YYiki Installation


Server setup

Basic setup

Run the following commands.

apt update && apt upgrade
hostnamectl set-hostname yyiki
adduser xxxx
adduser xxxx sudo

Add the IP and the hostname in /etc/hosts below localhost.

Basic security

Copy the ssh public key to user’s .ssh/authorized_keys and test whether you can login.

Then edit the /etc/ssh/sshd_config file to change PermitRootLogin and PasswordAuthentication to no then run

sudo systemctl restart sshd
sudo apt install ufw
sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw allow ssh
sudo ufw allow 5000
sudo ufw enable
sudo ufw status
sudo apt install python3-pip
sudo apt install python3-venv
python3 -m venv venv

to restart sshd and install & setup ufw (uncomplicated firewall).

App setup

Generate and add the SSH public key to GitHub and clone the yyiki and pages repos. Then install necessary python pacakges and create a virtual environment.

sudo apt install python3-venv
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
cp default_settings_template.py default_settings.py
python -c 'import os; print(os.urandom(16))'

Copy the default_settings_template.py to default_settings.py, and then put the generated secret key into the default_settings.py. Now we can test the app.

export FLASK_APP=yyiki.py
flask run --host=

Serving with a production webserver

We use Nginx and Gunicorn.

sudo apt install Nginx
pip install gunicorn
sudo cp /etc/nginx/sites-enabled/default /etc/nginx/sites-enabled/yyiki
sudo vi /etc/nginx/sites-enabled/yyiki
sudo ufw allow http/tcp
sudo ufw enable

The file would look like

server {
    listen 80;
    server_name yyiki.org;

    location /static {
            alias /home/yy/yyiki/static;

    location / {
            proxy_pass http://localhost:8000;
            include /etc/nginx/proxy_params;
            proxy_redirect off;

Then restart the nginx.

sudo systemctl restart Nginx
gunicorn -w 3 yyiki:app

And check whether it works.

sudo apt install supervisor
sudo vi /etc/supervisor/conf.d/yyiki.conf

The content will be

command=/home/yy/yyiki/venv/bin/gunicorn -w 3 


sudo mkdir -p /var/log/yyiki/
sudo touch /var/log/yyiki/yyiki.err.log
sudo touch /var/log/yyiki/yyiki.out.log
sudo supervisorctl reload

TLS with certbot

Install certbot.

sudo apt-get install python3-certbot-nginx
sudo certbot --nginx

Check this article too: linode: Installing Certbot for TLS on Ubuntu 18.04

Restarting the server

sudo supervisorctl restart yyiki

YYiki < > Interface