In this guide I will go through all the steps to create a VPS, secure it and deploy a Django application. This is a summarized document from this digital ocean doc
Any commands with "$" at the beginning run on your local machine and any "#" run when logged into the server
Use this link and get $10 free. Just select the $5 plan unless this a production app.
You can choose to create SSH keys to login if you want. If not, you will get the password sent to your email to login via SSH
To generate a key on your local machine
$ ssh-keygen
Hit enter all the way through and it will create a public and private key at
~/.ssh/id_rsa
~/.ssh/id_rsa.pub
You want to copy the public key (.pub file)
$ cat ~/.ssh/id_rsa.pub
Copy the entire output and add as an SSH key for Digital Ocean
If you setup SSH keys correctly the command below will let you right in. If you did not use SSH keys, it will ask for a password. This is the one that was mailed to you
$ ssh root@YOUR_SERVER_IP
It will ask for a password, use something secure. You can just hit enter through all the fields. I used the user "djangoadmin" but you can use anything
# adduser djangoadmin
# usermod -aG sudo djangoadmin
Now we need to setup SSH keys for the new user. You will need to get them from your local machine
You need to copy the key from your local machine so either exit or open a new terminal
# exit
You can generate a different key if you want but we will use the same one so lets output it, select it and copy it
$ cat ~/.ssh/id_rsa.pub
$ ssh root@YOUR_SERVER_IP
Navigate to the new users home folder and create a file at '.ssh/authorized_keys' and paste in the key
# cd /home/djangoadmin
# mkdir .ssh
# cd .ssh
# nano authorized_keys
Paste the key and hit "ctrl-x", hit "y" to save and "enter" to exit
You should now get let in as the new user
$ ssh djangoadmin@YOUR_SERVER_IP
# sudo nano /etc/ssh/sshd_config
PermitRootLogin no
PasswordAuthentication no
# sudo systemctl reload sshd
See which apps are registered with the firewall
# sudo ufw app list
Allow OpenSSH
### sudo ufw allow OpenSSH
# sudo ufw enable
# sudo ufw status
We are now done with access and security and will move on to installing software
# sudo apt update
# sudo apt upgrade
# sudo apt install python3-pip python3-dev libpq-dev postgresql postgresql-contrib nginx curl
# sudo -u postgres psql
You should now be logged into the pg shell
CREATE DATABASE btre_prod;
CREATE USER dbadmin WITH PASSWORD 'abc123!';
ALTER ROLE dbadmin SET client_encoding TO 'utf8';
ALTER ROLE dbadmin SET default_transaction_isolation TO 'read committed';
ALTER ROLE dbadmin SET timezone TO 'UTC';
GRANT ALL PRIVILEGES ON DATABASE btre_prod TO dbadmin;
\q
You need to install the python3-venv package
# sudo apt install python3-venv
# mkdir pyapps
# cd pyapps
# python3 -m venv ./venv
# source venv/bin/activate
From your local machine, create a requirements.txt with your app dependencies. Make sure you push this to your repo
$ pip freeze > requirements.txt
Create a new repo and push to it (you guys know how to do that)
# git clone https://github.com/yourgithubname/btre_project.git
You could manually install each one as well
# pip install -r requirements.txt
Add code to your settings.py file and push to server
try:
from .local_settings import *
except ImportError:
pass
Create a file called local_settings.py on your server along side of settings.py and add the following
- SECRET_KEY
- ALLOWED_HOSTS
- DATABASES
- DEBUG
- EMAIL_*
# python manage.py makemigrations
# python manage.py migrate
# python manage.py createsuperuser
python manage.py collectstatic
# sudo ufw allow 8000
# python manage.py runserver 0.0.0.0:8000
Add some data in the admin area
Install gunicorn
# pip install gunicorn
Add to requirements.txt
# pip freeze > requirements.txt
# gunicorn --bind 0.0.0.0:8000 btre.wsgi
Your images, etc will be gone
ctrl-c
# deactivate
# sudo nano /etc/systemd/system/gunicorn.socket
[Unit]
Description=gunicorn socket
[Socket]
ListenStream=/run/gunicorn.sock
[Install]
WantedBy=sockets.target
# sudo nano /etc/systemd/system/gunicorn.service
[Unit]
Description=gunicorn daemon
Requires=gunicorn.socket
After=network.target
[Service]
User=djangoadmin
Group=www-data
WorkingDirectory=/home/djangoadmin/pyapps/btre_project
ExecStart=/home/djangoadmin/pyapps/venv/bin/gunicorn \
--access-logfile - \
--workers 3 \
--bind unix:/run/gunicorn.sock \
btre.wsgi:application
[Install]
WantedBy=multi-user.target
# sudo systemctl start gunicorn.socket
# sudo systemctl enable gunicorn.socket
# sudo systemctl status gunicorn.socket
# file /run/gunicorn.sock
# sudo nano /etc/nginx/sites-available/btre_project
server {
listen 80;
server_name YOUR_IP_ADDRESS;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/djangoadmin/pyapps/btre_project;
}
location /media/ {
root /home/djangoadmin/pyapps/btre_project;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
}
# sudo ln -s /etc/nginx/sites-available/btre_project /etc/nginx/sites-enabled
# sudo nginx -t
# sudo systemctl restart nginx
# sudo ufw delete allow 8000
# sudo ufw allow 'Nginx Full'
Open up the nginx conf file
# sudo nano /etc/nginx/nginx.conf
client_max_body_size 20M;
# sudo systemctl restart nginx
You may have some issues with images not showing up. I would suggest, deleting all data and starting fresh as well as removeing the "photos" folder in the "media folder"
# sudo rm -rf media/photos
Go to your domain registrar and create the following a record
@ A Record YOUR_IP_ADDRESS
www CNAME example.com
ALLOWED_HOSTS = ['IP_ADDRESS', 'example.com', 'www.example.com']
server {
listen: 80;
server_name xxx.xxx.xxx.xxx example.com www.example.com;
}
# sudo systemctl restart nginx
# sudo systemctl restart gunicorn
I think you should run this command python manage.py collectstatic