Deploying to Production

As of this writing, Malasakit is deployed on a production server that uses Apache. The following tasks should be completed in order the first time Malasakit is deployed:

0. Create a virtual env venv and run pip install -r requirements.txt. Also make sure you have npm installed.
1. Set the MySQL password as an environment variable mysql_pass in Apache's envvars and as an environment variable in your server. Access the variable in settings.py as os.environ.get('mysql_pass').
2. Set a SECRET_KEY in cafe/settings.py. You can generate a new secret key by creating a new temporary Django app and copying over the secret key from its settings.js.
3. Initialize the pcari database in MySQL. This can be done with make createproddb. The pcari database can be deleted with make deleteproddb. Once the database exists, use ./manage.py migrate --run-syncdb to initialize empty tables. See the instructions below for importing data from SQLite.
4. Create any superuser accounts needed for accessing the admin panel. This can be done either from the admin panel by another superuser, or from the command line by using the createsuperuser command of manage.py.
5. Fill out all message files with translations. Message files can be prepared with make preparetrans from the repository top level.
6. Create an config file on your HTTP server to direct requests to your app. Malasakit was originally deployed using Apache; here is an example config, assuming that the app is hosted on a parent domain (e.g. www.parent-domain.com/malasakit):

     WSGIDaemonProcess malasakit python-home=path/to/your/venv python-path=/path/to/project/root:/path/to/venv/lib/python2.7/site-packages
     Alias /malasakit/static /path/to/static/directory
     WSGIScriptAlias /malasakit /path/to/wsgi.py
     <Location /malasakit>
         WSGIProcessGroup malasakit
     </Location>

7. Configure the site to serve HTTPS only, and redirect all HTTP requests as HTTPS. This is not only good security practice, but is needed for browsers to trust service workers so that Malasakit can run offline. LetsEncrypt is a good place to start for obtaining an HTTPS certificate, and certbot makes configuration relatively painless.
8. Identify a static root, the filesystem path where all static files are stored. The static root is controlled by the STATIC_ROOT setting in cafe/settings.py. If you are serving Malasakit alongside other web applications, you may want to pool their static files together. By default, the static root is cafe/static.

Every time Malasakit is run, the following steps should be followed:

• Update the source tree (if the project is a git repository, you can use git pull origin master). Fix any merge conflicts.
• Run make deploy from the project top level. This accomplishes several tasks:
  • Disables debug mode by setting DEBUG = False in cafe/settings.py.
    • Disables Django's static resource server, which is not robust enough for use in production (serve static resources through Apache itself by mapping the STATIC_URL to the STATIC_ROOT, and disable directory traversal).
    • Disables debug pages, which are served when an error is thrown. Debug pages in production are a security vulnerability because of the wealth of system information they provide.
    • Enables HTML minification.
    • Switches over to MySQL from SQLite.
    • Only allows opinion.berkeley.edu as an authorized host (the ALLOWED_HOSTS setting).
  • Minifies static assets as needed (for instance, running lessc over LESS files).
  • Collects static files in STATIC_ROOT.
  • Compiles translations for use in production.
• Set APP_URL_ROOT in pcari/static/js/client.js and URL_ROOT in cafe/settings.py to the base URL path the application is served from.

Importing Data from SQLite

To import data from SQLite, temporarily set DEBUG = True (to use SQLite instead of MySQL), place db.sqlite3 into malasakit-django, then run

$ ./manage.py migrate
$ ./manage.py dumpdata --natural-primary --natural-foreign > data.json

Next, assuming you have an empty MySQL database pcari, switch off debug with DEBUG = False (to use MySQL), then run

$ ./manage.py loaddata data.json