Advanced topics¶

SELinux¶

For distributions that use SELinux (e.g. CentOS, RHEL, Fedora), the following commands can be used to configure SELinux:

sudo semanage fcontext -a -t httpd_sys_content_t "/srv/rdmo/rdmo-app(/.*)?"
sudo semanage fcontext -a -t httpd_sys_rw_content_t "/srv/rdmo/rdmo-app/static_root/CACHE(/.*)?"
sudo semanage fcontext -a -t httpd_sys_rw_content_t "/srv/rdmo/rdmo-app/log(/.*)?"
sudo semanage fcontext -a -t httpd_sys_script_exec_t -f f "/srv/rdmo/rdmo-app/env(/.*)?/.+\.so(\.[^/]*)*"
sudo restorecon -R -v /srv/rdmo
sudo setsebool -P httpd_can_network_connect=1

While this is the prefereble way, you can also set selinux to permissive or disabled in /etc/selinux/config (and reboot afterwards).

Multiple Reverse Proxies¶

For special setups including multiple reverse proxies the configuration needs to be adjusted in order to successfully work. The reason is that django’s CSRF protection requires a proper request header in order to not reject the request. To achieve this, the first reverse proxy needs to set the corresponding X-Forwarded-* header, e.g. for nginx:

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;

All remaining proxies should not change these information, i.e. don’t add such configuration.

Additionally, RDMO has to be adjusted according to the description for reverse proxies.

Install RDMO without internet connection¶

In order to install RDMO on a server without (outgoing) internet connection, you need to download the Python packages on a different machine and copy the wheels to the server:

# on the machine with internet
mkdir packages
cd packages
pip download pip setuptools wheel
pip rdmo[allauth,postgres,gunicorn] # or any other combination of optional dependencies

The packages should then contain *.whl files for all dependencies.

You also need to download the vendor files as in the regular setup:

python manage.py download_vendor_files

Next you need to copy the packages and the vendor directory to the machine without internet. There, you copy the vendor directory to the rdmo-app directory, create a virtual env and install the pip dependencies using:

pip install --upgrade --no-index --find-links /path/to/packages/ pip setuptools wheel
pip install --upgrade --no-index --find-links /path/to/packages/ rdmo[allauth,postgres,gunicorn]