Commit | Line | Data |
---|---|---|
473a4431 CAW |
1 | .. MediaGoblin Documentation |
2 | ||
3 | Written in 2011, 2012 by MediaGoblin contributors | |
4 | ||
5 | To the extent possible under law, the author(s) have dedicated all | |
6 | copyright and related and neighboring rights to this software to | |
7 | the public domain worldwide. This software is distributed without | |
8 | any warranty. | |
9 | ||
10 | You should have received a copy of the CC0 Public Domain | |
11 | Dedication along with this software. If not, see | |
12 | <http://creativecommons.org/publicdomain/zero/1.0/>. | |
13 | ||
abe74178 WKG |
14 | .. _deploying-chapter: |
15 | ||
4e893b6e | 16 | ===================== |
17 | Deploying MediaGoblin | |
18 | ===================== | |
00fdc7bd | 19 | |
e260065a CAW |
20 | GNU MediaGoblin is fairly new and so at the time of writing, there |
21 | aren't easy package-manager-friendly methods to install MediaGoblin. | |
22 | However, doing a basic install isn't too complex in and of itself. | |
56d507b6 | 23 | |
e260065a CAW |
24 | There's an almost infinite way to deploy things... for now, we'll keep |
25 | it simple with some assumptions and use a setup that combines | |
26 | mediagoblin + virtualenv + fastcgi + nginx on a .deb or .rpm based | |
27 | GNU/Linux distro. | |
28 | ||
076bf0cf WKG |
29 | .. note:: |
30 | ||
31 | These tools are for site administrators wanting to deploy a fresh | |
32 | install. If instead you want to join in as a contributor, see our | |
33 | `Hacking HOWTO <http://wiki.mediagoblin.org/HackingHowto>`_ instead. | |
e260065a | 34 | |
4d8a3cd8 CAW |
35 | There are also many ways to install servers... for the sake of |
36 | simplicity, our instructions below describe installing with nginx. | |
37 | For more recipes, including Apache, see | |
38 | `our wiki <http://wiki.mediagoblin.org/Deployment>`_. | |
39 | ||
4e893b6e | 40 | Prepare System |
41 | -------------- | |
e260065a | 42 | |
4e893b6e | 43 | Dependencies |
44 | ~~~~~~~~~~~~ | |
e260065a | 45 | |
4e893b6e | 46 | MediaGoblin has the following core dependencies: |
e260065a | 47 | |
4e893b6e | 48 | - Python 2.6 or 2.7 |
49 | - `python-lxml <http://lxml.de/>`_ | |
50 | - `git <http://git-scm.com/>`_ | |
775ec9e8 | 51 | - `SQLite <http://www.sqlite.org/>`_/`PostgreSQL <http://www.postgresql.org/>`_ |
4e893b6e | 52 | - `Python Imaging Library <http://www.pythonware.com/products/pil/>`_ (PIL) |
53 | - `virtualenv <http://www.virtualenv.org/>`_ | |
e260065a | 54 | |
4e893b6e | 55 | On a DEB-based system (e.g Debian, gNewSense, Trisquel, Ubuntu, and |
7798f911 | 56 | derivatives) issue the following command:: |
e260065a | 57 | |
775ec9e8 | 58 | sudo apt-get install git-core python python-dev python-lxml \ |
076bf0cf | 59 | python-imaging python-virtualenv |
e260065a | 60 | |
4e893b6e | 61 | On a RPM-based system (e.g. Fedora, RedHat, and derivatives) issue the |
7798f911 | 62 | following command:: |
4e893b6e | 63 | |
775ec9e8 | 64 | yum install python-paste-deploy python-paste-script \ |
076bf0cf WKG |
65 | git-core python python-devel python-lxml python-imaging \ |
66 | python-virtualenv | |
e260065a | 67 | |
775ec9e8 JW |
68 | Configure PostgreSQL |
69 | ~~~~~~~~~~~~~~~~~~~~ | |
70 | ||
71 | .. note:: | |
72 | ||
7798f911 WKG |
73 | MediaGoblin currently supports PostgreSQL and SQLite. The default is a |
74 | local SQLite database. This will "just work" for small deployments. | |
775ec9e8 | 75 | |
7798f911 WKG |
76 | For medium to large deployments we recommend PostgreSQL. |
77 | ||
78 | If you don't want/need postgres, skip this section. | |
79 | ||
80 | These are the packages needed for Debian Wheezy (testing):: | |
775ec9e8 | 81 | |
21a84362 | 82 | sudo apt-get install postgresql postgresql-client python-psycopg2 |
775ec9e8 JW |
83 | |
84 | The installation process will create a new *system* user named ``postgres``, | |
85 | it will have privilegies sufficient to manage the database. We will create a | |
86 | new database user with restricted privilegies and a new database owned by our | |
87 | restricted database user for our MediaGoblin instance. | |
88 | ||
89 | In this example, the database user will be ``mediagoblin`` and the database | |
90 | name will be ``mediagoblin`` too. | |
91 | ||
7798f911 | 92 | To create our new user, run:: |
775ec9e8 JW |
93 | |
94 | sudo -u postgres createuser mediagoblin | |
95 | ||
7798f911 | 96 | then answer NO to *all* the questions:: |
775ec9e8 JW |
97 | |
98 | Shall the new role be a superuser? (y/n) n | |
99 | Shall the new role be allowed to create databases? (y/n) n | |
100 | Shall the new role be allowed to create more new roles? (y/n) n | |
101 | ||
7798f911 | 102 | then create the database all our MediaGoblin data should be stored in:: |
775ec9e8 JW |
103 | |
104 | sudo -u postgres createdb -E UNICODE -O mediagoblin mediagoblin | |
105 | ||
106 | where the first ``mediagoblin`` is the database owner and the second | |
107 | ``mediagoblin`` is the database name. | |
108 | ||
109 | .. caution:: Where is the password? | |
110 | ||
111 | These steps enable you to authenticate to the database in a password-less | |
112 | manner via local UNIX authentication provided you run the MediaGoblin | |
113 | application as a user with the same name as the user you created in | |
114 | PostgreSQL. | |
115 | ||
116 | More on this in :ref:`Drop Privileges for MediaGoblin <drop-privileges-for-mediagoblin>`. | |
117 | ||
118 | ||
775ec9e8 JW |
119 | .. _drop-privileges-for-mediagoblin: |
120 | ||
4e893b6e | 121 | Drop Privileges for MediaGoblin |
122 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
17c71230 | 123 | |
4e893b6e | 124 | As MediaGoblin does not require special permissions or elevated |
125 | access, you should run MediaGoblin under an existing non-root user or | |
126 | preferably create a dedicated user for the purpose of running | |
127 | MediaGoblin. Consult your distribution's documentation on how to | |
128 | create "system account" or dedicated service user. Ensure that it is | |
129 | not possible to log in to your system with as this user. | |
17c71230 | 130 | |
4e893b6e | 131 | You should create a working directory for MediaGoblin. This document |
076bf0cf WKG |
132 | assumes your local git repository will be located at |
133 | ``/srv/mediagoblin.example.org/mediagoblin/`` for this documentation. | |
134 | Substitute your prefer ed local deployment path as needed. | |
17c71230 | 135 | |
4e893b6e | 136 | This document assumes that all operations are performed as this |
7798f911 | 137 | user. To drop privileges to this user, run the following command:: |
17c71230 | 138 | |
076bf0cf | 139 | su - [mediagoblin] |
17c71230 | 140 | |
076bf0cf | 141 | Where, "``[mediagoblin]``" is the username of the system user that will |
4e893b6e | 142 | run MediaGoblin. |
143 | ||
e260065a | 144 | Install MediaGoblin and Virtualenv |
4e893b6e | 145 | ---------------------------------- |
e260065a | 146 | |
076bf0cf WKG |
147 | .. note:: |
148 | ||
7798f911 | 149 | MediaGoblin is still developing rapidly. As a result |
076bf0cf WKG |
150 | the following instructions recommend installing from the ``master`` |
151 | branch of the git repository. Eventually production deployments will | |
152 | want to transition to running from more consistent releases. | |
e260065a | 153 | |
4e893b6e | 154 | Issue the following commands, to create and change the working |
076bf0cf | 155 | directory. Modify these commands to reflect your own environment:: |
17c71230 | 156 | |
076bf0cf WKG |
157 | mkdir -p /srv/mediagoblin.example.org/ |
158 | cd /srv/mediagoblin.example.org/ | |
17c71230 | 159 | |
076bf0cf | 160 | Clone the MediaGoblin repository:: |
e260065a | 161 | |
076bf0cf | 162 | git clone git://gitorious.org/mediagoblin/mediagoblin.git |
e260065a | 163 | |
7798f911 | 164 | And set up the in-package virtualenv:: |
e260065a | 165 | |
076bf0cf | 166 | cd mediagoblin |
95ff15d6 | 167 | (virtualenv --system-site-packages . || virtualenv .) && ./bin/python setup.py develop |
e260065a | 168 | |
4e893b6e | 169 | .. note:: |
e260065a | 170 | |
4e893b6e | 171 | If you have problems here, consider trying to install virtualenv |
172 | with the ``--distribute`` or ``--no-site-packages`` options. If | |
c356dc16 | 173 | your system's default Python is in the 3.x series you may need to |
4e893b6e | 174 | run ``virtualenv`` with the ``--python=python2.7`` or |
175 | ``--python=python2.6`` options. | |
e260065a | 176 | |
4e893b6e | 177 | The above provides an in-package install of ``virtualenv``. While this |
178 | is counter to the conventional ``virtualenv`` configuration, it is | |
179 | more reliable and considerably easier to configure and illustrate. If | |
180 | you're familiar with Python packaging you may consider deploying with | |
c356dc16 | 181 | your preferred method. |
e260065a | 182 | |
076bf0cf WKG |
183 | Assuming you are going to deploy with FastCGI, you should also install |
184 | flup:: | |
99192f24 | 185 | |
076bf0cf | 186 | ./bin/easy_install flup |
99192f24 | 187 | |
71ef2007 CAW |
188 | (Sometimes this breaks because flup's site is flakey. If it does for |
189 | you, try):: | |
190 | ||
191 | ./bin/easy_install https://pypi.python.org/pypi/flup/1.0.3.dev-20110405 | |
192 | ||
4e893b6e | 193 | This concludes the initial configuration of the development |
8d9aa03f | 194 | environment. In the future, when you update your |
076bf0cf | 195 | codebase, you should also run:: |
e260065a | 196 | |
084a6190 | 197 | ./bin/python setup.py develop --upgrade && ./bin/gmg dbupdate |
e260065a | 198 | |
9d5cd0b9 CAW |
199 | Note: If you are running an active site, depending on your server |
200 | configuration, you may need to stop it first or the dbupdate command | |
201 | may hang (and it's certainly a good idea to restart it after the | |
202 | update) | |
203 | ||
204 | ||
4e893b6e | 205 | Deploy MediaGoblin Services |
206 | --------------------------- | |
e260065a | 207 | |
a7d2a892 ST |
208 | Edit site configuration |
209 | ~~~~~~~~~~~~~~~~~~~~~~~ | |
210 | ||
211 | A few basic properties must be set before MediaGoblin will work. First make a copy of ``mediagoblin.ini`` for editing so the original config file isn't lost:: | |
212 | ||
213 | cp mediagoblin.ini mediagoblin_local.ini | |
214 | ||
215 | Then: | |
216 | ||
217 | Set ``email_sender_address`` to the address you wish to be used as the sender for system-generated emails | |
218 | Edit ``direct_remote_path``, ``base_dir``, and ``base_url`` if you're mediagoblin directory is not the root directory of your vhost. | |
219 | ||
220 | ||
775ec9e8 JW |
221 | Configure MediaGoblin to use the PostgreSQL database |
222 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
223 | ||
7798f911 WKG |
224 | If you are using postgres, edit the ``[mediagoblin]`` section in your |
225 | ``mediagoblin_local.ini`` and put in:: | |
775ec9e8 JW |
226 | |
227 | sql_engine = postgresql:///mediagoblin | |
228 | ||
229 | if you are running the MediaGoblin application as the same 'user' as the | |
230 | database owner. | |
231 | ||
7798f911 | 232 | |
775ec9e8 JW |
233 | Update database data structures |
234 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
235 | ||
7798f911 | 236 | Before you start using the database, you need to run:: |
775ec9e8 JW |
237 | |
238 | ./bin/gmg dbupdate | |
239 | ||
240 | to populate the database with the MediaGoblin data structures. | |
241 | ||
242 | ||
4e893b6e | 243 | Test the Server |
244 | ~~~~~~~~~~~~~~~ | |
e260065a | 245 | |
4e893b6e | 246 | At this point MediaGoblin should be properly installed. You can |
076bf0cf | 247 | test the deployment with the following command:: |
e260065a | 248 | |
076bf0cf | 249 | ./lazyserver.sh --server-name=broadcast |
e260065a | 250 | |
4e893b6e | 251 | You should be able to connect to the machine on port 6543 in your |
252 | browser to confirm that the service is operable. | |
e260065a | 253 | |
cd1abb11 CAW |
254 | .. _webserver-config: |
255 | ||
56d507b6 | 256 | |
a7d2a892 ST |
257 | FastCGI and nginx |
258 | ~~~~~~~~~~~~~~~~~ | |
259 | ||
260 | This configuration example will use nginx, however, you may | |
4e893b6e | 261 | use any webserver of your choice as long as it supports the FastCGI |
262 | protocol. If you do not already have a web server, consider nginx, as | |
263 | the configuration files may be more clear than the | |
264 | alternatives. | |
265 | ||
266 | Create a configuration file at | |
267 | ``/srv/mediagoblin.example.org/nginx.conf`` and create a symbolic link | |
268 | into a directory that will be included in your ``nginx`` configuration | |
269 | (e.g. "``/etc/nginx/sites-enabled`` or ``/etc/nginx/conf.d``) with | |
076bf0cf | 270 | one of the following commands (as the root user):: |
4e893b6e | 271 | |
076bf0cf WKG |
272 | ln -s /srv/mediagoblin.example.org/nginx.conf /etc/nginx/conf.d/ |
273 | ln -s /srv/mediagoblin.example.org/nginx.conf /etc/nginx/sites-enabled/ | |
4e893b6e | 274 | |
275 | Modify these commands and locations depending on your preferences and | |
276 | the existing configuration of your nginx instance. The contents of | |
076bf0cf WKG |
277 | this ``nginx.conf`` file should be modeled on the following:: |
278 | ||
279 | server { | |
280 | ################################################# | |
281 | # Stock useful config options, but ignore them :) | |
282 | ################################################# | |
283 | include /etc/nginx/mime.types; | |
284 | ||
285 | autoindex off; | |
286 | default_type application/octet-stream; | |
287 | sendfile on; | |
288 | ||
289 | # Gzip | |
290 | gzip on; | |
291 | gzip_min_length 1024; | |
292 | gzip_buffers 4 32k; | |
293 | gzip_types text/plain text/html application/x-javascript text/javascript text/xml text/css; | |
294 | ||
295 | ##################################### | |
296 | # Mounting MediaGoblin stuff | |
297 | # This is the section you should read | |
298 | ##################################### | |
299 | ||
300 | # Change this to update the upload size limit for your users | |
301 | client_max_body_size 8m; | |
302 | ||
a49c741f CAW |
303 | # prevent attacks (someone uploading a .txt file that the browser |
304 | # interprets as an HTML file, etc.) | |
305 | add_header X-Content-Type-Options nosniff; | |
37b48053 | 306 | |
076bf0cf WKG |
307 | server_name mediagoblin.example.org www.mediagoblin.example.org; |
308 | access_log /var/log/nginx/mediagoblin.example.access.log; | |
309 | error_log /var/log/nginx/mediagoblin.example.error.log; | |
310 | ||
311 | # MediaGoblin's stock static files: CSS, JS, etc. | |
312 | location /mgoblin_static/ { | |
313 | alias /srv/mediagoblin.example.org/mediagoblin/mediagoblin/static/; | |
314 | } | |
315 | ||
316 | # Instance specific media: | |
317 | location /mgoblin_media/ { | |
318 | alias /srv/mediagoblin.example.org/mediagoblin/user_dev/media/public/; | |
319 | } | |
320 | ||
8d051cc0 CAW |
321 | # Theme static files (usually symlinked in) |
322 | location /theme_static/ { | |
323 | alias /srv/mediagoblin.example.org/mediagoblin/user_dev/theme_static/; | |
324 | } | |
325 | ||
076bf0cf WKG |
326 | # Mounting MediaGoblin itself via FastCGI. |
327 | location / { | |
328 | fastcgi_pass 127.0.0.1:26543; | |
329 | include /etc/nginx/fastcgi_params; | |
330 | ||
331 | # our understanding vs nginx's handling of script_name vs | |
332 | # path_info don't match :) | |
333 | fastcgi_param PATH_INFO $fastcgi_script_name; | |
334 | fastcgi_param SCRIPT_NAME ""; | |
4e893b6e | 335 | } |
076bf0cf | 336 | } |
4e893b6e | 337 | |
338 | Now, nginx instance is configured to serve the MediaGoblin | |
339 | application. Perform a quick test to ensure that this configuration | |
340 | works. Restart nginx so it picks up your changes, with a command that | |
076bf0cf | 341 | resembles one of the following (as the root user):: |
4e893b6e | 342 | |
076bf0cf WKG |
343 | sudo /etc/init.d/nginx restart |
344 | sudo /etc/rc.d/nginx restart | |
4e893b6e | 345 | |
346 | Now start MediaGoblin. Use the following command sequence as an | |
076bf0cf | 347 | example:: |
4e893b6e | 348 | |
076bf0cf WKG |
349 | cd /srv/mediagoblin.example.org/mediagoblin/ |
350 | ./lazyserver.sh --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=26543 | |
4e893b6e | 351 | |
352 | Visit the site you've set up in your browser by visiting | |
518c5eb3 | 353 | <http://mediagoblin.example.org>. You should see MediaGoblin! |
4e893b6e | 354 | |
4e893b6e | 355 | .. note:: |
356 | ||
a085dda5 | 357 | The configuration described above is sufficient for development and |
358 | smaller deployments. However, for larger production deployments | |
359 | with larger processing requirements, see the | |
360 | ":doc:`production-deployments`" documentation. | |
a7d2a892 ST |
361 | |
362 | ||
363 | Apache | |
364 | ~~~~~~ | |
365 | ||
366 | Instructions and scripts for running MediaGoblin on an Apache server can be found on the `MediaGoblin wiki <http://wiki.mediagoblin.org/Deployment>`_. | |
b835e153 E |
367 | |
368 | ||
369 | Security Considerations | |
370 | ~~~~~~~~~~~~~~~~~~~~~~~ | |
371 | ||
372 | .. warning:: | |
373 | ||
374 | The directory ``user_dev/crypto/`` contains some very | |
375 | sensitive files. | |
376 | Especially the ``itsdangeroussecret.bin`` is very important | |
377 | for session security. Make sure not to leak its contents anywhere. | |
378 | If the contents gets leaked nevertheless, delete your file | |
379 | and restart the server, so that it creates a new secret key. | |
380 | All previous sessions will be invalifated then. |