To protect your data, the CISO officer has suggested users to enable 2FA as soon as possible.
Currently 2.7% of users enabled 2FA.

Commit 7b542a09 authored by Liam Hayes's avatar Liam Hayes
Browse files

small changes so it works on ec2

parent f0cc286f
......@@ -5,6 +5,7 @@
On AWS EC2:
- Launch t2.small Ubuntu-18.04 instance.
- Allow port 8000 to go through for initial testing
On local machine:
- Edit /etc/hosts to give the IP the name "windatlas"
......@@ -13,11 +14,10 @@ On local machine:
On remote machine:
- Install pyenv, poetry and postgres.
- sudo apt install libpq-dev
- `sudo apt install libpq-dev`
- git clone the repo
- cd windatlas
- poetry install
- add 'export DJANGO_LOCATION="ec2"' to .bashrc
- `cd windatlas`
- `poetry install`
## Database setup
......@@ -25,18 +25,19 @@ The remote django project uses PostGres database.
check that postgres and libpq-dev are be installed, and psycopg2 is in the virtual environment
On remote machine:
- sudo -u postgres psql
- CREATE DATABASE windatlas_db;
- CREATE USER windatlas_user WITH PASSWORD 'windatlas_password';
- ALTER ROLE windatlas_user SET client_encoding TO 'utf8';
- ALTER ROLE windatlas_user SET default_transaction_isolation TO 'read committed';
- ALTER ROLE windatlas_user SET timezone TO 'UTC';
- GRANT ALL PRIVILEGES ON DATABASE windatlas_db TO windatlas_user;
- \q
On remote machine `sudo -u postgres psql` (create real password for postgres database):
```
CREATE DATABASE windatlas_db;
CREATE USER windatlas_user WITH PASSWORD 'xxxxxxxxxxxxxxxxxx';
ALTER ROLE windatlas_user SET client_encoding TO 'utf8';
ALTER ROLE windatlas_user SET default_transaction_isolation TO 'read committed';
ALTER ROLE windatlas_user SET timezone TO 'UTC';
GRANT ALL PRIVILEGES ON DATABASE windatlas_db TO windatlas_user;
\q
```
On remove machine:
- ./manage migrate
- `./manage migrate`
If it complains that "django.db.utils.ProgrammingError: relation "farms_powercurve" does not exist"
then try commenting out "initial=PowerCurve.objects.get(name='Vestas V126-3450')," from farms/forms.py
......@@ -44,13 +45,103 @@ then try commenting out "initial=PowerCurve.objects.get(name='Vestas V126-3450')
The remote machine needs the credentials to access the S3 bucket.
~/.aws/config:
create `~/.aws/config` (something like this):
```
[default]
region = ap-southeast-2
```
~/.aws/credentials (something like this, make some real credentials on AWS)
create `~/.aws/credentials` (something like this, make some real credentials on AWS IAM):
```
[default]
aws_access_key_id = LSKEJFLKJESLKJFLKEJJ
aws_secret_access_key = LKj34lknol2krlkjlij+lkjkjkeLLkwnLkngleks
```
## Gunicorn
Follow DigitalOcean tutorial from "Testing Gunicorn’s Ability to Serve the Project":
- `https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-18-04`
This is what it should end up with (only major differnce is the inclusion of the environment variables in `gunicorn.service`):
`/etc/systemd/system/gunicorn.socket`:
```
[Unit]
Description=gunicorn socket
[Socket]
ListenStream=/run/gunicorn.sock
[Install]
WantedBy=sockets.target
```
Create `/etc/systemd/system/gunicorn.service` (put in real DJANGO_SECRET_KEY and DJANGO_POSTGRES_PASSWORD)
```
[Unit]
Description=gunicorn daemon
Requires=gunicorn.socket
After=network.target
[Service]
User=ubuntu
Group=www-data
WorkingDirectory=/home/ubuntu/windatlas.xyz
ExecStart=/home/ubuntu/.cache/pypoetry/virtualenvs/windatlas-LMkbtO5w-py3.8/bin/gunicorn \
--access-logfile - \
--workers 3 \
--bind unix:/run/gunicorn.sock \
--env DJANGO_LOCATION='ec2' \
--env DJANGO_SECRET_KEY='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
--env DJANGO_POSTGRES_PASSWORD='xxxxxxxxxxxxxxxxxx' \
windatlas.wsgi:application
[Install]
WantedBy=multi-user.target
```
The relevant commands are:
```
sudo systemctl daemon-reload # when .socket and .service files are updated on disk
sudo systemctl start gunicorn # start service
sudo systemctl status gunicorn # see if it's working
file /run/gunicorn.sock # check there is a socket file here
curl --unix-socket /run/gunicorn.sock localhost # test socket is working (returns HTML from django project)
sudo systemctl restart gunicorn # restart service, do this when .service file is updated, or django project is updated
```
## Nginx
`sudo apt install nginx`
Following the same Digital Ocean tutorial
Create `/etc/nginx/sites-available/windatlas`:
```
server {
listen 80;
server_name windatlas.xyz;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/ubuntu/windatlas.xyz;
}
location /media/ {
root /home/ubuntu/windatlas.xyz;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
}
```
The django application will only be displayed by nginx if browsing from the "server_name", so "windatlas.xyz",
otherwise the "welcome to nginx" site is shown.
## Domain name
In AWS EC2, allocate an elastic IP to the instance.
In the domain name provider settings (godaddy), point the "windatlas.xyz" domain at the elastic IP address (find online tutorial).
\ No newline at end of file
......@@ -92,12 +92,13 @@ if LOCATION == 'home':
}
}
elif LOCATION == 'ec2':
postgres_password = os.environ['DJANGO_POSTGRES_PASSWORD']
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql_psycopg2',
'NAME': 'windatlas_db',
'USER': 'windatlas_user',
'PASSWORD': 'windatlas_password',
'PASSWORD': postgres_password,
'HOST': 'localhost',
'PORT': '',
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment