You may find those sections in other file in
/etc/mysql/so you'd better use something likegrepto find them so you can add the code below.
[mysqld]
character-set-client-handshake = FALSE
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
[mysql]
default-character-set = utf8mb4- Add mysql user
mysql -u root -p- Type these commands
CREATE USER π€@localhost IDENTIFIED BY 'π';
CREATE DATABASE erpnext;
GRANT ALL ON erpnext.* TO 'π€'@'localhost' with grant option;
FLUSH PRIVILEGES;
QUIT;- Restart mysql
sudo systemctl restart mariadbsudo mkdir /srv/www
sudo chown -R π€:π§π½βπ€βπ§πΎ /srv/www/ # Remember UserName:GroupName
cd /srv/www/
pip3 install frappe-bench
# Check if bench installed by running `bench --version
bench init frappe-bench
cd frappe-bench
bench new-site π # Your website domain (Do you feel dizzy yet?)
bench get-app erpnext
bench --site π install-app erpnext
sudo apt -y install supervisorGenerating certificates manually
Browser will show it's not trusted site, so you'll need to use it behind cloudflare CDN
-
sudo mkdir -p /etc/letsencrypt/live/π/
-
# Replace "ποΈ" with your company name (No whitespaces) sudo openssl req -x509 -sha256 -nodes -newkey rsa:2048 -days 3650 \ -subj "/C=US/ST=Oregon/L=Portland/O=ποΈ/OU=Org/CN=π" \ -out /etc/letsencrypt/live/π/fullchain.pem \ -keyout /etc/letsencrypt/live/π/privkey.pem
-
Edit
sites/π/site_config.json. -
Add those two lines.
"ssl_certificate": "/etc/letsencrypt/live/π/fullchain.pem", "ssl_certificate_key": "/etc/letsencrypt/live/π/privkey.pem",
sudo $HOME/.local/bin/bench setup production π€
sudo $HOME/.local/bin/bench setup lets-encrypt πsudo $HOME/.local/bin/bench update --reset
sudo $HOME/.local/bin/bench migrateDisable maintenance mode by editing sites/common_site_config.json and set maintenance_mode to 0
Check if all services are running
sudo supervisorctl status
-
supervisor.servicecannot restartYou can always check system logs with
sudo journalctl|grep supervisorIn my case I found it missing section
[supervisord]inini!So the solution would be adding these sections in
/srv/www/frappe-bench/config/supervisor.confand restart the service
[supervisord]
nodaemon=true
[supervisorctl]
[inet_http_server]
port = 127.0.0.1:9001
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterfaceAlso Check /srv/www/frappe-bench/config/supervisor.conf for None values and replace it with the bench path command -v bench which most likely will be /home/π€/.local/bin/bench.
Don't forget to sudo systemctl restart supervisor.service.
-
If you encounter a problem with redis port
Modify redis port in
/etc/redis/redis.conf -
Any time you see this message
Your system is being updated. Please refresh again after a few momentsin your website, it means the maintenance mode is active.To disable it you need to edit
sites/common_site_config.jsonand setmaintenance_modeto0 -
Socketio error (connection refused)
Check
/socket.ioin/srv/www/frappe-bench/config/nginx.conf.. Updateproxy_passto usedhttp://localhost:9000Update this section in/srv/www/frappe-bench/config/supervisor.conf
[program:frappe-bench-node-socketio]
; Check where your node is installed, in my case it is in (/home/π€/.nvm/versions/node/v14.18.1/bin/node) so I'm going to use it in the next line ππΌ
command=/home/π€/.nvm/versions/node/v14.18.1/bin/node /var/www/frappe-bench/apps/frappe/socketio.js
priority=4
autostart=true
autorestart=true
stdout_logfile=/var/www/frappe-bench/logs/node-socketio.log
stderr_logfile=/var/www/frappe-bench/logs/node-socketio.error.log
user=π€
directory=/var/www/frappe-bench
following this instrutions, on the step Install ERPNext
bench init frappe-bench
the system fails with:
FileNotFoundError: [Errno 2] No such file or directory: 'yarn'
ERROR: There was a problem while creating frappe-bench
Also the line right before that, has a typo says heck instead of check.