{"id":1457,"date":"2014-06-01T14:49:00","date_gmt":"2014-06-01T21:49:00","guid":{"rendered":"http:\/\/joelinoff.com\/blog\/?p=1457"},"modified":"2014-06-10T14:27:34","modified_gmt":"2014-06-10T21:27:34","slug":"automatically-install-a-webserver-based-on-django-nginx-and-gunicorn-on-a-centos-6-5-vps","status":"publish","type":"post","link":"https:\/\/joelinoff.com\/blog\/?p=1457","title":{"rendered":"Automatically install a webserver based on django, nginx and gunicorn on a CentOS 6.5 VPS"},"content":{"rendered":"

This blog presents a bash script that I created to automate the installation of a webserver based on django, nginx and gunicorn on a CentOS 6.5 VPS. The installation installs and configures the necessary system packages, and it installs a number of javascript tools like jquery, jquery-ui, datatables, flot, fancytree and others.
\n
\nWhen the installation is complete it creates a fully running installation with support for HTTP and HTTPS with a basic django page that show how to use the various javascript tools. It also installs a self signed certificate for HTTPS.<\/p>\n

The steps below show how to download and use the script to install a webserver with a sample page that uses a bunch of tools like jquery, bootstrap, datatables, fancytree, flot and jscrypto.<\/p>\n

Step 1: Create a VPS using CentOS 6.5<\/h2>\n

You need to have a virtual private server with root access based on CentOS 6.5. I recommend doing this using Amazon EC2, Digital Ocean, Dream Hosts, InMotion, Rackspace or some other VPS provider but you could also do it by setting up a VM on one of your local hosts using tools like VMware Player, VirtualBox, KVM, Xen or Hyper-V.<\/p>\n

I use a very basic installation since all of the server tools will be installed by the script.<\/p>\n

After it is running make sure that you run “yum update -y” to bring all of the packages up to date. You also need to make sure that wget is installed in step 3.<\/p>\n

$ yum update -y\r\n$ yum install -y wget<\/pre>\n
Step 2: Create the webdev user<\/h2>\n
Before running the script you need to create a role account for development. The script assumes that the default role account is webdev. This must be done as root.<\/p>\n
$ sudo useradd webdev\r\n$ sudo passwd webdev\r\nNew password: webdev*pwd\r\nRetype new password: webdev*pwd\r\npasswd: all authentication tokens update successfully.\r\n<\/pre>\n
\nNOTE:<\/strong> You can use any password you like for the webdev user but if you do not use “webdev*pwd” make sure that you modify the WEBUSER_PASSWD variable in the install.sh script before running it.<\/div>\n
\nNow add webdev to the sudoers list.<\/p>\n
\n
# add webdev ALL=(ALL) ALL\r\nvisudo<\/pre>\n
Step 3: Download the script and extract it<\/h2>\n
The example shows how to download the script using wget but you can also download it here http:\/\/projects.joelinoff.com\/mkwebsite\/centos-6.5-x86_64\/mksite-1.2.tar.bz2<\/a>.<\/p>\n
$ su - webdev\r\n$ mkdir work\r\n$ cd work\r\n$ wget http:\/\/projects.joelinoff.com\/mkwebsite\/centos-6.5-x86_64\/mksite-1.2.tar.bz2\r\n$ tar jxf mksite-1.2.tar.bz2\r\n$ ls -1\r\ninstall.sh\r\nmksite-1.2.tar.bz2\r\nsetup\r\n<\/pre>\n
It will download the install.sh<\/em> script and the setup<\/em> directory tree in the local directory. The setup directory tree contains a number of tools and data files needed for the website configuration.<\/p>\n
Step 4: Run the installation<\/h2>\n
Running the installation is easy. Just execute the script and capture the results in a log for analysis if anything goes wrong.<\/p>\n
\nNOTE:<\/strong> You may want to change the role account name “webdev” and you will definitely want to change the default password “webdev*pwd”. That is done by editing the install.sh script and changing the WEBUSER and WEBUSER_PASSWD variables.\n<\/div>\n
$ su - webdev\r\n$ .\/install.sh 2>&1 | tee log\r\n<\/pre>\n
When the installation is complete the website will be installed in \/opt\/site<\/code>.<\/p>\n
Here are the basic steps that is performs:<\/p>\n
    \n
  1. verify that all of the necessary system packages are installed<\/li>\n
  2. verify that all of the necessary python packages are installed<\/li>\n
  3. install all of the javascript and CSS packages<\/li>\n
  4. install django<\/li>\n
  5. configure gunicorn (with supervisor to control boot time startup)<\/li>\n
  6. configure the nginx server (for HTTP and HTTPS)<\/li>\n
  7. configure postgresql for the django admin users (fixed pg_hba.conf and postgresql.conf)<\/li>\n
  8. configure the django DB interface (for postgresql), mongodb must be handled separately<\/li>\n
  9. collect the django static data (this is a django thing)<\/li>\n
  10. create the dango app and pre-populate it with some stuff<\/li>\n
  11. create the self signed security certificates (to show how it is done)<\/li>\n<\/ol>\n
    This configuration assumes that you will postgresql for django admin data and MongoDB for the site data based on the idea that there are a small number of admins and a large amount of data.<\/p>\n
    Step 5. Test the installation using the Django server<\/h2>\n
    In one terminal window start the server.<\/p>\n
    $ cd \/opt\/site\/django\/website\r\n$ python django runserver 8888\r\n<\/pre>\n
    In another window run a browser (in this example firefox).<\/p>\n
    $ firefox localhost:8888\r\n<\/pre>\n
    Step 6. Test the installation as an external server<\/h2>\n
    To test the installation as an external server, you will need to know your IP address. You can usually find that by looking at the inet address associated with eth0. If eth0 doesn’t exist or doesn’t seem to contain a valid IP address then you might be using a bridging scheme. Try running “ifconfig” with no arguments and then look through the results for a likely candidate.<\/p>\n
    $ ifconfig eth0\r\n[output snipped]\r\n<\/pre>\n
    Once you have the IP address run your browser to access that address. In the example below I used 1.2.3.4 which is not real.<\/p>\n
    $ # HTTP\r\n$ firefox http:\/\/1.2.3.4\r\n$ # HTTPS\r\n$ firefox https:\/\/1.2.3.4\r\n<\/pre>\n
    When it is done the web page will look something like this.<\/p>\n
    \"Screenshot-1\"<\/a><\/p>\n
    The Django admin page is available as shown below. You login using the webdev credentials.<\/p>\n
    \"Screen<\/a><\/p>\n
    And then you get to admin page.<\/p>\n
    \"Screen<\/a><\/p>\n
    Step 7. Next steps<\/h2>\n
    You will want to customize the django app (webapp) so that your pages have relevant information for your site. If you are new to django the easiest way to do that is to login into your VPS as webdev and edit the base__.html<\/code> and index.html<\/code> files in the \/opt\/site\/django\/website\/webapp\/templates\/webapp\/<\/code> directory.<\/p>\n
    You will also want to make sure that site source files are under some sort of source code control system. I use git for source code control and the github service to make them available to other developers but there are many other options available like RCS, CVS, subversion, perforce and mercurial.<\/p>\n
    If you want to access the host externally you will have to register a domain name (i.e. example.com or example.io) with one of the common domain registration service providers like HostGator, GoDaddy, NetworkSolutions or Domains.com.<\/p>\n
    Once the domain is registered the vendor will create a DNS zone file for you which you will have to edit to reference the IP address (normally eth0) of your new VPS. All of the vendors that I have used have tools that allow you to edit the DNS zone file.<\/p>\n
    You will also need a security certificate for that domain from a vendor like DigiCert to allow users to access your site using HTTPS.<\/p>\n
    If your server is public facing, then you will probably want to disable root logins (PermitRootLogin no) and change port 22 (Port 22) to something else (e.g. Port 8889) in \/etc\/ssh\/sshd_config to reduce the total intrusion attempts because root login attempts on port 22 are among the most common brute force attacks on the web.<\/p>\n
    Here is what I had to do to get MongDB running.<\/p>\n
    $ # Complete the mongodb server installation on CentOS 6.5.\r\n$ sudo yum install -y mongodb mongodb-server\r\n$ sudo service mongod start\r\n$ sudo chkconfig mongod on\r\n$ mongo\r\n> help\r\n> quit()\r\n<\/pre>\n
    If mongo fails to start:<\/p>\n
    $ sudo rm \/var\/lib\/mongodb\/mongod.lock\r\n$ sudo service mongod start\r\n<\/pre>\n
    Troubleshooting<\/h2>\n
    If you encounter trouble check the logs or post a question. The most interesting logs are in \/opt\/site\/logs and \/var\/log. I typically use a command like “find \/var\/log -cmin -5 -type f<\/code>” to find interesting logs within 5 minutes of a problem event.<\/p>\n
    T.1 Firewall block external access<\/h3>\n
    If you are having trouble accessing the site externally but not locally make sure that your firewall is open for external access if you want to allow that (in some cases that is not desirable for protected development systems).<\/p>\n
    $ sudo iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT\r\n$ sudo iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT\r\n$ sudo service iptables save\r\n$ sudo service iptables restart  # this may not be necessary\r\n<\/pre>\n
    Script Revision History<\/h2>\n
    \n\n\n\n\n
    NOTE:<\/strong><\/td>\nFixed a bug in version 1.1 of the script that caused the MongoDB setup to fail.<\/td>\n<\/tr>\n
    NOTE:<\/strong><\/td>\nFixed a bug in version 1.0 of the script that caused the gunicorn (supervisord) setup to fail. Fixed another bug where the default password was set improperly.<\/td>\n<\/tr>\n<\/thead>\n<\/table>\n<\/div>\n
    Enjoy!<\/p>\n","protected":false},"excerpt":{"rendered":"
    This blog presents a bash script that I created to automate the installation of a webserver based on django, nginx and gunicorn on a CentOS 6.5 VPS. The installation installs and configures the necessary system packages, and it installs a number of javascript tools like jquery, jquery-ui, datatables, flot, fancytree and others.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[5,16,39],"tags":[],"_links":{"self":[{"href":"https:\/\/joelinoff.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1457"}],"collection":[{"href":"https:\/\/joelinoff.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/joelinoff.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/joelinoff.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/joelinoff.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1457"}],"version-history":[{"count":46,"href":"https:\/\/joelinoff.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1457\/revisions"}],"predecessor-version":[{"id":1511,"href":"https:\/\/joelinoff.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1457\/revisions\/1511"}],"wp:attachment":[{"href":"https:\/\/joelinoff.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1457"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/joelinoff.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1457"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/joelinoff.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1457"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}