Skip to content

Instantly share code, notes, and snippets.

@gregelin

gregelin/govready-v0.9.3-install-notes.md

Last active April 2, 2021 12:51
Show Gist options
  • Save gregelin/eb1ebb245f26ebc9f3894a5085985adb to your computer and use it in GitHub Desktop.
Save gregelin/eb1ebb245f26ebc9f3894a5085985adb to your computer and use it in GitHub Desktop.
Download ZIP
GovReady-Q v0.9.3+ install notes for Ubuntu 20.04
Raw
govready-v0.9.3-install-notes.md

Install notes

changes

  • Install in venv instead of user specific python as described in docs

nginx

  • Remove default nginx site that takes priority handling requests with rm /etc/nginx/sites-enabled/default

ubuntu 20.04

  • Open Ubuntu's 20.04 default firewall to allow HTTP traffic to nginx with sudo ufw allow 'Nginx HTTP'

gunicorn.conf.py notes

  • gunicorn package changed from gunicorn3 to gunicorn

python

  • Need to install python3-venv to create virtual environment with apt-get install -y python3-venv

creating environment

cd /home/govready-q/govready-q
python3 -m venv venv
source venv/bin/activate
python -m pip install --upgrade pip
# maybe
# pip install --upgrade pip

installing libraries

# Update package list
apt-get update
apt-get upgrade

# Install dependencies
# Note small changes from docs
DEBIAN_FRONTEND=noninteractive \
apt-get install -y \
unzip git curl jq \
python3 python3-pip \
python3-yaml \
graphviz pandoc \
gunicorn \
language-pack-en-base language-pack-en

apt-get install -y python3-venv
apt-get install gunicorn -y
apt install -y postgresql postgresql-contrib

# Optionally install supervisord for monitoring and restarting GovReady-q; and NGINX as a reverse proxy
apt-get install -y supervisor nginx

# Upgrade pip to version 20.1+ - IMPORTANT
# Only needed if not installing in venv
python3 -m pip install --upgrade pip

Installing Pandoc 2.9 or higher to generate cover page before TOC

wget https://github.com/jgm/pandoc/releases/download/2.13/pandoc-2.13-linux-amd64.tar.gz
tar xvzf pandoc-2.13-linux-amd64.tar.gz
mv pandoc-2.13/bin/* /usr/local/bin
rm -Rf pandpandoc-2.13
rm pandoc-2.13-linux-amd64.tar.gz

cat local/gunicorn.conf.py

import multiprocessing
command = 'gunicorn'
pythonpath = '/home/govready-q/govready-q/venv/bin'
timeout = 240
# serve GovReady-Q locally on server to use nginx as a reverse proxy
bind = 'localhost:8000'
# Only set workers higher than 1 if `secret-key` is defined in local/environment.json
# If secret-key is auto-generated instead of shared, key will not be shared with gunicorn
# which causes the login session for users to drop as soon as they hit a different worker
workers = multiprocessing.cpu_count() * 2 + 1 # recommended for high-traffic sites
# workers = 1
worker_class = 'gevent'
user = 'govready-q'
keepalive = 10

cat /etc/supervisor/conf.d/supervisor-govready-q.conf

[program:govready-q]
user = govready-q
command = /home/govready-q/govready-q/venv/bin/gunicorn --config /home/govready-q/govready-q/local/gunicorn.conf.py siteapp.wsgi
directory = /home/govready-q/govready-q
stderr_logfile = /var/log/govready-q-stderr.log
stdout_logfile = /var/log/govready-q-stdout.log

[program:notificationemails]
user = govready-q
command = /home/govready-q/govready-q/venv/bin/python manage.py send_notification_emails forever
directory = /home/govready-q/govready-q
stderr_logfile = /var/log/notificationemails-stderr.log
stdout_logfile = /var/log/notificationemails-stdout.log

cat /etc/nginx/sites-enabled/nginx-govready-q.conf

# Uncomment and edit for HTTPS connections
# Redirect HTTP port 80 requests to HTTPS port 443
#  server {
#    listen 80;
#    listen [::]:80;
#    server_name example.com;
#    return 301 https://example.com;
#  }

  server {
    listen 80;
    # listen 8888;

    # Uncomment and edit for HTTPS connections
    # listen 443 ssl;

    server_name example.com;

    # Uncomment for HTTPS connections
    # ssl on;

    # Uncomment and edit for HTTPS connections using letsencrypt certbot
    # Replace example.com with your domain
    # ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    # ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    # Uncomment and edit for HTTPS connections storing certs manually
    # Replace example.com with your domain
    # ssl_certificate /etc/ssl/ssl-bundle.crt;
    # ssl_certificate_key /path/to/your_private.key;

    # Uncomment and editoptional HTTPS SSL settings
    # ssl_session_timeout 1d;
    # ssl_session_cache shared:SSL:20m;
    # ssl_session_tickets off;
    # ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    # ssl_prefer_server_ciphers on;
    # ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384# :ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECD# HE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-R# SA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES# 128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-R# SA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
    # ssl_stapling on;
    # ssl_stapling_verify on;
    # ssl_trusted_certificate /root/certs/APPNAME/APPNAME_nl.chained.crt;

    access_log  /var/log/nginx/govready-q.log;

    # Tell NINGX where to route the incoming coming request
    # GovReady-Q's WSGI server must be serving on the "proxy pass" location
    location / {
        proxy_pass http://localhost:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
  }
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment