HACKING.md 4.1 KB

Personal-site

Production [Tested on server with Hyperbola GNU + Linux-libre]

Python dependencies

  • Django
  • Pillow
  • psycopg2-binary
  • pytz

Production Installation

  1. Clone Personal-site

    git clone https://libregit.org/heckyel/personal-site.git
    
  2. Run virtualenv.

    cd personal-site && virtualenv ./venv/
    
  3. Activate the virtualenv.

    source ./venv/bin/activate
    
  4. Install dependencies through pip.

    pip install -r requirements_prod.txt
    

Configuration Postgres

  1. Login as postgres

    sudo su - postgres
    
  2. Create base

    createdb namebase
    
  3. Create User (place a password for our user)

    createuser -P username
    
  4. Inside the database

    psql -d namebase
    
  5. Give permissions to the created user

    GRANT ALL PRIVILEGES ON DATABASE namebase TO username;
    

Tips of Postgres

  1. List database

    psql -l
    
  2. Delete database

    dropdb namebase
    

Conecting to Postgres

  1. Copy settings.py.example to settings.py and modify. Make sure to uncomment the appropriate database section (either sqlite or PostgreSQL).

cp -v personalsite/settings.py.example personalsite/settings.py

Replace sqlite configuartion to postgres, example:

    DATABASES = {
        'default': {
            'ENGINE': 'django.db.backends.postgresql',
            'NAME': 'namebase',
            'USER': 'username',
            'PASSWORD': 'pass',
            'HOST': '127.0.0.1',
            'PORT': '5432',
        }
    }
  1. Check syntax.

    python manage.py check --deploy
    
  2. Migrate changes.

    python manage.py migrate
    
  3. Create superUSER

    python manage.py createsuperuser
    

Run with Apache server and wsgi

  1. Install WSGI for Apache

    sudo pacman -S mod_wsgi
    
  2. To install mod_wsgi, add the following line in httpd.conf, example:

    sudo nano /etc/httpd/conf/httpd.conf
    

Added line:

    LoadModule wsgi_module modules/mod_wsgi.so
  1. Create vhosts, for example:

    sudo emacs /etc/httpd/conf/extra/httpd-vhosts.conf
    

and inside write the configuration, example:

    <IfModule ssl_module>
        <VirtualHost *:80>
            ServerAdmin example@dominio.com
            ServerName example.com
            ServerAlias example.com

            Alias /media /path/to/site/media/
            Alias /static /path/to/site/core/static/
        <Directory /path/to/site/core/static>
            Require all granted
        </Directory>

        <Directory /path/to/site/media>
            Require all granted
        </Directory>

        <Directory /path/to/site/personalsite>
            <Files wsgi.py>
                Require all granted
            </Files>
        </Directory>

        WSGIDaemonProcess personalsite python-home=/path/to/site/venv python-path=/path/to/site
        WSGIProcessGroup personalsite
        WSGIScriptAlias / /path/to/site/wsgi.py

        </VirtualHost>
    </IfModule>
  1. Replace ALLOWED_HOSTS = []

on setting.py to:

    ALLOWED_HOSTS = ["example.com", "localhost"]
  1. Added on setting.py:

    STATIC_ROOT = '/path/to/site/core/static'
    
  2. Generated files static of Admin Django (you must be inside the virtualenv).

    ./manage.py collectstatic
    
  3. Create the media/ directory

    cd /path/to/personalsite
    
    mkdir media/
    
  4. Change Permition to media/ at group http

    sudo chown -R http:http media/
    
  5. Restart Apache server

    sudo service httpd restart
    
  6. Done!

Security on settings.py [SSL, HTTPS, COOKIE, etc]

# security.W004
SECURE_HSTS_SECONDS = 31536000
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True

# security.W006
SECURE_CONTENT_TYPE_NOSNIFF = True

# security.W007
SECURE_BROWSER_XSS_FILTER = True

# security.W008
SECURE_SSL_REDIRECT = True

# security.W012
SESSION_COOKIE_SECURE = True

# security.W016、security.W017
CSRF_COOKIE_SECURE = True
CSRF_COOKIE_HTTPONLY = True

# security.W019
X_FRAME_OPTIONS = 'DENY'