YYiki Installation
It’s currently outdated and should be updated!
Installation
Server setup
Basic setup
Run the following commands.
apt update && apt upgrade
hostnamectl set-hostname yyiki
adduser xxxx
adduser xxxx sudo
Add the IP and the hostname in /etc/hosts
below localhost
.
Basic security
Copy the ssh public key to user’s .ssh/authorized_keys
and test whether you can login.
Then edit the /etc/ssh/sshd_config
file to change PermitRootLogin
and PasswordAuthentication
to no
then run
sudo systemctl restart sshd
sudo apt install ufw
sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw allow ssh
sudo ufw allow 5000
sudo ufw enable
sudo ufw status
sudo apt install python3-pip
sudo apt install python3-venv
python3 -m venv venv
to restart sshd
and install & setup ufw
(uncomplicated firewall).
App setup
Generate and add the SSH public key to GitHub and clone the yyiki and pages repos. Then install necessary python pacakges and create a virtual environment. If some packages are not upgraded/installed in this virtual environment, then it will not affect the production app’s behavior.
sudo apt install python3-venv
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
cp default_settings_template.py default_settings.py
python -c 'import os; print(os.urandom(16))'
or using poetry
poetry export -f requirements.txt --output requirements.txt
pip install -r requirements.txt
Copy the default_settings_template.py
to default_settings.py
, and then put the generated secret key into the default_settings.py
. Now we can test the app.
export FLASK_APP=yyiki.py
flask run --host=0.0.0.0
Serving with a production webserver
sudo apt install Nginx
pip install gunicorn
sudo cp /etc/nginx/sites-enabled/default /etc/nginx/sites-enabled/yyiki
sudo vi /etc/nginx/sites-enabled/yyiki
sudo ufw allow http/tcp
sudo ufw enable
The file would look like
server {
listen 80;
server_name yyiki.org;
location /static {
alias /home/yy/yyiki/static;
}
location / {
proxy_pass http://localhost:8000;
include /etc/nginx/proxy_params;
proxy_redirect off;
}
}
Then restart the nginx
.
sudo systemctl restart Nginx
gunicorn -w 3 yyiki:app
``````
And check whether it works.
```bash
sudo apt install supervisor
sudo vi /etc/supervisor/conf.d/yyiki.conf
The content will be
directory=/home/yy/yyiki
command=/home/yy/yyiki/venv/bin/gunicorn -w 3
yyiki:app
user=yy
autostart=true
autorestart=true
stopasgroup=true
killasgroup=true
stderr_logfile=/var/log/yyiki/yyiki.err.log
stdout_logfile=/var/log/yyiki/yyiki.out.log
Then
sudo mkdir -p /var/log/yyiki/
sudo touch /var/log/yyiki/yyiki.err.log
sudo touch /var/log/yyiki/yyiki.out.log
sudo supervisorctl reload
TLS with certbot
Install certbot.
sudo apt-get install python3-certbot-nginx
sudo certbot --nginx
Check this article too: linode: Installing Certbot for TLS on Ubuntu 18.04
Restarting the server
sudo supervisorctl restart yyiki