Skip to content

Online Installation

Jump to bottom
Nicholas VanFossen edited this page Jan 2, 2024 · 4 revisions

The following guide was tested and verified on 1st January 2024. Operating systems, toolkits, libraries, dependencies, and conventions change constantly. While the processes below will likely be similar in the future, things will inevitably change. Unlike the local set up, nearly all these factors rely on the services, pricing, and policies of third-party providers, which are out of Raston Labs' control.

Prerequisites

The only prerequisite requires is for the ownership and control over a domain name. Many domain name providers exist. If one does not own a domain name already, Cloudflare is a domain registrar that operates at cost without markup fees. If you have experience with another registrar or service, the steps required below are not specific to any registrar.

https://developers.cloudflare.com/registrar/

Back-end

The following back-end guide will follow the steps of setting up the FTIR-SIS API on a Linode Nanode shared compute instance. At the time of writing, this plan costs $5 a month. For the following guide, we will use Ubuntu 22.04 as our operating system of choice. Here is the official documentation from Linode on creating a compute instance:

Note: The primary service required by our cloud provider is they are providing a Linux machine with a publicly accessible IP address. Other providers, like Amazon Web Services, Digital Ocean, Microsoft Azure, etc., may act as substitutes. Remember that this machine is publicly accessible and requires the knowledge to keep it secure over time.

  • Guides - Create a Compute Instance

    https://www.linode.com/docs/products/compute/compute-instances/guides/create/

    Note: The following is a simplified description of the options I selected:

    During setup, select your Image (Linux distribution), Region (server's geographic location), Linode plan (amount of storage, RAM, CPU, etc), Linode label (instance identifier), and Root password (password used to access root user).

Remember that your Linode is publicly accessible and requires proper knowledge to keep secure from malicious actors on the Internet. It is impossible to keep an instance 100% secure. However, preventative measures are still necessary to stay relatively safe. The following resources are official documentation from Linode on securing your compute instance:

When accessing your instance, an IP address is not intuitive. Using a custom domain name helps with this. Domain providers differ in what settings they offer, their location in their user interface, and their names. The following shows the two records your domain provider needs:

Hostname Type TTL Data
subdomain.example.com A Auto Linode’s IP address
subdomain.example.com NS Auto Linode’s name server address(es)

In the Linode dashboard, go to the Domains tab on the left side of the screen. Select Create Domain and enter your domain (same as the hostname above), the email address associated with that domain, and the Linode instance you want to associate with that domain.

We can now start setting up the applications and software required to run the FTIR-SIS back-end. First, we will start by installing Nginx. Nginx is a popular web server software suite.

sudo apt install nginx
sudo ufw allow 'Nginx HTTP'

Output should look like:

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
Nginx HTTP                 ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
Nginx HTTP (v6)            ALLOW       Anywhere (v6)

The two commands above came from a Digital Ocean tutorial on setting up Nginx. Only the first two steps were required in my setup:

Second, we can set up our Flask application from the Virtual-FTIR-Functions repository on GitHub.

sudo apt install python3-pip python3-dev build-essential libssl-dev libffi-dev python3-setuptools
sudo apt install python3-venv
git clone https://github.com/RastonLab/Virtual-FTIR-Functions.git
cd ~/Virtual-FTIR-Functions
./scripts/virtual_environment.sh
source venv/bin/activate
sudo ufw allow 5000
python app.py

Note: The command above should output something similar to the following:

* Serving Flask app "myproject" (lazy loading)
 * Environment: production
   WARNING: Do not use the development server in a production environment.
   Use a production WSGI server instead.
 * Debug mode: off
 * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)

Now test the connection using the instance's IP address: http://your_server_ip:5000

cd ~/Virtual-FTIR-Functions
gunicorn --bind 0.0.0.0:5000 wsgi:app

Note: The command above should output something similar to the following:

[2020-05-20 14:13:00 +0000] [46419] [INFO] Starting gunicorn 20.0.4
[2020-05-20 14:13:00 +0000] [46419] [INFO] Listening at: http://0.0.0.0:5000 (46419)
[2020-05-20 14:13:00 +0000] [46419] [INFO] Using worker: sync
[2020-05-20 14:13:00 +0000] [46421] [INFO] Booting worker with pid: 46421

Now test the connection using the instance's IP address: http://your_server_ip:5000

deactivate
sudo vim /etc/systemd/system/Virtual-FTIR-Functions.service

Note: Enter the following in Virtual-FTIR-Functions.service:

[Unit]
Description=Gunicorn instance to serve Virtual-FTIR-Functions
After=network.target

[Service]
User=john
Group=www-data
WorkingDirectory=/home/john/Virtual-FTIR-Functions
Environment="PATH=/home/john/Virtual-FTIR-Functions/venv/bin"
ExecStart=/home/john/Virtual-FTIR-Functions/venv/bin/gunicorn --workers 3 --bind unix:Virtual-FTIR-Functions.sock -m 007 wsgi:app
Restart=always

[Install]
WantedBy=multi-user.target

sudo systemctl start Virtual-FTIR-Functions
sudo systemctl enable Virtual-FTIR-Functions
sudo systemctl status Virtual-FTIR-Functions

Note: The command above should output something similar to the following:

● myproject.service - Gunicorn instance to serve myproject
     Loaded: loaded (/etc/systemd/system/myproject.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2022-05-10 19:40:41 UTC; 9s ago
   Main PID: 17300 (gunicorn)
      Tasks: 4 (limit: 2327)
     Memory: 56.0M
        CPU: 514ms
     CGroup: /system.slice/myproject.service
             ├─17300 /home/sammy/myproject/myprojectenv/bin/python3 /home/sammy/myproject/myprojectenv/bin/gunicorn --workers 3 --bind unix:myproject.sock -m 007 wsgi:app
             ├─17301 /home/sammy/myproject/myprojectenv/bin/python3 /home/sammy/myproject/myprojectenv/bin/gunicorn --workers 3 --bind unix:myproject.sock -m 007 wsgi:app
             ├─17302 /home/sammy/myproject/myprojectenv/bin/python3 /home/sammy/myproject/myprojectenv/bin/gunicorn --workers 3 --bind unix:myproject.sock -m 007 wsgi:app
             └─17303 /home/sammy/myproject/myprojectenv/bin/python3 /home/sammy/myproject/myprojectenv/bin/gunicorn --workers 3 --bind unix:myproject.sock -m 007 wsgi:app

May 10 19:40:41 r systemd[1]: Started Gunicorn instance to serve myproject.
. . .

sudo vim /etc/nginx/sites-available/Virtual-FTIR-Functions

Note: Enter the following in Virtual-FTIR-Functions:

server {
    listen 80;
    server_name api.ftir.rastonlab.org;

    location / {
        include proxy_params;
        proxy_pass http://unix:/home/john/Virtual-FTIR-Functions/Virtual-FTIR-Functions.sock;
    }
}

sudo ln -s /etc/nginx/sites-available/Virtual-FTIR-Functions /etc/nginx/sites-enabled
sudo nginx -t

Note: The command above should output something similar to the following:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

sudo systemctl restart nginx
sudo ufw delete allow 5000
sudo ufw allow 'Nginx Full'
sudo chmod 755 /home/john

Now test the connection using the instance's domain name: http://your_domain

sudo apt install python3-certbot-nginx
sudo certbot --nginx -d api.ftir.rastonlab.org

Note: The command above should output something similar to the following:

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
  /etc/letsencrypt/live/your_domain/fullchain.pem
  Your key file has been saved at:
  /etc/letsencrypt/live/your_domain/privkey.pem
  Your cert will expire on 2020-08-18. To obtain a new or tweaked
  version of this certificate in the future, simply run certbot again
  with the "certonly" option. To non-interactively renew _all_ of
  your certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
  configuration directory at /etc/letsencrypt. You should make a
  secure backup of this folder now. This configuration directory will
  also contain certificates and private keys obtained by Certbot so
  making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:

  Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
  Donating to EFF: https://eff.org/donate-le

sudo ufw delete allow 'Nginx HTTP'

Now test the connection using the instance's domain name: https://your_domain

The commands above came from a Digital Ocean tutorial on setting up Flask applications using Gunicorn and Nginx:

Clone this wiki locally