*******************************************************************************
Production
*******************************************************************************

Run a local instance
===============================================================================

.. note::
   For linux users, it is necessary to add `sudo` before all `docker` commands.


Step 1 : Open a terminal
-------------------------------------------------------------------------------

- `Windows <https://youtu.be/uE9WgNr3OjM/>`_
- `Mac OSX <https://www.youtube.com/watch?v=QROX039ckO8>`_
- `Linux <https://linuxconfig.org/how-to-open-a-terminal-on-ubuntu-bionic-beaver-18-04-linux>`_

Step 2 : Clone project
-------------------------------------------------------------------------------

.. code-block:: bash

    git clone https://gitlab.com/ifb-elixirfr/covid19/EMERGEN-DB.git

You may be asked for your access credentials for the EMERGEN-DB.git repository

.. code-block:: bash

   cd EMERGEN-DB

Step 3: Run docker compose
-------------------------------------------------------------------------------

.. warning::
    Docker must always be switched on for any installation and use of EMERGEN-DB !

.. code-block:: bash

    # Login to GitLab registry with your GitLab ID
    docker login registry.gitlab.com

    # Download last app image
    docker-compose -f docker-compose.prod.yml pull web

    # Run images
    docker-compose -f docker-compose.prod.yml up -d

    # Migrate models into database
    docker-compose -f docker-compose.prod.yml exec web python manage.py migrate

    # Load data
    docker-compose -f docker-compose.prod.yml exec web python manage.py load_region
    docker-compose -f docker-compose.prod.yml exec web python manage.py load_departement
    docker-compose -f docker-compose.prod.yml exec web python manage.py load_description

    # Create materialized view
    docker-compose -f docker-compose.prod.yml exec web python manage.py generate_mat_view_dep_reg
    docker-compose -f docker-compose.prod.yml exec web python manage.py generate_mat_view_team_auth_group

    # Add external database intructions
    docker-compose -f docker-compose.prod.yml exec web python manage.py load_gisaid_instruction

    # Create super user
    docker-compose -f docker-compose.prod.yml exec web python manage.py createsuperuser

    # Get static file
    docker-compose -f docker-compose.prod.yml exec web python manage.py collectstatic --no-input --clear

Step 4: Open your favorite web browser and play with EMERGEN-DB
-------------------------------------------------------------------------------

EMERGEN-DB is running. You can open a web browser and use it in the following url : `http://localhost:443/ <http://localhost:443/>`_.

.. note::
    Before submitting data, do not forget to add users. An example file is
    available with random users (:code:`static-apps/datafile/membres-emergen_test.csv`)
    and data working with these users (:code:`static-apps/datafile/2021-04-09_IFB-bidon_semaine14_emergen_typage_v1.8.xlsx`).
    This data does not reflect reality and is fictitious.

Step 5 : Close EMERGEN-DB
-------------------------------------------------------------------------------

.. code-block:: bash

    docker-compose -f docker-compose.prod.yml down

Other commands
-------------------------------------------------------------------------------

**Restart**

.. code-block:: bash

    docker-compose -f docker-compose.prod.yml up -d

**Get logs**

.. code-block:: bash

    docker-compose -f docker-compose.prod.yml logs -f


Deploy and run on a server
===============================================================================

1- Update `.env.prod` file
-------------------------------------------------------------------------------

The :code:`env.prod` file contains a set of environment variables that will be imported
into the docker image of the web application. These variables are necessary for
the proper functioning of the application but not necessarily mandatory.
They have been grouped in this file so that the administrator does not have to
modify the Django application settings files. The file contains the following
variables associated with default values that may be modified:

*How to use*

- :code:`DEBUG=0` : 0 in production mode and 1 in development mode. Error messages will be detailed in debug mode while a 500 error page will be returned in production.

*Parameters that must be changed :*

- :code:`SECRET_KEY='6)2t^zp59du9$_tl8vd@5l!cw5#11a_a$qfu-^w2m#5nb*rm7d'` : Security key for your application. You can use a generator like : https://djecrety.ir/
- :code:`DJANGO_ALLOWED_HOSTS=localhost 127.0.0.1 [::1]` : If you are on a server, the IP address or domain name must be entered here. Without this declaration, the application will not be accessible from a web browser. If you work on your personal computer, do not modify

*The database settings (they can remain default) :*

- :code:`SQL_ENGINE=django.db.backends.postgresql`
- :code:`SQL_DATABASE=postgres_prod`
- :code:`SQL_USER=postgres`
- :code:`SQL_PASSWORD=postgres`
- :code:`SQL_HOST=db`
- :code:`SQL_PORT=5432`
- :code:`DATABASE=postgres`

*The LDAP settings of the server (leave unchanged if you do not have LDAP) :*

- :code:`AUTH_LDAP_SERVER_URI="ldap://ldap.example.com"`
- :code:`BASE_DN="ou=users,dc=example,dc=com"`
- :code:`AUTH_LDAP_REQUIRE_GROUP="cn=group_name,ou=projects,ou=groups,dc=ifb,dc=local"`

*The settings for sending mail if you have an SMTP service. If the settings are
unchanged, the mails will be written in text format and stored in a "/sent_emails"
folder at the root of the project :*

- :code:`EMAIL_BACKEND='django.core.mail.backends.smtp.EmailBackend'`
- :code:`EMAIL_HOST='0.0.0.0'`
- :code:`EMAIL_PORT='25'`
- :code:`DEFAULT_FROM_EMAIL='email_default@mail.com'`

.. note::
   If you don't know one of the values, you can leave the default values


2- Secure your connection
-------------------------------------------------------------------------------

If you are working on a server, it is recommended to secure the connection.
If you are not the system administrator of the server, we advise you to get in
touch with him/her so that he/she can tell you the specifics of the server.
Below, we propose a possible example.


2-1) Create SSL certificates
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

A certificat file (.crt) and a certificate key file (.key) are required to connect
the server through https protocol. To generate these certificates,
we advise you to contact the administrator of your server. If you use a hosting provider,
the documentation is generally very detailed for this type of case.
Finally, if you do not use a hosting provider, a domain name is mandatory for
the generation of SSL certificates and we recommend that you use the free
[let's encrypt](https://letsencrypt.org/fr/) Certificate Authority (CA) and its
[primer manual](https://letsencrypt.org/fr/getting-started/).

2-2) Copy file in `nginx` folder in EMERGEN-DB
-------------------------------------------------------------------------------

After, copy the two generated file in :code:`nginx` folder :

.. code-block:: bash

    cp /etc/ssl/private/EMERGEN-DB.key nginx/
    cp /etc/ssl/certs/EMERGEN-DB.crt nginx/

Now, in the :code:`nginx` folder, you have 2 new files : :code:`EMERGEN-DB.key` and :code:`EMERGEN-DB.crt`.

2-3) Update Nginx files
-------------------------------------------------------------------------------

**1- Dockerfile (in nginx folder)**

Add these lines :

.. code-block:: bash

    COPY EMERGEN-DB.crt /etc/ssl/certs/
    COPY EMERGEN-DB.key /etc/ssl/private/


You have now :

.. code-block:: bash

    FROM nginx:1.19.0-alpine

    RUN rm /etc/nginx/conf.d/default.conf
    COPY nginx.conf /etc/nginx/conf.d
    COPY EMERGEN-DB.crt /etc/ssl/certs/
    COPY EMERGEN-DB.key /etc/ssl/private/


**2- Update :code:`nginx.conf` file (in nginx folder)**

Replace `XXXXXXXXXXXXXXXXXXXXXXXXXXX` by your server name (or a IP)

.. code-block:: bash

    upstream EMERGEN-DB {
        server web:8000;
    }

    server {
        listen 80;
        listen [::]:80;
        server_name XXXXXXXXXXXXXXXXXXXXXXXXXXX ;
        return 301 https://XXXXXXXXXXXXXXXXXXXXXXXXXXX$request_uri;
    }

    upstream flower {
        server flower:5555;
    }

    server {

        listen 443 ssl ;
        listen [::]:443 ssl;

        ssl_certificate  /etc/ssl/certs/EMERGEN-DB.crt;
        ssl_certificate_key /etc/ssl/private/EMERGEN-DB.key;

        server_name XXXXXXXXXXXXXXXXXXXXXXXXXXX;

        location /flower/ {
            proxy_pass http://flower;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
        }

        location / {
            proxy_pass http://EMERGEN-DB;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Host $http_host;
            proxy_redirect off;
        }

        root   /var/www/html/example.com/;
        index index.php index.html index.htm;

        location /staticfiles/ {
            alias /home/app/web/staticfiles/;
        }

        location /flower/static/ {
            alias /home/app/web/staticfiles/flower/static/ ;
        }

    }

**3- Update :code:`docker-compose.prod.yml` file (in root folder)**

Change nginx port

.. code-block:: bash

  [...]
  nginx:
    build: ./nginx
    volumes:
      - static_volume:/home/app/web/staticfiles
      - media_volume:/home/app/web/mediafiles
    ports:
      - 443:443
    depends_on:
      - web
  [...]