Production

Run a local instance

Note

For linux users, it is necessary to add sudo before all docker commands.

Step 1 : Open a terminal

Step 2 : Clone project

git clone https://gitlab.com/ifb-elixirfr/covid19/EMERGEN-DB.git

You may be asked for your access credentials for the EMERGEN-DB.git repository

cd EMERGEN-DB

Step 3: Run docker compose

Avertissement

Docker must always be switched on for any installation and use of EMERGEN-DB !

# Login to GitLab registry with your GitLab ID
docker login registry.gitlab.com

# Download last app image
docker-compose -f docker-compose.prod.yml pull web

# Run images
docker-compose -f docker-compose.prod.yml up -d

# Migrate models into database
docker-compose -f docker-compose.prod.yml exec web python manage.py migrate

# Load data
docker-compose -f docker-compose.prod.yml exec web python manage.py load_region
docker-compose -f docker-compose.prod.yml exec web python manage.py load_departement
docker-compose -f docker-compose.prod.yml exec web python manage.py load_description

# Create materialized view
docker-compose -f docker-compose.prod.yml exec web python manage.py generate_mat_view_dep_reg
docker-compose -f docker-compose.prod.yml exec web python manage.py generate_mat_view_team_auth_group

# Add external database intructions
docker-compose -f docker-compose.prod.yml exec web python manage.py load_gisaid_instruction

# Create super user
docker-compose -f docker-compose.prod.yml exec web python manage.py createsuperuser

# Get static file
docker-compose -f docker-compose.prod.yml exec web python manage.py collectstatic --no-input --clear

Step 4: Open your favorite web browser and play with EMERGEN-DB

EMERGEN-DB is running. You can open a web browser and use it in the following url : http://localhost:443/.

Note

Before submitting data, do not forget to add users. An example file is available with random users (static-apps/datafile/membres-emergen_test.csv) and data working with these users (static-apps/datafile/2021-04-09_IFB-bidon_semaine14_emergen_typage_v1.8.xlsx). This data does not reflect reality and is fictitious.

Step 5 : Close EMERGEN-DB

docker-compose -f docker-compose.prod.yml down

Other commands

Restart

docker-compose -f docker-compose.prod.yml up -d

Get logs

docker-compose -f docker-compose.prod.yml logs -f

Deploy and run on a server

1- Update .env.prod file

The env.prod file contains a set of environment variables that will be imported into the docker image of the web application. These variables are necessary for the proper functioning of the application but not necessarily mandatory. They have been grouped in this file so that the administrator does not have to modify the Django application settings files. The file contains the following variables associated with default values that may be modified:

How to use

  • DEBUG=0 : 0 in production mode and 1 in development mode. Error messages will be detailed in debug mode while a 500 error page will be returned in production.

Parameters that must be changed :

  • SECRET_KEY='6)2t^zp59du9$_tl8vd@5l!cw5#11a_a$qfu-^w2m#5nb*rm7d' : Security key for your application. You can use a generator like : https://djecrety.ir/

  • DJANGO_ALLOWED_HOSTS=localhost 127.0.0.1 [::1] : If you are on a server, the IP address or domain name must be entered here. Without this declaration, the application will not be accessible from a web browser. If you work on your personal computer, do not modify

The database settings (they can remain default) :

  • SQL_ENGINE=django.db.backends.postgresql

  • SQL_DATABASE=postgres_prod

  • SQL_USER=postgres

  • SQL_PASSWORD=postgres

  • SQL_HOST=db

  • SQL_PORT=5432

  • DATABASE=postgres

The LDAP settings of the server (leave unchanged if you do not have LDAP) :

  • AUTH_LDAP_SERVER_URI="ldap://ldap.example.com"

  • BASE_DN="ou=users,dc=example,dc=com"

  • AUTH_LDAP_REQUIRE_GROUP="cn=group_name,ou=projects,ou=groups,dc=ifb,dc=local"

The settings for sending mail if you have an SMTP service. If the settings are unchanged, the mails will be written in text format and stored in a :code:`/sent_emails` folder at the root of the project :

  • EMAIL_BACKEND='django.core.mail.backends.smtp.EmailBackend'

  • EMAIL_HOST='0.0.0.0'

  • EMAIL_PORT='25'

  • DEFAULT_FROM_EMAIL='email_default@mail.com'

Note

If you don’t know one of the values, you can leave the default values

2- Secure your connection

If you are working on a server, it is recommended to secure the connection. If you are not the system administrator of the server, we advise you to get in touch with him/her so that he/she can tell you the specifics of the server. Below, we propose a possible example.

2-1) Create SSL certificates

A certificat file (.crt) and a certificate key file (.key) are required to connect the server through https protocol. To generate these certificates, we advise you to contact the administrator of your server. If you use a hosting provider, the documentation is generally very detailed for this type of case. Finally, if you do not use a hosting provider, a domain name is mandatory for the generation of SSL certificates and we recommend that you use the free [let’s encrypt](https://letsencrypt.org/fr/) Certificate Authority (CA) and its [primer manual](https://letsencrypt.org/fr/getting-started/).

2-2) Copy file in nginx folder in EMERGEN-DB

After, copy the two generated file in nginx folder :

cp /etc/ssl/private/EMERGEN-DB.key nginx/
cp /etc/ssl/certs/EMERGEN-DB.crt nginx/

Now, in the nginx folder, you have 2 new files : EMERGEN-DB.key and EMERGEN-DB.crt.

2-3) Update Nginx files

1- Dockerfile (in nginx folder)

Add these lines :

COPY EMERGEN-DB.crt /etc/ssl/certs/
COPY EMERGEN-DB.key /etc/ssl/private/

You have now :

FROM nginx:1.19.0-alpine

RUN rm /etc/nginx/conf.d/default.conf
COPY nginx.conf /etc/nginx/conf.d
COPY EMERGEN-DB.crt /etc/ssl/certs/
COPY EMERGEN-DB.key /etc/ssl/private/

2- Update :code:`nginx.conf` file (in nginx folder)

Replace XXXXXXXXXXXXXXXXXXXXXXXXXXX by your server name (or a IP)

upstream EMERGEN-DB {
    server web:8000;
}

server {
    listen 80;
    listen [::]:80;
    server_name XXXXXXXXXXXXXXXXXXXXXXXXXXX ;
    return 301 https://XXXXXXXXXXXXXXXXXXXXXXXXXXX$request_uri;
}

upstream flower {
    server flower:5555;
}

server {

    listen 443 ssl ;
    listen [::]:443 ssl;

    ssl_certificate  /etc/ssl/certs/EMERGEN-DB.crt;
    ssl_certificate_key /etc/ssl/private/EMERGEN-DB.key;

    server_name XXXXXXXXXXXXXXXXXXXXXXXXXXX;

    location /flower/ {
        proxy_pass http://flower;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
    }

    location / {
        proxy_pass http://EMERGEN-DB;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_redirect off;
    }

    root   /var/www/html/example.com/;
    index index.php index.html index.htm;

    location /staticfiles/ {
        alias /home/app/web/staticfiles/;
    }

    location /flower/static/ {
        alias /home/app/web/staticfiles/flower/static/ ;
    }

}

3- Update :code:`docker-compose.prod.yml` file (in root folder)

Change nginx port

[...]
nginx:
  build: ./nginx
  volumes:
    - static_volume:/home/app/web/staticfiles
    - media_volume:/home/app/web/mediafiles
  ports:
    - 443:443
  depends_on:
    - web
[...]