@@ -34,263 +34,3 @@ To run the pre-commit, follow the instructions on how to [install pre-commit](ht
3434The pre-commit must be run before proposing a pull request, otherwise the CI/CD
3535will complain about your proposed feature.
3636
37- ## Deployment
38-
39- We deploy two websites. One for production and one for development. In both
40- cases, the process is the same, the only difference being the branch being used
41- to run the server.
42-
43- Deploying a website involves :
44-
45- - cloning the repository and setting up the virtual environment,
46- - wrapping the start/stop of the taipy server with a systemd service
47- - configuring nginx with a base setup listening on port 80 and then adding https
48- support with a SSL certificate
49-
50- ### Cloning and virtual environment
51-
52- First clone the repository :
53-
54- ```
55- cd /opt/d4g
56- git clone https://github.com/dataforgoodfr/12_taxobservatory_dataviz.git
57- cd 12_taxobservatory_dataviz
58- ```
59-
60- If you want to deploy the development website, you must checkout the ` dev `
61- branch. If you want to deploy the production website, you must checkout the
62- ` main ` branch.
63-
64- ```
65- git checkout dev # For development website
66- git checkout main # For production website
67- ```
68-
69- You can then create a local virtual environment, install poetry as well as the
70- project dependencies :
71- ```
72- . ./d4g-utils/install_poetry.sh
73- ```
74-
75- We need some extra packages for the deployment :
76-
77- ```
78- source .venv/bin/activate
79- pip install uwsgi gevent
80- ```
81-
82- ### Systemd service file for running taipy
83-
84- For easily managing the start/stop of the taipy server, we define a service
85- file. We actually define two service files ` taxplorer.uwsgi.service ` for the
86- production site and ` taxplorer-dev.uwsgi.service ` for the development website.
87-
88- ** File /etc/systemd/system/taxplorer.uwsgi.service**
89-
90- ```
91- [Unit]
92- Description=D4G Taxplorer website for CbCR visualization
93- After=syslog.target
94-
95- [Service]
96- ExecStart=/opt/d4g/12_taxobservatory_dataviz/.venv/bin/uwsgi --http 127.0.0.1:5000 --gevent 1000 --http-websockets --module app.main:web_app --logto /opt/d4g/12_taxobservatory_dataviz/taxplorer.log
97- WorkingDirectory=/opt/d4g/12_taxobservatory_dataviz/
98- Restart=always
99- KillSignal=SIGQUIT
100- Type=notify
101- StandardError=syslog
102- NotifyAccess=all
103- User=d4gtaxobs
104-
105- [Install]
106- WantedBy=multi-user.target
107- ```
108-
109- ** File /etc/systemd/system/taxplorer-dev.uwsgi.service**
110-
111- ```
112- [Unit]
113- Description=D4G Taxplorer website for CbCR visualization
114- After=syslog.target
115-
116- [Service]
117- ExecStart=/opt/d4g/12_taxobservatory_dataviz_dev/.venv/bin/uwsgi --http 127.0.0.1:5001 --gevent 1000 --http-websockets --module app.main:web_app --logto /opt/d4g/12_taxobservatory_dataviz/taxplorer.log
118- WorkingDirectory=/opt/d4g/12_taxobservatory_dataviz_dev/
119- Restart=always
120- KillSignal=SIGQUIT
121- Type=notify
122- StandardError=syslog
123- NotifyAccess=all
124- User=d4gtaxobs
125-
126- [Install]
127- WantedBy=multi-user.target
128- ```
129-
130- Once these service files are defined, we enable and start them :
131-
132- ```
133- sudo systemctl enable taxplorer.uwsgi.service
134- sudo service taxplorer.uwsgi start
135-
136- sudo systemctl enable taxplorer-dev.uwsgi.service
137- sudo service taxplorer-dev.uwsgi start
138- ```
139-
140- Now, you should have your servers up and running. To ensure this is the case,
141- you must be able to contact the machine with your browser at
142- ` http://localhost:5000 ` and ` http://localhost:5001 ` . The ` localhost ` here refers
143- to the server name. To access it from a remote machine, you can add a ssh tunnel
144- before connecting with your browser :
145-
146- ```
147- ssh -L 5000:localhost:5000 YOUR_LOGIN@THE_IP_OF_THE_MACHINE
148- ```
149-
150- If accessing the taipy server from your browser fails, you have an issue. To
151- debug the issue, you can:
152- - check the logs of the service : ` sudo service taxplorer.uwsgi status ` and in
153- the log file ` tail /opt/d4g/12_taxobservatory_dataviz/taxplorer.log `
154- - stop the service and run the ` uwsgi ` command manually :
155-
156- ```
157- # For debugging issues
158- sudo service taxplorer.uwsgi stop
159- cd /opt/d4g/12_taxobservatory_dataviz/
160- /opt/d4g/12_taxobservatory_dataviz/.venv/bin/uwsgi --http 127.0.0.1:5000 --gevent 1000 --http-websockets --module app.main:web_app --logto /opt/d4g/12_taxobservatory_dataviz/taxplorer.log
161-
162- ```
163-
164- And pay particular attention to python errors.
165-
166- ### Nginx setup
167-
168- #### Basic configuration with http support
169-
170- For nginx, you can remove the default website :
171-
172- ```
173- cd /etc/nginx/sites-enabled
174- sudo rm -rf default
175- ```
176-
177- Then add your website definition. The basic definition is almost the same
178- whether you deploy the production or development website. In the template file
179- below, you must replace the two variables ` MY_SERVER_NAME ` and ` MY_PORT ` as :
180-
181- - ` MY_SERVER_NAME ` with ` www.taxplorer.eu ` and ` MY_PORT ` with ` 5000 ` for the
182- production website,
183- - ` MY_SERVER_NAME ` with ` dev.taxplorer.eu ` and ` MY_PORT ` with ` 5001 ` for the
184- development website,
185-
186- If you want to define both the production and development website, you can just
187- consecutively define both.
188-
189- ** File /etc/nginx/sites-enabled/d4g-dataviz** :
190- ```
191- server {
192- listen 80;
193- server_name MY_SERVER_NAME;
194- add_header 'X-Frame-Options' 'SAMEORIGIN';
195- add_header 'X-XSS-Protection' '1; mode=block';
196- add_header 'X-Content-Type-Options' 'nosniff';
197- add_header 'Referrer-Policy' 'same-origin';
198- add_header 'Strict-Transport-Security' 'max-age=63072000';
199- ssl_certificate /etc/letsencrypt/live/www.taxplorer.eu/fullchain.pem;
200- ssl_certificate_key /etc/letsencrypt/live/www.taxplorer.eu/privkey.pem;
201- location / {
202- proxy_pass http://127.0.0.1:MY_PORT;
203- #proxy_redirect off;
204- #keepalive_requests 100;
205- #proxy_read_timeout 75s;
206- #proxy_connect_timeout 75s;
207- #proxy_http_version 1.1;
208- #client_max_body_size 100M;
209- #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
210- #proxy_set_header X-Forwarded-Proto $scheme;
211- #proxy_set_header X-Real-IP $remote_addr;
212- proxy_set_header Host $http_host;
213- proxy_set_header Upgrade $http_upgrade;
214- proxy_set_header Connection 'upgrade';
215- }
216- }
217- ```
218-
219- You can test the definition with :
220-
221- ```
222- sudo nginx -t
223- ```
224-
225- If there is no error, you can enable and start/restart the nginx service :
226-
227- ```
228- sudo systemctl enable nginx
229- sudo service nginx restart
230- ```
231-
232- You should now be able to navigate to ` www.taxplorer.eu ` . If you do not have yet
233- a binding between the domain name ` www.taxplorer.eu ` and the IP of the server
234- hosting the website, you can anyway test the connection by getting the IP of
235- the server with ` ip addr ` and then going to ` http://IP_OF_THE_SERVER ` .
236-
237- ### Adding the SSL support for https
238-
239- For adding the SSL support for secured connection, we will use [ certbot] ( https://certbot.eff.org/ ) . For example, on a debian + nginx configuration, the steps to follow are :
240-
241- ```
242- sudo apt update && sudo apt install -y snapd
243- sudo snap install --classic certbot
244- sudo ln -s /snap/bin/certbot /usr/bin/certbot
245- sudo certbot --nginx
246- ```
247-
248- From there, you will have to select the website for which you want to get and
249- install a SSL certificate. Certbot will also modify your
250- ` /etc/nginx/sites-enabled/d4g-dataviz ` file to 1) redirect any connection to
251- port ` 80 ` to port ` 443 ` and adds the definition for using the certificate. For
252- example, below is the definition for the development website :
253-
254- ```
255- server {
256- server_name dev.taxplorer.eu;
257-
258- # SECURITY HEADERS
259- add_header 'X-Frame-Options' 'SAMEORIGIN';
260- add_header 'X-XSS-Protection' '1; mode=block';
261- add_header 'X-Content-Type-Options' 'nosniff';
262- add_header 'Referrer-Policy' 'same-origin';
263- add_header 'Strict-Transport-Security' 'max-age=63072000';
264-
265- location / {
266- proxy_pass http://localhost:5001;
267- proxy_set_header Upgrade $http_upgrade;
268- proxy_set_header Connection 'upgrade';
269- proxy_set_header Host $http_host;
270- proxy_set_header X-Forwarded-Host $http_host;
271- }
272-
273-
274- listen 443 ssl; # managed by Certbot
275- ssl_certificate /etc/letsencrypt/live/dev.taxplorer.eu/fullchain.pem; # managed by Certbot
276- ssl_certificate_key /etc/letsencrypt/live/dev.taxplorer.eu/privkey.pem; # managed by Certbot
277- include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
278- ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
279-
280- }
281-
282- server {
283- if ($host = dev.taxplorer.eu) {
284- return 301 https://$host$request_uri;
285- } # managed by Certbot
286-
287- server_name dev.taxplorer.eu;
288- listen 80;
289- return 404; # managed by Certbot
290- }
291-
292- ```
293-
294-
295-
296-
0 commit comments