Ensure python3.6 and git25 are selected in this environment.

The default python is 2.7 and the default git 1.7 neither of these are new enough to use for this project. Newer versions from the software collection have been installed and can be enabled by:

scl enable rh-python36 bash

scl enable sclo-git25 bash

Nephwork (Browse Miscellaneous / nephwork.renalreg.org - Bitbucket (ukrdc.org)) is deployed on the renalreg server on the url https://nephwork.renalreg.org. (it is also configured for https://nephwork.renal.org )

The service is run under the nephwork user using the software collection apache 2.4 ( /opt/rh/httpd24 ) server as a proxy (config files in /opt/rh/httpd24/root/etc/httpd/conf.d ). Currently the site makes use of the sqlite database but probably will need to switch to a postgresql one in due course due to the limits of the sqlite database when used in a multiuser environment.

nephwork.conf

# nepwhork.renal.org
# nephwork.renalreg.org

<VirtualHost *:80>
    ServerName nephwork.renal.org

    Redirect permanent / https://nephwork.renal.org/
    Header always set X-Frame-Options "SAMEORIGIN"
</VirtualHost>


<VirtualHost *:80>
    ServerName nephwork.renalreg.org

    Redirect permanent / https://nephwork.renal.org/
    Header always set X-Frame-Options "SAMEORIGIN"
</VirtualHost>

<VirtualHost *:443>
    ServerName nephwork.renal.org

    SSLEngine On
    SSLCertificateFile /etc/pki/tls/certs/renal.org.crt
    SSLCertificateKeyFile /etc/pki/tls/private/renal.org.key
    SSLCertificateChainFile /etc/pki/tls/certs/IntermediateCA.crt
    SSLProtocol all -SSLv2 -SSLv3 -TLSv1

    SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
    SSLHonorCipherOrder     on

#   HSTS (mod_headers is required) (15768000 seconds = 6 months)
    Header always set Strict-Transport-Security "max-age=15768000"

    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-Xss-Protection "1; mode=block"
    Header always set X-Content-Type-Options "nosniff"
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

    SSLProxyEngine          On
    ProxyRequests           Off
    ProxyPreserveHost       On

    ProxyVia Off

    Alias "/static" "/home/nephwork/nephworksite/static"
    <Directory "/home/nephwork/nephworksite/static">
        Require all granted
    </Directory>
    <Location "/static">
        ProxyPass !
    </Location>

    <Proxy *>
        Require all granted
    </Proxy>

    ProxyPass / http://127.0.0.1:9887/
    ProxyPassReverse / http://127.0.0.1:9887/

</VirtualHost>


<VirtualHost *:443>
    ServerName nephwork.renalreg.org

    SSLEngine On
    SSLCertificateFile /etc/pki/tls/certs/star_renalreg_org.crt
    SSLCertificateKeyFile /etc/pki/tls/private/star_renalreg_org.key
    SSLCertificateChainFile /etc/pki/tls/certs/DigiCertCA.crt
    SSLProtocol all -SSLv2 -SSLv3 -TLSv1

    SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
    SSLHonorCipherOrder     on

#   HSTS (mod_headers is required) (15768000 seconds = 6 months)
    Header always set Strict-Transport-Security "max-age=15768000"

    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-Xss-Protection "1; mode=block"
    Header always set X-Content-Type-Options "nosniff"
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

    SSLProxyEngine          On
    ProxyRequests           Off
    ProxyPreserveHost       On

    ProxyVia Off

    Alias "/static" "/home/nephwork/nephworksite/static"
    <Directory "/home/nephwork/nephworksite/static">
        Require all granted
    </Directory>
    <Location "/static">
        ProxyPass !
    </Location>

    <Proxy *>
        Require all granted
    </Proxy>

    ProxyPass / http://127.0.0.1:9887/
    ProxyPassReverse / http://127.0.0.1:9887/

</VirtualHost>

The site code is located in /home/nephwork/nephwork.renalreg.org and is run on port 9887.

The standard construct used for configuring the required Django settings is used where by there is a settings folder containing settings files for different environments. There is a base settings file and then individualised settings files for the different environments (local and production in this case). The selection of the correct settings file is done by using the DJANGO_SETTINGS_MODULE environment variable.

When running the site ensure the environment variable is appropriately set:

# Settings files 
ls -l nephwork/settings
total 20
-rw-r--r--. 1 nephwork nephwork 3975 Nov 25 16:32 base.py
-rw-r--r--. 1 nephwork nephwork   29 Nov 25 16:32 __init__.py
-rw-r--r--. 1 nephwork nephwork  429 Nov 25 16:32 local.py
-rw-r--r--. 1 nephwork nephwork 1213 Nov 25 16:32 production.py

# Configure productions settings
export DJANGO_SETTINGS_MODULE=nephwork.settings.production

Note the environment needs setting before running the start script to ensure the correct settings file is picked up

export DJANGO_SETTINGS_MODULE=nephwork.settings.production;/home/nephwork/bin/nephwork start

To export DJANGO_SETTINGS_MODULE value permanently in every nephwork user session, add the line export DJANGO_SETTINGS_MODULE=nephwork.settings.production in ~/.bash_profile. To load the new variable in the current session run: $ source ~/.bash_profile

The site is managed using a script in /home/nephwork/bin/nephwork which takes commands start, stop, force-reload/restart

nephwork

#! /bin/bash
### BEGIN INIT INFO
# Provides:          nephwork
# Required-Start:    nginx/apache
# Required-Stop:
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: The main django process
# Description:       The gunicorn process that receives HTTP requests
#                    from nginx/apache
#
### END INIT INFO
#
# Author:       Tim Whitlock <tim.whitlock@renalregistry.nhs.uk>
#

# Replace this with absolute path to project directory if used as init.d script
#PROJDIR="$(dirname `dirname "${BASH_SOURCE[0]}"`)";
PROJDIR="/home/nephwork/nephwork.renalreg.org";

APPNAME=nephwork
USER=nephwork
PATH=/bin:/usr/bin:/sbin:/usr/sbin
ACTIVATE=$PROJDIR/venv/bin/activate
APPMODULE=nephwork.wsgi
DAEMON=gunicorn
BIND=127.0.0.1:9887
# Put under /var/run and /var/log to make more consistent with other init.d scripts
# Subdriectories in /var/run and /var/log need to be owned by this user for logging and pid to be saved.
#PIDFILE=$PROJDIR/$DAEMON-nephwork.pid
PIDFILE=/var/run/nephwork/$DAEMON-nephwork.pid
#LOGFILE=$PROJDIR/logs/$DAEMON-nephwork.log
LOGFILE=/var/log/nephwork/$DAEMON-nephwork.log
WORKERS=2

#if [ ! -d "$PROJDIR/logs" ]; then
#    mkdir -p "$PROJDIR/logs";
#fi

if [ ! -d "/var/log/nephwork" ]; then
    mkdir -p "/var/log/nephwork";
fi


. /lib/lsb/init-functions


if [ -e "/etc/default/$APPNAME" ]
then
    . /etc/default/$APPNAME
fi


case "$1" in
  start)
        # log_daemon_msg "Starting deferred execution scheduler" "$APPNAME"
        source $ACTIVATE
        $DAEMON --daemon --bind=$BIND --pid=$PIDFILE --workers=$WORKERS --user=$USER --log-file=$LOGFILE $APPMODULE

        RETVAL=$?
        if [ $RETVAL = 0 ]; then
            log_success_msg "$APPNAME has started";
        else
            log_failure_msg "Failed to start $APPNAME";
        fi
    ;;
  stop)
        # log_daemon_msg "Stopping deferred execution scheduler" "$APPNAME"
        killproc -p $PIDFILE $DAEMON
        RETVAL=$?
        if [ $RETVAL = 0 ]; then
            log_success_msg "$APPNAME has stopped";
        else
            log_failure_msg "Failed to stop $APPNAME";
        fi
    ;;
  force-reload|restart)
    $0 stop
    $0 start
    ;;
  *)
    echo "Usage: ./bin/$APPNAME {start|stop|restart|force-reload}"
    exit 1
    ;;
esac

exit 0

The log files can be found in /var/log/httpd24 for proxy issues and /var/log/nephwork for django site related issues.

Browser not supported