From 9121e148a86a88d98b7b23fe4be1bd0d07663099 Mon Sep 17 00:00:00 2001 From: Nathan Swain Date: Thu, 10 Oct 2024 15:53:55 -0600 Subject: [PATCH] Update Manual Production Installation for 4.3 (#1094) * Remove cloud option from production docs. * Fix error with figures * Update system dependencies for Ubuntu 24.04 and CentOS Stream 9. * Remove unecessary pg_hba.conf changes. * Add instructions for setting the TETHYS_HOME env var * Update postgres installation for Rocky Linux August -> September * Update PostGIS for Rocky Linux * Update other system dependencies for Rocky Linux * Add alternative instructions for installing apache2 * Add django version to installation code blocks * Add git lfs install instructions to docs readme * Add django as dependency in example environment.yml * Config review * Quick start not use micro-tethys-platform * update apache config template and docs * remove todo --------- Co-authored-by: sdc50 --- docs/README.md | 4 + docs/index.rst | 6 +- docs/installation.rst | 8 +- docs/installation/conda.rst | 13 +- docs/installation/developer_installation.rst | 2 +- docs/installation/production.rst | 22 +- docs/installation/production/cloud.rst | 22 -- docs/installation/production/cloud/azure.rst | 25 -- .../production/cloud/azure/apps.rst | 19 -- .../production/cloud/azure/apps/app_store.rst | 137 -------- .../production/cloud/azure/apps/manual.rst | 76 ----- .../production/cloud/azure/configure.rst | 25 -- .../cloud/azure/configure/change_secrets.rst | 108 ------- .../cloud/azure/configure/customize.rst | 26 -- .../cloud/azure/configure/docker.rst | 290 ----------------- .../cloud/azure/configure/domain_name.rst | 96 ------ .../azure/configure/forgotten_password.rst | 11 - .../cloud/azure/configure/https.rst | 43 --- .../cloud/azure/configure/storage.rst | 301 ------------------ .../production/cloud/azure/cost.rst | 75 ----- .../production/cloud/azure/create.rst | 194 ----------- .../cloud/azure/images/apps--app-store.png | 3 - .../azure/images/apps--root-pass-setting.png | 3 - .../images/configure--additional-storage.png | 3 - .../azure/images/configure--custom-theme.png | 3 - .../azure/images/configure--delete-admin.png | 3 - .../images/configure--generic-domain-name.png | 3 - .../azure/images/configure--https-secure.png | 3 - .../cloud/azure/images/configure--https.png | 3 - .../images/connect--ssh-instructions.png | 3 - .../images/connect--tethys-home-contents.png | 3 - .../cloud/azure/images/cost--add-vm.png | 3 - .../azure/images/cost--configure-options.png | 3 - .../cloud/azure/images/cost--export.png | 3 - .../azure/images/cost--pricing-calculator.png | 3 - .../azure/images/create--azure-portal.png | 3 - .../azure/images/create--copy-public-ip.png | 3 - .../azure/images/create--create-resource.png | 3 - .../images/create--create-virtual-machine.png | 3 - .../azure/images/create--create-vm-basics.png | 3 - .../azure/images/create--deploy-progress.png | 3 - .../azure/images/create--search-tethys.png | 3 - .../azure/images/create--tethys-portal.png | 3 - .../create--virtual-machine-overview.png | 3 - .../production/cloud/azure/orientation.rst | 296 ----------------- .../cloud/azure/troubleshooting.rst | 31 -- docs/installation/production/manual.rst | 2 +- .../production/manual/additional/backup.rst | 2 +- .../manual/additional/troubleshooting.rst | 4 +- .../production/manual/configuration.rst | 3 +- .../configuration/advanced/email_config.rst | 4 +- .../configuration/advanced/https_config.rst | 2 +- .../configuration/advanced/social_auth.rst | 2 +- .../manual/configuration/basic/apache.rst | 99 ++++++ .../configuration/basic/file_permissions.rst | 17 +- .../manual/configuration/basic/firewall.rst | 59 +++- .../manual/configuration/basic/nginx.rst | 9 +- .../configuration/basic/portal_config.rst | 41 ++- .../basic/static_and_workspaces.rst | 39 ++- .../manual/configuration/basic/supervisor.rst | 16 +- .../production/manual/installation.rst | 11 +- .../production/manual/overview.rst | 20 +- .../production/manual/preparation.rst | 4 +- .../production/manual/system_dependencies.rst | 151 ++++++--- .../part_1/dataset_controls_js.rst | 1 - .../google_earth_engine/part_1/map_view.rst | 1 - tethys_cli/gen_templates/apache | 5 + 67 files changed, 410 insertions(+), 1981 deletions(-) delete mode 100644 docs/installation/production/cloud.rst delete mode 100644 docs/installation/production/cloud/azure.rst delete mode 100644 docs/installation/production/cloud/azure/apps.rst delete mode 100644 docs/installation/production/cloud/azure/apps/app_store.rst delete mode 100644 docs/installation/production/cloud/azure/apps/manual.rst delete mode 100644 docs/installation/production/cloud/azure/configure.rst delete mode 100644 docs/installation/production/cloud/azure/configure/change_secrets.rst delete mode 100644 docs/installation/production/cloud/azure/configure/customize.rst delete mode 100644 docs/installation/production/cloud/azure/configure/docker.rst delete mode 100644 docs/installation/production/cloud/azure/configure/domain_name.rst delete mode 100644 docs/installation/production/cloud/azure/configure/forgotten_password.rst delete mode 100644 docs/installation/production/cloud/azure/configure/https.rst delete mode 100644 docs/installation/production/cloud/azure/configure/storage.rst delete mode 100644 docs/installation/production/cloud/azure/cost.rst delete mode 100644 docs/installation/production/cloud/azure/create.rst delete mode 100644 docs/installation/production/cloud/azure/images/apps--app-store.png delete mode 100644 docs/installation/production/cloud/azure/images/apps--root-pass-setting.png delete mode 100644 docs/installation/production/cloud/azure/images/configure--additional-storage.png delete mode 100644 docs/installation/production/cloud/azure/images/configure--custom-theme.png delete mode 100644 docs/installation/production/cloud/azure/images/configure--delete-admin.png delete mode 100644 docs/installation/production/cloud/azure/images/configure--generic-domain-name.png delete mode 100644 docs/installation/production/cloud/azure/images/configure--https-secure.png delete mode 100644 docs/installation/production/cloud/azure/images/configure--https.png delete mode 100644 docs/installation/production/cloud/azure/images/connect--ssh-instructions.png delete mode 100644 docs/installation/production/cloud/azure/images/connect--tethys-home-contents.png delete mode 100644 docs/installation/production/cloud/azure/images/cost--add-vm.png delete mode 100644 docs/installation/production/cloud/azure/images/cost--configure-options.png delete mode 100644 docs/installation/production/cloud/azure/images/cost--export.png delete mode 100644 docs/installation/production/cloud/azure/images/cost--pricing-calculator.png delete mode 100644 docs/installation/production/cloud/azure/images/create--azure-portal.png delete mode 100644 docs/installation/production/cloud/azure/images/create--copy-public-ip.png delete mode 100644 docs/installation/production/cloud/azure/images/create--create-resource.png delete mode 100644 docs/installation/production/cloud/azure/images/create--create-virtual-machine.png delete mode 100644 docs/installation/production/cloud/azure/images/create--create-vm-basics.png delete mode 100644 docs/installation/production/cloud/azure/images/create--deploy-progress.png delete mode 100644 docs/installation/production/cloud/azure/images/create--search-tethys.png delete mode 100644 docs/installation/production/cloud/azure/images/create--tethys-portal.png delete mode 100644 docs/installation/production/cloud/azure/images/create--virtual-machine-overview.png delete mode 100644 docs/installation/production/cloud/azure/orientation.rst delete mode 100644 docs/installation/production/cloud/azure/troubleshooting.rst create mode 100644 docs/installation/production/manual/configuration/basic/apache.rst diff --git a/docs/README.md b/docs/README.md index d2d2dfb32..2a0b48e9a 100644 --- a/docs/README.md +++ b/docs/README.md @@ -16,6 +16,10 @@ conda env create -f docs_environment.yml Use Git LFS to download the images: ``` +# Install git-lfs (see: https://git-lfs.com/) +apt install git-lfs + +# In the Tethys repository git lfs install git lfs pull ``` diff --git a/docs/index.rst b/docs/index.rst index 04d0aea6b..2e39d9d72 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -21,9 +21,13 @@ The quickest way to get started with Tethys Platform is via ``conda`` (`Minicond .. code-block:: bash - conda create -n tethys -c conda-forge micro-tethys-platform + conda create -n tethys -c conda-forge tethys-platform conda activate tethys tethys quickstart + +.. tip:: + + For more details on the installation process see :ref:`development_installation`. Your browser will automatically open to http://127.0.0.1:8000/. diff --git a/docs/installation.rst b/docs/installation.rst index d5df7e0c4..374219240 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -33,7 +33,13 @@ a. To install ``tethys-platform`` into a new conda environment then run the foll .. code-block:: bash - conda create -n tethys -c conda-forge tethys-platform + conda create -n tethys -c conda-forge tethys-platform django= + +.. important:: + + **Django Version** + + As of Tethys 3.4 and above, the version of Django is no longer pinned in the ``tethys-platform`` package. You will need to specify the version of Django that you want to use when creating the environment. This is especially important for production installations, as only the LTS versions of Django recieve bug and security fixes. For development installations, we recommend using the same version of Django that you plan to use in production. For production installations, we recommend using the current LTS version of Django (see: `How to get Django - Supported Versions `_. Failing to provide the Django version will result in installing the latest version of Django which may not be the LTS version. .. tip:: diff --git a/docs/installation/conda.rst b/docs/installation/conda.rst index 73c218a32..237b13147 100644 --- a/docs/installation/conda.rst +++ b/docs/installation/conda.rst @@ -4,7 +4,7 @@ Conda and Tethys Platform ************************* -**Last Updated:** May 2023 +**Last Updated:** September 2024 This guide provides tips for using `Conda `_ effectively in your Tethys environment. @@ -59,13 +59,20 @@ To install Tethys Platform using the ``libmamba`` solver, run the command with t .. code-block:: bash - conda create --solver libmamba -n tethys -c tethysplatform -c conda-forge tethys-platform + conda create --solver libmamba -n tethys -c tethysplatform -c conda-forge tethys-platform django= Alternatively, if you set ``libmamba`` to be the default solver in step 2, run the install command as usual and ``libmamba`` will be used automatically: .. code-block:: bash - conda create -n tethys -c tethysplatform -c conda-forge tethys-platform + conda create -n tethys -c tethysplatform -c conda-forge tethys-platform django= + + +.. important:: + + **Django Version** + + As of Tethys 3.4 and above, the version of Django is no longer pinned in the ``tethys-platform`` package. You will need to specify the version of Django that you want to use when creating the environment. This is especially important for production installations, as only the LTS versions of Django recieve bug and security fixes. For development installations, we recommend using the same version of Django that you plan to use in production. For production installations, we recommend using the current LTS version of Django (see: `How to get Django - Supported Versions `_. Failing to provide the Django version will result in installing the latest version of Django which may not be the LTS version. Install Packages ---------------- diff --git a/docs/installation/developer_installation.rst b/docs/installation/developer_installation.rst index 24f77bef3..d30205c1f 100644 --- a/docs/installation/developer_installation.rst +++ b/docs/installation/developer_installation.rst @@ -24,7 +24,7 @@ For systems with `wget` (most Linux distributions): wget :install_tethys:`sh` bash install_tethys.sh -b |branch| -For Systems with `curl` (e.g. Mac OSX and CentOS): +For Systems with `curl` (e.g. Mac OSX and Rocky Linux): .. parsed-literal:: diff --git a/docs/installation/production.rst b/docs/installation/production.rst index 5b022ce96..13ca21150 100644 --- a/docs/installation/production.rst +++ b/docs/installation/production.rst @@ -4,7 +4,7 @@ Production Installation Guide ***************************** -**Last Updated:** November 2021 +**Last Updated:** September 2024 A **production installation**, sometimes called **deployment**, is an installation of Tethys Platform that is configured to for being hosted on a live server. This guide provides an explanation of the difference between Production and Development installations and provides several methods for installing Tethys Platform in production. @@ -13,14 +13,14 @@ Production vs. Development Here are the primary differences between the :ref:`development installation ` you have been using to develop your apps and a production installation: -* **Production Grade Servers**: The development server (``tethys manage start``) is not efficient nor capable of handling the traffic a production website receives, so a combination of the `NGINX `_ and `Daphne `_ servers are used for production installations. +* **Production Grade Servers**: The development server (``tethys manage start``) is not efficient nor capable of handling the traffic a production website receives. A combination of the either the `NGINX `_ or `Apache `_ web server and `Daphne `_ ASGI server are used for production installations. * **Database Engine**: The default database engine used in development is SQLite. SQLite may not be a good fit for use in your production site (see `Appropriate Uses For SQLite `_). Consider using an alternative database backend such as PostgreSQL. * **Changes Are Not Automatically Loaded**: When changes are made to a production installation, such as installing new apps or changing settings, the Daphne server must be restarted manually to load them. It does not restart automatically like the development server. * **Debug Disabled**: `Debug `_ mode is turned off to prevent sensitive information from being leaked through the detailed error messages produced by debug mode. * **Secure Credentials**: The internet is a hostile place, so secure passwords and unique usernames are used for all admin and database accounts, instead of the default usernames and passwords used for development. -* **Static Files Collected**: The files in the :file:`public` and :file:`static` directories of apps are collected to one location to be served more efficiently by NGINX. +* **Static Files Collected**: The files in the :file:`public` and :file:`static` directories of apps are collected to one location to be served more efficiently by NGINX or Apache. * **Workspaces Collected**: The files in the app workspaces are collected to one location so they can be more easily backed up. -* **Permissions**: NGINX must be given permission to access the static files and workspaces to be able to serve them. +* **Permissions**: NGINX or Apache must be given permission to access the static files and workspaces to be able to serve them. Production Installation Methods =============================== @@ -40,20 +40,6 @@ If you have not performed a manual installation before, we recommend going throu production/manual -Cloud Virtual Machine Images ----------------------------- - -This method involves creating a new virtual machine on a commercial cloud service using a virtual machine image that has Tethys Platform installed already and configured for production use. The advantage of this approach is that you can get a running Tethys Platform production installation up and running in only a few minutes. There are a few configuration steps that need to be performed after installation such as changing the default passwords, but other than that it is ready for installing your apps. They primary disadvantage is that the VM images are not produced for every version of Tethys Platform, so you will need to update Tethys to get the latest version. - -We currently have images for the following commercial cloud providers: - -* :ref:`Microsoft Azure ` - -.. toctree:: - :maxdepth: 1 - - production/cloud - Docker Deployment ----------------- diff --git a/docs/installation/production/cloud.rst b/docs/installation/production/cloud.rst deleted file mode 100644 index e3bc9bde5..000000000 --- a/docs/installation/production/cloud.rst +++ /dev/null @@ -1,22 +0,0 @@ -.. _cloud_vm_installation: - -**************************** -Cloud Virtual Machine Images -**************************** - -**Last Updated:** November 2021 - -.. toctree:: - :maxdepth: 2 - - cloud/azure - -Additional Resources --------------------- - -* `Tethys Platform Microsoft Azure Deployment Presentation `_ - -Attribution ------------ - -Funding for the update of this guide was provided by National Aeronautics and Space Administration (NASA) through SERVIR 80NSSC20K0157. SERVIR is a joint program led by the US Agency for International Development (USAID) and NASA. diff --git a/docs/installation/production/cloud/azure.rst b/docs/installation/production/cloud/azure.rst deleted file mode 100644 index baa2c9998..000000000 --- a/docs/installation/production/cloud/azure.rst +++ /dev/null @@ -1,25 +0,0 @@ -.. _azure_vm_overview: - -************************ -Microsoft Azure VM Image -************************ - -**Last Updated:** November 2021 - -`Microsoft Azure `_ is a commercial cloud service that provides the full spectrum of cloud computing services, including web hosting services. A virtual machine image was created for Azure that has Tethys Platform installed. Using this image, you can create a virtual machine running Tethys Platform on Azure in a matter of minutes. The Tethys Platform image is free to use, but you will need to pay for the virtual machine services. - -.. figure:: azure/images/create--virtual-machine-overview.png - :width: 800px - :align: left - -The following tutorials will guide you through the process of creating and maintaining a Tethys virtual machine on Azure: - -.. toctree:: - :maxdepth: 1 - - azure/create - azure/orientation - azure/configure - azure/apps - azure/cost - azure/troubleshooting \ No newline at end of file diff --git a/docs/installation/production/cloud/azure/apps.rst b/docs/installation/production/cloud/azure/apps.rst deleted file mode 100644 index 5c7172e81..000000000 --- a/docs/installation/production/cloud/azure/apps.rst +++ /dev/null @@ -1,19 +0,0 @@ -.. _azure_vm_apps: - -************************ -Install Apps on Azure VM -************************ - -**Last Updated:** November 2021 - -There are two ways to install apps in the Azure VM: manual installation and using the Tethys App Store. - -.. toctree:: - :maxdepth: 2 - - apps/manual - -.. toctree:: - :maxdepth: 2 - - apps/app_store diff --git a/docs/installation/production/cloud/azure/apps/app_store.rst b/docs/installation/production/cloud/azure/apps/app_store.rst deleted file mode 100644 index 3e7396563..000000000 --- a/docs/installation/production/cloud/azure/apps/app_store.rst +++ /dev/null @@ -1,137 +0,0 @@ -.. _azure_vm_apps_app_store: - -************************ -Install Tethys App Store -************************ - -**Last Updated:** November 2021 - -The Tethys App Store is a Tethys app that can be used to publish and install Tethys apps. It can install Tethys apps from its catalog of published apps or directly from GitHub repositories. To learn more about the Tethys App Store, see `Community Apps | Tethys Platform `_. This section will describe how to install and use the Tethys App Store on the Tethys Platform Azure VM. - -.. figure:: ../images/apps--app-store.png - :width: 800px - :alt: Screenshot of the Tethys App Store - - **Figure 1.** Screenshot of the Tethys App Store. - -1. Login as Tethys User -======================= - -Remember, to use the ``tethys`` command, you'll need to login as the ``tethys`` user: - -.. code-block:: - - sudo su - tethys - -2. Activate the Tethys Conda Environment -======================================== - -.. code-block:: - - conda activate tethys - -3. Change into the Tethys Home Directory -======================================== - -.. code-block:: - - cd $TETHYS_HOME - -4. Install Tethys App Store -=========================== - -Complete the instructions in the **Install using Miniconda** section of `Installation | Tethys App Store `_. - -5. Collect Static Files and Workspaces -====================================== - -It is not necessary to change permissions to collect static files or workspaces in the Azure VM image if you are logged in as the ``tethys`` user. Simply run the following command after installing the app: - -.. code-block:: - - tethys manage collectall - -6. Restart the Tethys Service -============================= - -Restart the Tethys service for the new app to be loaded: - -.. code-block:: - - sudo systemctl restart tethys.service - -7. Enable WebSocket Support -=========================== - -Modify the :file:`tethys_nginx.conf` as follows to enable web socket support: - -1. Open the :file:`$TETHYS_HOME/config/tethys_nginx.conf` with your favorite text editor. -2. Add the following lines to the top of the file, above the ``upstream`` section: - - .. code-block:: - - # top-level http config for websocket headers - # If Upgrade is defined, Connection = upgrade - # If Upgrade is empty, Connection = close - map $http_upgrade $connection_upgrade { - default upgrade; - '' close; - } - -3. Change the following line: - - from: - - .. code-block:: - - proxy_set_header Connection "upgrade"; - - to: - - .. code-block:: - - proxy_set_header Connection $connection_upgrade; - -8. Restart the NGINX Service -============================ - -Restart NGINX to enable changes made to :file:`tethys_nginx.conf`. - -.. code-block:: - - sudo systemctl restart nginx - -9. Add Password to Root User -============================ - -Run the following command to create a password for the root user. Use a password generator like `xkpasswd `_ or similar to create strong and unique password. - -.. code-block:: - - sudo -i passwd - -10. Login to Tethys Portal with a Portal Admin Account -====================================================== - -Navigate to the Tethys Portal (see :ref:`View the Tethys Portal `) and login with the Portal Admin account. - -11. Navigate to Tethys App Store Settings -========================================= - -Launch the Tethys App Store app and press the **Settings** button (gear icon) in the top right-hand corner of the page. - -12. Set ``sudo_server_pass`` Setting -==================================== - -Set the value of the ``sudo_server_pass`` setting to the root password you set in step 9. Press the **Save** button to save the settings. - -.. figure:: ../images/apps--root-pass-setting.png - :width: 800px - :alt: Screenshot of the Tethys App Store Settings. - - **Figure 2.** Screenshot of the Tethys App Store Settings. - -13. Install Apps -================ - -To use the Tethys App Store app to install an app, simply search for the app and press the **Install** button next to it. To submit an app to the Tethys App Store catalog follow these instructions: `Application Submission | Tethys App Store `_. \ No newline at end of file diff --git a/docs/installation/production/cloud/azure/apps/manual.rst b/docs/installation/production/cloud/azure/apps/manual.rst deleted file mode 100644 index 8c373792f..000000000 --- a/docs/installation/production/cloud/azure/apps/manual.rst +++ /dev/null @@ -1,76 +0,0 @@ -.. _azure_vm_apps_manual: - -********************* -Install Apps Manually -********************* - -**Last Updated:** November 2021 - -Installing apps manually on an Azure VM is a similar process as described in :ref:`installing_apps_production` of the :ref:`manual_production_installation` guide, but there are some differences. Use the following steps to install apps on an Azure VM: - -1. Login as Tethys User -======================= - -Remember, to use the ``tethys`` command, you'll need to login as the ``tethys`` user: - -.. code-block:: - - sudo su - tethys - -2. Activate the Tethys Conda Environment -======================================== - -.. code-block:: - - conda activate tethys - -3. Change into the Apps Directory -================================= - -A directory for app source code has already been created at :file:`$TETHYS_HOME/apps`. - -.. code-block:: - - cd $TETHYS_HOME/apps - -4. Download App Source Code -=========================== - -Clone the app source code as suggested in the :ref:`installing_apps_production_app_source` section of :ref:`installing_apps_production`, using :file:`$TETHYS_HOME/apps` as the ``APP_SOURCES_ROOT``. - -5. Install App -============== - -Install the app as suggested in the :ref:`installing_apps_production_install_app` section of :ref:`installing_apps_production`, using :file:`$TETHYS_HOME/apps` as the ``APP_SOURCES_ROOT``. - -6. Collect Static Files and Workspaces -====================================== - -It is not necessary to change permissions to collect static files or workspaces in the Azure VM image if you are logged in as the ``tethys`` user. Simply run the following command after installing the app: - -.. code-block:: - - tethys manage collectall - -7. Restart the Tethys Service -============================= - -Restart the Tethys service for the new app to be loaded: - -.. code-block:: - - sudo systemctl restart tethys.service - -8. Configure App Settings -========================= - -Configure app settings in the Tethys Portal admin pages if required (see: :ref:`Admin Pages > Tethys Apps `). - -9. Initialize Persistent Stores -=============================== - -If your app requires a database via the persistent stores API, you will need to initialize it: - - .. code-block:: bash - - tethys syncstores all \ No newline at end of file diff --git a/docs/installation/production/cloud/azure/configure.rst b/docs/installation/production/cloud/azure/configure.rst deleted file mode 100644 index 5a5282940..000000000 --- a/docs/installation/production/cloud/azure/configure.rst +++ /dev/null @@ -1,25 +0,0 @@ -.. _azure_vm_config: - -****************** -Configure Azure VM -****************** - -**Last Updated:** November 2021 - -After provisioning the Azure virtual machine (VM), there are several configuration steps you should perform. As a minimum you should complete the `Change Secrets and Passwords `_ tutorial. Complete the other tutorials as needed. - -.. toctree:: - :maxdepth: 1 - - configure/change_secrets - configure/customize - configure/domain_name - configure/https - configure/forgotten_password - configure/docker - configure/storage - -What's Next? -============ - -Now that the server is configured, it's time to install apps! \ No newline at end of file diff --git a/docs/installation/production/cloud/azure/configure/change_secrets.rst b/docs/installation/production/cloud/azure/configure/change_secrets.rst deleted file mode 100644 index d4c5888bc..000000000 --- a/docs/installation/production/cloud/azure/configure/change_secrets.rst +++ /dev/null @@ -1,108 +0,0 @@ -.. _azure_vm_config_change_secrets: - -*************************************** -Change Secrets and Passwords (Required) -*************************************** - -**Last Updated:** November 2021 - -The default secret key and passwords should be changed to secure the VM immediately after provisioning it. - -Change Secret Key -================= - -The :file:`portal_config.yml` has been configured with a default ``SECRET_KEY`` that should be changed. Use a tool like `RandomKeygen `_ to generate a new key (e.g.: CodeIgniter Encryption Key or 256-bit WEP Key). Update the ``SECRET_KEY`` value as follows: - -.. code-block:: - - tethys settings --set SECRET_KEY - -Restart the Tethys service afterward: - -.. code-block:: - - sudo systemctl restart tethys - -Change Passwords -================ - -All user accounts have default passwords that should be changed to secure passwords soon after creating the VM. Use a password generator like `xkpasswd `_ or similar to create strong and unique passwords for the following accounts: - -* Tethys User Account -* Tethys Portal Admin User -* Database Users (postgres, tethys_default, tethys_super) - -.. warning:: - - Failure to change the passwords on your Tethys Portal server will make it vulnerable to attack! Do not keep the default passwords! - -Tethys User ------------ - -If you did not change the password of the ``tethys`` user in the :ref:`azure_vm_orientation` tutorial, do so now: - -.. code-block:: - - sudo passwd tethys - -Database Users --------------- - -Change the passwords for the database users as follows: - -1. Start ``psql`` as the ``postgres`` user: - - .. code-block:: - - sudo su - postgres -c psql - -2. Use ``ALTER USER`` queries to change the passwords: - - .. code-block:: - - ALTER USER WITH PASSWORD ''; - -3. Quit ``psql``: - - .. code-block:: - - \q - -4. Update Tethys ``portal_config.yml``: - - .. code-block:: - - tethys settings --set DATABASES.default.PASSWORD - -5. Restart the `tethys` service to apply the changes to ``portal_config.yml``: - - .. code-block:: - - sudo systemctl restart tethys.service - -Tethys Portal Admin -------------------- - -Create a new portal admin account and delete the default account as follows: - -1. Run the ``createsuperuser`` command: - - .. code-block:: - - tethys db createsuperuser --pn --pe --pp - -2. Log in to the Tethys Portal with the new admin account. - -3. Select **Site Admin** from the dropdown menu at the top-right. - -4. Click on the **Users** link under the **AUTHENTICATION AND AUTHORIZATION** section. - -5. Check the box next to the **admin** user and - -6. Select **Delete selected users** from the **Actions** dropdown and press the **Go** button. - -.. figure:: ../images/configure--delete-admin.png - :width: 800px - :alt: Delete the default admin user account - - **Figure 1.** Delete the default admin user account. \ No newline at end of file diff --git a/docs/installation/production/cloud/azure/configure/customize.rst b/docs/installation/production/cloud/azure/configure/customize.rst deleted file mode 100644 index 14d1363da..000000000 --- a/docs/installation/production/cloud/azure/configure/customize.rst +++ /dev/null @@ -1,26 +0,0 @@ -.. _azure_vm_config_customize: - -************************************* -Customize Tethys Portal (Recommended) -************************************* - -**Last Updated:** November 2021 - -Customize the theme and content of the Tethys Portal to reflect your organization brand and theme guidelines. Follow the :ref:`Customize Portal Theme ` configuration guide to learn how to do this. - -.. figure:: ../images/configure--custom-theme.png - :width: 800px - :alt: Tethys Portal with a custom theme. - - **Figure 1.** Tethys Portal with a custom theme. - -Custom Static Files -=================== - -Custom images, CSS, and JavaScript should be added to a new directory in the :file:`$TETHYS_HOME/static` directory (e.g.: :file:`$TETHYS_HOME/static/custom_theme`. These can then be referenced in the settings via the name of the new directory (e.g.: :file:`custom_theme/images/custom_logo.png`. - -Customize Settings -================== - -Review the settings in :ref:`tethys_configuration` and adjust any settings as needed. For, example two common portal settings that are used to customize a portal include the ``BYPASS_TETHYS_HOME_PAGE`` and ``ENABLE_OPEN_SIGNUP``. See :ref:`production_customize_bypass_home` and :ref:`production_customize_enable_open` for more details. - diff --git a/docs/installation/production/cloud/azure/configure/docker.rst b/docs/installation/production/cloud/azure/configure/docker.rst deleted file mode 100644 index 54555bfff..000000000 --- a/docs/installation/production/cloud/azure/configure/docker.rst +++ /dev/null @@ -1,290 +0,0 @@ -.. _azure_vm_config_docker: - -************************ -Enable Docker (Optional) -************************ - -**Last Updated:** November 2021 - -If you would like to use Docker to start supporting services such as THREDDS or GeoServer, you'll need to start the Docker service and enable it so that it will start automatically in the future. The following tutorial demonstrates how to enable Docker and install THREDDS and GeoServer using the ``tethys docker`` command. - -Enable Docker -============= - -Enabling Docker to start automatically can be done as follows: - -.. code-block:: - - sudo systemctl enable --now docker - -THREDDS -======= - -The recommended pattern for installing THREDDS on the Azure virtual machine is as follows: - -Create New Docker Container ---------------------------- - -1. Create a new THREDDS Docker container using the ``tethys docker`` command: - - .. code-block:: - - tethys docker init -c thredds - -2. Provide appropriate values to the prompts with the following considerations: - - * Use a secure password for the ``TDM Password`` field. - * Specify the hostname of the VM for ``TDS Host``. - * Do no specify values greater than the amount of memory available to the VM for the ``Heap Size`` variables. - -3. Bind the THREDDS data directory to the host when prompted and specify :file:`/opt/tethys/data/thredds` as the location. - -4. Start the THREDDS server: - - .. code-block:: - - tethys docker start -c thredds - -5. Open the :file:`$TETHYS_HOME/config/tethys_nginx.conf` and add an entrypoint for the THREDDS server to the ``server`` section as follows: - - .. code-block:: - :emphasize-lines: 15-21 - - # tethys_nginx.conf - - # the upstream component nginx needs to connect to - upstream channels-backend { - server 127.0.0.1:8000; - } - - # configuration of the server - server { - # the port your site will be served on - listen 80; - - ... - - # Thredds Location - location ~/thredds(.*)$ { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:8383/thredds$1$is_args$args; - } - - location @proxy_to_app { - proxy_pass http://channels-backend; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $server_name; - } - } - -6. Restart the NGINX server: - - .. code-block:: - - sudo systemctl restart nginx - -7. Access the THREDDS server at the following URL: http:///thredds - -Create Tethys Service ---------------------- - -Now that you have a working THREDDS server, create a Tethys Service for apps to use: - -1. Log in to the Tethys Portal with an admin account. - -2. Select **Site Admin** from the dropdown menu at the top-right. - -3. Click on the **Spatial Dataset Services** link under the **TETHYS SERVICES** section. - -4. Click on the **ADD SPATIAL DATASET SERVICE** button. - -5. Fill the form out as follows: - - * **Name**: A descriptive name for the service (e.g.: _thredds) - * **Engine**: THREDDS - * **Endpoint**: http:///thredds - * **Public Endpoint**: http:///thredds - * **Apikey**: - * **Username**: - * **Password**: - -6. Press the **SAVE** button to save the service. - -Add Data --------- - -Add datasets to the THREDDS server by adding it to the :file:`$TETHYS_HOME/data/thredds` directory. Then edit/add catalog configuration files in the same location. Refer to the :ref:`tutorial_thredds_primer` tutorial for an overview of working with THREDDS. - -Start/Stop/Restart ------------------- - -Start, stop, and restart the THREDDS container using either the ``tethys docker`` commands: - -.. code-block:: - - tethys docker [start|stop|restart] -c thredds - -or the native ``docker`` commmands: - -.. code-block:: - - docker [start|stop|restart] tethys_thredds - -GeoServer -========= - -The recommended pattern for installing GeoServer on the Azure virtual machine is as follows: - -Create New Docker Container ---------------------------- - -1. Create a new GeoServer Docker container using the ``tethys docker`` command: - - .. code-block:: - - tethys docker init -c geoserver - -2. Provide appropriate values to the prompts with the following considerations: - - * Number of GeoServer Instances: no more than number of processors on VM - * Number of GeoServer Instances with REST API Enabled: 1 is recommended - * Specify number of processors and set to number of processors VM has - * Default timeout value is ok - * Max memory is for each GeoServer instance (e.g. specifying 500 MB for 2 GeoServer instances would be 1 GB total). - * Min memory is for each GeoServer instance (e.g. specifying 500 MB for 2 GeoServer instances would be 1 GB total). - -3. Bind the GeoServer data directory to the host when prompted and specify :file:`/opt/tethys/data/geoserver` as the location. - -4. Start the GeoServer server: - - .. code-block:: - - tethys docker start -c geoserver - -5. Open the :file:`$TETHYS_HOME/config/tethys_nginx.conf` and add an entrypoint for the GeoServer server to the ``server`` section as follows: - - .. code-block:: - :emphasize-lines: 15-21 - - # tethys_nginx.conf - - # the upstream component nginx needs to connect to - upstream channels-backend { - server 127.0.0.1:8000; - } - - # configuration of the server - server { - # the port your site will be served on - listen 80; - - ... - - # GeoServer Location - location ~/geoserver(.*)$ { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:8181/geoserver$1$is_args$args; - } - - location @proxy_to_app { - proxy_pass http://channels-backend; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $server_name; - } - } - -6. Restart the NGINX server: - - .. code-block:: - - sudo systemctl restart nginx - -7. Access the GeoServer server at the following URL: http:///geoserver - -Open Port 8181 --------------- - -Open port 8181 for the Azure VM as follows: - -a. Navigate to the Overview page for the VM Resource. -b. Click on **Networking** in left navigation panel. -c. Click on the **Add inbound port rule** button. -d. Fill out the **Add inbound security rule** form as follows: - - * **Source**: Any - * **Source port ranges**: * - * **Destination**: Any - * **Service**: Custom - * **Destination port ranges**: 8181 - * **Protocol**: TCP - * **Action**: Allow - * **Priority**: - * **Name**: GeoServer - * **Description**: - -e. Press the **Add** button. - -Create Tethys Service ---------------------- - -Now that you have a working GeoServer server, create a Tethys Service for apps to use: - -1. Log in to the Tethys Portal with an admin account. - -2. Select **Site Admin** from the dropdown menu at the top-right. - -3. Click on the **Spatial Dataset Services** link under the **TETHYS SERVICES** section. - -4. Click on the **ADD SPATIAL DATASET SERVICE** button. - -5. Fill the form out as follows: - - * **Name**: A descriptive name for the service (e.g.: _geoserver) - * **Engine**: GeoServer - * **Endpoint**: http:///geoserver - * **Public Endpoint**: http:///geoserver - * **Apikey**: - * **Username**: admin - * **Password**: geoserver - -6. Press the **SAVE** button to save the service. - -Start/Stop/Restart ------------------- - -Start, stop, and restart the GeoServer container using either the ``tethys docker`` commands: - -.. code-block:: - - tethys docker [start|stop|restart] -c geoserver - -or the native ``docker`` commmands: - -.. code-block:: - - docker [start|stop|restart] tethys_geoserver - -What about the PostGIS Docker? -============================== - -You may be wondering why there aren't instructions for the PostGIS Docker container? The PostGIS docker container is a PostgreSQL server with the PostGIS extension installed. In the Azure Tethys Platform VM image, the system packages of PostgreSQL and the PostGIS extension are both installed. It should not be necessary to use the PostGIS Docker. diff --git a/docs/installation/production/cloud/azure/configure/domain_name.rst b/docs/installation/production/cloud/azure/configure/domain_name.rst deleted file mode 100644 index ca527e50e..000000000 --- a/docs/installation/production/cloud/azure/configure/domain_name.rst +++ /dev/null @@ -1,96 +0,0 @@ -.. _azure_vm_config_domain_name: - -******************************** -Assign Domain Name (Recommended) -******************************** - -**Last Updated:** November 2021 - -A domain name is the text that users enter in a web browser to visit a website (e.g. google.com). Behind the scenes, this text is mapped to the IP address of the server, which is the unique numeric address that can be used to locate your website (e.g ``20.109.16.186``). VMs on Azure can be assigned a generic, Azure supplied, domain name (e.g.: ``my-first-tethys.westus2.cloudapp.azure.com``) or a custom domain (e.g. ``myfirsttethys.org``). With either option there are a few configuration steps that need to be performed in Tethys assigning the domain name. - -Generic Domain Name -=================== - -Create a generic, Azure supplied, domain name as follows: - -1. Navigate to the Overview page for the VM Resource. -2. Locate the **DNS name** field in the **Essentials** section. -3. Follow the link next to **DNS name**. It will either be "Not configured" or the domain name if previously configured. -4. Enter a **DNS name label**. This is labeled as optional, but it is actually required to enable the generic domain. -5. Press the **Save** button to enable the domain name. - -.. figure:: ../images/configure--generic-domain-name.png - :width: 800px - :alt: Screenshot of the domain name configuration page for an Azure VM - - **Figure 1.** Screenshot of the domain name configuration page for an Azure VM. - -Custom Domain Name -================== - -Assigning a custom domain name is a little more involved and depends on how you obtain the domain name. - -1. Acquire a domain name if you don't have one to use already: `Google: Domain Name `_ -2. Make sure the Public IP address assigned to the Azure VM is static: - - a. Navigate to the Overview page for the VM Resource. - b. Locate the **Public IP address** field in the **Essentials** section. - c. Click on the IP address link. - d. Under **IP address assignment** select the **Static** radio option (see Figure 3). - e. Click **Save** to save the changes. - -3. Create an A-name record that associates the domain name with the public IP address of the Azure VM. The company you bought the domain name from will usually provide a way to do this. If your domain name belongs to your organization, you will need to contact your IT department to find out how this is to be done. - -For more information about creating a custom domain name for Azure VMs read the following article: `Add Custom Domain to Azure VM or resource `_. - -Tethys Configuration -==================== - -After assigning a domain name to the Azure VM, generic or custom, add it to the configuration of Tethys Platform in two places: - -NGINX Configuration -------------------- - -1. Open ``$TETHYS_HOME/config/tethys_nginx.conf`` in your favorite command line text editor (e.g. vim or nano). - -2. Set the ``server_name`` parameter to the domain name: - - .. code-block:: - :emphasize-lines: 13 - - # tethys_nginx.conf - - # the upstream component nginx needs to connect to - upstream channels-backend { - server 127.0.0.1:8000; - } - - # configuration of the server - server { - # the port your site will be served on - listen 80; - # the domain name it will serve for - server_name ; # substitute your machine's IP address or FQDN - ... - -3. Restart the NGINX service - - .. code-block:: - - sudo systemctl restart nginx.service - - -Tethys Portal Configuration ---------------------------- - -1. Open ``$TETHYS_HOME\portal_config.yml`` using your favorite command line text editor (e.g. vim or nano). - -2. Add the domain name as another item under the ``ALLOWED_HOSTS`` setting. - -3. Remove the ``'*'`` entry if it is still listed in ``ALLOWED_HOSTS`` setting. - -4. Restart the Tethys service - - .. code-block:: - - sudo systemctl restart tethys.service diff --git a/docs/installation/production/cloud/azure/configure/forgotten_password.rst b/docs/installation/production/cloud/azure/configure/forgotten_password.rst deleted file mode 100644 index 7ad9a4f12..000000000 --- a/docs/installation/production/cloud/azure/configure/forgotten_password.rst +++ /dev/null @@ -1,11 +0,0 @@ -.. _azure_vm_config_forgotten_password: - -************************************************ -Set up Forgotten Password Recovery (Recommended) -************************************************ - -**Last Updated:** November 2021 - -To use forgotten password recovery feature of Tethys Portal, it needs to be configured with an email service. - -Follow the :ref:`Forgotten Password Recovery ` tutorial to enable this feature. diff --git a/docs/installation/production/cloud/azure/configure/https.rst b/docs/installation/production/cloud/azure/configure/https.rst deleted file mode 100644 index e38df5fbc..000000000 --- a/docs/installation/production/cloud/azure/configure/https.rst +++ /dev/null @@ -1,43 +0,0 @@ -.. _azure_vm_config_https: - -***************************** -Configure HTTPS (Recommended) -***************************** - -**Last Updated:** November 2021 - -HTTPS is the secure way of serving websites that won't compromise the data of the website or your users. Most web browsers will warn users when they are using a site that is not secured with HTTPS, which can be a deterrent for some users. This method involves configuring Nginx on the VM to manage the SSL certificates required for HTTPS. The good news is that using Certbot, this can be completely automated after some initial set up. - -1. Complete the Certbot section of the :ref:`Configure HTTPS ` tutorial to obtain free SSL certificates and configure Nginx for HTTPS/SSL. - -2. Open the HTTPS port for the Azure VM if you did not do so already when creating the VM: - - a. Navigate to the Overview page for the VM Resource. - b. Click on **Networking** in left navigation panel. - c. Click on the **Add inbound port rule** button. - d. Fill out the **Add inbound security rule** form as follows: - - * **Source**: Any - * **Source port ranges**: * - * **Destination**: Any - * **Service**: HTTPS - * **Action**: Allow - * **Priority**: - * **Name**: HTTPS - * **Description**: - - e. Press the **Add** button. - -.. figure:: ../images/configure--https.png - :width: 800px - :alt: Add inbound security rule form filled out. - - **Figure 1.** Add inbound security rule form filled out. - -3. Visit your portal url using HTTPS to verify that it worked (e.g. "https://myfirsttethys.org"). Look for the indicator in your web browser, usually a lock symbol. - -.. figure:: ../images/configure--https-secure.png - :width: 800px - :alt: Screenshot of a Tethys Portal showing HTTPS secure symbol - - **Figure 2.** Screenshot of a Tethys Portal showing HTTPS secure symbol. diff --git a/docs/installation/production/cloud/azure/configure/storage.rst b/docs/installation/production/cloud/azure/configure/storage.rst deleted file mode 100644 index ed30b11a6..000000000 --- a/docs/installation/production/cloud/azure/configure/storage.rst +++ /dev/null @@ -1,301 +0,0 @@ -.. _azure_vm_config_storage: - -********************************* -Add Additional Storage (Optional) -********************************* - -**Last Updated:** November 2021 - -The storage allocated to your VM by default will likely not be sufficient for data-intensive apps. This tutorial will guide you through the process of attaching additional storage to the VM and configuring Tethys Platform to use it. - -1. Attach Additional Storage -============================ - -Add additional storage to the VM as follows: - -1. Navigate to the Overview page for the VM Resource. -2. From the navigation menu on the left, select **Disks**. -3. Press the **Create and attach a new disk** button under the **Data disks** section. -4. Fill out the options in the new row that appears as follows: - - * **LUN**: Logical Unit Number, a unique ID for the disk. - * **Disk name**: Give the disk a name (e.g. my-first-tethys-storage-0). - * **Storage type**: Choose the storage type. Standard SSD is ok for most Tethys Servers. - * **Size**: Specify the size in GibiBytes (see: `Gibibyte | Wikipedia `_). - * **Encryption**: Choose the encryption method for the disk. See the info note in the column header for more details. - * **Host caching**: Choose host caching option (not required, but may boost performance). - -5. Press the **Save** button at the top of the page when done. - -2. Format Disk -============== - -After attaching the storage to the virtual machine, you will need to format it and add a file system to it: - -1. Login to the VM using SSH (see: :ref:`Orientation to Azure VM | Connect with SSH `). -2. Run `lsblk `_ to list all storage devices: - - .. code-block:: - - lsblk - - This will result in a printout of the storage devices like this: - - .. code-block:: - :emphasize-lines: 14 - - NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT - loop0 7:0 0 61.8M 1 loop /snap/core20/1081 - loop1 7:1 0 61.9M 1 loop /snap/core20/1169 - loop2 7:2 0 32.4M 1 loop /snap/snapd/13270 - loop3 7:3 0 67.2M 1 loop /snap/lxd/21803 - loop4 7:4 0 67.2M 1 loop /snap/lxd/21835 - loop5 7:5 0 32.5M 1 loop /snap/snapd/13640 - sda 8:0 0 30G 0 disk - ├─sda1 8:1 0 29.9G 0 part / - ├─sda14 8:14 0 4M 0 part - └─sda15 8:15 0 106M 0 part /boot/efi - sdb 8:16 0 20G 0 disk - └─sdb1 8:17 0 20G 0 part /mnt - sdc 8:32 0 100G 0 disk - - The disk with the operating system installed on it is the one with the root directory (``/``) as the mountpoint (**sda1** in this case). The name of the new disk that we attached to the VM is **sdc**, which was determined by the size and the fact that it has no mount point. - -3. Use `fdisk `_ to create a partition on the disk as follows: - - 1. Run the ``fdisk`` with the path to the new disk. - - .. code-block:: - - sudo fdisk /dev/ - - - For example, the new disk in the example above is named ``sdc`` so the command would be as follows: - - .. code-block:: - - # Heads up! This is an example! - sudo fdisk /dev/sdc - - 2. Enter ``g`` to create a new partition table: - - .. code-block:: - - Command (m for help): g - Created a new GPT disklabel (GUID: 83C2F8FE-4D08-A24B-B18D-B39F90DC9ED1). - - 3. Enter ``n`` to create a new partition and accept the default values for the three prompts that follow (i.e. leave blank): - - .. code-block:: - - Command (m for help): n - Partition number (1-128, default 1): - First sector (2048-209715166, default 2048): - Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-209715166, default 209715166): - - Created a new partition 1 of type 'Linux filesystem' and of size 100 GiB. - - 4. Enter ``w`` to apply the changes you specified above. Alternatively, if you need to start over, enter ``q`` to exit without applying the changes. - - .. code-block:: - - Command (m for help): w - The partition table has been altered. - Calling ioctl() to re-read partition table. - Syncing disks. - - 5. Run ``lsblk`` again to confirm the partition was created and that it is the full size of the disk. In the case below, the partition ``sdc1`` is now listed under ``sdc``: - - .. code-block:: - :emphasize-lines: 15 - - NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT - loop0 7:0 0 61.8M 1 loop /snap/core20/1081 - loop1 7:1 0 61.9M 1 loop /snap/core20/1169 - loop2 7:2 0 32.4M 1 loop /snap/snapd/13270 - loop3 7:3 0 67.2M 1 loop /snap/lxd/21803 - loop4 7:4 0 67.2M 1 loop /snap/lxd/21835 - loop5 7:5 0 32.5M 1 loop /snap/snapd/13640 - sda 8:0 0 30G 0 disk - ├─sda1 8:1 0 29.9G 0 part / - ├─sda14 8:14 0 4M 0 part - └─sda15 8:15 0 106M 0 part /boot/efi - sdb 8:16 0 20G 0 disk - └─sdb1 8:17 0 20G 0 part /mnt - sdc 8:32 0 100G 0 disk - └─sdc1 8:33 0 100G 0 part - - 6. Create a file system on the new partition using the `mkfs `_ command: - - .. code-block:: - - sudo mkfs -t ext4 -j -L /dev/ - - For example, the new partition in the example above is named ``sdc1`` so the command would be: - - .. code-block:: - - # Heads up! This is an example! - sudo mkfs -t ext4 -j -L mydisk /dev/sdc1 - - The ``-L`` option lets you specify a label for the file system that will be used in the next step. The maximum length of the label is 16 ASCII characters. ``ext4`` is the type of filesystem that is created on the disk and is the standard file system for Linux. - - -3. Mount Disk -============= - -Now that the disk has been formatted with a Linux filesystem, it can be mounted as follows: - -1. Create a directory where you intend the new disk to be mounted. - - .. code-block:: - - sudo mkdir - - Continuing our example, this would be: - - .. code-block:: - - # Heads up! This is an example! - sudo mkdir /mydisk - -2. To manually mount the disk, use the `mount `_ command, specifying the new partition, and the mount directory (mountpoint). - - .. code-block:: - - sudo mount /dev/ - - where ```` is the name of the new partition and ```` is the directory that you want to mount it to. In the example this would be: - - .. code-block:: - - # Heads up! This is an example! - sudo mount /dev/sdc1 /mydisk - -3. Run ``lsblk`` one more time to verify that the new partition has a mountpoint now. In the example above, ``sdc1`` now lists ``/mydisk`` as the mountpoint: - - .. code-block:: - :emphasize-lines: 15 - - NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT - loop0 7:0 0 61.8M 1 loop /snap/core20/1081 - loop1 7:1 0 61.9M 1 loop /snap/core20/1169 - loop2 7:2 0 32.4M 1 loop /snap/snapd/13270 - loop3 7:3 0 67.2M 1 loop /snap/lxd/21803 - loop4 7:4 0 67.2M 1 loop /snap/lxd/21835 - loop5 7:5 0 32.5M 1 loop /snap/snapd/13640 - sda 8:0 0 30G 0 disk - ├─sda1 8:1 0 29.9G 0 part / - ├─sda14 8:14 0 4M 0 part - └─sda15 8:15 0 106M 0 part /boot/efi - sdb 8:16 0 20G 0 disk - └─sdb1 8:17 0 20G 0 part /mnt - sdc 8:32 0 100G 0 disk - └─sdc1 8:33 0 100G 0 part /mydisk - -4. You can now change into the mountpoint directory like any other directory. Any files written within that directory will be written to the new disk. For example: - - .. code-block:: - - cd /mydisk - ls -al - total 24 - drwxr-xr-x 3 root root 4096 Nov 15 20:26 . - drwxr-xr-x 4 root root 4096 Nov 15 20:42 .. - drwx------ 2 root root 16384 Nov 15 20:26 lost+found - -5. Everything is owned by root at the moment. Change ownership of the to be owned by your user account: - - .. code-block:: - - sudo chown -R ${USER} - - For the example this would be: - - .. code-block:: - - # Heads up! This is example code - sudo chown -R ${USER} /mydisk - -4. Configure Automount -====================== - -This step will describe how to configure the VM to automatically mount the new disk if the server is restarted: - -1. Open :file:`/etc/fstab` in your favorite text editor (e.g. vim, nano): - - .. code-block:: - - sudo vim /etc/fstab - -2. Add a new line to the file as follows: - - .. code-block:: - - LABEL= ext4 defaults,rw 0 2 - - where ```` is the label you assigned when creating the file system and ```` is the directory that you mounted it to. - - For example: - - .. code-block:: - - LABEL=mydisk /mydisk ext4 defaults,rw 0 2 - - .. important:: - - Each item in the ``fstab`` file must be separated by **exactly** one space or tab character. The options (i.e.: ``defaults,rw``) should be separated by commas and **no spaces**. For more details on the ``fstab`` file and the options see: `Fstab `_. - -3. Exit SSH - - .. code-block:: - - exit - -4. Restart the VM using the control on the Overview page for the Virtual Machine resource, then login again after the machine starts. - -5. Use the `df `_ command to view disk space usage and confirm that the new disk was automatically mounted: - - .. code-block:: - - df -h - - which should yield something like this: - - .. code-block:: - :emphasize-lines: 15 - - Filesystem Size Used Avail Use% Mounted on - /dev/root 29G 13G 17G 44% / - devtmpfs 2.0G 0 2.0G 0% /dev - tmpfs 2.0G 44K 2.0G 1% /dev/shm - tmpfs 394M 1.2M 393M 1% /run - tmpfs 5.0M 0 5.0M 0% /run/lock - tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup - /dev/loop0 62M 62M 0 100% /snap/core20/1169 - /dev/loop2 68M 68M 0 100% /snap/lxd/21803 - /dev/loop1 62M 62M 0 100% /snap/core20/1081 - /dev/loop3 68M 68M 0 100% /snap/lxd/21835 - /dev/loop5 33M 33M 0 100% /snap/snapd/13640 - /dev/loop4 33M 33M 0 100% /snap/snapd/13270 - /dev/sda15 105M 5.2M 100M 5% /boot/efi - /dev/sdc1 98G 61M 93G 1% /mydisk - /dev/sdb1 20G 45M 19G 1% /mnt - tmpfs 394M 0 394M 0% /run/user/1002 - - -5. Configure Tethys -=================== - -Now that the new disk has been formatted and will automatically mount when the system boots, Tethys needs to be configured to use it. This includes updating the Tethys config to use the new storage for app workspaces and configuring GeoServer, THREDDS, and any other data services to use a data directory on the drive. - -Tethys Workspaces ------------------ - - -THREDDS -------- - - -GeoServer ---------- diff --git a/docs/installation/production/cloud/azure/cost.rst b/docs/installation/production/cloud/azure/cost.rst deleted file mode 100644 index 16510074a..000000000 --- a/docs/installation/production/cloud/azure/cost.rst +++ /dev/null @@ -1,75 +0,0 @@ -.. _azure_vm_cost: - -********************** -Estimate Azure VM Cost -********************** - -**Last Updated:** November 2021 - -The cost of a VM on Azure depends on what compute requirements your Tethys Platform installation needs. If your apps do a lot of on-server processing, then you may need more cores and memory, if your apps require a lot of storage, then you'll need more disk space. For a quick estimate of cost based on the VM series, see: `Linux Virtual Machines Prices | Microsoft Azure `_. - -Azure also provides a pricing calculator that can be used to get a more accurate estimate of the cost. In this tutorial you will learn how to use the Azure Pricing Calculator to estimate the cost of running a single-node Tethys Platform VM on Azure. - -1. Navigate to Azure Pricing Calculator -======================================= - -The Azure Pricing Calculator is part of the Azure website (Figure 1). To access it, use a web browser to navigate to: - -https://azure.microsoft.com/en-us/pricing/calculator/ - -.. figure:: images/cost--pricing-calculator.png - :width: 800px - :alt: Screenshot of Azure Pricing Calculator - - **Figure 1.** Screenshot of Azure Pricing Calculator. - -2. Select Products -================== - -To estimate the cost of a single VM installation of Tethys Platform, click on the **Virtual Machines** tile to add a virtual machine to the estimate (Figure 2). - -.. figure:: images/cost--add-vm.png - :width: 800px - :alt: Screenshot of adding Virtual Machines to the estimate - - **Figure 2.** Screenshot of adding Virtual Machines to the estimate. - -3. Configure Options -==================== - -Scroll down to the section titled "Your Estimate", where you should see an item called "Virtual Machine" has been added. You'll need to define the type and size of the VM using the options in the Virtual Machine section (Figure 2). Fill out the options as follows: - -* **REGION**: Select the region that the Tethys server will be hosted in. Try to select a region that is closest to most of your users. -* **OPERATING SYSTEM**: Choose **Linux**. -* **TYPE**: Choose **Ubuntu**. -* **TIER**, **CATEGORY**, **INSTANCE SERIES**: Use these fields to filter the **INSTANCE** field to the types of VMs suited to the requirements of the apps you plan to install on the server. Here are some considerations for the different categories: - - * **General purpose**: Suitable for "viewer" type apps that do not run intense processing on the server and use externally hosted data services. - * **Compute optimized**: Consider using one of these if at least one of the apps performs intense processing on the server. - * **Memory optimized**: Consider using one of these if you plan to run a GeoServer and/or THREDDS server on the VM. Both GeoServer and THREDDS perform better with more memory. - * **Storage optimized**: Consider using one of these if at least one of the apps requires a lot of file storage. Additional storage can be added to VMs, so using this instance category is not required for apps with high-storage needs. - -* **INSTANCE**: The instance type defines the size of the virtual machine (i.e. number of processors/cores, memory, and storage). There are many different types of instance types organized into groups called series. For an explanation of the different VM series available, see `Virtual Machine series | Microsoft Azure `_. -* **VIRTUAL MACHINES**: Set to the number of Tethys VMs you plan to have (usually 1). -* **Hours**: Time period you want the estimate to estimate cost over. The average number of hours in a month is 730.5 hours (365.25 days x 24 hours / 12 months). -* **Savings Options**: Select a Savings option to potentially save on the cost (see: `Azure Reserved Virtual Machine Instances | Microsoft Azure `_). -* **Managed Disks**: Use this section to add additional storage to the VM. Most VM instances don't come with much storage attached. - -.. figure:: images/cost--configure-options.png - :width: 800px - :alt: Screenshot of *Your Estimate* form - - **Figure 3.** Screenshot of the Your Estimate form. - -4. Export / Save -================ - -After specifying the VM configuration, your estimate will be complete. You can choose to export the estimate as an Excel file or save it if to your Azure account. Saved estimates are available on the **Saved Estimates** tab of the calculator page after logging in. - -Scroll down to the bottom of the estimate form to see **Export** and **Save** buttons (Figure 4). - -.. figure:: images/cost--export.png - :width: 800px - :alt: Screenshot of exporting the estimate. - - **Figure 4.** Screenshot of exporting the estimate. diff --git a/docs/installation/production/cloud/azure/create.rst b/docs/installation/production/cloud/azure/create.rst deleted file mode 100644 index 2a36cd93d..000000000 --- a/docs/installation/production/cloud/azure/create.rst +++ /dev/null @@ -1,194 +0,0 @@ -.. _azure_vm_create: - -*************** -Create Azure VM -*************** - -**Last Updated:** November 2021 - -1. Login to Azure Portal -======================== - -Navigate to https://azure.microsoft.com/ and Sign In using the **Sign in** link. Open the user dropdown menu and click on the **Azure Portal** link. - -.. figure:: images/create--azure-portal.png - :width: 800px - :alt: Azure Portal link in the user menu - - **Figure 1.** Azure Portal link in the user menu. - -2. Search for Tethys Platform image -=================================== - -Use the search bar to search for "Tethys Platform". Then select the **Tethys Platform 3.3 Ubuntu 20.04** item under the **Marketplace** category. - -.. figure:: images/create--search-tethys.png - :width: 800px - :alt: Search for the Tethys Platform image in the Azure Marketplace - - **Figure 2.** Search for the Tethys Platform image in the Azure Marketplace. - -3. Create virtual machine -========================= - -Click on the **Create** button to create a new virtual machine using the Tethys Platform image. - -.. figure:: images/create--create-virtual-machine.png - :width: 800px - :alt: Create a new virtual machine - - **Figure 3.** Create a new virtual machine. - -4. Configure virtual machine -============================ - -Fill in the "Create a virtual machine" form as follows: - -Project Details ---------------- - -* **Subscription**: Select the desired subscription that will be used for billing the virtual machine usage. -* **Resource group**: Select a resource group or create a new one using the **Create new** link. - -Instance Details ----------------- - -These are technical details about the virtual machine that will be created. - -* **Virtual machine name**: Give the virtual machine a name. -* **Region**: Select an appropriate region, this is the approximate location of the data center where the virtual machine will be created. -* **Image**: Should be filled with **Tethys Platform 3.3 - Gen1** already. -* **Size**: Choose the size of hardware for your virtual machine. We recommend a machine with at least 2 cpus (vcpus) and 4 GiB of memory (e.g. Standard_B2s). Click on the **See all sizes** link to see a list of all the sizes to compare costs. - -Administrator account ---------------------- - -Specify the credentials for the administrator account as well. This account will be used to log in to the virtual machine: - -* **Authentication type**: We recommend using SSH public keys, but you can use a password if you are not sure what an SSH key is. -* **Username**: See caution below. -* **SSH public key source** and **Key pair name**: if using SSH keys, you can choose to create a new key pair or use an existing key pair if you have one already. - -.. caution:: - - Do not use a generic user name like "admin". We also do not recommend that you use the "tethys" username for security reasons. Consider using a tool like `Random Username Generator | Jimpix `_. - -Inbound port rules ------------------- - -* **Public inbound ports**: Select **Allow selected ports**. -* **Select inbound ports**: - * **SSH (22)** - * **HTTP (80)** - * **HTTPS (443)** (if planning to enable HTTPS) - -Licensing ---------- - -* **License type**: Select **Other**. - -.. figure:: images/create--create-vm-basics.png - :width: 800px - :alt: Example of create a virtual machine form - - **Figure 4.** Example of the "Create a virtual machine" form. - -5. Create disks -=============== - -Press the **Next: Disks >** button to proceed to the **Disks** tab. You will create the hard drive for the virtual machine to use on this page. - -Disk Options ------------- - -* **OS disk type**: Select the type of disk you'd like the VM to have. We'd recommend one of the SSD options. Standard SSD should work for a lot of deployments, but if you plan to use GeoServer, you may want to consider Premium SSD for better performance. -* **Encryption type**: adjust to taste. - -Data disks (optional) ---------------------- - -Use this section to attach additional disks to the VM if you'd like (see: :ref:`Add Additional Storage `). - -6. Review other tabs -==================== - -The default options in the other tabs should be ok, but take a few minutes to click through the tabs and review the options. - -When you are done, click on the **Review + create** button. - -7. Review and create -==================== - -Review the options and make any changes if needed. Then press the **Create** button. - -.. attention:: - - If you chose to generate a new key pair, don't forget to download the private key. Keep this file in a safe place and don't lose it. - -8. Twiddle thumbs -================= - -It will take a few minutes for the virtual machine and side-car resources to be created. You should be taken to a progress page like the one below that will keep you apprised of the deployment status. - -.. figure:: images/create--deploy-progress.png - :width: 800px - :alt: Virtual machine deployment progress page - - **Figure 5.** Deployment progress page. - -9. Review resource page -======================= - -When finished, the progress page will report something like "Your deployment is complete". At this point, press the **Go to resource** button. - -This will bring you to the Overview page of the Virtual Machine. This view provides a sort of dashboard for the virtual machine and provides controls for starting, stopping, and connecting to the virtual machine. - -Take a few minutes to familiarize yourself with the Overview page. If you are feeling brave you may also want to click through the other links in the navigation on the left to familiarize you with their content. - -.. figure:: images/create--virtual-machine-overview.png - :width: 800px - :alt: Virtual machine resource overview page - - **Figure 6.** Virtual machine resource overview page. - -.. _azure_vm_create_view_portal: - -10. View the Tethys Portal -========================== - -A few minutes after the Virtual Machine starts, Tethys Portal should be viewable. Locate the **Public IP address** field in the **Essentials** section (top-right). This is the IP address the virtual machine and where you can access it for now. - -a. Press the **Copy to clipboard** button next to the IP address. - -.. figure:: images/create--copy-public-ip.png - :width: 800px - :alt: Copy the public IP address - - **Figure 7.** Copy the public IP address. - -b. Paste the IP address in the address bar of a new tab in your web browser. A default version of Tethys Portal should be displayed. - -.. figure:: images/create--tethys-portal.png - :width: 800px - :alt: Tethys Portal running on Azure VM - - **Figure 8.** Tethys Portal running on Azure VM. - -.. note:: - - It can take Tethys Platform a few minutes to start up after the VM starts. If you receive a 502 Gateway error, wait a few minutes and try again. - -Additional Resources -==================== - -Use the following resources to learn more about creating Virtual Machines on Microsoft Azure: - -* `Virtual machines in Azure `_ -* `Quickstart: Create a Linux virtual machine in Azure portal `_ -* `Create a Linux virtual machine in Azure `_ -* `VM deployment issues `_ - -What's Next? -============ - -Congratulations! You have a Tethys Portal running in Azure. In the next tutorial you will learn how connect to the VM and learn about what is installed on it. \ No newline at end of file diff --git a/docs/installation/production/cloud/azure/images/apps--app-store.png b/docs/installation/production/cloud/azure/images/apps--app-store.png deleted file mode 100644 index 3c54e03f3..000000000 --- a/docs/installation/production/cloud/azure/images/apps--app-store.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:af8c2a2a54aba103e8d82cf7106fed16aedca753926b38c80a680dfd2b576b78 -size 67494 diff --git a/docs/installation/production/cloud/azure/images/apps--root-pass-setting.png b/docs/installation/production/cloud/azure/images/apps--root-pass-setting.png deleted file mode 100644 index 32b286a68..000000000 --- a/docs/installation/production/cloud/azure/images/apps--root-pass-setting.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:786bf9024a214d3d2d7b90770136f8fd93080b4540506dfdca6b5e2ab23693fc -size 80217 diff --git a/docs/installation/production/cloud/azure/images/configure--additional-storage.png b/docs/installation/production/cloud/azure/images/configure--additional-storage.png deleted file mode 100644 index 13b849291..000000000 --- a/docs/installation/production/cloud/azure/images/configure--additional-storage.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:85557035aed74f807490aaaf37411947b7757d942d1b0cd651eb23281ec88c80 -size 64113 diff --git a/docs/installation/production/cloud/azure/images/configure--custom-theme.png b/docs/installation/production/cloud/azure/images/configure--custom-theme.png deleted file mode 100644 index 48e70b39c..000000000 --- a/docs/installation/production/cloud/azure/images/configure--custom-theme.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a99fcbc068297468e5a1aaeb725ab5118e9598052679eb07d8069ea3c8b2a3a2 -size 959153 diff --git a/docs/installation/production/cloud/azure/images/configure--delete-admin.png b/docs/installation/production/cloud/azure/images/configure--delete-admin.png deleted file mode 100644 index c9b6fa45b..000000000 --- a/docs/installation/production/cloud/azure/images/configure--delete-admin.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b8101145d7bdc7f3bf987960ada06ee5e3ce85ab0f473eca82e6da9edeb58623 -size 28355 diff --git a/docs/installation/production/cloud/azure/images/configure--generic-domain-name.png b/docs/installation/production/cloud/azure/images/configure--generic-domain-name.png deleted file mode 100644 index b2470d611..000000000 --- a/docs/installation/production/cloud/azure/images/configure--generic-domain-name.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4360df181aba9d5701ac8e5ab4295dcbca1fca68f96ac50d02edd801df3d1d86 -size 47910 diff --git a/docs/installation/production/cloud/azure/images/configure--https-secure.png b/docs/installation/production/cloud/azure/images/configure--https-secure.png deleted file mode 100644 index 4c887fe2c..000000000 --- a/docs/installation/production/cloud/azure/images/configure--https-secure.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ae3e0417d5dad71d0b16a60f3c83986d79e973e5c6798e6f311548130bfd2663 -size 1157914 diff --git a/docs/installation/production/cloud/azure/images/configure--https.png b/docs/installation/production/cloud/azure/images/configure--https.png deleted file mode 100644 index 5ae556fb5..000000000 --- a/docs/installation/production/cloud/azure/images/configure--https.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7458aa1fabf87700a23cadd07afc4e19bed80f5360e4bc53cc2c63553323ad83 -size 88705 diff --git a/docs/installation/production/cloud/azure/images/connect--ssh-instructions.png b/docs/installation/production/cloud/azure/images/connect--ssh-instructions.png deleted file mode 100644 index 4f1e09177..000000000 --- a/docs/installation/production/cloud/azure/images/connect--ssh-instructions.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6dbbcba23aeed7dc2bfbd9d18dcefa17c048b6399f0a65f270f0206411dd738f -size 15794 diff --git a/docs/installation/production/cloud/azure/images/connect--tethys-home-contents.png b/docs/installation/production/cloud/azure/images/connect--tethys-home-contents.png deleted file mode 100644 index 00d455653..000000000 --- a/docs/installation/production/cloud/azure/images/connect--tethys-home-contents.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b6d198a0464f1d192c3c07e65cf1b433dcd001a21b1bc0db2f669f5cdf694255 -size 17807 diff --git a/docs/installation/production/cloud/azure/images/cost--add-vm.png b/docs/installation/production/cloud/azure/images/cost--add-vm.png deleted file mode 100644 index 8e114e215..000000000 --- a/docs/installation/production/cloud/azure/images/cost--add-vm.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8671a63f3d3965dda04fb143747b65746c93cf07a2945ce88cb42cf3624d0cc0 -size 97808 diff --git a/docs/installation/production/cloud/azure/images/cost--configure-options.png b/docs/installation/production/cloud/azure/images/cost--configure-options.png deleted file mode 100644 index 483dce2d3..000000000 --- a/docs/installation/production/cloud/azure/images/cost--configure-options.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c62e64110fae16a814b8999ae90a5ff23dc4f6c2b3d56a28e61b7314556de57f -size 63072 diff --git a/docs/installation/production/cloud/azure/images/cost--export.png b/docs/installation/production/cloud/azure/images/cost--export.png deleted file mode 100644 index f2c1603fa..000000000 --- a/docs/installation/production/cloud/azure/images/cost--export.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2f8ba6f5539d9524a0cb6f6c87b98cf3b8569232ebfa04670ff76a78548663fb -size 67406 diff --git a/docs/installation/production/cloud/azure/images/cost--pricing-calculator.png b/docs/installation/production/cloud/azure/images/cost--pricing-calculator.png deleted file mode 100644 index 2aeda300f..000000000 --- a/docs/installation/production/cloud/azure/images/cost--pricing-calculator.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8be9bb872216ea7bb159e3f0883bbaad3146e306e7ddad79752c83b5f0fbca19 -size 96117 diff --git a/docs/installation/production/cloud/azure/images/create--azure-portal.png b/docs/installation/production/cloud/azure/images/create--azure-portal.png deleted file mode 100644 index c40d65d41..000000000 --- a/docs/installation/production/cloud/azure/images/create--azure-portal.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:89c0f1501e7a452d485b0947549b5d28ff940d87f6375fe7c865d5d8c490816f -size 86893 diff --git a/docs/installation/production/cloud/azure/images/create--copy-public-ip.png b/docs/installation/production/cloud/azure/images/create--copy-public-ip.png deleted file mode 100644 index 92c58377b..000000000 --- a/docs/installation/production/cloud/azure/images/create--copy-public-ip.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6703884e6612fa05ea150c1d8424e274b95db88b8a1e0160912978c242df2410 -size 10164 diff --git a/docs/installation/production/cloud/azure/images/create--create-resource.png b/docs/installation/production/cloud/azure/images/create--create-resource.png deleted file mode 100644 index b73625f93..000000000 --- a/docs/installation/production/cloud/azure/images/create--create-resource.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ded1e7307351c0d6460fca395b95c4a4736fd16e14d684fd814651c619ba668c -size 16861 diff --git a/docs/installation/production/cloud/azure/images/create--create-virtual-machine.png b/docs/installation/production/cloud/azure/images/create--create-virtual-machine.png deleted file mode 100644 index f59225e9c..000000000 --- a/docs/installation/production/cloud/azure/images/create--create-virtual-machine.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4ee79905366d8f3f1481ebc5b12dc8ccac1ef2136fa0044d03a557823cf4bad2 -size 113467 diff --git a/docs/installation/production/cloud/azure/images/create--create-vm-basics.png b/docs/installation/production/cloud/azure/images/create--create-vm-basics.png deleted file mode 100644 index d4c8872c9..000000000 --- a/docs/installation/production/cloud/azure/images/create--create-vm-basics.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c3c05d83f9c5691bfd29eb31c6e473b95653bf155cc61bbbd3f090fc6acb16ad -size 45064 diff --git a/docs/installation/production/cloud/azure/images/create--deploy-progress.png b/docs/installation/production/cloud/azure/images/create--deploy-progress.png deleted file mode 100644 index 4965d2631..000000000 --- a/docs/installation/production/cloud/azure/images/create--deploy-progress.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:151bc7dab0dd1a39eec8ad7a96a2d460fae7477fc6933205d5708f4d924bf298 -size 89648 diff --git a/docs/installation/production/cloud/azure/images/create--search-tethys.png b/docs/installation/production/cloud/azure/images/create--search-tethys.png deleted file mode 100644 index c42fdaab3..000000000 --- a/docs/installation/production/cloud/azure/images/create--search-tethys.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:61d18cd66e9a3fb543c94a167d393fe8a1b8711852b71ec5cdd918aace8f55e6 -size 49870 diff --git a/docs/installation/production/cloud/azure/images/create--tethys-portal.png b/docs/installation/production/cloud/azure/images/create--tethys-portal.png deleted file mode 100644 index 68afa6be3..000000000 --- a/docs/installation/production/cloud/azure/images/create--tethys-portal.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3983b1f26f64eb41cbe65aa0c9837c83bf233550ef2678f69c0a6905f92a5c30 -size 55809 diff --git a/docs/installation/production/cloud/azure/images/create--virtual-machine-overview.png b/docs/installation/production/cloud/azure/images/create--virtual-machine-overview.png deleted file mode 100644 index 570c62662..000000000 --- a/docs/installation/production/cloud/azure/images/create--virtual-machine-overview.png +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b811cde2a859b65600be34b85da6b10cecbd485aa51c92d08c467018c1b254da -size 152095 diff --git a/docs/installation/production/cloud/azure/orientation.rst b/docs/installation/production/cloud/azure/orientation.rst deleted file mode 100644 index 95d6db319..000000000 --- a/docs/installation/production/cloud/azure/orientation.rst +++ /dev/null @@ -1,296 +0,0 @@ -.. _azure_vm_orientation: - -*********************** -Orientation to Azure VM -*********************** - -**Last Updated:** November 2021 - -This tutorial provides an orientation to the Tethys Azure virtual machine (VM). It includes instructions for connecting to the VM, user accounts to use, descriptions of what is installed, and important directories and files. - -.. _azure_vm_orientation_ssh: - -Connect with SSH -================ - -To connect to the Azure virtual machine via SSH, do the following: - -1. Navigate to the overview page for the virtual machine resource. -2. If the virtual machine is not running, press the **Start** button. -3. Click on **Connect** from the tools at the top of the page and select SSH. -4. Follow the instructions to connect to the virtual machine via SSH. - -.. figure:: images/connect--ssh-instructions.png - :width: 800px - :alt: Example connect SSH instructions - - **Figure 1.** Example connect SSH instructions. - -.. _azure_vm_orientation_tethys_account: - -Tethys User Account -=================== - -The Tethys Portal image for Azure includes a ``tethys`` user account for maintenance of the Tethys installation. You should always be logged in to this account to run any ``tethys`` commands or install apps. - -Change Tethys User Password ---------------------------- - -Before switching to the ``tethys`` user account, you should change the password using the following command: - -.. code-block:: - - sudo passwd tethys - -.. tip:: - - Consider using a password generator to help you create strong passwords. For example, the `xkpasswd generator `_ is a tool based on an `xkcd cartoon `_ for creating secure passwords that are memorable. - -Switch to Tethys User ---------------------- - -To switch to the Tethys user from another account, use the ``su`` command (switch user): - -.. code-block:: - - su - tethys - -Enter the password for the ``tethys`` user when prompted. - -.. important:: - - Don't forget the dash (``-``)! - -To exit the ``tethys`` user and return to your login user, run the ``exit`` command: - -.. code-block:: - - exit - -Activate Conda Environment -========================== - -Before running any ``tethys`` command in this or other tutorials, you'll need to activate the ``tethys`` Conda environment. After logging in as the ``tethys`` user, you'll notice that the ``base`` environment for Conda is automatically activated. Activate the ``tethys`` environment as normal: - -.. code-block:: - - conda activate tethys - -Now you can run ``tethys`` commands: - -.. code-block:: - - tethys version - -Tethys Home -=========== - -Tethys Home is the directory where the ``portal_config.yaml`` is located. Use the ``TETHYS_HOME`` environment variable to locate the Tethys Home directory: - -.. code-block:: - - echo $TETHYS_HOME - -You can also use ``TETHYS_HOME`` to change into the directory: - -.. code-block:: - - cd $TETHYS_HOME - -Contents --------- - -List the contents of the TETHYS_HOME directory: - -.. code-block:: - - ls -l $TETHYS_HOME - -.. figure:: images/connect--tethys-home-contents.png - :width: 800px - :alt: Contents of Tethys Home directory as given by ls command - - **Figure 2.** Contents of Tethys Home directory as given by ``ls`` command. - -Here's a brief explanation of the important items in the Tethys Home directory: - -* **apps**: Directory for storing app source code. -* **config**: Directory with configuration files used by the production installation. -* **data**: Directory for storing data for GeoServer, THREDDS, etc. -* **miniconda3**: Conda installation containing the ``tethys`` Conda environment. -* **portal_config.yml**: The primary configuration file for the Tethys Portal. -* **static**: Location where static files are collected and served by NGINX. -* **workspaces**: Location where workspaces for apps will be collected. - -Database -======== - -Tethys Portal is configured to use a system-installed PostgreSQL database with the PostGIS extension installed. - -psql ----- - -To connect to the database using ``psql``, run the ``su`` command, but this time specifying the ``postgres`` user and a command to run with the ``-c`` option: - -.. code-block:: - - sudo su - postgres -c psql - -Version -------- - -Using ``psql``, run the following query to get the version of the PostgreSQL database: - -.. code-block:: - - SELECT version(); - -Run the following query in ``psql`` to get the version of PostGIS installed: - -.. code-block:: - - SELECT * FROM pg_available_extensions WHERE pg_available_extensions.name LIKE 'postgis'; - -Database Users --------------- - -Run the following in ``psql`` to get a list of the database users: - -.. code-block:: - - \du - -.. important:: - - The passwords of the database users should be changed from their default values. See :ref:`azure_vm_config` tutorial for how to do this. - -Databases ---------- - -Run the following in ``psql`` to get a list of the databases: - -.. code-block:: - - \l - -Quit psql ---------- - -To quit ``psql`` run: - -.. code-block:: - - \q - -Docker -====== - -Docker is installed on the image but not running by default. This is to make it easy for you to install the services your apps need such as a THREDDS or GeoServer. The :ref:`azure_vm_config` tutorial describes the additional configuration that should be performed before using Docker. - -Logs -==== - -In a production installation, you will need to examine logs to see errors when they occur. All logs for running processes on the server are located in the `/var/log` directory. Here's a list of the logs that are most helpful to use when debugging Tethys problems: - -Daphne/Tethys Portal --------------------- - -The Daphne logs capture all of the logged information from Tethys Platform: - -* /var/log/tethys/access.log -* /var/log/tethys/error.log -* /var/log/tethys/out.log - -NGINX ------ - -The NGINX logs are helpful to review when you get 502 errors or when you are debugging connection issues: - -* /var/log/nginx/access.log -* /var/log/nginx/error.log - -PostgreSQL ----------- - -The PostgreSQL logs can be helpful when you encounter database errors, though these are rare for most Tethys applications: - -* /var/log/postgresql/postgresql-12-main.log - -.. _azure_vm_orientation_start_stop: - -Start, Stop, Restart -==================== - -The Daphne, NGINX, and PostgreSQL services are all managed using the ``systemctl`` command. You'll need to restart any of these services any time you make changes to the configuration. Use the following commands to start/stop/restart these services. - -Daphne/Tethys -------------- - -.. code-block:: - - sudo systemctl status tethys.service - -.. code-block:: - - sudo systemctl start tethys.service - -.. code-block:: - - sudo systemctl stop tethys.service - -.. code-block:: - - sudo systemctl restart tethys.service - -NGINX ------ - -.. code-block:: - - sudo systemctl status nginx.service - -.. code-block:: - - sudo systemctl start nginx.service - -.. code-block:: - - sudo systemctl stop nginx.service - -.. code-block:: - - sudo systemctl restart nginx.service - -PostgreSQL ----------- - -.. code-block:: - - sudo systemctl status postgresql@12-main.service - -.. code-block:: - - sudo systemctl start postgresql@12-main.service - -.. code-block:: - - sudo systemctl stop postgresql@12-main.service - -.. code-block:: - - sudo systemctl restart postgresql@12-main.service - -Additional Resources -==================== - -* `Su Command in Linux (Switch User) `_ -* `Psql Command Documentation `_ -* `PostgreSQL Primer for Busy People `_ -* `Understanding and Using Systemd `_ -* `xkpasswd `_ - -What's Next? -============ - -Now that you know how to connect to the VM and have a basic understanding of what is installed, you are ready to configure and customize the Tethys Portal. Don't skip out on this important next step! - diff --git a/docs/installation/production/cloud/azure/troubleshooting.rst b/docs/installation/production/cloud/azure/troubleshooting.rst deleted file mode 100644 index e9b16752f..000000000 --- a/docs/installation/production/cloud/azure/troubleshooting.rst +++ /dev/null @@ -1,31 +0,0 @@ -.. _azure_vm_troubleshooting: - -*************** -Troubleshooting -*************** - -**Last Updated:** November 2021 - -Unable to Connect after the VM Starts -===================================== - -The most common cause of this issue is that the HTTP/HTTPS ports have not been opened on the Virtual Machine. Step 2 of the :ref:`azure_vm_config_https` tutorial describes how to configure ports for an Azure virtual machine. The process is the same for the HTTP port, just select HTTP instead of HTTPS for the **Service** and name it HTTP. - -App logo isn't showing up after installing -========================================== - -This is usually happens when you forget to run ``tethys manage collectall`` or ``tethys manage collectstatic``. The ``collectstatic`` command moves the static files like images, JavaScript, and CSS to a location where NGINX can serve them (``collectall`` calls ``collectstatic``). If you forget to run one of those commands, the files won't be able to be served and won't be found. - -Error after running `tethys manage start` -========================================= - -Don't use `tethys manage start` in a production server! That starts the development server. To start/stop/restart Tethys in the Azure VM, use the ``systemctl`` command. See: :ref:`azure_vm_orientation_start_stop`. - -Tethys Looking for Database on Port 5436 -======================================== - -This means that Tethys isn't able to find the :file:`portal_config.yml` and is using the default value for the port: 5436. Log in as the ``tethys`` user so that the ``TETHYS_HOME`` variable is set correctly. See :ref:`azure_vm_orientation_tethys_account`. - -.. important:: - - DO NOT RUN ``tethys db confgure`` to set up a database. The database created by ``tethys db configure`` is not suitable for production. diff --git a/docs/installation/production/manual.rst b/docs/installation/production/manual.rst index bc6887385..53686a9ca 100644 --- a/docs/installation/production/manual.rst +++ b/docs/installation/production/manual.rst @@ -4,7 +4,7 @@ Manual Production Installation ****************************** -**Last Updated:** September 2022 +**Last Updated:** September 2024 The following guide can be used to manually install Tethys Platform on a production server. If you have not performed a manual installation before, we recommend going through the process using a virtual machine on your computer first before attempting to do the installation on the production server. diff --git a/docs/installation/production/manual/additional/backup.rst b/docs/installation/production/manual/additional/backup.rst index a285ba9f9..e7193625c 100644 --- a/docs/installation/production/manual/additional/backup.rst +++ b/docs/installation/production/manual/additional/backup.rst @@ -40,7 +40,7 @@ You can backup this data using one of PostgreSQL's utilities like `pg_dump /main -**CentOS**: +**Rocky Linux**: .. code-block:: bash diff --git a/docs/installation/production/manual/additional/troubleshooting.rst b/docs/installation/production/manual/additional/troubleshooting.rst index 039ab42f4..7d25169cd 100644 --- a/docs/installation/production/manual/additional/troubleshooting.rst +++ b/docs/installation/production/manual/additional/troubleshooting.rst @@ -143,7 +143,7 @@ Also verify that these files are correctly linked to the appropriate directory i ls -l /etc/supervisor/conf.d/ -**CentOS**: +**Rocky Linux**: .. code-block:: bash @@ -166,7 +166,7 @@ Also verify that this file is correctly linked to the appropriate directory in : ls -l /etc/nginx/sites-enabled/ -**CentOS**: +**Rocky Linux**: .. code-block:: bash diff --git a/docs/installation/production/manual/configuration.rst b/docs/installation/production/manual/configuration.rst index 66c78ba2f..a8dce8d37 100644 --- a/docs/installation/production/manual/configuration.rst +++ b/docs/installation/production/manual/configuration.rst @@ -4,7 +4,7 @@ Production Configuration ************************ -**Last Updated:** September 2022 +**Last Updated:** October 2024 There is a lot of configuration to be done when setting up a production installation of Tethys Portal. Each part of the configuration has been divided into the following guides. We recommend you go through them in order when doing an installation, but they are split out for simpler lookup and reference. @@ -20,6 +20,7 @@ These guides describe the minimum amount of configuration that needs to be perfo configuration/basic/database configuration/basic/static_and_workspaces configuration/basic/nginx + configuration/basic/apache configuration/basic/supervisor configuration/basic/file_permissions configuration/basic/firewall diff --git a/docs/installation/production/manual/configuration/advanced/email_config.rst b/docs/installation/production/manual/configuration/advanced/email_config.rst index c7a45930c..246e8c66f 100644 --- a/docs/installation/production/manual/configuration/advanced/email_config.rst +++ b/docs/installation/production/manual/configuration/advanced/email_config.rst @@ -66,7 +66,7 @@ Setup Your Own Email Server Alternatively, you can try setting up your own email server using Postfix. We don't recommend this, however, because you will then need to make sure you are meeting any government regulations and obtain a certificate signed by a third-party for your emails to have a chance of making it to the user's inbox. -These instructions are for Ubuntu and CentOS systems. For other Linux distributions refer to the `Postfix Documentation `_ or search for a guide for installing on your distribution. +These instructions are for Ubuntu and Rocky Linux systems. For other Linux distributions refer to the `Postfix Documentation `_ or search for a guide for installing on your distribution. 1. Install Postfix: ------------------- @@ -88,7 +88,7 @@ These instructions are for Ubuntu and CentOS systems. For other Linux distributi When installed with apt on Ubuntu, Postfix is started automatically and enabled to start when the server reboots. - **CentOS**: + **Rocky Linux**: Install the application as follows: diff --git a/docs/installation/production/manual/configuration/advanced/https_config.rst b/docs/installation/production/manual/configuration/advanced/https_config.rst index 4db895951..29367f1bb 100644 --- a/docs/installation/production/manual/configuration/advanced/https_config.rst +++ b/docs/installation/production/manual/configuration/advanced/https_config.rst @@ -58,7 +58,7 @@ Certbot cat /etc/nginx/sites-enabled/tethys_nginx.conf - **CentOS**: + **Rocky Linux**: .. code-block:: diff --git a/docs/installation/production/manual/configuration/advanced/social_auth.rst b/docs/installation/production/manual/configuration/advanced/social_auth.rst index 480d2d65c..070861726 100644 --- a/docs/installation/production/manual/configuration/advanced/social_auth.rst +++ b/docs/installation/production/manual/configuration/advanced/social_auth.rst @@ -662,7 +662,7 @@ OneLogin .. code-block:: bash - conda create --experimental-solver libmamba -n tethys -c tethysplatform -c conda-forge tethys-platform social-auth-core=4.0.2 + conda create --experimental-solver libmamba -n tethys -c tethysplatform -c conda-forge tethys-platform django= social-auth-core=4.0.2 1. Create an OneLogin Developer Account diff --git a/docs/installation/production/manual/configuration/basic/apache.rst b/docs/installation/production/manual/configuration/basic/apache.rst new file mode 100644 index 000000000..21c6a38d0 --- /dev/null +++ b/docs/installation/production/manual/configuration/basic/apache.rst @@ -0,0 +1,99 @@ +.. _production_apache_config: + +******************** +Apache Configuration +******************** + +**Last Updated:** October 2024 + +`Apache `_ can be used as the primary HTTP server for a Tethys Portal deployment. It is used to handle all incoming HTTP traffic and directs it to the Daphne/Django server. It also hosts the static files needed by the apps and Tethys Portal. In this section of the production installation guide, you will generate the Apache configuration files. + +.. note:: + + Skip this section if you are using NGINX as your primary HTTP server. See :ref:`production_nginx_config` for NGINX configuration. + + +1. Generate the Apache Configuration +==================================== + +Generate the Apache configuration file using the ``tethys gen`` command: + + .. code-block:: bash + + tethys gen apache --overwrite + + +2. Review Apache Configuration +============================== + +Review the contents of the Apache configuration file: + + .. code-block:: bash + + vim /tethys_apache.conf + + .. tip:: + + Replace ```` with the path to the Tethys home directory as noted in :ref:`production_portal_config` section. + + In particular, verify the following: + + * The ``ServerName`` parameter is set to your server's public domain name (e.g. my.example.com). + * The ``/static`` location matches the location of your ``STATIC_ROOT`` directory. + * The ``/media`` location matches the location of your ``MEDIA_ROOT`` directory. + +3. Link the Tethys Apache Configuration +======================================= + +Create a symbolic link from the ``tethys_apache.conf`` file to the Apache configuration directory (:file:`/etc/apache` or :file:`etc/httpd`): + + **Ubuntu**: + + .. code-block:: bash + + sudo ln -s /tethys_apache.conf /etc/apache/sites-enabled/tethys_apache.conf + + **Rocky Linux**: + + .. code-block:: bash + + sudo ln -s /tethys_apache.conf /etc/httpd/conf.d/tethys_apache.conf + + .. tip:: + + Replace ```` with the path to the Tethys home directory as noted in :ref:`production_portal_config` section. + +4. Remove the Default Apache Configuration (Ubuntu Only) +======================================================== + +For Ubuntu systems, remove the default Apache configuration file so Apache will use the Tethys configuration: + + **Ubuntu**: + + .. code-block:: bash + + sudo rm /etc/apache/sites-enabled/default + +5. Note ``apache`` User +======================= + +Get the name of the ``apache`` user for use in later parts of the installation guide: + + **Ubuntu**: + + .. code-block:: bash + + grep 'User .*' /etc/apache/apache.conf | awk '{print $2}' | awk -F';' '{print $1}' + + **Rocky Linux**: + + .. code-block:: bash + + grep 'User .*' /etc/httpd/conf/httpd.conf | awk '{print $2}' | awk -F';' '{print $1}' + + Note this user and use it in the following steps where you see ````. + +6. Configure SSL (Recommended) +============================== + +Most browsers are becoming more restrictive on sites that are not secure. It is highly recommended that you obtain an SSL/TLS certificate and setup HTTPS. For more details see: :ref:`https_config`. diff --git a/docs/installation/production/manual/configuration/basic/file_permissions.rst b/docs/installation/production/manual/configuration/basic/file_permissions.rst index cb29411c6..ed01327cc 100644 --- a/docs/installation/production/manual/configuration/basic/file_permissions.rst +++ b/docs/installation/production/manual/configuration/basic/file_permissions.rst @@ -4,7 +4,7 @@ File Permissions **************** -**Last Updated:** September 2022 +**Last Updated:** October 2024 As NGINX is acting as the primary HTTP process, many of the files will need to be accessible by the NGINX user account. There are additional permissions that need to be granted if `Security-Enhanced Linux (SELinux) `_ is active on your server. This part of the production installation guide will show you how to manage the file permissions for your server. @@ -15,19 +15,20 @@ Change the owner of the ``STATIC_ROOT`` and ``TETHYS_WORKSPACES_ROOT`` directori .. code-block:: bash - sudo chown -R : - sudo chown -R : + sudo chown -R : + sudo chown -R : + sudo chown -R : .. note:: - Replace ```` with the user noted in the :ref:`production_nginx_config` step. Replace ``STATIC_ROOT`` and ``TETHYS_WORKSPACES_ROOT`` with the paths to the directories you set up in the :ref:`production_static_workspaces_dirs` step. + Replace ```` with the user noted in the :ref:`production_nginx_config` step. Replace ````, ````, and ```` with the paths to the directories you set up in the :ref:`production_static_workspaces_dirs` step. .. _setup_file_permissions_shortcuts: 2. Setup Shortcuts for Changing Permissions (Optional) ====================================================== -You will often need to change the ownership of the ``TETHYS_HOME``, ``STATIC_ROOT``, and ``TETHYS_WORKSPACES_ROOT`` to your user and then back to the ``nginx`` user again. This needs to be done whenever you are making changes to files in one of these directories. For example, whenever you run ``tethys manage collectstatic``, you will need to change the ownership of these directories to your user to allow the command to copy files into those directories. Then you will need to change it back to the ``nginx`` user to allow the server to have access to these files to serve them. +You will often need to change the ownership of the ``TETHYS_HOME``, ``STATIC_ROOT``, ``MEDIA_ROOT``, and ``TETHYS_WORKSPACES_ROOT`` to your user and then back to the ``nginx`` user again. This needs to be done whenever you are making changes to files in one of these directories. For example, whenever you run ``tethys manage collectstatic``, you will need to change the ownership of these directories to your user to allow the command to copy files into those directories. Then you will need to change it back to the ``nginx`` user to allow the server to have access to these files to serve them. For convenience, you may consider setting up these or similar aliases in the activate script of your environment: @@ -89,15 +90,15 @@ For convenience, you may consider setting up these or similar aliases in the act .. _selinux_configuration: -3. Security-Enhanced Linux File Permissions (CentOS, May not Apply) +3. Security-Enhanced Linux File Permissions (Rocky Linux, May not Apply) =================================================================== -If you are installing Tethys Portal on a CentOS or RedHat system that has `Security-Enhanced Linux (SELinux) `_ enabled and set to enforcing mode, you may need to perform additional setup to allow the server processes to access files. +If you are installing Tethys Portal on a Rocky Linux or RedHat system that has `Security-Enhanced Linux (SELinux) `_ enabled and set to enforcing mode, you may need to perform additional setup to allow the server processes to access files. SELinux adds additional layers of security that define access controls for applications, processes, and files on a system. To learn more about SELinux see: `Security-Enhanced Linux `_, `What is SELinux `_, `CentOS SELinux `_, `RedHat SELinux `_. .. note:: - If you are using CentOS for your deployment, it does not necessarily mean that you are using it with SELinux enforcing. You can check the ``SELINUX`` variable in :file:`/etc/selinux/config` to see if SELinux is being enforced. Alternatively, you can check using the ``getenforce`` command. + If you are using Rocky Linux for your deployment, it does not necessarily mean that you are using it with SELinux enforcing. You can check the ``SELINUX`` variable in :file:`/etc/selinux/config` to see if SELinux is being enforced. Alternatively, you can check using the ``getenforce`` command. For an example of SELinux configuration, see: :ref:`production_selinux_config`. \ No newline at end of file diff --git a/docs/installation/production/manual/configuration/basic/firewall.rst b/docs/installation/production/manual/configuration/basic/firewall.rst index 7f9cd7c59..7f5471e1e 100644 --- a/docs/installation/production/manual/configuration/basic/firewall.rst +++ b/docs/installation/production/manual/configuration/basic/firewall.rst @@ -4,9 +4,9 @@ Firewall Configuration ********************** -**Last Updated:** September 2022 +**Last Updated:** October 2024 -If a firewall is enabled on the server on which you are installing Tethys Portal, you may need to configure it to allow connections through the HTTP port(s). This part of the production installation guide will provide instructions for how this is to be done on the default firewall applications installed on Ubuntu (`UWF `_) and CentOS (`firewalld `_ servers. +If a firewall is enabled on the server on which you are installing Tethys Portal, you may need to configure it to allow connections through the HTTP port(s). This part of the production installation guide will provide instructions for how this is to be done on the default firewall applications installed on Ubuntu (`UWF `_) and Rocky Linux (`firewalld `_ servers. Configure Firewall Without SSL (HTTP) ===================================== @@ -27,10 +27,25 @@ Run the following commands to open the HTTP port (80): sudo ufw allow 'Nginx HTTP' - **CentOS**: - + **Rocky Linux**: + + Install firewalld if not already installed: + .. code-block:: bash - + + sudo dnf install firewalld -y + + Enable and start firewald: + + .. code-block:: bash + + sudo systemctl enable firewalld + sudo systemctl start firewalld + + Open the HTTP port (80): + + .. code-block:: bash + sudo firewall-cmd --permanent --zone=public --add-service=http sudo firewall-cmd --reload @@ -53,7 +68,22 @@ Run the following commands to open the HTTPS port (443): sudo ufw allow 'Nginx HTTPS' - **CentOS**: + **Rocky Linux**: + + Install firewalld if not already installed: + + .. code-block:: bash + + sudo dnf install firewalld -y + + Enable and start firewald: + + .. code-block:: bash + + sudo systemctl enable firewalld + sudo systemctl start firewalld + + Open the HTTPS port (443): .. code-block:: bash @@ -79,7 +109,22 @@ Run the following commands to open the HTTPS port (443) and HTTP port (80): sudo ufw allow 'Nginx Full' - **CentOS**: + **Rocky Linux**: + + Install firewalld if not already installed: + + .. code-block:: bash + + sudo dnf install firewalld -y + + Enable and start firewald: + + .. code-block:: bash + + sudo systemctl enable firewalld + sudo systemctl start firewalld + + Open the HTTP port (80) and HTTPS port (443): .. code-block:: bash diff --git a/docs/installation/production/manual/configuration/basic/nginx.rst b/docs/installation/production/manual/configuration/basic/nginx.rst index bb662f682..04856b362 100644 --- a/docs/installation/production/manual/configuration/basic/nginx.rst +++ b/docs/installation/production/manual/configuration/basic/nginx.rst @@ -4,10 +4,14 @@ NGINX Configuration ******************* -**Last Updated:** September 2022 +**Last Updated:** October 2024 `NGINX `_ is used as the primary HTTP server for a Tethys Portal deployment. It is used to handle all incoming HTTP traffic and directs it to the Daphne/Django server. It also hosts the static files needed by the apps and Tethys Portal. In this section of the production installation guide, you will generate the NGINX configuration files. +.. note:: + + Skip this section if you are using Apache as your primary HTTP server. See :ref:`production_apache_config` for Apache configuration. + 1. Generate the NGINX Configuration =================================== @@ -36,6 +40,7 @@ Review the contents of the NGINX configuration file: * The ``server_name`` parameter is set to your server's public domain name (e.g. my.example.com). * The ``/static`` location matches the location of your ``STATIC_ROOT`` directory. * The ``/workspace`` location matches the location of your ``TETHYS_WORKSPACES_ROOT`` directory. + * The ``/media`` location matches the location of your ``MEDIA_ROOT`` directory. 3. Link the Tethys NGINX Configuration ====================================== @@ -48,7 +53,7 @@ Create a symbolic link from the ``tethys_nginx.conf`` file to the NGINX configur sudo ln -s /tethys_nginx.conf /etc/nginx/sites-enabled/tethys_nginx.conf - **CentOS**: + **Rocky Linux**: .. code-block:: bash diff --git a/docs/installation/production/manual/configuration/basic/portal_config.rst b/docs/installation/production/manual/configuration/basic/portal_config.rst index 055250955..cd29594f3 100644 --- a/docs/installation/production/manual/configuration/basic/portal_config.rst +++ b/docs/installation/production/manual/configuration/basic/portal_config.rst @@ -4,13 +4,39 @@ Portal Configuration ******************** -**Last Updated:** September 2022 +**Last Updated:** September 2024 The :file:`portal_config.yml` is the primary configuration file for Tethys Portal. As of version 3.0, you should not edit the :file:`settings.py` file directly. Instead add any Django settings that you need to the ``settings`` section of the :file:`portal_config.yml`. This can be done by manually editing the file, or you can use the ``tethys settings`` command to add settings to it. This part of the installation guide will show you how to create the :file:`portal_config.yml` and highlights a few of the settings that you should configure when setting up Tethys Portal for production. The following sections of the production installation guide will walk you through other important settings as well. -1. Generate Tethys Configuration +1. Prepare the ``TETHYS_HOME`` Directory +======================================== + +The ``TETHYS_HOME`` directory is the directory where the :file:`portal_config.yml` file is generated. This directory is also used to store other configuration files and logs for Tethys Portal. The default location of the ``TETHYS_HOME`` directory is :file:`~/.tethys/` or :file:`/home//.tethys/` if your environment is named Tethys, otherwise it is :file:`~/.tethys//`. + +In a production environment, it is better to define the location of ``TETHYS_HOME`` to be outside of a user's home directory. The ``TETHYS_HOME`` directory should be on a disk with plenty of space and should be backed up regularly. + +1. Decide where to store the ``TETHYS_HOME`` directory and create that directory: + + .. code-block:: bash + + sudo mkdir -p + sudo chown -R $USER + +2. Create a new ``tethys.sh`` script in ``/etc/profile.d`` to set the ``TETHYS_HOME`` environment variable for all users: + + .. code-block:: bash + + sudo touch /etc/profile.d/tethys.sh + sudo chmod +x /etc/profile.d/tethys.sh + sudo echo "export TETHYS_HOME=" > /etc/profile.d/tethys.sh + +.. note:: + + Replace ```` with the path to the directory where you would like to store the Tethys configuration files. + +2. Generate Tethys Configuration ================================ Generate the portal configuration file with the following command: @@ -23,19 +49,10 @@ Generate the portal configuration file with the following command: This file is generated in your ``TETHYS_HOME`` directory. It can be edited directly or using the ``tethys settings`` command. See: :ref:`tethys_configuration` and :ref:`tethys_settings_cmd`. -2. Note the Location of ``TETHYS_HOME`` -======================================= - -The directory where the :file:`portal_config.yml` is generated is the ``TETHYS_HOME`` directory for your installation. - -The default location of ``TETHYS_HOME`` is :file:`~/.tethys/` or :file:`/home//.tethys/` if your environment is named Tethys, otherwise it is :file:`~/.tethys//`. - -**Note this location and use it anywhere you see** ````. - 3. Set Required Production Settings =================================== -The following settings should be changed for a production installation of Tethys Portal. +The following settings should be set for a production installation of Tethys Portal. ALLOWED_HOSTS ------------- diff --git a/docs/installation/production/manual/configuration/basic/static_and_workspaces.rst b/docs/installation/production/manual/configuration/basic/static_and_workspaces.rst index 2c86066d0..19dce71e4 100644 --- a/docs/installation/production/manual/configuration/basic/static_and_workspaces.rst +++ b/docs/installation/production/manual/configuration/basic/static_and_workspaces.rst @@ -4,7 +4,7 @@ Static and Workspaces Directories ********************************* -**Last Updated:** September 2022 +**Last Updated:** October 2024 1. Create Static Directory ========================== @@ -92,4 +92,39 @@ The app workspaces directory is one location where all app workspaces are collec .. code-block:: - tethys manage collectall \ No newline at end of file + tethys manage collectall + + +3. Create App Media Directory +============================= + +The app media directory is a location where apps can store files uploaded by users to make them publicly accesible. Setup the app media directory as follows: + +1. Get the value of the static directory from the ``MEDIA_ROOT`` setting: + + .. code-block:: + + tethys settings --get MEDIA_ROOT + + .. tip:: + + You may set the ``MEDIA_ROOT`` variable to point at whichever directory you would like as follows: + + .. code-block:: + + tethys settings --set MEDIA_ROOT /my/custom/static/directory + +2. Create the media directory if it does not already exist + + .. code-block:: + + sudo mkdir -p + sudo chown -R $USER + + .. note:: + + Replace ```` with the value returned by the previous command (see step 2.1). + +.. tip:: + + The ``MEDIA_ROOT`` directory is one of the recommended directories to backup. diff --git a/docs/installation/production/manual/configuration/basic/supervisor.rst b/docs/installation/production/manual/configuration/basic/supervisor.rst index af7ccc6b8..a7eb4f656 100644 --- a/docs/installation/production/manual/configuration/basic/supervisor.rst +++ b/docs/installation/production/manual/configuration/basic/supervisor.rst @@ -4,7 +4,7 @@ Supervisor & Daphne Configuration ********************************* -**Last Updated:** September 2022 +**Last Updated:** October 2024 `Supervisor `_ is used to manage the NGINX and Daphne processes. As an ASGI server, Daphne is able to be run with multiple worker processes. It would be cumbersome to manage them individually. Using Supervisor, you will be able to use one command to start, stop, or restart the NGINX process and all of the Daphne processes. @@ -52,7 +52,7 @@ One configuration file will be needed for NGINX and another for Daphne. Use the 3. Create Run Directory ======================= -Verify that the directory where the ASGI process files will be created exists. You noted this directory when verifying the :file:`asgi_supervisor.conf` file in the previous step. For example, if the path in :file:`asgi_supervisor.conf` was defined as :file:`/run/asgi/tethys_asgi%(process_num)d.sock`, then you would need to ensure that the :file:`/run/asgi` directory exists and is owned by the ``NGINX_USER``. +Verify that the directory where the ASGI process files will be created exists. You noted this directory when verifying the :file:`asgi_supervisor.conf` file in the previous step. For example, if the path in :file:`asgi_supervisor.conf` was defined as :file:`/run/asgi/tethys_asgi%(process_num)d.sock`, then you would need to ensure that the :file:`/run/asgi` directory exists and is owned by the ``NGINX_USER`` or ``APACHE_USER``. .. note:: @@ -70,7 +70,7 @@ Create a symbolic links from the two configuration files generated in the previo sudo ln -s /asgi_supervisord.conf /etc/supervisor/conf.d/asgi_supervisord.conf sudo ln -s /nginx_supervisord.conf /etc/supervisor/conf.d/nginx_supervisord.conf - **CentOS**: + **Rocky Linux**: .. code-block:: bash @@ -81,12 +81,12 @@ Create a symbolic links from the two configuration files generated in the previo Replace ```` with the path to the Tethys home directory as noted in :ref:`production_portal_config` section. -5. Modify :file:`supervisord.conf` (CentOS Only) +5. Modify :file:`supervisord.conf` (Rocky Linux Only) ================================================ -For CentOS systems, modify :file:`supervisord.conf` to recognize our configuration files: +For Rocky Linux systems, modify :file:`supervisord.conf` to recognize our configuration files: - **CentOS**: + **Rocky Linux**: .. code-block:: bash @@ -108,11 +108,11 @@ Create the log file in the location where supervisor expects it to be (see last .. code-block:: bash - sudo chown -R /var/log/tethys + sudo chown -R /var/log/tethys .. tip:: - Replace ```` with the name of the user noted in the :ref:`production_nginx_config`. + Replace ```` with the name of the user noted in the :ref:`production_nginx_config` or :ref:`production_apache_config`. 7. Reload the Configuration =========================== diff --git a/docs/installation/production/manual/installation.rst b/docs/installation/production/manual/installation.rst index be45aa306..fcbf3b091 100644 --- a/docs/installation/production/manual/installation.rst +++ b/docs/installation/production/manual/installation.rst @@ -4,7 +4,7 @@ Install Tethys Platform *********************** -**Last Updated:** September 2022 +**Last Updated:** September 2024 This article will provide an overview of how to install Tethys Portal in a production setup ready to host apps. Currently production installation of Tethys is only supported on Linux. Some parts of these instructions are optimized for Ubuntu, though installation on other Linux distributions will be similar. @@ -28,7 +28,13 @@ Install Tethys Platform .. code-block:: bash - conda create -n tethys -c conda-forge tethys-platform + conda create -n tethys -c conda-forge tethys-platform django= + +.. important:: + + **Django Version** + + As of Tethys 3.4 and above, the version of Django is no longer pinned in the ``tethys-platform`` package. You will need to specify the version of Django that you want to use when creating the environment. This is especially important for production installations, as only the LTS versions of Django recieve bug and security fixes. We recommend using the current Django LTS version for production installations (see: `How to get Django - Supported Versions `_. Failing to provide the Django version will result in installing the latest version of Django which may not be the LTS version. 2. Activate the ``tethys`` conda environment after it is created: @@ -75,6 +81,7 @@ Beginning with Tethys v5.0 or if you are using ``micro-tethys-platform`` many fe dependencies: - tethys-platform + - django= - django-session-security - django-axes - django-gravatar2 diff --git a/docs/installation/production/manual/overview.rst b/docs/installation/production/manual/overview.rst index 3b35b5b12..fc4b7c3b9 100644 --- a/docs/installation/production/manual/overview.rst +++ b/docs/installation/production/manual/overview.rst @@ -4,7 +4,7 @@ Overview ******** -**Last Updated:** September 2022 +**Last Updated:** September 2024 Introduction ============ @@ -25,26 +25,31 @@ System requirements for your Tethys Portal will largely depend on the apps that Operating System ================ -This guide provides instructions for installing Tethys Portal for production on an Ubuntu 20.04 and CentOS 8 server. +This guide provides instructions for installing Tethys Portal for production on Ubuntu 24.04 and Rocky Linux 9 servers. Installation instructions on other Linux distributions will be similar. Production Server ================= Tethys Portal is a Django web application with the `Django Channels app `_ installed, which makes it an `Asynchronous Server Gateway Interface (ASGI) `_ application. As such, it requires an ASGI server to host it. -In this guide you will host Tethys Portal using the `Daphne `_ ASGI server with `NGINX `_ acting as the primary HTTP server (see: `Example Setups `_). All incoming HTTP traffic will be handled by NGINX which will route most of it to Daphne. Daphne in turn will be hosting the Tethys Portal. The response will be returned up the chain through Daphne to NGINX and back to the client. The NGINX server will handle requests for static files directly for efficiency. +In this guide you will host Tethys Portal using the `Daphne `_ ASGI server with `NGINX `_ acting as the primary HTTP server (see: `Example Setups `_). Alternatively, the `Apache `_ server can also be used as the primary HTTP server. All incoming HTTP traffic will be handled by the HTTP server which will route most of it to Daphne. Daphne in turn will be hosting the Tethys Portal. The response will be returned up the chain through Daphne to NGINX and back to the client. The HTTP server will handle requests for static files directly for efficiency. .. figure:: ./images/tethys_production_diagram.png :width: 800px :align: center -Daphne can and should be configured to run multiple processes. The default configuration will create 4 Daphne processes for example. To make managing the Daphne processes and NGINX process more manageable, `Supervisor `_ will be used to allow all five processes to be started, stopped, and restarted with a single command. +Daphne can and should be configured to run multiple processes or workers. The default configuration will create four (4) Daphne processes for example. To make managing the Daphne processes and HTTP server process more manageable, `Supervisor `_ will be used to allow all five processes to be started, stopped, and restarted with a single command. NGINX ----- A high-performance HTTP server and reverse proxy. It is know for it's rich feature set and simple configuration. NGINX is used in the Tethys Portal production installation as the primary HTTP server. It serves the static files directly and routes other traffic to the Daphne server. +Apache +------ + +A popular HTTP server and reverse proxy. It is known for it's flexibility and power. Apache can be used as the primary HTTP server in the Tethys Portal production installation. It serves the static files directly and routes other traffic to the Daphne server. + Daphne ------ @@ -93,7 +98,7 @@ Most system configuration files are located in :file:`/etc` including the config * :file:`/etc/supervisor/conf.d/nginx_supervisord.conf` * :file:`/etc/nginx/sites-enabled/tethys_nginx.conf` -**CentOS**: +**Rocky Linux**: * :file:`/etc/supervisord.d/asgi_supervisord.conf` * :file:`/etc/supervisord.d/nginx_supervisord.conf` @@ -102,9 +107,10 @@ Most system configuration files are located in :file:`/etc` including the config Data Files ---------- -The data files include files generated by apps or users (workspaces) and the static files (JavaScript, CSS, Images). These files are located in the ``STATIC_ROOT`` and ``TETHYS_WORKSPACES_ROOT`` directories, respectively. The recommend locations for these directories are: +The data files include files generated by apps or users (workspaces and media files) and the static files (JavaScript, CSS, Images). These files are located in the ``STATIC_ROOT``, ``MEDIA_ROOT``, and ``TETHYS_WORKSPACES_ROOT`` directories, respectively. The recommend locations for these directories are: * ``STATIC_ROOT``: :file:`/var/www/tethys/static` +* ``MEDIA_ROOT``: :file:`/var/www/tethys/media` * ``TETHYS_WORKSPACES_ROOT``: :file:`/var/www/tethys/workspaces` .. note:: @@ -131,6 +137,6 @@ The data files *and* configuration files for a system-installed PostgreSQL are l * :file:`/var/lib/postgresql//main` -**CentOS**: +**Rocky Linux**: * :file:`/var/lib/pgsql//data` diff --git a/docs/installation/production/manual/preparation.rst b/docs/installation/production/manual/preparation.rst index 360f43eba..ff72bd65d 100644 --- a/docs/installation/production/manual/preparation.rst +++ b/docs/installation/production/manual/preparation.rst @@ -4,7 +4,7 @@ Preparation *********** -**Last Updated:** September 2022 +**Last Updated:** September 2024 We recommend you take time before you start your Tethys Portal installation to collect the information that you will need throughout the installation process. This information includes usernames, passwords, SSL certificates, and server attributes. Planning for these ahead of time will make it more likely that you will setup the server securely, rather than using default values for things like passwords when you are prompted for them throughout the installation process. @@ -72,7 +72,7 @@ If you plan to enable the email capabilities to allow users to reset their forgo Security Enhanced Linux (SELinux) ================================= -If you plan to enable SELinux on your CentOS server, read up on SELinux. Here are a few links to get you started: `Security-Enhanced Linux `_, `CentOS SELinux `_, `RedHat SELinux `_ +If you plan to enable SELinux on your Rocky Linux server, read up on SELinux. Here are a few links to get you started: `Security-Enhanced Linux `_, `Rocky Linux - SELinux `_, `RedHat SELinux `_ Summary ======= diff --git a/docs/installation/production/manual/system_dependencies.rst b/docs/installation/production/manual/system_dependencies.rst index 2e3e3cd9c..a3e829081 100644 --- a/docs/installation/production/manual/system_dependencies.rst +++ b/docs/installation/production/manual/system_dependencies.rst @@ -4,7 +4,7 @@ Install System Dependencies *************************** -**Last Updated:** September 2022 +**Last Updated:** September 2024 This guide describes how to install the necessary system dependencies. You will need ``sudo`` or root access on the server to complete these steps. @@ -24,11 +24,11 @@ You will need a text editor to modify the configuration files during the install sudo apt install -y vim nano - **CentOS**: + **Rocky Linux**: .. code-block:: bash - sudo yum install -y vim nano + sudo dnf install -y vim nano wget ---- @@ -41,11 +41,11 @@ Wget is used during the installation to download files needed for the installati sudo apt install -y wget - **CentOS**: + **Rocky Linux**: .. code-block:: bash - sudo yum install -y wget + sudo dnf install -y wget PostgreSQL ========== @@ -58,53 +58,42 @@ PostgreSQL sudo apt install -y postgresql postgresql-contrib - **CentOS**: + **Rocky Linux**: .. code-block:: bash - sudo yum -y install https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm - - .. code-block:: bash - - sudo dnf -qy module disable postgresql - sudo dnf -y install postgresql12 postgresql12-server + sudo dnf install -y postgresql-server glibc-all-langpacks Initialize the database: .. code-block:: bash # Initialize the database - sudo /usr/pgsql-12/bin/postgresql-12-setup initdb + sudo postgresql-setup --initdb Start PostgreSQL and enable it so it starts up automatically when the server restarts: .. code-block:: bash - sudo systemctl start postgresql-12 - sudo systemctl enable postgresql-12 + sudo systemctl start postgresql + sudo systemctl enable postgresql .. note:: - You may be wondering why you didn't need to initialize the database and start/enable it when installing PostgreSQL on Ubuntu. This has to do with the differing philosophies between CentOS and Ubuntu. Ubuntu packages are usually installed with a reasonable default configurtaion and already enabled and running, whereas CentOS only installs the binaries and leaves the configurtaion and enabling up to you. + You may be wondering why you didn't need to initialize the database and start/enable it when installing PostgreSQL on Ubuntu. This has to do with the differing philosophies between Rocky Linux and Ubuntu. Ubuntu packages are usually installed with a default configurtaion and already enabled and running, whereas Rocky Linux only installs the binaries and leaves the configurtaion and enabling up to you. 2. Verify that PostgreSQL is Running: - **Ubuntu**: + **Both**: .. code-block:: bash sudo systemctl status postgresql - **CentOS**: - - .. code-block:: bash - - sudo systemctl status postgresql-12 - .. note:: - Install PostgreSQL using these instructions if you plan on having the database on the same server as your Tethys Portal. If you plan to use a separate server for your database, you may also use these instructions to install PostgreSQL on that server, but do not run these installation commands on the Tethys Portal server. These instructions are based on `How To Install and Use PostgreSQL on Ubuntu 20.04 `_ and `How To Install PostgreSQL 12 on CentOS 7 / CentOS 8 `_. + Install PostgreSQL using these instructions if you plan on having the database on the same server as your Tethys Portal. If you plan to use a separate server for your database, you may also use these instructions to install PostgreSQL on that server, but do not run these installation commands on the Tethys Portal server. These instructions are based on `How To Install and Use PostgreSQL on Ubuntu 20.04 `_ and `How To Install and Use PostgreSQL on Rocky Linux 9 `_. Set ``postgres`` Password ------------------------- @@ -121,13 +110,15 @@ Set ``postgres`` Password Replace ```` with the password you created during the :ref:`production_preparation` step. -2. On CentOS it is also necessary to enable password authentication for local connections. This is done in the :file:`pg_hba.conf` file as follows: +2. On Rocky Linux it is also necessary to enable password authentication for local IP connections. This is done in the :file:`pg_hba.conf` file as follows: - **CentOS**: + **Rocky Linux**: .. code-block:: bash - sudo vim /var/lib/pgsql/12/data/pg_hba.conf + sudo vim /var/lib/pgsql/data/pg_hba.conf + + **pg_hba.conf**: Change: @@ -139,29 +130,42 @@ Set ``postgres`` Password host all all 127.0.0.1/32 ident # IPv6 local connections: host all all ::1/128 ident + # Allow replication connections from localhost, by a user with the + # replication privilege. + local replication all peer + host replication all 127.0.0.1/32 ident + host replication all ::1/128 ident To: - .. code-block:: + .. code-block:: bash # "local" is for Unix domain socket connections only - local all all md5 + local all all peer # IPv4 local connections: host all all 127.0.0.1/32 md5 # IPv6 local connections: host all all ::1/128 md5 + # Allow replication connections from localhost, by a user with the + # replication privilege. + local replication all peer + host replication all 127.0.0.1/32 md5 + host replication all ::1/128 md5 + + + **Rocky Linux**: - Then restart PostgreSQL: + Then restart PostgreSQL: .. code-block:: - sudo systemctl restart postgresql-12 + sudo systemctl restart postgresql 3. Verify that password authentication is working by opening a connection to the database using the commandline client ``psql``: .. code-block:: - PGPASSWORD= psql -U postgres + PGPASSWORD= psql -U postgres -h localhost To quit ``psql`` type ``\q`` and press ``Enter``. @@ -187,23 +191,37 @@ PostGIS Extension (Optional) .. code-block:: bash - sudo apt install -y postgis postgresql-12-postgis-3 + sudo apt install -y postgis postgresql-16-postgis-3 - **CentOS**: + **Rocky Linux**: .. code-block:: bash - sudo yum install -y epel-release - sudo dnf config-manager --set-enabled PowerTools - sudo yum install -y postgis30_12 + # Install the Postgresql repository + sudo yum -y install https://download.postgresql.org/pub/repos/yum/reporpms/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm + + # Install EPEL repo RPM: + sudo dnf -y install epel-release + + # Enable additional repositories to resolve dependencies + sudo dnf config-manager --enable crb + + # Disable default PostgreSQL AppStream repository. + sudo dnf -qy module disable postgresql + + # Select the right PostGIS and PostgreSQL versions + sudo yum -y install postgis32_13 + + # Restart postgresql + systemctl restart postgresql .. note:: - These instructions are based on `How To Install PostGIS on Ubuntu 20.04/18.04 | Debian 10 `_ and `How To Install PostGIS on CentOS 8 `_. + These instructions are based on `Users Wiki: Ubuntu Install Guide `_ and `Install PostGIS on Rocky Linux 8|CentOS 8|AlmaLinux 8 `_. -NGINX -===== +NGINX (Recommended) +=================== `NGINX `_ (pronounced "N-gin-X") is a free and open-source HTTP server and reverse proxy. It is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption. NGINX is used in combination with Daphne as an HTTP server to host Tethys Portal in production. @@ -219,19 +237,47 @@ NGINX .. code-block:: bash - sudo systemctl stop nginx # Will manage w/ supervisor - sudo systemctl disable nginx # Will manage w/ supervisor + sudo systemctl stop nginx + sudo systemctl disable nginx - **CentOS**: + **Rocky Linux**: .. code-block:: bash - sudo yum install -y nginx + sudo dnf install -y nginx + + .. note:: + + These instructions are based on `How To Install Nginx on Ubuntu 20.04 `_ and `How To Install Nginx on Rocky Linux 9 `_. + +Apache (Optional) +================= + +`Apache `_ is a free and open-source cross-platform web server software. If you prefer to use Apache instead of NGINX, you can install it as follows: + + **Ubuntu**: + + .. code-block:: bash + + sudo apt install -y apache2 + + Disable and stop Apache because it will be managed with Supervisor + + .. code-block:: bash + + sudo systemctl stop apache2 + sudo systemctl disable apache2 + + **Rocky Linux**: + + .. code-block:: bash + + sudo dnf install -y httpd .. note:: - These instructions are based on `How To Install Nginx on Ubuntu 20.04 `_ and `How to Install Nginx on CentOS 8 `_. + These instructions are based on `How To Install the Apache Web Server on Ubuntu 20.04 `_ and `How to install Apache on Rocky Linux 9 `_. Supervisor ========== @@ -248,16 +294,17 @@ Supervisor sudo apt update sudo apt install -y supervisor - **CentOS**: + **Rocky Linux**: .. code-block:: bash - sudo yum install -y epel-release + # If you haven't already, install the EPEL repository + sudo dnf install -y epel-release .. code-block:: bash - sudo yum update - sudo yum install -y supervisor + # Install supervisor + sudo dnf install -y supervisor Start Supervisor and enable it so it starts up automatically when the server restarts: @@ -276,7 +323,7 @@ Supervisor .. note:: - These instructions are based on `Installing Supervisor `_, `Install EPEL `_, and `Installing Supervisor on CentOS 7 `_. + These instructions are based on `Installing Supervisor `_, `Install EPEL `_, and `How to install Supervisor on RHEL/CentOS/AlmaLinux/RockyLinux `_. Postfix (Optional) @@ -292,11 +339,11 @@ Postfix (Optional) sudo apt install -y postfix libsasl2-modules - **CentOS**: + **Rocky Linux**: .. code-block:: bash - sudo yum install -y postfix cyrus-sasl-plain cyrus-sasl-md5 + sudo dnf install -y postfix cyrus-sasl-plain cyrus-sasl-md5 Start Postfix and enable it so it starts up automatically when the server restarts: diff --git a/docs/tutorials/google_earth_engine/part_1/dataset_controls_js.rst b/docs/tutorials/google_earth_engine/part_1/dataset_controls_js.rst index e20dca17f..59e9babe8 100644 --- a/docs/tutorials/google_earth_engine/part_1/dataset_controls_js.rst +++ b/docs/tutorials/google_earth_engine/part_1/dataset_controls_js.rst @@ -11,7 +11,6 @@ In this tutorial you will add dynamic behavior to the dataset controls created i * Using JavaScript with Tethys Gizmos .. figure:: ../../../images/tutorial/gee/dataset_controls_js.png - :width: 800px :align: center diff --git a/docs/tutorials/google_earth_engine/part_1/map_view.rst b/docs/tutorials/google_earth_engine/part_1/map_view.rst index fd462513a..0793efee3 100644 --- a/docs/tutorials/google_earth_engine/part_1/map_view.rst +++ b/docs/tutorials/google_earth_engine/part_1/map_view.rst @@ -12,7 +12,6 @@ In this tutorial you will add a map to the Home Page using the Tethys MapView Gi * Custom CSS .. figure:: ../../../images/tutorial/gee/map_view.png - :width: 800px :align: center diff --git a/tethys_cli/gen_templates/apache b/tethys_cli/gen_templates/apache index d4387173b..be5e59bd5 100644 --- a/tethys_cli/gen_templates/apache +++ b/tethys_cli/gen_templates/apache @@ -12,10 +12,15 @@ Listen {% if ip_address %}{{ ip_address }}:{%- endif %}{{ server_port }}{% if ss ProxyPass /static ! Alias /static {{ static_root }} + ProxyPass /media ! + Alias /media {{ media_root }} Require all granted + + Require all granted + {% for directive in additional_directives %} {{ directive }} {%- endfor %}