# Personal-site > Production [Tested on server with Hyperbola GNU + Linux-libre] ## Python dependencies - Django - Pillow - psycopg2-binary - pytz ## Production Installation - Clone **Personal-site** ```console $ git clone https://git.sr.ht/~heckyel/personal-site ``` - Run `virtualenv`. ```console $ cd personal-site && virtualenv ./venv/ ``` - Activate the virtualenv. ```console $ source ./venv/bin/activate ``` - Install dependencies through `pip`. ```console $ pip install -r django/requirements_prod.txt ``` ## Configuration Postgres - Login as postgres ```console $ sudo su - postgres ``` - Create base ```console $ createdb namebase ``` - Create User (place a password for our user) ```console $ createuser -P username ``` - Inside the database ```console $ psql -d namebase ``` - Give permissions to the created user ```console $ GRANT ALL PRIVILEGES ON DATABASE namebase TO username; ``` ## Tips of Postgres - List database ```console $ psql -l ``` - Delete database ```console $ dropdb namebase ``` ## Conecting to Postgres - Copy `settings.py.example` to `settings.py` and modify. Make sure to uncomment the appropriate database section (either sqlite or PostgreSQL). ```console $ cp -v django/personalsite/settings.py.example django/personalsite/settings.py ``` Replace sqlite configuartion to postgres, example: ```python DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql_psycopg2', 'NAME': 'namebase', 'USER': 'username', 'PASSWORD': 'pass', 'HOST': '127.0.0.1', 'PORT': '5432', } } ``` - Check syntax. ```console $ python django/manage.py check --deploy ``` - Make migrations ```console $ python django/manage.py makemigrations ``` - Migrate changes. ```console $ python django/manage.py migrate ``` - Create superUSER ```console $ python django/manage.py createsuperuser ``` ## Run with Apache server and wsgi - Install WSGI for Apache ```console $ sudo pacman -S mod_wsgi ``` - To install mod_wsgi, add the following line in `httpd.conf`, example: ```console $ sudo nano -w /etc/httpd/conf/httpd.conf ``` Added line: ```apacheconf LoadModule wsgi_module modules/mod_wsgi.so ``` - Create vhosts, for example: ```console $ sudo nano -w /etc/httpd/conf/extra/httpd-vhosts.conf ``` and inside write the configuration, example: ```apacheconf ServerAdmin example@dominio.com ServerName example.com ServerAlias example.com Alias /media /path/to/site/media/ Alias /static /path/to/site/core/static/ Require all granted Require all granted Require all granted WSGIDaemonProcess personalsite python-home=/path/to/site/venv python-path=/path/to/site WSGIProcessGroup personalsite WSGIScriptAlias / /path/to/site/wsgi.py ``` - Replace `ALLOWED_HOSTS = []` on setting.py to: ```python ALLOWED_HOSTS = ["example.com", "localhost"] ``` - Added on setting.py: ```python STATIC_ROOT = '/path/to/site/core/static' ``` - Generated files static of Admin Django (you must be inside the virtualenv). ```console $ python django/manage.py collectstatic ``` - Create the media/ directory ```console $ cd /path/to/personalsite ``` ```console $ mkdir media/ ``` - Change Permition to media/ at group http ```console $ sudo chown -R http:http media/ ``` - Restart Apache server ```console $ sudo rc-service httpd restart ``` - Done! ## Security on settings.py [SSL, HTTPS, COOKIE, etc] ```bash # security.W004 SECURE_HSTS_SECONDS = 31536000 SECURE_HSTS_INCLUDE_SUBDOMAINS = True SECURE_HSTS_PRELOAD = True # security.W006 SECURE_CONTENT_TYPE_NOSNIFF = True # security.W007 SECURE_BROWSER_XSS_FILTER = True # security.W008 SECURE_SSL_REDIRECT = True # security.W012 SESSION_COOKIE_SECURE = True # security.W016、security.W017 CSRF_COOKIE_SECURE = True CSRF_COOKIE_HTTPONLY = True # security.W019 X_FRAME_OPTIONS = 'DENY' ``` ## Validation subdomain in eepsite Uncomment in `project/urls.py` ```python from django.urls import path from . import views urlpatterns = [ path('', views.home, name="home"), path('filename', views.i2pfile, name='i2pfile') # eepsite ] ``` also `project/views.py` ```python def i2pfile(request): return render(request, 'trabajo/filename') ``` and add `project/templates/trabajo/filename`