Gunicorn

As mentioned several times, you should create a dedicated user for RDMO. All steps for the installation, which do not need root access, should be done using this user. Here we assume this user is called rdmo and it’s home is /srv/rdmo and therefore your rdmo-app is located in /srv/rdmo/rdmo-app.

First install gunicorn inside your virtual environment:

pip install rdmo[gunicorn]

As explained here, you need to add the following:

USE_X_FORWARDED_HOST = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

ALLAUTH_TRUSTED_CLIENT_IP_HEADER = "X-Forwarded-For"  # if django-allauth is used

to your config/settings/local.py in order for RDMO to pick up the X-Forwarded-Host and X-Forwarded-Proto HTTP headers from the proxy.

Then, test gunicorn using:

gunicorn --bind 0.0.0.0:8000 config.wsgi:application

This should serve the application like runserver, but without the static assets, like CSS files and images. After the test kill the gunicorn process again.

Systemd

Systemd will launch the Gunicorn process on startup and keep running. Create a new systemd service file in /etc/systemd/system/rdmo.service and enter (you will need root/sudo permissions for that):

[Unit]
Description=RDMO gunicorn daemon
After=network.target

[Service]
User=rdmo
Group=rdmo

WorkingDirectory=/srv/rdmo/rdmo-app

LogsDirectory=gunicorn rdmo
RuntimeDirectory=gunicorn

Environment=GUNICORN_BIN=/srv/rdmo/rdmo-app/env/bin/gunicorn
Environment=GUNICORN_WORKER=3
Environment=GUNICORN_TIMEOUT=30
Environment=GUNICORN_BIND=unix:/run/gunicorn/rdmo.sock
Environment=GUNICORN_PID_FILE=/run/gunicorn/rdmo.pid
Environment=GUNICORN_ACCESS_LOG_FILE=/var/log/gunicorn/access.log
Environment=GUNICORN_ERROR_LOG_FILE=/var/log/gunicorn/error.log

ExecStart=/bin/sh -c '${GUNICORN_BIN} \
  --workers ${GUNICORN_WORKER} \
  --timeout ${GUNICORN_TIMEOUT} \
  --bind ${GUNICORN_BIND} \
  --pid ${GUNICORN_PID_FILE} \
  --access-logfile ${GUNICORN_ACCESS_LOG_FILE} \
  --error-logfile ${GUNICORN_ERROR_LOG_FILE} \
  config.wsgi:application'

ExecReload=/bin/sh -c '/usr/bin/pkill -HUP -F ${GUNICORN_PID_FILE}'

ExecStop=/bin/sh -c '/usr/bin/pkill -TERM -F ${GUNICORN_PID_FILE}'

[Install]
WantedBy=multi-user.target

If RDMO runs under a subpath or your domain (or alias, e.g. https://example.com/rdmo/), when you have set a value for BASE_URL in your settings. The SCRIPT_NAME environment variable needs to be set in the ExecStart call, e.g. --env SCRIPT_NAME=/rdmo.

After the service file is created and every time it is changed, systemd needs to be reloaded:

systemctl daemon-reload

The RDMO service needs to be started and enabled like any other service:

sudo systemctl enable --now rdmo

Gunicorn is web server which runs locally and a reverse proxy is needed to allow connections from the internet. This can be done with a web server, e.g. NGINX or Apache2.

NGINX as reverse proxy

Nginx can be installed on Debian or Ubuntu using:

sudo apt install nginx  # on Debian/Ubuntu

Edit the Nginx configuration as follows (again with root/sudo permissions):

# in /etc/nginx/sites-available/default  on Debian/Ubuntu
server {
    listen 80;
    listen [::]:80;

    server_name rdmo.example.com;

    error_log /var/log/nginx/rdmo.example.com.error.log;
    access_log /var/log/nginx/rdmo.example.com.access.log;

    root /var/www/html;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_pass http://unix:/run/gunicorn/rdmo.sock;
    }

    location /static/ {
        alias /srv/rdmo/rdmo-app/static_root/;
    }
}

Restart and enable Nginx:

sudo systemctl enable --now nginx

RDMO should now be available on YOURDOMAIN. Note that the unix socket /srv/rdmo/rdmo.sock needs to be accessible by Nginx.

Apache2 as reverse proxy

Apache can be installed on Debian or Ubuntu using:

sudo apt install apache2

Edit the Apache configuration as follows (again with root/sudo permissions):

# in /etc/apache2/sites-available/default  on Debian/Ubuntu
<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    <Location />

    </Location>

    Alias /static /srv/rdmo/rdmo-app/static_root/
    <Directory /srv/rdmo/rdmo-app/static_root/>
        Require all granted
    </Directory>
</VirtualHost>

Restart and enable Apache:

sudo systemctl enable --now apache2

Static assets

As you can see from the virtual host configurations, the static assets such as CSS and JavaScript files are served independently from the reverse proxy to the gunicorn process. In order to do so they need to be gathered in the static_root directory. This can be achieved by running:

python manage.py collectstatic --clear

in your virtual environment (--clear removes existing files before collecting).

In order to apply changes to the RDMO code (e.g. after an upgrade), the Gunicorn process needs to be restarted:

sudo systemctl restart rdmo