-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdira-setup
177 lines (136 loc) · 4.37 KB
/
dira-setup
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
Create new user
sudo adduser <new_user>
sudo usermod -aG sudo <new_user>
Setup vps (asumming 24.04)
register IP @ domain (*.domain.com)
install pip (apt install python3-pip)
install uv (curl -LsSf https://astral.sh/uv/install.sh | sh)
install git (sudo apt autoremove)
install nginx (apt install nginx)
sudo apt-get install wkhtmltopdf
Setup app
activate venv
git config --global user.name "Your Name"
git config --global user.email "[email protected]"
sudo apt install gh
gh auth login
git clone
setup venv (uv venv)
activate venv
setup nginx
sudo nano /etc/nginx/sites-available/<name>
server {
server_name domain.address;
access_log off;
location /static/ {
alias /opt/myenv/static/;
}
location /media/ {
alias /opt/myenv/media/;
}
location / {
proxy_pass http://127.0.0.1:8001;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
}
}
cd /etc/nginx/sites-enabled
sudo ln -s ../sites-available/myproject
sudo service nginx restart
fix cffi
sudo apt install --fix-broken
sudo apt-get install build-essential libssl-dev libffi-dev python3.XX-dev
Installing rabbitmq
Get quickstart script
chmod +x /path/to/yourscript.sh
./yourscript.sh
starting celery
celery -A django_project multi start worker1 \
--pidfile="$HOME/run/celery/%n.pid" \
--logfile="$HOME/log/celery/%n%I.log"
restart celery
celery -A django_project multi restart worker1 \
--logfile="$HOME/log/celery/%n%I.log" \
--pidfile="$HOME/run/celery/%n.pid"
stop celery
celery multi stopwait worker1 --pidfile="$HOME/run/celery/%n.pid" --logfile="$HOME/logs/celery/%n%I.log"
sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP'
sudo ufw status
https:
sudo apt update
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d yourdomain.com
sudo nano /etc/systemd/system/gunicorn.service
[Unit]
Description=gunicorn daemon
After=network.target
[Service]
User=kipimo
Group=www-data
WorkingDirectory=/home/yourdomain/yourdomain
ExecStart=/home/yourdomain/yourdomain/venv/bin/gunicorn --workers 3 --bind 0.0.0.0:8000 django_project.wsgi:application
[Install]
WantedBy=multi-user.target
server {
server_name yourdomain;
# Handle favicon.ico requests
location = /favicon.ico {
access_log off;
log_not_found off;
}
# Serve static files
location /static/ {
alias /home/yourdomain/yourdomain/staticfiles/;
autoindex on;
}
# Serve media files
location /media/ {
alias /home/yourdomain/yourdomain/media/;
autoindex on;
}
# Proxy pass to Django application
location / {
include proxy_params;
proxy_pass http://127.0.0.1:8000;
}
}
for rate limiting:
main conf
http {
...
# Define a rate limit zone
limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;
}
site specific conf
server {
...
location / {
# Apply the rate limit
limit_req zone=one burst=20 nodelay;
proxy_pass http://127.0.0.1:8000; # Adjust to your Gunicorn upstream
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
...
}
}
sudo systemctl daemon-reload
sudo systemctl restart gunicorn
sudo systemctl enable gunicorn
sudo nginx -t
sudo systemctl reload nginx
sudo journalctl -u gunicorn -n 100
sudo chown -R www-data:www-data /home/kipimo/kipimo/staticfiles
sudo chmod -R 755 /home/kipimo/kipimo/staticfiles
sudo chown -R www-data:www-data /home/kipimo/kipimo/media
sudo chmod -R 755 /home/kipimo/kipimo/media
The answer
Default User Home Directory Permissions
So it seems that the default permissions on user home directories in Ubuntu 12.04 is 700.** Nginx needs to have read permission the files that should be served AND have execute permission in each of the parent directories along the path from the root to the served files.**
You can give your user directory these permissions by running
chmod 701 user_home
sudo chmod -R 775 media