Skip to content

Latest commit

 

History

History
72 lines (68 loc) · 3.55 KB

DEPLOY.md

File metadata and controls

72 lines (68 loc) · 3.55 KB

Steps for deployment

  1. Create droplet on Digitalocean, specifying to use your SSH key at creation time (so it gets added in the root account automatically).

  2. Update the teams DNS record on Cloudflare so that teams.itacpc.it points to the IP address of the newly created droplet.

  3. Create a new CNAME record for the year-specific subdomain (e.g. teamsXX) which points to teams.itacpc.it.

  4. Delete the CNAME record for the previous year.

  5. Open the console (via browser) logged in as root:

    1. useradd itacpc.
    2. adduser itacpc sudo.
    3. Copy the right key from /root/.ssh/authorized_keys into /home/itacpc/.ssh/authorized_keys.

  6. Close the browser console.

  7. Create a section in your laptop's ~.ssh/config file such as the following:

    Host teams
  User itacpc
  Hostname teamsXX.itacpc.it
  IdentityFile ~/.ssh/your_chosen_key_rsa

  8. Log in from a normal terminal with ssh teams.

  9. Update ubuntu sudo apt update && sudo apt upgrade.

  10. Run sudo apt install pipenv git postgresql nginx certbot.

  11. Clone this repository git clone [email protected]:itacpc/teams.git.

  12. Enter the repository and create the pipenv pipenv install.

  13. Log in as postgres by running sudo su - postgres, then:

    1. Create DB user itacpc with a password, by running: createuser -P itacpc.
    2. Create DB itacpc owned by user itacpc, by running: createdb itacpc -O itacpc.
    3. Exit back to the previous shell.

  14. Create the log file for Django sudo touch /var/log/django.log.

  15. Make the log file writable sudo chown itacpc:www-data /var/log/django.log.

  16. Create the static files folder for Django sudo mkdir /var/www/django

  17. Make the folder writable sudo chown root:www-data /var/www/django.

  18. Enter the virtual environment pipenv shell, then:

    1. Run the migrations to initialize the DB python3 ./manage.py migrate.
    2. Load the universities python3 ./manage.py loaddata universities.
    3. Create a superuser python3 ./manage.py createsuperuser.
    4. Collect static files (CSS, flags, etc) python3 ./manage.py collectstatic.
    5. Exit back to the previous shell.

  19. Create a .env file with this content:

    DEBUG = False
REGISTRATION_IS_CLOSED = False
CAN_DISCLOSE_CREDENTIALS = False
SECRET_KEY = "generate-a-new-secret-key-here"
EMAIL_HOST = mail-server-host-here
EMAIL_PORT = 587
EMAIL_HOST_USER = mail-server-user-here
EMAIL_HOST_PASSWORD = mail-server-password-here
DB_NAME = itacpc
DB_USER = itacpc
DB_PASSWORD = database-password-here
DB_HOST = 'localhost'
DB_PORT = ''

    You can generate a key via django-admin shell by running:

    from django.core.management.utils import get_random_secret_key
get_random_secret_key()

  20. Update the systemd configuration in systemd/gunicorn.service with the correct Python virtual environment path.

  21. Copy the systemd configuration sudo cp systemd/* /etc/systemd/system/.

  22. Enable the systemd configuration sudo systemctl enable gunicorn --now.

  23. Copy the nginx configuration sudo cp nginx/itacpc /etc/nginx/sites-available/.

  24. Disable the default nginx configuration sudo rm /etc/nginx/sites-enabled/default.

  25. Enable the new nginx configuration sudo ln -s /etc/nginx/sites-available/itacpc /etc/nginx/sites-enabled/itacpc.

  26. Run certbot to fix HTTPS stuff: sudo certbot.

When the instance is not needed anymore (i.e. some time after the contest)

  1. TODO: backup
  2. TODO: change nginx configuration to redirect teamsXX.itacpc.it to itacpc.it
  3. Destroy the droplet.