Production Deployment¶
Tausi is deployed using Dokku, an open-source version of Heroku. Dokku takes care of setting up nginx, installing dependencies, installing SSL, running deployment checks, and much more.
Database¶
Tausi requires a PostgreSQL database, version 10 or later. Ensure you have PostgreSQL installed.
Create a database and user, make sure to give the user a secure password:
sudo su - postgres -c 'createuser -d -P tausi'
sudo su - postgres -c 'createdb tausi'
You will also need a user, password, hostname and database name for the legacy Kenya Law Reports database in order to import legacy cases.
Server¶
Install Dokku as per the instructions.
Make sure you setup SSH keys so that you can use git push to deploy dokku applications.
On the dokku server, create a new app as per these instructions:
dokku apps:create tausi
Configure the app, changing DB_PASSWORD, DB_HOSTNAME, LEGACY_DB_USER, LEGACY_DB_PASS, LEGACY_DB_HOST and LEGACY_DB_NAME as appropriate.
dokku config:set tausi DJANGO_DEBUG=false \
DISABLE_COLLECTSTATIC=1 \
DATABASE_URL=postgres://tausi:DB_PASSWORD@DB_HOSTNAME:5432/tausi \
LEGACY_DATABASE_URL=mysql://LEGACY_DB_USER:LEGACY_DB_PASS@LEGACY_DB_HOST:3306/LEGACY_DB_NAME
Configure some nginx settings:
dokku nginx:set tausi proxy-read-timeout 15m
dokku nginx:set tausi client-max-body-size 10M
Setup persistent file storage for attachments and uploads:
# creating storage for tausi
mkdir -p /opt/dokku/tausi/storage
# adjust permissions
chown -R 32767:32767 /opt/dokku/tausi/storage
# use the storage plugin to mount the directory into tausi's /app/storage directory, relative to root
dokku storage:mount tausi /opt/dokku/tausi/storage:/app/storage
Configure the app to be able to checkout private packages from GitHub, by adding an SSH Private Key
and a GitHub Token supplied by Laws.Africa. Substitute the <TOKEN> and <SSH-KEY> below, with newlines replaced with \n.
dokku docker-options:add tausi build "--build-arg GITHUB_TOKEN=<TOKEN>"
dokku docker-options:add tausi build "--build-arg KEY=<SSH-KEY>"
Set a secret key for signing cookies:
dokku config:set tausi DJANGO_SECRET_KEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 128 | head -n 1)
Set the domain for the app. This should be setup in DNS to point to this server.
dokku domains:set tausi tausi.example.com
Either on your local machine, or on the server, clone this repo using git:
git clone https://github.com/laws-africa/tausi.git
cd tausi
Add the dokku server as a remote:
git remote add dokku dokku@SERVER_NAME:tausi
Deploy by using git push:
git push dokku
You should now be able to see the login page at the domain you set up.
Background tasks¶
Tausi runs various background tasks as separate processes.
On the dokku server, scale up the processes to run these tasks:
dokku ps:scale tausi tasks=1 tasks2=1
SSL¶
It is strongly recommended to secure your installation with SSL. You can do this using a free certificate from letsencrypt.
On the server, install the letsencrypt dokku plugin:
sudo dokku plugin:install https://github.com/dokku/dokku-letsencrypt.git
Configure letsencrypt with your email address, so you get reminders about renewing certificates:
dokku config:set --no-restart tausi DOKKU_LETSENCRYPT_EMAIL=your@email.tld
Install the certificate. Before you install the certificate, your website’s domain name must be setup and pointing at this server, so that you can prove that you own the domain.
dokku letsencrypt tausi
Renewing an SSL certificate¶
Letsencrypt certificates expire every three months. Let’s setup a cron job to renew certificates automatically:
dokku letsencrypt:cron-job --add
You can also manually renew a certificate when it’s close to expiry:
dokku letsencrypt:auto-renew tausi
Legacy file storage¶
Tausi needs access to the originally uploaded documents for legacy case decisions. It expects to find
these files in the file system of the server where it is deployed. By default, it looks in the directory
legacy-files in its application directory.
We must us the dokku storage plugin to preserve the legacy files directory between restarts and updates.
# creating storage for tausi
mkdir -p /opt/dokku/tausi/legacy-files
# adjust permissions
chown -R 32767:32767 /opt/dokku/tausi/legacy-files
# use the storage plugin to mount the directory into tausi's /app/legacy-files directory, relative to root
dokku storage:mount tausi /opt/dokku/tausi/legacy-files:/app/legacy-files
Configuration¶
Setup ‘domain_name’ & ‘display_name’ in admin¶
Make sure to setup the sites domain name and display name from the admin interface (/admin/sites/site/). By default the site is configured to these values:
domain_name: ‘example.com’
display_name: ‘example.com’
If these settings are not setup correctly, certain emails will be sent with these values when emails are sent to users, for example replies on annotations