Install¶
Resource: GIT_PROJECT: https://github.com/qbicode/blinkdms
Install-Doc-Version: 2021-01-05
OTS software¶
RDBMS Postgres¶
The application is based on data transfer with a database service on a remote database server. The underlying database model is named Blinkdms Magasin.
Database - features:
Indexing
Trigger, Constraints
Transaction (ACID)
Referential Integrity
Security
Locking
main Postgres directories/files:
[etc-config-dir] = /etc/postgresql/11/main
[PG_DATA_DIR] = /data/postgresql/main
[PG_DUMP_DIR] = /data/postgresql/dumps
Install Postgres 11:
apt-get install postgresql postgresql-contrib (118MB)
apt-get install libpq-dev (for postgres + python)
Docu see https://wiki.debian.org/PostgreSql#Installation
Manage data dir (create data dir verb+[PG_DATA_DIR]+, move original data dir to this location):
mkdir /data/postgresql/main
chown -R postgres:postgres /data/postgresql/main
mv /var/lib/postgresql/11/main /data/postgresql/
# create dump dir for export, import, backup
mkdir /data/postgresql/dumps
chown -R postgres:postgres /data/postgresql/dumps
set configs in etc-config-dir postgresql.conf :
data_directory='/data/postgresql/main'
SET standard_conforming_strings=on
set AUTHORIZATION in [etc-config-dir]/pg_hba.conf ; change ident to trust !
---
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
---
Start DB:
systemctl stop postgresql
systemctl start postgresql
OpenOffice¶
needed for conversion docx to pdf
use program lowriter in the application
# size: 480MB
apt install default-jre
# size: 390MB
apt install libreoffice-java-common
# size: 50MB
apt install --no-install-recommends libreoffice-writer
# test, if java and lowriter are installed
java -version
# output: e.g. openjdk version "11.0.9.1" 2020-11-04
lowriter --version
# output: e.g. LibreOffice 6.1.5.2 10(Build:2)
# example convert
lowriter --convert-to pdf TR_20200709_Agarosebeads.docx
Python + Modules¶
|
Check Python version
python3 --version
# expected output: Python 3.7.3
# Pip (250 MB)
apt install python3-pip
# check version
pip3 --version
# output: pip 18.1
Install Pip modules:
pip3 install jsonrpcclient jsonrpcserver requests Flask Flask-Session Flask-mail psycopg2 ldap3 python-docx
# upgrade needded for ldpa3
pip3 install --upgrade pyasn1
More details to the modules:
|
Webserver Nginx + uWSGI¶
- Install-Source: https://www.digitalocean.com/community/tutorials/
how-to-serve-flask-applications-with-uswgi-and-nginx-on-ubuntu-18-04
Source as PDF: see [WebSrvInstall]
Nginx (static)¶
The application provides static HTML pages.
Install procedure¶
apt install libssl-dev
# important PATHs:
# /var/log/daemon.log
# UFW
% apt install ufw
### NGINX ##
# see https://www.digitalocean.com/community/tutorials/
# how-to-install-nginx-on-ubuntu-18-04
% apt install nginx
# firewall: if needed TBD: ask your network admin
% ufw allow 'Nginx HTTP'
No create a file /etc/nginx/sites-available/blinkdms
Content:
If you want to set a server-name add option: server_name YOUR_LAN YOUR_HOST_NAME;
Please set your YOUR_HOST_NAME, set YOUR_LAN: e.g. blink.lan)
server {
listen 8080;
listen [::]:8080;
location / {
include uwsgi_params;
uwsgi_pass unix:/opt/blinkdms/blinkdms/app.sock;
}
}
Continue configuration
# copy config to sites-enabled
ln -s /etc/nginx/sites-available/blinkdms /etc/nginx/sites-enabled
# test config
nginx -t
Important commands for maintenance: start/stop/reload
# %systemctl stop nginx
# %systemctl start nginx
# reload config
# %systemctl reload nginx
# check NGINX
# %systemctl status nginx
uWSGI (dynamic)¶
The application provides dynamic HTML pages.
pip3 install uwsgi
create a system service file /etc/systemd/system/blinkdms.service
[Unit]
Description=uWSGI instance to serve blinkdms
After=network.target
[Service]
User=www-data
Group=www-data
WorkingDirectory=/opt/blinkdms/blinkdms
ExecStart=/usr/local/bin/uwsgi --ini app.ini
[Install]
WantedBy=multi-user.target
Continue with uwsgi starting
# create user if NOT exists
# important: the user needs a home and a shell
# for PDF convert of command lowriter !!!
# if www-data not exists ...
# useradd -m www-data
# Whats this ??? ...
# sudo passwd www-data
# IMPORTANT: nginx and uwsgi will be started later after installing the python-code ...
# useful commands
systemctl restart nginx
systemctl stop blinkdms
systemctl start blinkdms
systemctl restart blinkdms
systemctl status blinkdms
tail /var/log/daemon.log
tail /var/log/nginx/error.log
# checks the Nginx error logs.
less /var/log/nginx/error.log
# checks the Nginx access logs
less /var/log/nginx/access.log
# checks the Nginx process logs
journalctl -u nginx
# checks your Flask app's uWSGI logs.
journalctl -u blinkdms
SSL on NGINX
% sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048
-keyout /etc/ssl/private/nginx-selfsigned.key
-out /etc/ssl/certs/nginx-selfsigned.crt
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:Thuringia
Locality Name (eg, city) []:Jena
Organization Name (eg, company) [Internet Widgits Pty Ltd]:YOUR_COMPANY
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:YOUR_SERVER_NAME
Email Address []:your@email-address
# create a strong Diffie-Hellman group,
% openssl dhparam -out /etc/nginx/dhparam.pem 4096
# Creating a Configuration Snippet Pointing to the SSL Key and Certificate
% sudo nano /etc/nginx/snippets/self-signed.conf
# Creating a Configuration Snippet with Strong Encryption Settings
% nano /etc/nginx/snippets/ssl-params.conf
# mod /etc/nginx/sites-available/blinkdms
# enabled changes on NGINX
% nginx -t
# see warnings
Output
nginx: [warn] "ssl_stapling" ignored, issuer certificate not found
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# restart
% systemctl restart nginx
Multiple Webservers¶
Introdution:
Goal: run multiple instances of the application with different databases.
blinkdms_dev runs only HTTP protocol (no SSL)
Actions:
# copy /etc/nginx/sites-available/blinkdms+ to new config blinkdms_dev
# modify blinkdms_dev
% ln -s /etc/nginx/sites-available/... /etc/nginx/sites-enabled
# copy the python-code from /opt/blinkdms to /opt/blinkdms_dev
# change GROUP ownership of /opt/blinkdms_dev/blinkdms
chmod g+w blinkdms
chgrp www-data blinkdms/app.sock
chmod g+w blinkdms/app.sock
# modify /opt/blinkdms_dev/app.ini
# create new /etc/systemd/system/blinkdms_dev.service (see example below)
# modify app-config /opt/blinkdms_dev/blinkdms/conf/config.py
# reload system configs
% systemctl daemon-reload
# restart Nginx + uWSGI
% systemctl restart nginx
% systemctl restart blinkdms_dev
Example for /etc/systemd/system/blinkdms_dev.service:
[Unit]
Description=uWSGI instance to serve blinkdms_dev
After=network.target
[Service]
User=www-data
Group=www-data
WorkingDirectory=/opt/blinkdms_dev/blinkdms
ExecStart=/usr/local/bin/uwsgi --ini app.ini
[Install]
WantedBy=multi-user.target
Application developed software¶
Install system code¶
Modify permissions for /usr/bin/lowriter
chown -R www-data:www-data /var/www
Create data directories
mkdir /data/blinkdms
mkdir /data/blinkdms/docs
mkdir /data/blinkdms/work
chown -R www-data:www-data /data/blinkdms
Resource: GIT_PROJECT
copy code from [GIT_PROJECT]/blinkdms to /opt/blinkdms/blinkdms
chown -R www-data:www-data /opt/blinkdms/blinkdms
Basic Configuration¶
Resource: /opt/blinkdms/blinkdms/conf
copy config.dist.py to config.py
Edit config.py (at least the DB password):
superglobal['db'] = {
'main': {
'dbname':'dmsdb',
'host':'localhost',
'user':'blinkdms',
'password':'xxxxx',
}
}
Postgres: database schema¶
Scope: Create the magasin-database-schema
- Resources:
/opt/blinkdms/blinkdms/conf/config.py
[SQL_SRC_DIR]=/opt/blinkdms/blinkdms/install/sql
Actions:
# login as database root and create database
su -s /bin/bash postgres
createdb dmsdb
exit
# now you are root again
create user, tablespace, schema and initial data
check, if config_entry [db”][“main”] exists in /opt/blinkdms/blinkdms/conf/config.py
give a password for option –app_root_pw
python3 /opt/blinkdms/blinkdms/install/scripts/db_manage.py --create
--config_entry "main" --app_root_pw "XXX"
Just in case you have to delete this complete database schema + user: call this command line
python3 /opt/blinkdms/blinkdms/install/scripts/db_manage.py --delete --dbuser "blinkdms"
login
su - postgres
psql -d dmsdb -U blinkdms
select * from DB_USER;
More tutorials for postgres + Python: https://medium.com/@gitaumoses4/python-and-postgresql-without-orm-6e9d7fc9a38e
Python-Code¶
Prerequisites: the code is installed on /opt/blinkdms/blinkdms (see section “Install system code”)
Resource:
[PYTHON_SRC_DIR]=/opt/blinkdms/blinkdms
the Basis-pythonpath “/opt/blinkdms” is set in file “/opt/blinkdms/blinkdms/app.ini”
Code post config¶
make app.sock wriuteable for www-data
chgrp www-data /opt/blinkdms/blinkdms
chmod g+w /opt/blinkdms/blinkdms
touch /opt/blinkdms/blinkdms/app.sock
chgrp www-data /opt/blinkdms/blinkdms/app.sock
chmod g+w /opt/blinkdms/blinkdms/app.sock
Link sources for Admin:
cd /opt/blinkdms/blinkdms
ln -s /opt/blinkdms/blinkdms/ADM/templates /opt/blinkdms/blinkdms/templates/ADM
ln -s /opt/blinkdms/blinkdms/ADM/static /opt/blinkdms/blinkdms/static/ADM
Start Web server
# start nginx
systemctl restart nginx
systemctl daemon-reload
# allow start of the daemon on system start ...
systemctl enable blinkdms.service
systemctl restart blinkdms
Test a python script¶
if you want to test a python script on command line you first have to do taht:
export PYTHONPATH=/opt/blinkdms/
First login to the system¶
go to the web browser; url: x.x.x.x:8080 (depending on your nginx config)
login as root, password: the password was set during “Postgres: database schema” : variable app_root_pw
go to the Admin area
run the plugin “System Check”