membership website
Intro
Membership is hosted at both membership.synshop.org and membership-dev.synshop.org on new-lagos.synshop.org. It's a python flask app and has a GH Repo.
One time setup
- create DNS entries to server. "server" in this case on lagos-new so
membership.synshop.org
andmembership-dev.synshop.org
both have aCNAME
forlagos-new.synshop.org.
See Caddy page which talks about making new DNS entries. -
on server, install pre-reqs:
apt install python3 python3.10-venv certbot debian-keyring debian-archive-keyring apt-transport-https gunicorn
-
install
caddy
key, repo and binary:curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list sudo apt update sudo apt install caddy systemctl start caddy systemctl enable caddy
-
edit
/etc/caddy/Caddyfile
and put in this contents at the bottom:membership.synshop.org { reverse_proxy localhost:3000 } membership-dev.synshop.org { reverse_proxy localhost:4000 }
-
restart caddy:
systemctl restart caddy
. These two URLs should now work but have not content: membership and membership-dev - create new
membership
user on server - create new ed25519 ssh key WITHOUT a password for
membership
on server - add the newly created public SSH key to the Deploy Keys for Membership GitHub Repo. Ensure it is read only when adding it.
-
as
membership
user, clone the repo twice. You shouldn't be prompted for authentication because of the deploy key step above:git git@github.com:synshop/membership.synshop.org.git /home/membership/membership.synshop.org git git@github.com:synshop/membership.synshop.org.git /home/membership/membership-dev.synshop.org
-
as
membership
user, create a virtualenv for each install:cd /home/membership/membership.synshop.org python3 -m venv venv;. venv/bin/activate deactivate cd /home/membership/membership-dev.synshop.org python3 -m venv venv;. venv/bin/activate deactivate
-
as
membership
user, ensure each repo is on the correct branch:cd /home/membership/membership.synshop.org git fetch git checkout membership.synshop.net cd /home/membership/membership-dev.synshop.org git fetch git checkout membership-dev.synshop.org
-
In both repos, ensure we've installed the python pre-reqs:
cd /home/membership/membership.synshop.org . venv/bin/activate pip3 install -r requirements.txt cd /home/membership/membership-dev.synshop.org deactivate . venv/bin/activate pip3 install -r requirements.txt deactivate
-
In each repo, create a new config file:
cp /home/membership/membership.synshop.org/config.py.default /home/membership/membership.synshop.org/config.py cp /home/membership/membership-dev.synshop.org/config.py.default /home/membership/membership-dev.synshop.org/config.py
-
Edit the 2 newly created
config.py
files to have correct values. Be sure to read the service file in the next step on how to Encrypted values. - Copy over two instances
service/membership.service
andservice/membership-dev.service
both to/etc/systemd/system
- Edit the the two files in
/etc/systemd/system
to have the right value forENCRYPTION_KEY
. - Reload systemd and start and enable the services:
systemctl start membership;systemctl start membership-dev;systemctl enable membership;systemctl enable membership-dev
- Reboot server to make sure two services come up
Pushing new content live
- SSH to new-lagos
- switch user to
membership
user:sudo su - memberhsip
- cd into dev or prod:
cd membership.synshop.org
orcd membership-dev.synshop.org
- pull in the latest code:
git pull origin
- restart the server:
systemctl restart membership
orsystemctl restart membership-dev
Development
TBD