diff --git a/README.md b/README.md index 088b701..f861802 100644 --- a/README.md +++ b/README.md @@ -19,27 +19,62 @@ Feel free to contact us about ccvpn, but with no guarantee. and more services about ccvpn and lambdacore. -Getting Started ---------------- +## Getting Started ```bash - pip install --user git+git://github.com/PacketImpact/lcoreapi.git - git clone https://github.com/CCrypto/ccvpn3.git - cd ccvpn3/ +# Install poetry +pip3 install poetry +export PATH=~/.local/bin/:$PATH # also add that to your .profile - ./manage.py createsuperuser - ./manage.py runserver +# Install ccvpn3 +git clone https://git.ccrypto.org/ccrypto/ccvpn3.git +cd ccvpn3 +poetry config settings.virtualenvs.in-project true +poetry install +cp ccvpn/local_settings.sample.py ccvpn/local_settings.py +# Edit ccvpn/local_settings.py +# See ccvpn/settings.py for all available settings and defaults + +# Those need to be run on installation and updates +poetry run ./manage.py migrate +poetry run ./manage.py compilemessages +poetry run ./manage.py collectstatic + +# The standard Django manage.py can be called through poetry +poetry run ./manage.py runserver ``` -CRON ----- +## Debian Deployment + + +```bash +# Install uwsgi and a web server, and python deps +apt install gettext git nginx uwsgi uwsgi-plugin-python3 python3-venv python3-setuptools python3-pip + +# Create a new account and switch to it +adduser --disabled-login ccvpn + +su - ccvpn +# As ccvpn, follow the instructions in Getting Started +# then Ctrl-D/exit back to root -For bitcoin payments, you will need to run a script regularly to check for -verified transaction. Another to delete old cancelled payments. -And another to send expiration emails. +cp /home/ccvpn/ccvpn3/deploy/nginx.conf /etc/nginx/sites-enabled/ccvpn3.conf +cp /etc/ccvpn/ccvpn3/deploy/uwsgi.ini /etc/uwsgi/apps-enabled/ccvpn3.ini +systemctl restart uwsgi +systemctl reload nginx +``` - */5 * * * * /home/vpn/ccvpn3/manage.py check_btc_payments - 0 0 * * * /home/vpn/ccvpn3/manage.py expire_payments - 0 */6 * * * /home/vpn/ccvpn3/manage.py expire_notify +## CRON +Mostly for cron use, there is a `manage.sh` script that prepares +the environment and calls `manage.py` through poetry. + +```cron +# Send account expiration notice e-mails +0 */6 * * * /home/ccvpn/ccvpn3/manage.sh expire_notify +# Expire old and cancelled payments +0 0 * * * /home/ccvpn/ccvpn3/manage.sh expire_payments +# [bitcoin] Check for incoming payments +*/5 * * * * /home/ccvpn/ccvpn3/manage.sh check_btc_payments +``` diff --git a/ccvpn/local_settings.sample.py b/ccvpn/local_settings.sample.py new file mode 100644 index 0000000..d29fb31 --- /dev/null +++ b/ccvpn/local_settings.sample.py @@ -0,0 +1,28 @@ +DEBUG = False +SECRET_KEY = '' +ALLOWED_HOSTS = ['vpn.ccrypto.org'] +# REAL_IP_HEADER_NAME = 'X-Real-Ip' +ROOT_URL = 'https://vpn.ccrypto.org/' +# Where to copy static files +STATIC_ROOT = '/home/ccvpn/public/static/' +TICKETS_SITE_NAME = 'CCrypto VPN Support' + +#DATABASES = { +# 'default': { +# 'ENGINE': 'django.db.backends.postgresql_psycopg2', +# 'NAME': 'ccvpn3', +# 'USER': 'ccvpn3', +# 'PASSWORD': '', +# 'HOST': 'localhost', +# }, +#} + +#LCORE = {} + +EMAIL_HOST = 'localhost' +EMAIL_PORT = 25 +SERVER_EMAIL = 'support@localhost' +DEFAULT_FROM_EMAIL = 'support@localhost' + +PAYMENTS_CURRENCY = ('eur', '€') +PAYMENTS_BACKENDS = {} diff --git a/ccvpn/settings.py b/ccvpn/settings.py index 4e4bad4..b6063cc 100644 --- a/ccvpn/settings.py +++ b/ccvpn/settings.py @@ -199,7 +199,9 @@ LCORE = dict( API_KEY='', API_SECRET='', INST_SECRET='', - CACHE_TTL=10, + CACHE_TTL=600, + TIMEOUT=5, + # SOURCE_ADDR='', ) # VPN auth credentials and expiration time storage diff --git a/deploy/nginx.conf b/deploy/nginx.conf new file mode 100644 index 0000000..0d7da07 --- /dev/null +++ b/deploy/nginx.conf @@ -0,0 +1,13 @@ +server { + listen 80 default_server; + listen [::]:80 default_server; + root /home/ccvpn/public/; + server_name vpn.ccrypto.org; + set_real_ip_from 10.1.1.1; + + try_files $uri @uwsgiapp; + location @uwsgiapp { + include uwsgi_params; + uwsgi_pass 'unix:///var/lib/uwsgi_ccvpn3.sock'; + } +} diff --git a/deploy/uwsgi.ini b/deploy/uwsgi.ini new file mode 100644 index 0000000..5b55100 --- /dev/null +++ b/deploy/uwsgi.ini @@ -0,0 +1,18 @@ +[uwsgi] +master = true +processes = 4 +socket = /var/lib/uwsgi_ccvpn3.sock +wsgi-file = /home/ccvpn/ccvpn3/ccvpn/wsgi.py +virtualenv = /home/ccvpn/ccvpn3/.venv/ +chdir = /home/ccvpn/ccvpn3/ +chown-socket = ccvpn:www-data +chmod-socket = 660 +uid = ccvpn +gid = ccvpn +plugins = python3 +harakiri = 60 +limit-as = 256 +max-requests = 10000 +vacuum = true +enable-threads = true +threads = 2 diff --git a/manage.sh b/manage.sh new file mode 100755 index 0000000..eb7c6ac --- /dev/null +++ b/manage.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +# sometimes cron lacks $LANG. it can cause unicode issues with python +export LANG="en_US.UTF-8" + +# poetry can also be in: +# * ~/.local/bin/ (installed with pip) +export PATH="$HOME/.local/bin/:$PATH" +# * ~/.poetry/bin/ (installed with get-poetry) +export PATH="$HOME/.poetry/bin/:$PATH" + +DIR="$(dirname $0)" +cd $DIR + +poetry run ./manage.py $@