diff --git a/README.md b/README.md index 85a1b581..809274f7 100644 --- a/README.md +++ b/README.md @@ -11,8 +11,7 @@ this repository elsewhere, such as Github, are for backup purposes only.. -License -------- +# License The software included herein, such as the Python source files, are generally licensed [AGPLv3](AGPLv3)-or-later. The Javascript is a hodgepodge of @@ -23,35 +22,29 @@ The content and text (such as the HTML files) is currently [CC-BY-SA-3.0](CC-By-SA-3.0). -Server configuration --------------------- +# Server configuration -conservancy's webserver runs on a machine called aspen.sfconservancy.org, which -is a standard Debian installation. - -The following packages are installed to make Django and Apache work on a -squeeze install: - - $ aptitude install python-django apache2 sqlite3 python3-sqlite libapache2-mod-wsgi-py3 +Conservancy's webserver runs on a standard Debian installation. For +configuration requirements, see `deploy/ansible/install.yml`. -Django setup ------------- +# Django setup 0. Make sure the Python module 'djangopw', with the global variable 'djangoadmin_password' is somewhere importable in the default PYTHON_PATH. -Local development ---------- +# Local development + +Python dependencies are tied to the versions available in Debian. python3 -m pip install -r requirements.txt cd www python manage.py runserver -Deploying ---------- + +# Deploying Changes pushed to the https://k.sfconservancy.org/website repository are automatically deployed to the production website by the `conservancy-www-update` diff --git a/systemd/README.md b/systemd/README.md new file mode 100644 index 00000000..0119860d --- /dev/null +++ b/systemd/README.md @@ -0,0 +1,17 @@ +Install with: + + cp systemd/conservancy-www-*.{service,timer} /etc/systemd/system + systemctl enable conservancy-www-cleanup.service + systemctl start conservancy-www-cleanup.service + systemctl enable conservancy-www-update.timer + systemctl start conservancy-www-update.timer + +Monitor with: + + systemctl list-timers --all + journalctl --catalog --follow --unit conservancy-www-update.service + +Updates will fail unless `/var/www/website` has a git upstream, so set that with: + + git remote add upstream https://k.sfconservancy.org/website + git branch --set-upstream-to=upstream/master master diff --git a/systemd/conservancy-www-cleanup.service b/systemd/conservancy-www-cleanup.service index 8ce1e325..fe40af75 100644 --- a/systemd/conservancy-www-cleanup.service +++ b/systemd/conservancy-www-cleanup.service @@ -4,8 +4,8 @@ Before=apache2.service [Service] Type=oneshot -User=www -ExecStart=/usr/bin/python /var/www/website/www/manage.py clearsessions --verbosity 0 +User=www-data +ExecStart=/usr/bin/python3 /var/www/website/www/manage.py clearsessions --verbosity 0 SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete CapabilityBoundingSet= diff --git a/systemd/conservancy-www-update.service b/systemd/conservancy-www-update.service index a2f363b0..5ccaca84 100644 --- a/systemd/conservancy-www-update.service +++ b/systemd/conservancy-www-update.service @@ -3,7 +3,7 @@ Description=Update Conservancy website checkout [Service] Type=oneshot -User=www +User=www-data WorkingDirectory=/var/www/website ExecStart=/var/www/website/systemd/conservancy-www-update.sh diff --git a/systemd/conservancy-www-update.sh b/systemd/conservancy-www-update.sh index 1e7b18f0..da8f980b 100755 --- a/systemd/conservancy-www-update.sh +++ b/systemd/conservancy-www-update.sh @@ -30,7 +30,7 @@ fi exitcode=0 git merge --quiet --ff-only "$git_remote" "$git_refspec" -python2 -m compileall -q -x - www || exitcode=$? +python3 -m compileall -q -x - www || exitcode=$? chgrp -R www-data www || exitcode=$? chmod -R g+rX-w,o+X-w www || exitcode=$? chmod -R o+r www/conservancy/static || exitcode=$? diff --git a/www/conservancy/settings.py b/www/conservancy/settings.py index f0c2796b..a0b592df 100644 --- a/www/conservancy/settings.py +++ b/www/conservancy/settings.py @@ -28,7 +28,7 @@ FORCE_CANONICAL_HOSTNAME = False if DEBUG else 'sfconservancy.org' ALLOWED_HOSTS = [ 'www.sfconservancy.org', 'aspen.sfconservancy.org', 'sfconservancy.org', '104.130.70.210' ] if DEBUG: - ALLOWED_HOSTS.append('localhost') + ALLOWED_HOSTS = ['*'] REDIRECT_TABLE = { 'www.sf-conservancy.org': 'sfconservancy.org',