almet/la-chariotte
1
0
Fork 0
mirror of https://framagit.org/la-chariotte/la-chariotte.git synced 2025-04-30 19:02:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
la-chariotte/docs/deploy.md

162 lines
4.3 KiB
Markdown
Raw Blame History

# How to deploy
!!! info "This is how **we** deploy"
This page describes how the main instance is deployed, and is mainly meant as a
way to share the knowledge. You can obviously do things differently.
## Services
"La chariotte" uses different domains:
- **docs.chariotte.fr**, the docs you are reading now. It's handled by [readthedocs.org](https://readthedocs.org).
- **chariotte.fr**, the main instance. It's deployed on Alwaysdata
- **blog.chariotte.fr**, our blog. It's [a static website](https://gitlab.com/la-chariotte/la-chariotte.gitlab.io) deployed on Gitlab pages.
## The main instance
### Alwaysdata, our hosting provider
[Alwaysdata](https://www.alwaysdata.com) offers [a free plan for open source
projects](https://www.alwaysdata.com/en/open-source/), which we are using for
the main instance of la chariotte.
Thanks to them for supporting open source!
### Getting access
To get access, you'll need to generate an ssh keypair, and give your public key to a known admin.
```bash
ssh-keygen
```
This will generate a private a public key. You need to share the **public** key.
On unix systems, it's stored under `~/.ssh/id_rsa.pub` by default.
### Connecting to ssh
Once your key is generated and you're known to the server, you can connect there.
```bash
ssh chariotte@ssh-chariotte.alwaysdata.net
```
### Configuration file
The chariotte application is run by [uwsgi](https://uwsgi-docs.readthedocs.io/
en/latest/), managed by AlwaysData.
The production settings are stored in `~/ la_chariotte/prod_settings.py`, and
the secrets are defined in the admin console.
Here are the settings, with some comments that might be useful.
```python title="prod_settings.py"
SECRET_KEY = "YOUR SECRET KEY HERE, used to hash the passwords. CHANGE IT."
# We're connecting to a psql server, AD manages the access and the backups.
DATABASES = {
"default": {
"ENGINE": "django.db.backends.postgresql",
"NAME": "chariotte_prod",
"USER": "chariotte_prod",
"PASSWORD": "",
"HOST": "host",
}
}
ALLOWED_HOSTS = ["chariotte.fr",]
DEBUG = False
# We're sending mails using AD infrastructure
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_FROM = 'notification@chariotte.fr'
EMAIL_HOST = 'smtp-chariotte.alwaysdata.net'
EMAIL_PORT = 587
EMAIL_HOST_USER = 'notification@chariotte.fr'
EMAIL_HOST_PASSWORD = "XXX"
EMAIL_USE_TLS = True
DEFAULT_FROM_EMAIL = os.getenv(
"DJANGO_DEFAULT_FROM_EMAIL", "La Chariotte <notification@chariotte.fr>"
)
CONTACT_MAIL = "contact@chariotte.fr"
# We're collecting the static files on this specific folder.
STATIC_ROOT = "/home/chariotte/static/"
```
We're using sentry (sentry.io) to be alerted when an error happens on the server
```python title="prod_settings.py"
import sentry_sdk
sentry_sdk.init(
dsn="PUT YOUR DSN HERE",
# Set traces_sample_rate to 1.0 to capture 100%
# of transactions for performance monitoring.
traces_sample_rate=1.0,
# Set profiles_sample_rate to 1.0 to profile 100%
# of sampled transactions.
# We recommend adjusting this value in production.
profiles_sample_rate=1.0,
)
```
### The different sites
In the AD console, here are the defined sites:
- `app.chariotte.fr`, redirecting to `chariotte.fr`
- `chariotte.fr/static`, hosting the static files, it just serves the collected static files stored in `/static/`
- `chariotte.fr`, the main website, defined in the next section
`chariotte.fr` is configured as a Python WSGI app:
- application path: `/la_chariotte/la_chariotte/wsgi.py`
- working directory: `/la_chariotte`
- venv location: `/venv`
Environment variables:
```
DJANGO_SETTINGS_MODULE=prod_settings
```
### How to deploy
To deploy a new version, we'll need to:
- get the new code
- update the database
- collect the static files
- restart the daemon
Here's how:
```bash
# Activate the venv
source venv/bin/activate
cd la_chariotte
# Get the code
git fetch
git checkout tag # if we're using a tag, otherwise, just checkout the main branch
python manage.py updatedb
python manage.py collectstatic
```
Then you'll need to restart the server from AD's interface.
### What about SSL certificates?
The SSL certificates are issued directly by AlwaysData (they use [Let's Encrypt]
(https://letsencrypt.org/) behind the scenes)
## Mails
Mails are hosted by alwaysdata, as part of their opensource plan.
Reference in a new issue View git blame Copy permalink