pig-monkey.com - nginxhttps://pig-monkey.com/2012-12-22T00:00:00-08:00An Ubuntu VPS for Django2011-07-19T00:00:00-07:002012-12-22T00:00:00-08:00Pig Monkeytag:pig-monkey.com,2011-07-19:/2011/07/ubuntu-vps-django/<p>Three years ago I wrote <a href="/2008/06/an-ubuntu-vps-on-slicehost-basic-setup/">a guide to building a VPS web server</a> for serving sites in a PHP environment. That setup served me well for some time, but most of the sites I run now – <a href="/2011/06/move-django/">including this one</a> – are now written in Python. Earlier this year I built another …</p><p>Three years ago I wrote <a href="/2008/06/an-ubuntu-vps-on-slicehost-basic-setup/">a guide to building a VPS web server</a> for serving sites in a PHP environment. That setup served me well for some time, but most of the sites I run now – <a href="/2011/06/move-django/">including this one</a> – are now written in Python. Earlier this year I built another web server to reflect this. It’s similar to before; I still use Ubuntu and I still like to serve pages with nginx. But PHP has been replaced with Python, and many of the packages used to build the environment have changed as a result. As with the last time, I decided to compile my notes into a guide, both for my own reference and in case anyone else would like to duplicate it. So far, the server has proven to be fast and efficient. It serves Python using uWSGI, uses a PostgreSQL database, and includes a simple mail server provided by Postfix. I think it’s a good setup for serving simple Django-based websites.</p>
<h2>Basic Setup</h2>
<p><a href="/2008/06/an-ubuntu-vps-on-slicehost-basic-setup">As with last time</a>, I recommend following <a href="http://articles.slicehost.com/2010/4/30/ubuntu-lucid-setup-part-1">Slicehost’s basic server setup article</a>. It discusses user administration, SSH security, and firewalls. I no longer use Slicehost as my VPS provider, but I find that Slicehost’s articles provide an excellent base regardless of the host.</p>
<h3>Packages</h3>
<p>Packages should upgraded immediately to address any known security vulnerabilities.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo apt-get update
$ sudo apt-get upgrade
</code></pre></div></td></tr></table></div>
<p>After the repositories have been updated, I install some essential packages.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo apt-get install build-essential screen dnsutils
</code></pre></div></td></tr></table></div>
<p><a href="http://packages.ubuntu.com/lucid/build-essential">Build-essential</a> includes necessary tools to compile programs. I am incapable of using a computer that does not have <a href="http://packages.ubuntu.com/lucid/screen">screen</a> on it, so that gets installed too. The third package, <a href="http://packages.ubuntu.com/lucid/dnsutils">dnsutils</a>, is optional, but includes <code>dig</code> which is useful for troubleshooting DNS issues.</p>
<h3>DenyHosts</h3>
<p>Slicehost’s setup article recommends turning off password authentication in SSH, forcing users to login with keys only. I use keys whenever I can, but I appreciate the option of being able to login to my server from any computer, when I may or may not have my SSH key with me. So I leave password authentication enabled. This presents the possibility of brute-force attacks. Enter <a href="http://denyhosts.sourceforge.net/">DenyHosts</a>. DenyHosts, which I have <a href="/2008/10/thoughts-on-ssh-security/">discussed previously</a> attempts to protect against SSH attacks by banning hosts after a certain number of failed login attempts. When password authentication is enabled, running DenyHosts is a smart move.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo apt-get install denyhosts
$ sudo vim /etc/denyhosts.conf
</code></pre></div></td></tr></table></div>
<h3>Personalize the Environment</h3>
<p>I use <code>update-alternatives</code> to set my default editor to <a href="http://www.vim.org">vim</a>.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo update-alternatives --config editor
</code></pre></div></td></tr></table></div>
<p>All of my personal configuration files are kept in a <a href="https://github.com/pigmonkey/dotfiles">github repository</a>. I’ll check out that repository into <code>~/src</code> and install the files.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span>
<span class="normal">11</span>
<span class="normal">12</span></pre></div></td><td class="code"><div><pre><span></span><code>$ mkdir ~/src
$ <span class="nb">cd</span> ~/src
$ sudo apt-get install git-core
$ git clone git://github.com/pigmonkey/dotfiles.git
$ ln -s ~/src/dotfiles/bash_profile ~/.bash_profile
$ ln -s ~/src/dotfiles/bashrc ~/.bashrc
$ ln -s ~/src/dotfiles/bash_aliases ~/.bash_aliases
$ ln -s ~/src/dotfiles/bash_colors ~/.bash_colors
$ ln -s ~/src/dotfiles/vimrc ~/.vimrc
$ ln -s ~/src/dotfiles/vim ~/.vim
$ ln -s ~/src/dotfiles/screenrc ~/.screenrc
$ <span class="nb">source</span> ~/.bash_profile
</code></pre></div></td></tr></table></div>
<h3>Time</h3>
<p>The next step is to set the server’s timezone and sync the clock with <a href="http://www.ntp.org">NTP</a>.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo dpkg-reconfigure tzdata
$ sudo apt-get install ntp
</code></pre></div></td></tr></table></div>
<h3>Rootkits</h3>
<p>There’s no reason not to run both <a href="http://www.chkrootkit.org/">chkrootkit</a> and <a href="http://rkhunter.sourceforge.net">rkhunter</a> to check for rootkits and related vulnerabilities.</p>
<h4>chrkrootkit</h4>
<p>Slicehost has <a href="http://articles.slicehost.com/2010/3/24/scanning-for-rootkits-with-chkrootkit-updated">an excellent article for setting up and using chkrootkit</a>.</p>
<p>Later on I’ll be installing some Python development packages. One of them creates a directory called <code>/usr/lib/pymodules/python2.6/.path</code>, which sets off a warning in chkrootkit. Part of chkrootkit’s desgin philosophy is to not include any whitelists: if chkrootkit finds something that it doesn’t like, you’re going to hear about it. I have cron run chkrootkit nightly and I want to receive any warnings, but I don’t want to receive the same false positive every morning in my inbox.</p>
<p>The solution is to create a file that contains chkrootkit’s warning. I call that file <code>whitelist</code> and store it in the same directory as chkrootkit. When chkrootkit is run, any output is redirected to a file. That file is compared to the whitelist using <code>diff</code> and the output <em>of that</em> – if any – is then read. At the end, the file containing chkrootkit’s output is deleted so that the working directory is ready for the next run. The effect is that I only hear warnings from chkrootkit that I <em>have not explicit whitelisted</em>. All of this can be accomplished in a single crontab entry.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="m">0</span> <span class="m">3</span> * * * <span class="o">(</span><span class="nb">cd</span> /home/demo/src/chkrootkit-0.49<span class="p">;</span> ./chkrootkit -q > message <span class="m">2</span>><span class="p">&</span><span class="m">1</span><span class="p">;</span> diff -w whitelist message<span class="p">;</span> rm -f message<span class="o">)</span>
</code></pre></div></td></tr></table></div>
<h4>rkhunter</h4>
<p>I’m sure it doesn’t surprise you that I’m going to recommend reading Slicehost’s <a href="http://articles.slicehost.com/2010/3/24/scanning-for-rootkits-with-rkhunter-updated">article on rkhunter</a>.</p>
<p>Unlike chkrootkit, rkhunter does allow for whitelists. On a clean Ubuntu 10.04 system, I find that I need to whitelist a few items in the config.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span>
<span class="normal">5</span>
<span class="normal">6</span>
<span class="normal">7</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo vim /etc/rkhunter.conf
<span class="nv">SCRIPTWHITELIST</span><span class="o">=</span><span class="s2">"/usr/sbin/adduser /usr/bin/ldd /bin/which"</span>
<span class="nv">ALLOWHIDDENDIR</span><span class="o">=</span><span class="s2">"/dev/.udev /dev/.initramfs"</span>
<span class="nv">APP_WHITELIST</span><span class="o">=</span><span class="s2">"openssl:0.9.8k gpg:1.4.10"</span>
$ sudo /usr/local/bin/rkhunter --propupd
</code></pre></div></td></tr></table></div>
<p>The script that my cronjob runs is slightly different from the one demonstrated in the Slicehost article. Their script executes a few commands, groups the output together, and sends it to <code>mail</code> to email the system administrator. This results in daily emails, regardless of whether rkhunter finds any warnings or not. My script is simpler and does not result in so many messages.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="ch">#!/bin/sh</span>
/usr/local/bin/rkhunter --versioncheck -q
/usr/local/bin/rkhunter --update -q
/usr/local/bin/rkhunter --cronjob --report-warnings-only
</code></pre></div></td></tr></table></div>
<p>The version check and update commands both have the <code>-q</code> switch, which disables any output – I don’t care to know whether rkhunter updated itself or not. The final line actually executes the scan. Notice that there’s no reference to <code>mail</code>. This script does not send any messages. The reason for that is that rkhunter itself provides the mail functionality. Inside of <code>/etc/rkhunter.conf</code> there is a <code>MAIL-ON-WARNING</code> variable. As long as the machine has an smtp server on it (which I’ll get to later in this guide), simply filling in this variable will result in any warnings being emailed to the system administrator.</p>
<h2>Web Server</h2>
<p>With the basics complete, it’s time to start serving something! In my <a href="/2008/06/an-ubuntu-vps-on-slicehost-web-server/">previous article</a> I covered serving a PHP-based Wordpress site via FastCGI and nginx. This time around the stack will be different: <a href="http://nginx.org/">nginx</a>, <a href="http://projects.unbit.it/uwsgi/">uWSGI</a>, <a href="http://www.python.org/">Python</a>, and <a href="http://www.djangoproject.com/">Django</a>.</p>
<p>A few basic packages will help flesh out the server’s Python development environment:</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo apt-get install python-psycopg2 python-setuptools python2.6-dev psmisc python-imaging locate python-dateutil libxml2-dev python-software-properties
</code></pre></div></td></tr></table></div>
<h3>uWSGI</h3>
<p>Installing <a href="http://projects.unbit.it/uwsgi/">uWSGI</a> is a simple matter of compiling it and moving the resulting binary into one of your system’s bin directories.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span>
<span class="normal">5</span>
<span class="normal">6</span></pre></div></td><td class="code"><div><pre><span></span><code>$ <span class="nb">cd</span> ~/src/
$ wget http://projects.unbit.it/downloads/uwsgi-0.9.8.tar.gz
$ tar xvzf ~/uwsgi-0.9.8.tar.gz
$ <span class="nb">cd</span> uwsgi-0.9.8/
$ make -f Makefile.Py26
$ sudo cp uwsgi /usr/local/sbin
</code></pre></div></td></tr></table></div>
<h3>nginx</h3>
<p>The <a href="http://nginx.org/">nginx</a> package in Ubuntu’s official repositories is always notoriously outdated. It used to be you had to compile the server from source, but there is now an <a href="https://launchpad.net/ubuntu/+ppas">Ubuntu PPA</a> for the latest stable versions. <a href="http://wiki.nginx.org/Install#Ubuntu_PPA">As described by the nginx wiki</a>, all that is needed is to add the PPA to your <code>sources.list</code> and <code>apt-get</code> away!</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo add-apt-repository ppa:nginx/stable
$ sudo apt-get update
$ sudo apt-get install nginx
</code></pre></div></td></tr></table></div>
<h3>Python and Django</h3>
<p>If you do Python development and haven’t heard of <a href="http://pypi.python.org/pypi/virtualenv">virtualenv</a>, it is well worth reading up on. It allows the user to create an isolated, virtual Python environment for each project. This helps immensely when developing (or serving) multiple projects on a single machine. Needless to say, I consider it to be a required package.</p>
<h4>Install</h4>
<p>I’ll be installing virtualenv and <a href="http://www.doughellmann.com/projects/virtualenvwrapper">virtualenvwrapper</a> (a set of scripts to facilitate working with virtual environments). I also prefer <a href="http://pypi.python.org/pypi/pip">pip</a> over <code>easy_install</code> for managing Python packages.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo easy_install -U pip
$ sudo pip install virtualenv
$ sudo pip install virtualenvwrapper
</code></pre></div></td></tr></table></div>
<h4>Setup a virtual environment</h4>
<p>Virtual environments can be stored wherever you fancy. For now, I keep them in a hidden folder in my home directory. For these examples, I’ll setup an environment called <code>myproject</code>.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span></pre></div></td><td class="code"><div><pre><span></span><code>$ mkdir ~/.virtualenvs
$ <span class="nb">cd</span> ~/.virtualenvs
$ virtualenv --no-site-packages --distribute myproject
</code></pre></div></td></tr></table></div>
<p>Notice the <code>--no-site-packages</code> switch. That tells <code>virtualenv</code> to create this environment without any of the Python packages already installed, creating a completely fresh, clean environment. The <code>--distribute</code> switch causes the new virtual environment to be setup with <a href="http://packages.python.org/distribute/">distribute</a>, a replacement for the old and rather broken <a href="http://pypi.python.org/pypi/setuptools">setuptools</a>.</p>
<p>All that’s needed to get <code>virtualenvwrapper</code> up and running is to add two lines to your <code>.bashrc</code> and re-source the file.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span>
<span class="normal">5</span>
<span class="normal">6</span></pre></div></td><td class="code"><div><pre><span></span><code>$ vim ~/.bashrc
<span class="nb">export</span> <span class="nv">WORKON_HOME</span><span class="o">=</span><span class="nv">$HOME</span>/.virtualenvs
<span class="nb">source</span> /usr/local/bin/virtualenvwrapper.sh
$ . ~/.bashrc
</code></pre></div></td></tr></table></div>
<p>We can now use commands like <code>workon</code> to ease the process of activating a certain environment.</p>
<p>I’ll go ahead and install <a href="http://pypi.python.org/pypi/yolk">yolk</a> in the environment to help manage packages.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span></pre></div></td><td class="code"><div><pre><span></span><code>$ workon myproject
$ pip install yolk
$ yolk -l
</code></pre></div></td></tr></table></div>
<p>The last command will cause <code>yolk</code> to list all packages installed in the environment. Try deactivating the environment and then running <code>yolk</code> again.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span></pre></div></td><td class="code"><div><pre><span></span><code>$ deactivate
$ yolk -l
yolk: <span class="nb">command</span> not found
</code></pre></div></td></tr></table></div>
<p>‘yolk’ wasn’t found, because it was only installed within the virtual environment. Neat!</p>
<h4>Install Django</h4>
<p>Finally, it’s time to install Django! The process is simple enough.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><code>$ workon myproject
$ pip install django
</code></pre></div></td></tr></table></div>
<p>And that’s it!</p>
<p>The <a href="http://www.pythonware.com/products/pil/">Python Imaging Library</a> is likely to be needed for any Django project. I installed it in the beginning of this section, but because I used the <code>--no-site-packages</code> when creating my virtual environment, it is not available for use within the project. To fix that, I’ll just link the package in. I also previously installed <a href="http://initd.org/psycopg/">psyopg2</a>, which Python will need to communicate with my PostgreSQL database, so I’ll link that in as well. <code>psyopg2</code> depends on <a href="http://www.egenix.com/products/python/mxBase/">mx</a>, which was also previously installed but still must be made available in the environment.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span>
<span class="normal">5</span></pre></div></td><td class="code"><div><pre><span></span><code>$ cdsitepackages
$ ln -s /usr/lib/python2.6/dist-packages/PIL
$ ln -s /usr/lib/python2.6/dist-packages/PIL.pth
$ ln -s /usr/lib/python2.6/dist-packages/psycopg2
$ ln -s /usr/lib/python2.6/dist-packages/mx
</code></pre></div></td></tr></table></div>
<p>That wasn’t too painful!</p>
<h4>Create a Django project</h4>
<p>While I’m still in the virtual environment, I’ll go ahead and create a new Django project. The project will have the same name as the environment: <code>myproject</code>. For this tutorial, I’ll stick with the precedence set by the Slicehost tutorials and use <code>demo</code> as the name of both my user and group on the server.</p>
<p>I like to keep my sites in the <code>/srv/</code> directory. I structure them so that the code that runs the site, any public files, logs, and backups are all stored in separate sub-directories.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span>
<span class="normal">5</span>
<span class="normal">6</span>
<span class="normal">7</span>
<span class="normal">8</span>
<span class="normal">9</span></pre></div></td><td class="code"><div><pre><span></span><code>$ <span class="nb">cd</span> /srv/
$ sudo mkdir -p myproject.com/<span class="o">{</span>code,public,logs,backup<span class="o">}</span>
$ sudo mkdir -p myproject.com/public/<span class="o">{</span>media,static<span class="o">}</span>
$ sudo chown -R demo:demo myproject.com
$ <span class="nb">cd</span> myproject.com
$ sudo chown -R :www-data logs public
$ sudo chmod -R g+w logs public
$ <span class="nb">cd</span> code/
$ django-admin.py startproject myproject
</code></pre></div></td></tr></table></div>
<p>Notice that the <code>logs</code> and <code>public</code> directories were <code>chown</code>ed to the www-data group. That is the name of the user and group that nginx will run as. The web server will need permissions to write to those locations.</p>
<h4>Save Requirements</h4>
<p>With the environment setup and all the necessary packages installed, now is a good time to tell pip to <a href="http://www.pip-installer.org/en/latest/#freezing-requirements">freeze</a> all the packages and their versions. I keep this file in a <code>deploy</code> folder in my project.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><code>$ mkdir /srv/myproject.com/code/deploy
$ pip freeze > /srv/myproject.com/code/deploy/requirements.txt
</code></pre></div></td></tr></table></div>
<p>Now, if I needed to recreate the virtual environment somewhere else, I could just tell pip to install all the packages from that file.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ pip install -r /srv/myproject.com/code/deploy/requirements.txt
</code></pre></div></td></tr></table></div>
<h3>Configure uWSGI</h3>
<p>Now that I have something to serve, I’ll configure uWSGI to serve it. The first step is to create a configuration file for the project. I call mine <code>wsgi.py</code> and store it in <code>/srv/myproject.com/code/myproject/</code>. It appends the current directory to the Python path, specifies the Django settings file for the project, and registers the WSGI handler.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span>
<span class="normal">5</span>
<span class="normal">6</span>
<span class="normal">7</span>
<span class="normal">8</span>
<span class="normal">9</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="kn">import</span> <span class="nn">sys</span>
<span class="kn">import</span> <span class="nn">os</span>
<span class="n">sys</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">abspath</span><span class="p">(</span><span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">dirname</span><span class="p">(</span><span class="vm">__file__</span><span class="p">)))</span>
<span class="n">os</span><span class="o">.</span><span class="n">environ</span><span class="p">[</span><span class="s1">'DJANGO_SETTINGS_MODULE'</span><span class="p">]</span> <span class="o">=</span> <span class="s1">'myproject.settings'</span>
<span class="kn">import</span> <span class="nn">django.core.handlers.wsgi</span>
<span class="n">application</span> <span class="o">=</span> <span class="n">django</span><span class="o">.</span><span class="n">core</span><span class="o">.</span><span class="n">handlers</span><span class="o">.</span><span class="n">wsgi</span><span class="o">.</span><span class="n">WSGIHandler</span><span class="p">()</span>
</code></pre></div></td></tr></table></div>
<p>With that done, the next step is to decide how uWSGI should be run. I’m going to use Ubuntu’s <a href="http://upstart.ubuntu.com/">upstart</a> to supervise the service. I keep the upstart script in my project’s <code>deploy/</code> directory.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span>
<span class="normal">11</span>
<span class="normal">12</span>
<span class="normal">13</span>
<span class="normal">14</span>
<span class="normal">15</span>
<span class="normal">16</span>
<span class="normal">17</span>
<span class="normal">18</span></pre></div></td><td class="code"><div><pre><span></span><code>$ vim /srv/myproject.com/code/deploy/uwsgi.conf
description <span class="s2">"uWSGI server for My Project"</span>
start on runlevel <span class="o">[</span><span class="m">2345</span><span class="o">]</span>
stop on runlevel <span class="o">[</span>!2345<span class="o">]</span>
respawn
<span class="nb">exec</span> /usr/local/sbin/uwsgi <span class="se">\</span>
--home /home/demo/.virtualenvs/myproject/ <span class="se">\</span>
--socket /var/run/myproject.com.sock <span class="se">\</span>
--chmod-socket <span class="se">\</span>
--pythonpath /srv/myproject.com/code/ <span class="se">\</span>
--module myproject.wsgi <span class="se">\</span>
--process <span class="m">2</span> <span class="se">\</span>
--harakiri <span class="m">30</span> <span class="se">\</span>
--master <span class="se">\</span>
--logto /srv/myproject.com/logs/uwsgi.log
</code></pre></div></td></tr></table></div>
<p>Sadly, upstart doesn’t seem to recognize links. Rather than linking the config file into <code>/etc/init/</code>, I have to copy it.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo cp /srv/myproject.com/code/deploy/uwsgi.conf /etc/init/uwsgi-myproject.conf
</code></pre></div></td></tr></table></div>
<h3>Configure nginx</h3>
<p>Nginx’s configuration is pretty straight-forward. If you’ve never configured the server before, <a href="http://articles.slicehost.com/nginx">Slicehost’s articles</a> can set you down the right path. My own nginx config looks something like this:</p>
<div class="highlight"><pre><span></span><code><span class="n">user</span><span class="w"> </span><span class="n">www</span><span class="o">-</span><span class="n">data</span><span class="w"> </span><span class="n">www</span><span class="o">-</span><span class="n">data</span><span class="p">;</span><span class="w"></span>
<span class="n">worker_processes</span><span class="w"> </span><span class="mi">4</span><span class="p">;</span><span class="w"></span>
<span class="n">pid</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">run</span><span class="o">/</span><span class="n">nginx</span><span class="o">.</span><span class="n">pid</span><span class="p">;</span><span class="w"></span>
<span class="n">events</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">worker_connections</span><span class="w"> </span><span class="mi">768</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">use</span><span class="w"> </span><span class="n">epoll</span><span class="p">;</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<span class="n">http</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="c1">##</span><span class="w"></span>
<span class="w"> </span><span class="c1"># Basic Settings</span><span class="w"></span>
<span class="w"> </span><span class="c1">##</span><span class="w"></span>
<span class="w"> </span><span class="n">sendfile</span><span class="w"> </span><span class="n">on</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">tcp_nopush</span><span class="w"> </span><span class="n">on</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">tcp_nodelay</span><span class="w"> </span><span class="n">on</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">keepalive_timeout</span><span class="w"> </span><span class="mi">30</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">types_hash_max_size</span><span class="w"> </span><span class="mi">2048</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="c1"># server_tokens off;</span><span class="w"></span>
<span class="w"> </span><span class="c1"># server_names_hash_bucket_size 64;</span><span class="w"></span>
<span class="w"> </span><span class="c1"># server_name_in_redirect off;</span><span class="w"></span>
<span class="w"> </span><span class="n">include</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">mime</span><span class="o">.</span><span class="n">types</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">default_type</span><span class="w"> </span><span class="n">application</span><span class="o">/</span><span class="n">octet</span><span class="o">-</span><span class="n">stream</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="c1">##</span><span class="w"></span>
<span class="w"> </span><span class="c1"># Logging Settings</span><span class="w"></span>
<span class="w"> </span><span class="c1">##</span><span class="w"></span>
<span class="w"> </span><span class="n">access_log</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="nb">log</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">access</span><span class="o">.</span><span class="n">log</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">error_log</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="nb">log</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">error</span><span class="o">.</span><span class="n">log</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="c1">##</span><span class="w"></span>
<span class="w"> </span><span class="c1"># Gzip Settings</span><span class="w"></span>
<span class="w"> </span><span class="c1">##</span><span class="w"></span>
<span class="w"> </span><span class="n">gzip</span><span class="w"> </span><span class="n">on</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">gzip_disable</span><span class="w"> </span><span class="s2">"msie6"</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">gzip_types</span><span class="w"> </span><span class="n">text</span><span class="o">/</span><span class="n">plain</span><span class="w"> </span><span class="n">text</span><span class="o">/</span><span class="n">css</span><span class="w"> </span><span class="n">application</span><span class="o">/</span><span class="n">json</span><span class="w"> </span><span class="n">application</span><span class="o">/</span><span class="n">x</span><span class="o">-</span><span class="n">javascript</span><span class="w"> </span><span class="n">text</span><span class="o">/</span><span class="n">xml</span><span class="w"> </span><span class="n">application</span><span class="o">/</span><span class="n">xml</span><span class="w"> </span><span class="n">application</span><span class="o">/</span><span class="n">xml</span><span class="o">+</span><span class="n">rss</span><span class="w"> </span><span class="n">text</span><span class="o">/</span><span class="n">javascript</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">gzip_proxied</span><span class="w"> </span><span class="n">any</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">gzip_comp_level</span><span class="w"> </span><span class="mi">2</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="c1"># gzip_vary on;</span><span class="w"></span>
<span class="w"> </span><span class="c1"># gzip_buffers 16 8k;</span><span class="w"></span>
<span class="w"> </span><span class="c1"># gzip_http_version 1.1;</span><span class="w"></span>
<span class="w"> </span><span class="c1">##</span><span class="w"></span>
<span class="w"> </span><span class="c1"># Virtual Host Configs</span><span class="w"></span>
<span class="w"> </span><span class="c1">##</span><span class="w"></span>
<span class="w"> </span><span class="n">include</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">conf</span><span class="o">.</span><span class="n">d</span><span class="o">/*.</span><span class="n">conf</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">include</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">sites</span><span class="o">-</span><span class="n">enabled</span><span class="o">/*</span><span class="p">;</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
</code></pre></div>
<p>I keep the virtual host config for my project inside the project’s <code>code/deploy/</code> directory. A basic virtual host for a Django project would looks like this:</p>
<div class="highlight"><pre><span></span><code><span class="n">server</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">listen</span><span class="w"> </span><span class="mi">80</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">server_name</span><span class="w"> </span><span class="n">www</span><span class="o">.</span><span class="n">myproject</span><span class="o">.</span><span class="n">com</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">rewrite</span><span class="w"> </span><span class="o">^/</span><span class="p">(</span><span class="o">.*</span><span class="p">)</span><span class="w"> </span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">myproject</span><span class="o">.</span><span class="n">com</span><span class="o">/$</span><span class="mi">1</span><span class="w"> </span><span class="n">permanent</span><span class="p">;</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
<span class="n">server</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">listen</span><span class="w"> </span><span class="mi">80</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">server_name</span><span class="w"> </span><span class="n">myproject</span><span class="o">.</span><span class="n">com</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">access_log</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">myproject</span><span class="o">.</span><span class="n">com</span><span class="o">/</span><span class="n">logs</span><span class="o">/</span><span class="n">access</span><span class="o">.</span><span class="n">log</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">error_log</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">myproject</span><span class="o">.</span><span class="n">com</span><span class="o">/</span><span class="n">logs</span><span class="o">/</span><span class="n">error</span><span class="o">.</span><span class="n">log</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">location</span><span class="w"> </span><span class="o">/</span><span class="n">media</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">myproject</span><span class="o">.</span><span class="n">com</span><span class="o">/</span><span class="n">public</span><span class="o">/</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="p">}</span><span class="w"></span>
<span class="w"> </span><span class="n">location</span><span class="w"> </span><span class="o">/</span><span class="k">static</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="o">/</span><span class="n">srv</span><span class="o">/</span><span class="n">myproject</span><span class="o">.</span><span class="n">com</span><span class="o">/</span><span class="n">public</span><span class="o">/</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="p">}</span><span class="w"></span>
<span class="w"> </span><span class="n">location</span><span class="w"> </span><span class="o">/</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="n">uwsgi_pass</span><span class="w"> </span><span class="n">unix</span><span class="p">:</span><span class="o">///</span><span class="k">var</span><span class="o">/</span><span class="n">run</span><span class="o">/</span><span class="n">myproject</span><span class="o">.</span><span class="n">com</span><span class="o">.</span><span class="n">sock</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="n">include</span><span class="w"> </span><span class="n">uwsgi_params</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="p">}</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
</code></pre></div>
<p>To install and enable the virtual host, I’ll link the configuration file first to the nginx <code>sites-available</code> directory, and then link that link to the <code>sites-enabled</code> directory.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo ln -s /srv/myproject.com/code/deploy/nginx.conf /etc/nginx/sites-available/myproject.com
$ sudo ln -s /etc/nginx/sites-available/myproject.com /etc/nginx/sites-enabled/myproject.com
</code></pre></div></td></tr></table></div>
<h3>SSL</h3>
<p>If you need to encrypt communications, <a href="http://library.linode.com/web-servers/nginx/configuration/ssl">Linode has a tutorial</a> on using both self-signed certificates and commercial certificates with nginx.</p>
<h3>Fire it Up</h3>
<p>Nginx should be set to talk to uWSGI, which should be set to talk to the Django project. Time for a test run!</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo start uwsgi-myproject
$ sudo /etc/init.d/nginx start
</code></pre></div></td></tr></table></div>
<h3>memcached</h3>
<p>Django has a very good built-in <a href="https://docs.djangoproject.com/en/dev/topics/cache/">cache framework</a>. I like to take advantage of it with a memory-based backend: namely, <a href="http://memcached.org/">memcached</a>. It’s fast, efficient, and easy to setup.</p>
<p>All that’s needed is to install memcached on the server, followed by the Python API <a href="http://www.tummy.com/Community/software/python-memcached/">python-memcached</a>. </p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo apt-get install memcached
$ workon myproject
$ pip install python-memcached
</code></pre></div></td></tr></table></div>
<p>The default configuration file in Ubuntu lives at <code>/etc/memcached.conf</code>. I usually stick with the defaults, but sometimes end up changing the port that memchached runs on or the amount of memory it is allowed to use.</p>
<h3>logrotate</h3>
<p>With the web server more-or-less complete, I like to setup logrotate to manage the logs in my project’s directory. Once again, Slicehost has <a href="http://articles.slicehost.com/2010/6/30/understanding-logrotate-on-ubuntu-part-1">an excellent introduction to logrotate</a> and <a href="http://articles.slicehost.com/2010/6/30/understanding-logrotate-on-ubuntu-part-2">an example config for virtual hosts</a>.</p>
<p>I maintain a configuration file for each of the domains being served by the machine. The file for a domain lives in – you guessed it – the associated project’s <code>deploy/</code> folder. Each contains two entries: one for the nginx virtual host and one for the uWSGI instance. The reason for this is that each config block needs a <code>postrotate</code> section to restart the associated server after the logs have been rotated. I don’t want nginx to be restarted everytime a uWSGI log is rotated, and I don’t want uWSGI restarted everytime an nginx log is rotated.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span>
<span class="normal">11</span>
<span class="normal">12</span>
<span class="normal">13</span>
<span class="normal">14</span>
<span class="normal">15</span>
<span class="normal">16</span>
<span class="normal">17</span>
<span class="normal">18</span>
<span class="normal">19</span>
<span class="normal">20</span>
<span class="normal">21</span>
<span class="normal">22</span></pre></div></td><td class="code"><div><pre><span></span><code>$ vim /srv/myproject.com/code/deploy/logrotate
/srv/myproject.com/logs/access.log /srv/myproject.com/logs/error.log <span class="o">{</span>
rotate <span class="m">14</span>
daily
compress
delaycompress
sharedscripts
postrotate
<span class="o">[</span> ! -f /var/run/nginx.pid <span class="o">]</span> <span class="o">||</span> <span class="nb">kill</span> -USR1 <span class="sb">`</span>cat /var/run/nginx.pid<span class="sb">`</span>
endscript
<span class="o">}</span>
/srv/myproject.com/logs/uwsgi.log <span class="o">{</span>
rotate <span class="m">14</span>
daily
compress
delaycompress
postrotate
restart --quiet uwsgi-myproject
endscript
<span class="o">}</span>
</code></pre></div></td></tr></table></div>
<p>This file is linked in to the <code>/etc/logrotate.d/</code> directory. Logrotate will automatically include any file in that directory inside its configuration.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo ln -s /srv/myproject.com/code/deploy/logrotate /etc/logrotate.d/myproject
</code></pre></div></td></tr></table></div>
<h2>Database Server</h2>
<p>A web server isn’t much use without a database these days. I use <a href="http://www.postgresql.org/">PostgreSQL</a>.</p>
<h3>Install</h3>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo apt-get install postgresql
</code></pre></div></td></tr></table></div>
<h3>Configure</h3>
<p>PostgreSQL has some unique terminology and ways of doing things. When I first set it up for the first time, having coming from a MySQL background, not everything was completely straightforward. As usual, <a href="http://articles.slicehost.com/postgresql">Slicehost has a number of articles</a> that will provide a foundation.</p>
<p>In the <code>/etc/postgresql/8.4/main/postgresql.conf</code> file, I uncomment the following two lines:</p>
<div class="highlight"><pre><span></span><code>track_counts = on
autovacuum = on
</code></pre></div>
<p>Then restart the database server.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo /etc/init.d/postgresql-8.4 restart
</code></pre></div></td></tr></table></div>
<p>After that I’ll change the password for the postgres user and the postgres database role.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo passwd postgres
$ sudo -u postgres psql
<span class="se">\p</span>assword postgres
<span class="se">\q</span>
</code></pre></div></td></tr></table></div>
<p>To allow local socket connections to the database using passwords, I open up <code>/etc/postgresql/8.4/main/pg_hba.conf</code> and find the following line:</p>
<div class="highlight"><pre><span></span><code>local all all ident
</code></pre></div>
<p>Which I then change to:</p>
<div class="highlight"><pre><span></span><code>local all all md5
</code></pre></div>
<p>After which another restart is in order.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo /etc/init.d/postgresql-8.4 restart
</code></pre></div></td></tr></table></div>
<h3>Create a database</h3>
<p>The next step is to create a user (or role, in PostgreSQL’s parlance) and database for the project. I use the same name for both.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo -u postgres createuser -PE myproject
$ sudo -u postgres createdb -O myproject myproject
</code></pre></div></td></tr></table></div>
<p>After that, I should be able to connect.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ psql -U myproject
</code></pre></div></td></tr></table></div>
<h4>Import the Database</h4>
<p>If I’m restoring a previous database from a backup, now would be the time to import the backup.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ psql -U myproject < myproject.postgresql
</code></pre></div></td></tr></table></div>
<p>And now Django should be able to connect!</p>
<p>The basic server is setup and secure. Django, uWSGI, nginx and PostgreSQL are all running and getting along swimmingly. At this point, many people would be done, but I also like to have a minimal mail server.</p>
<h2>Mail Server</h2>
<p>Most of my domains use <a href="http://www.google.com/apps/">Google Apps</a>, so I don’t need a full-blown mail server. I do want programs and scripts to be able to send mail, and I prefer not to do so through an external SMTP server – I’d rather just deal with having sendmail running on my own box. And I do have a few domains that do not use Google Apps. They have one or two aliases associated with them, so the server needs to receive messages for those domains and forward them off to an external address. If any of this sounds vaguely familiar, it’s because it’s the same thing I detailed <a href="/2008/06/an-ubuntu-vps-on-slicehost-mail/">last time</a>. My setup now is the same as then, so I won’t repeat any of it here.</p>
<p>For a more detailed explanation of running <a href="http://www.postfix.org/">Postfix</a>, you can <a href="http://articles.slicehost.com/email">read the Slicehost articles</a>.</p>
<h2>A Note on Git</h2>
<p>I use <a href="http://git-scm.com/">Git</a> to keep track of the code for all my projects. (If you’re new to Git, you ought to skim the <a href="http://gitref.org/">Git Reference</a> or <a href="https://mirrors.edge.kernel.org/pub/software/scm/git/docs/giteveryday.html">Everyday GIT With 20 Commands Or So</a>). To manage websites, I create a repository of the directory with the code that runs the site (in this case, <code>/srv/myproject.com/code/</code>) and another empty, bare repository to work as a hub. With a <code>post-update</code> and <code>post-commit</code>, the end result is an excellent web workflow:</p>
<ul>
<li>A copy of the hub can be checked out on a local machine for development. Whenever a change is committed, a simple <code>git push</code> will push the code to the web server and automatically make it live.</li>
<li>Changes can be made on the server in the actual live website directory. (This is not a best practice, but I do it more often than I should probably admit.) Whenever a change is committed, it is automatically pushed to the hub, so that a simple <code>git pull</code> is all that’s needed on the development machine to update its repository.</li>
</ul>
<p>A more detailed explanation of this workflow is at <a href="http://joemaller.com/990/a-web-focused-git-workflow/">Joe Maller’s blog</a>.</p>
<p>To start, I need to create a repository for the new project I created in this tutorial. And, since this is a new server, I need to give Git my name and email address to record with every commit.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span></pre></div></td><td class="code"><div><pre><span></span><code>$ git config --global user.name <span class="s2">"Pig Monkey"</span>
$ git config --global user.email <span class="s2">"pm@pig-monkey.com"</span>
$ <span class="nb">cd</span> /srv/myproject.com/code/
$ git init
</code></pre></div></td></tr></table></div>
<p>Before adding the files, I create a <code>.gitignore</code> file in the repository root to tell Git to ignore compiled Python files.</p>
<div class="highlight"><pre><span></span><code>$ vim .gitignore
*.pyc
</code></pre></div>
<p>Now I add all the files to the repository, confirm that it worked, and commit the files.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span></pre></div></td><td class="code"><div><pre><span></span><code>$ git add .
$ git status -s
$ git commit -m <span class="s2">"Initial commit of myproject.com"</span>
</code></pre></div></td></tr></table></div>
<p>I create the bare hub directory directly along side the projects <code>code/</code>.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span></pre></div></td><td class="code"><div><pre><span></span><code>$ <span class="nb">cd</span> ../
$ mkdir hub.git
$ <span class="nb">cd</span> hub.git
$ git --bare init
</code></pre></div></td></tr></table></div>
<p>With the hub created, I need to add it as the remote for the main repository and push the master branch to it.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span></pre></div></td><td class="code"><div><pre><span></span><code>$ <span class="nb">cd</span> ../code
$ git remote add hub /srv/myproject.com/hub.git
$ git remote show hub
$ git push hub master
</code></pre></div></td></tr></table></div>
<p>Now the hub needs a <code>post-update</code> script so that every time something is pushed to it, that change is automagically pulled into the live website directory.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span>
<span class="normal">11</span>
<span class="normal">12</span>
<span class="normal">13</span>
<span class="normal">14</span></pre></div></td><td class="code"><div><pre><span></span><code>$ vim /srv/myproject.com/hub.git/hooks/post-update
<span class="c1">#!/bin/sh</span>
<span class="nb">echo</span>
<span class="nb">echo</span> <span class="s2">"**** Pulling changes into live"</span>
<span class="nb">echo</span>
<span class="nb">cd</span> /srv/myproject.com/code <span class="o">||</span> <span class="nb">exit</span>
<span class="nb">unset</span> GIT_DIR
git pull hub master
<span class="nb">exec</span> git-update-server-info
$ chmod +x /srv/myproject.com/hub.git/hooks/post-update
</code></pre></div></td></tr></table></div>
<p>And the live website directory requires a <code>post-commit</code> script so that every time something is committed inside of it, that change is automagically pushed to the hub.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span></pre></div></td><td class="code"><div><pre><span></span><code>$ vim /srv/myproject.com/code/.git/hooks/post-commit
<span class="c1">#!/bin/sh</span>
<span class="nb">echo</span>
<span class="nb">echo</span> <span class="s2">"**** pushing changes to Hub"</span>
<span class="nb">echo</span>
git push hub
$ chmod +x /srv/myproject.com/code/.git/hooks/post-commit
</code></pre></div></td></tr></table></div>
<p>All that’s left is to check out the hub onto the development machine – my laptop, in this case!</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span></pre></div></td><td class="code"><div><pre><span></span><code>$ mkdir ~/work/myproject/
$ <span class="nb">cd</span> ~/work/myproject/
$ git clone ssh://myserver.com/srv/myproject.com/hub.git code
</code></pre></div></td></tr></table></div>
<p>To test things out, we can add a file to the repository on the development machine.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span>
<span class="normal">5</span></pre></div></td><td class="code"><div><pre><span></span><code>$ <span class="nb">cd</span> code/
$ touch <span class="nb">test</span>
$ git add <span class="nb">test</span>
$ git commit -m <span class="s2">"A test"</span>
$ git push
</code></pre></div></td></tr></table></div>
<p>Now go back to the server, and the file should be there! To test things the other way around, I’ll delete the file from the live repository.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span>
<span class="normal">5</span></pre></div></td><td class="code"><div><pre><span></span><code>$ <span class="nb">cd</span> /srv/myproject.com/code/
$ ls
myproject <span class="nb">test</span>
$ git rm <span class="nb">test</span>
$ git commit -m <span class="s2">"Removing the test file"</span>
</code></pre></div></td></tr></table></div>
<p>And once again to the development machine:</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span></pre></div></td><td class="code"><div><pre><span></span><code>$ git pull
$ ls
deploy myproject
</code></pre></div></td></tr></table></div>
<p>No more test! It’s pretty dandy.</p>
<h3>Restoring</h3>
<p>If I was building a new server and restoring a project from an old server, I would simply mirror the old hub and then clone that in the live directory.</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span></pre></div></td><td class="code"><div><pre><span></span><code>$ <span class="nb">cd</span> /srv/myproject.com/
$ git clone --mirror ssh://myoldserver.com/srv/myproject.com/hub.git
$ git clone hub.git code/
</code></pre></div></td></tr></table></div>
<h2>Resources</h2>
<p>Prior to building this server, I was new to a lot of this – particularly, uWSGI and virtualenv. The following tutorials helped me a good deal in putting together the perfect setup for my needs.</p>
<ul>
<li><a href="http://iamzed.com/2009/05/07/a-primer-on-virtualenv/">A Primer on virtualenv</a> by Chris Scott</li>
<li><a href="http://joemaller.com/990/a-web-focused-git-workflow/">A web-focused Git workflow</a> by Joe Maller</li>
<li><a href="http://blog.zacharyvoase.com/2010/03/05/django-uwsgi-nginx/">Deployment with uWSGI and nginx</a> by Zachary Voase</li>
<li><a href="http://brandonkonkle.com/blog/2010/sep/14/django-uwsgi-and-nginx/">Django on uWSGI and Nginx</a> by Brandon Konkle</li>
<li><a href="http://www.jeremybowers.com/blog/post/5/django-nginx-and-uwsgi-production-serving-millions-page-views/">Django, Nginx and uWSGI in production</a> by Jeremy Bowers</li>
<li><a href="http://www.saltycrane.com/blog/2009/05/notes-using-pip-and-virtualenv-django/">Notes on using pip and virtualenv with Django</a> by Eliot</li>
<li><a href="http://mathematism.com/2009/07/30/presentation-pip-and-virtualenv/">Presentation: pip and virtualenv</a> by Rich Leland</li>
<li><a href="http://brandonkonkle.com/blog/2010/jun/25/provisioning-new-ubuntu-server-django/">Provisioning a new Ubuntu server for Django</a> by Brandon Konkle</li>
<li><a href="http://www.westphahl.net/blog/2010/4/8/running-django-nginx-and-uwsgi/">Running Django with Nginx and uWSGI</a> by Simon Westphahl</li>
<li><a href="http://www.doughellmann.com/docs/virtualenvwrapper/command_ref.html">virtualenvwrapper Command Reference</a></li>
<li><a href="http://www.arthurkoziel.com/2008/10/22/working-virtualenv/">Working with virtualenv</a> by Arthur Koziel</li>
</ul>An Ubuntu VPS on Slicehost: Web Server2008-06-10T00:00:00-07:002012-12-22T00:00:00-08:00Pig Monkeytag:pig-monkey.com,2008-06-10:/2008/06/an-ubuntu-vps-on-slicehost-web-server/<p><em>As <a href="http://pig-monkey.com/2008/06/09/a-move-to-slicehost/">mentioned previously</a>, I’ve recently moved this domain over to <a href="http://www.slicehost.com/">Slicehost</a>. What follows is Part Two of a guide, compiled from my notes, to setting up an Ubuntu Hardy VPS. See also <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-basic-setup">Part One</a>, <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-mail">Part Three</a>, <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-wordpress">Part Four</a>.</em></p>
<p>Now we’ve got a properly configured, but idle, box. Let …</p><p><em>As <a href="http://pig-monkey.com/2008/06/09/a-move-to-slicehost/">mentioned previously</a>, I’ve recently moved this domain over to <a href="http://www.slicehost.com/">Slicehost</a>. What follows is Part Two of a guide, compiled from my notes, to setting up an Ubuntu Hardy VPS. See also <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-basic-setup">Part One</a>, <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-mail">Part Three</a>, <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-wordpress">Part Four</a>.</em></p>
<p>Now we’ve got a properly configured, but idle, box. Let’s do something with it.</p>
<p><a href="http://nginx.net/">Nginx</a> is a small, lightweight web server that’s all the rage on some small corners of the Net. <a href="http://www.apache.org/">Apache</a> is extremely overkill for a small personal web server like this and, since we’re limited to 256MB of RAM on this VPS, it quickly becomes a resource hog. <a href="http://www.lighttpd.net/">Lighttpd</a> is another small, lightweight web server, but I’m a fan of Nginx. Try it out.</p>
<!--more-->
<p>First, we need to install the web server. Nginx is now in Ubuntu’s repositories:</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo aptitude install nginx
</code></pre></div></td></tr></table></div>
<p>That’s all it takes in Hardy, but if you really want a guide for it, <a href="http://articles.slicehost.com/2008/5/13/ubuntu-hardy-installing-nginx-via-aptitude">Slicehost has you covered</a>.</p>
<p>Slicehost has a few more useful guides to Nginx, including introductions to the config layout and how to get started with vhosts:</p>
<ul>
<li><a href="http://articles.slicehost.com/2008/5/15/ubuntu-hardy-nginx-configuration">Nginx configuration</a></li>
<li><a href="http://articles.slicehost.com/2008/5/16/ubuntu-hardy-nginx-virtual-hosts">Nginx Virtual Hosts</a></li>
<li><a href="http://articles.slicehost.com/2008/5/16/ubuntu-hardy-nginx-virtual-host-settings">Nginx virtual host settings</a></li>
</ul>
<p>Next up, we’ll need to install MySQL and PHP, and get them working with Nginx.</p>
<p>Slicehost has a guide for <a href="http://articles.slicehost.com/2007/11/23/ubuntu-gutsy-mysql-and-ror">installing MySQL and Ruby on Rails</a>, which also includes suggestions on optimizing MySQL. I follow the MySQL part of the guide, stopping at “Ruby on Rails install”.</p>
<p>Now MySQL is working, lets install PHP:</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo aptitude install php5-common php5-cgi php5-mysql php5-cli
</code></pre></div></td></tr></table></div>
<p>To get PHP as FastCGI working with Nginx, we first have to spawn the fcgi process. There are a few different ways to do that. Personally, I use the <code>spawn-fcgi</code> app from <a href="http://www.lighttpd.net/">lighttpd</a>. To use it, we’ll compile and make lighttpd, but <strong>not</strong> install it. We’re only after one binary.</p>
<p>Lighttpd has a few extra requirements, so let’s install those:</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo aptitude install libpcre3-dev libbz2-dev
</code></pre></div></td></tr></table></div>
<p>Now, download the source and compile lighttpd. Then copy the <code>spawn-fcgi</code> binary to <code>/usr/bin/</code>:</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span>
<span class="normal">5</span>
<span class="normal">6</span></pre></div></td><td class="code"><div><pre><span></span><code>$ wget http://www.lighttpd.net/download/lighttpd-1.4.19.tar.gz
$ tar xvzf lighttpd-1.4.19.tar.gz
$ <span class="nb">cd</span> lighttpd-1.4.19
$ ./configure
$ make
$ sudo cp src/spawn-fcgi /usr/bin/spawn-fcgi
</code></pre></div></td></tr></table></div>
<p>Then, create a script to launch spawn-fci (I call it <code>/usr/bin/php5-fastcgi</code>):</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="ch">#!/bin/sh</span>
/usr/bin/spawn-fcgi -a <span class="m">127</span>.0.0.1 -p <span class="m">9000</span> -u www-data -C <span class="m">2</span> -f /usr/bin/php5-cgi
</code></pre></div></td></tr></table></div>
<p>The script tells spawn-fcgi to launch a fastcgi process, listening on 127.0.01:9000, owned by the web user, with only 2 child processes. You may want more child processes, but I’ve found 2 to be optimal.</p>
<p>Give the script permissions:</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo chmod +x /usr/bin/php5-fastcgi
</code></pre></div></td></tr></table></div>
<p>I then link the script filename to a version-neutral, err, version:</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo ln -s /usr/bin/php5-fastcgi /usr/bin/php-fastcgi
</code></pre></div></td></tr></table></div>
<p>Now we need an init script to start the process at boot. I use <a href="http://www.howtoforge.com/nginx_php5_fast_cgi_xcache_ubuntu7.04">this one from HowToForge</a>, named <code>/etc/init.d/fastcgi</code>:</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span>
<span class="normal">11</span>
<span class="normal">12</span>
<span class="normal">13</span>
<span class="normal">14</span>
<span class="normal">15</span>
<span class="normal">16</span>
<span class="normal">17</span>
<span class="normal">18</span>
<span class="normal">19</span>
<span class="normal">20</span>
<span class="normal">21</span>
<span class="normal">22</span>
<span class="normal">23</span>
<span class="normal">24</span>
<span class="normal">25</span>
<span class="normal">26</span></pre></div></td><td class="code"><div><pre><span></span><code><span class="ch">#!/bin/bash</span>
<span class="nv">PHP_SCRIPT</span><span class="o">=</span>/usr/bin/php-fastcgi
<span class="nv">RETVAL</span><span class="o">=</span><span class="m">0</span>
<span class="k">case</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="k">in</span>
start<span class="o">)</span>
<span class="nb">echo</span> <span class="s2">"Starting fastcgi"</span>
<span class="nv">$PHP_SCRIPT</span>
<span class="nv">RETVAL</span><span class="o">=</span><span class="nv">$?</span>
<span class="p">;;</span>
stop<span class="o">)</span>
<span class="nb">echo</span> <span class="s2">"Stopping fastcgi"</span>
killall -9 php5-cgi
<span class="nv">RETVAL</span><span class="o">=</span><span class="nv">$?</span>
<span class="p">;;</span>
restart<span class="o">)</span>
<span class="nb">echo</span> <span class="s2">"Restarting fastcgi"</span>
killall -9 php5-cgi
<span class="nv">$PHP_SCRIPT</span>
<span class="nv">RETVAL</span><span class="o">=</span><span class="nv">$?</span>
<span class="p">;;</span>
*<span class="o">)</span>
<span class="nb">echo</span> <span class="s2">"Usage: php-fastcgi {start|stop|restart}"</span>
<span class="nb">exit</span> <span class="m">1</span>
<span class="p">;;</span>
<span class="k">esac</span>
<span class="nb">exit</span> <span class="nv">$RETVAL</span>
</code></pre></div></td></tr></table></div>
<p>Give it permissions:</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo chmod <span class="m">755</span> /etc/init.d/fastcgi
</code></pre></div></td></tr></table></div>
<p>Start it:</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo /etc/init.d/fastcgi start
</code></pre></div></td></tr></table></div>
<p>Have it start at boot:</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo update-rc.d fastcgi defaults
</code></pre></div></td></tr></table></div>
<p>Alright, now that PHP is running how we want it to, let’s tell Nginx to talk to it. To do that, add the following to your vhost server block in <code>/etc/nginx/sites-available/mydomain.com</code>, making sure to change the <code>SCRIPT_FILENAME</code> variable to match your directory structure:</p>
<div class="highlight"><pre><span></span><code><span class="nt">location</span><span class="w"> </span><span class="o">~</span><span class="w"> </span><span class="err">\</span><span class="p">.</span><span class="nc">php</span><span class="o">$</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w"> </span><span class="err">fastcgi_pass</span><span class="w"> </span><span class="err">127.0.0.1:9000</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">fastcgi_index</span><span class="w"> </span><span class="err">index.php</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">fastcgi_param</span><span class="w"> </span><span class="err">SCRIPT_FILENAME</span><span class="w"> </span><span class="err">/home/user/public_html/mydomain.com/public$fastcgi_script_name</span><span class="p">;</span><span class="w"></span>
<span class="w"> </span><span class="err">include</span><span class="w"> </span><span class="err">/etc/nginx/fastcgi.conf</span><span class="p">;</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
</code></pre></div>
<p>Now let’s create that <code>/etc/nginx/fastcgi.conf</code> file that’s being included above. As per the <a href="http://wiki.codemongers.com/NginxFcgiExample">Nginx wiki article</a>, mine looks like this:</p>
<div class="highlight"><pre><span></span><code>fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
</code></pre></div>
<p>Then restart Nginx:</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo /etc/init.d/nginx restart
</code></pre></div></td></tr></table></div>
<p>Let’s create a file named <code>test.php</code> in your domain’s public root to see if everything is working. Inside, do something like printing <a href="http://us2.php.net/phpinfo">phpinfo</a>.</p>
<p>Go to http://mydomain.com/test.php. See it? Good. If you get “no input file specified” or somesuch, you broke something.</p>
<p>If you create an index.php, and delete any index.html or index.htm you might have, you’ll notice Nginx throws a 403 Forbidden error. To fix that, find the line in your vhost config (<code>/etc/nginx/sites-available/mydomain.com</code>) under the <code>location /</code> block that reads <code>index index.html;</code> and change it to <code>index index.php index.html;</code>. Then restart Nginx.</p>
<p>If you want SSL with your Nginx, Slicehost has <a href="http://articles.slicehost.com/2007/12/19/ubuntu-gutsy-self-signed-ssl-certificates-and-nginx">a guide for generating the certificate</a> and <a href="http://articles.slicehost.com/2007/12/19/ubuntu-gutsy-nginx-ssl-and-vhosts">another guide for installing it</a>.</p>
<p>You’ll want to install OpenSSL first:</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo aptitude install openssl
</code></pre></div></td></tr></table></div>
<p>There is one bug in the second guide. In the first server module listening on port 443, which forwards www.domain1.com to domain1.com, the rewrite rule specifies the http protocol. So, in effect, what that rule does is forward you from a secure domain to unsecure: https://www.domain1.com to http://domain1.com. We want it to forward to a secure domain. Simply change the rewrite rule like thus:</p>
<div class="highlight"><pre><span></span><code><span class="nt">rewrite</span><span class="w"> </span><span class="o">^/(.*)</span><span class="w"> </span><span class="nt">https</span><span class="o">://</span><span class="nt">domain1</span><span class="p">.</span><span class="nc">com</span><span class="w"> </span><span class="nt">permanent</span><span class="o">;</span><span class="w"></span>
</code></pre></div>
<p>Next up: <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-mail">install a mail server</a>. (Previously, we did a <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-basic-setup">basic setup</a>.)</p>An Ubuntu VPS on Slicehost: Wordpress2008-06-10T00:00:00-07:002012-12-22T00:00:00-08:00Pig Monkeytag:pig-monkey.com,2008-06-10:/2008/06/an-ubuntu-vps-on-slicehost-wordpress/<p><em>As <a href="http://pig-monkey.com/2008/06/09/a-move-to-slicehost/">mentioned previously</a>, I’ve recently moved this domain over to <a href="http://www.slicehost.com/">Slicehost</a>. What follows is Part Four of a guide, compiled from my notes, to setting up an Ubuntu Hardy VPS. See also <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-basic-setup">Part One</a>, <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-web-server">Part Two</a>, and <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-mail">Part Three</a>.</em></p>
<p>I prefer to install <a href="http://wordpress.org/">Wordpress</a> via Subversion, which makes updating …</p><p><em>As <a href="http://pig-monkey.com/2008/06/09/a-move-to-slicehost/">mentioned previously</a>, I’ve recently moved this domain over to <a href="http://www.slicehost.com/">Slicehost</a>. What follows is Part Four of a guide, compiled from my notes, to setting up an Ubuntu Hardy VPS. See also <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-basic-setup">Part One</a>, <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-web-server">Part Two</a>, and <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-mail">Part Three</a>.</em></p>
<p>I prefer to install <a href="http://wordpress.org/">Wordpress</a> via Subversion, which makes updating easier. We’ll have to install Subversion on the server first:</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo aptitude install subversion
</code></pre></div></td></tr></table></div>
<!--more-->
<p>After that, <a href="http://codex.wordpress.org/Installing/Updating_WordPress_with_Subversion#New_Install_2">the Wordpress Codex has a guide to the rest of the install</a>.</p>
<p>Nothing further is needed, unless you want fancy rewrites. In that case, we’ll have to make a change to your Nginx vhost config at <code>/etc/nginx/sites-available/mydomain.com</code>. Add the following to your server block under <code>location / {</code>:</p>
<div class="highlight"><pre><span></span><code>#<span class="w"> </span><span class="nv">wordpress</span><span class="w"> </span><span class="nv">fancy</span><span class="w"> </span><span class="nv">rewrites</span><span class="w"></span>
<span class="k">if</span><span class="w"> </span><span class="ss">(</span><span class="o">-</span><span class="nv">f</span><span class="w"> </span>$<span class="nv">request_filename</span><span class="ss">)</span><span class="w"> </span>{<span class="w"></span>
<span class="w"> </span><span class="k">break</span><span class="c1">;</span><span class="w"></span>
<span class="w"> </span>}<span class="w"></span>
<span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="ss">(</span><span class="o">-</span><span class="nv">d</span><span class="w"> </span>$<span class="nv">request_filename</span><span class="ss">)</span><span class="w"> </span>{<span class="w"></span>
<span class="w"> </span><span class="k">break</span><span class="c1">;</span><span class="w"></span>
<span class="w"> </span>}<span class="w"></span>
<span class="w"> </span><span class="nv">rewrite</span><span class="w"> </span><span class="o">^</span><span class="ss">(</span>.<span class="o">+</span><span class="ss">)</span>$<span class="w"> </span><span class="o">/</span><span class="nv">index</span>.<span class="nv">php</span>?<span class="nv">q</span><span class="o">=</span><span class="mh">$1</span><span class="w"> </span><span class="nv">last</span><span class="c1">;</span><span class="w"></span>
</code></pre></div>
<p>While we’re here, I usually tell Nginx to cache static files by adding the following right above the<code>location / {</code> block:</p>
<div class="highlight"><pre><span></span><code>#<span class="w"> </span><span class="nv">serve</span><span class="w"> </span><span class="nv">static</span><span class="w"> </span><span class="nv">files</span><span class="w"> </span><span class="nv">directly</span><span class="w"></span>
<span class="nv">location</span><span class="w"> </span><span class="o">~*</span><span class="w"> </span><span class="o">^</span>.<span class="o">+</span>\.<span class="ss">(</span><span class="nv">jpg</span><span class="o">|</span><span class="nv">jpeg</span><span class="o">|</span><span class="nv">gif</span><span class="o">|</span><span class="nv">png</span><span class="o">|</span><span class="nv">ico</span><span class="o">|</span><span class="nv">zip</span><span class="o">|</span><span class="nv">tgz</span><span class="o">|</span><span class="nv">gz</span><span class="o">|</span><span class="nv">rar</span><span class="o">|</span><span class="nv">bz2</span><span class="o">|</span><span class="nv">doc</span><span class="o">|</span><span class="nv">xls</span><span class="o">|</span><span class="nv">exe</span><span class="o">|</span><span class="nv">pdf</span><span class="o">|</span><span class="nv">ppt</span><span class="o">|</span><span class="nv">txt</span><span class="o">|</span><span class="nv">tar</span><span class="o">|</span><span class="nv">mid</span><span class="o">|</span><span class="nv">midi</span><span class="o">|</span><span class="nv">wav</span><span class="o">|</span><span class="nv">bmp</span><span class="o">|</span><span class="nv">rtf</span><span class="o">|</span><span class="nv">css</span><span class="ss">)</span>$<span class="w"> </span>{<span class="w"></span>
<span class="w"> </span><span class="nv">root</span><span class="w"> </span><span class="o">/</span><span class="nv">home</span><span class="o">/</span><span class="nv">user</span><span class="o">/</span><span class="nv">public_html</span><span class="o">/</span><span class="nv">mydomain</span>.<span class="nv">com</span><span class="o">/</span><span class="nv">public</span><span class="c1">;</span><span class="w"></span>
<span class="w"> </span><span class="nv">expires</span><span class="w"> </span><span class="mi">7</span><span class="nv">d</span><span class="c1">;</span><span class="w"></span>
<span class="w"> </span><span class="k">break</span><span class="c1">;</span><span class="w"></span>
}<span class="w"></span>
</code></pre></div>
<p>That’ll go in the https server section, too. Now, enable rewrites in your Wordpress config. I use the following “custom” structure:</p>
<div class="highlight"><pre><span></span><code>/%year%/%monthnum%/%day%/%postname%/
</code></pre></div>
<p>Then, restart Nginx:</p>
<div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><code>$ sudo /etc/init.d/nginx restart
</code></pre></div></td></tr></table></div>
<p>And there you have it! You know have a working, new web server and mail server.</p>
<p>(Previously, we did a <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-basic-setup">basic setup</a>, <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-web-server">installed a web server</a>, and <a href="http://pig-monkey.com/2008/06/10/an-ubuntu-vps-on-slicehost-mail">installed a mail server</a>.)</p>