Set up a Lino production server¶

Here is a set of conventions we suggest to use as a server administrator when setting up a Lino production server.

General configuration ¶

If your customers want to access their Lino from outside of their intranet, then you need to setup a domain name. See How to get a public domain name. In this case you need to have DNS set up and working because installing a Lino site will use certbot to request a certificate.

Having a domain name is not necessary if you remain in your LAN, if you access your Lino site via its IP adress, …

Configure the default umask ¶

All maintainers must have a umask 002 or 007 (not 022 or 077 as is the default value).

Edit the file /etc/bash.bashrc (site-wide for all users):

# nano /etc/bash.bashrc

And add the following line at the end:

umask 002

The umask command is used to mask (disable) certain file permissions from any new file created by a given user. See The umask command for more detailed information.

To activate the new umask or for yourself, hit Ctrl+D to end this session and start a new session

Set up a main environment ¶

If you are the first server administrator on this server, you must set up the main environment:

$ sudo su
# apt-get install pip virtualenv git
# mkdir -p /usr/local/lino/venvs
# cd /usr/local/lino/venvs
# chown root:www-data . ; chmod g+ws .
# virtualenv -p python3 main
# . /usr/local/lino/venvs/main/bin/activate

Edit your /root/.bashrc file and add the following line at the end so that the main environment is activated also in future root sessions on this server:

# . /usr/local/lino/venvs/main/bin/activate

Install the wheel python package, wheel is an installation tool for the pip packages, there are many other installation tools, but most pip packages use wheel to install the package into your python environment, some pip packages might fail to install if wheel is NOT already installed:

# pip install -U pip wheel

Install getlino into the main environment:

# pip install getlino

Run `getlino configure`¶

Sign out and again in as root, and verify that your prompt shows that the main environment is activated:

(main) root@myserver:~#

Run getlino configure as root:

# getlino configure --no-clone --appy --web-server nginx --https

The --web-server option can be either nginx or apache. Your choice. You might want to provide some extra arguments, for example, some database related arguments are –db-engine, –db-host, –db-port, –db-user, –db-password, to see all the available options see: getlino configure.

The --https option causes getlino configure to (1) install certbot and (2) have it request a new certificate for every getlino startsite.

When at least one Lino site of a server uses lino_xl.lib.appypod, then the server must have a LibreOffice service running so that the users of your site can print documents using the appypdf, appydoc or appyrtf methods (the appyodt method does not require a LO service). You say this using the getlino configure --appy option. For background information see More about the LibreOffice service.

You may specify your answer to all those questions into the command line. For example here is a variant of how to specify admin_email and languages:

# getlino configure --no-clone --appy --web-server nginx --https --admin-email root --languages "en de fr"

When you know that all the sites on your server will use the same environment, you may tell getlino so by specifying the name of your shared_env:

# getlino configure ... --shared-env /usr/local/lino/venvs/main

Here is another variant:

# getlino configure  --clone --web-server nginx --https --shared-env /usr/local/lino/venvs/main

For details see the documentation about getlino : the Lino installer.

Activate the main environment ¶

For every new maintainer of a production site, add the following line to your .bashrc in order to have the main environment activated each time you connect to the server:

. /usr/local/lino/venvs/main/bin/activate

main environment¶: A virtualenv to be used as default virtualenv for all site maintainers on this production server. It mainly contains getlino : the Lino installer. It is usually located in /usr/local/lino/venvs.

Check `/etc/aliases`¶

Every production server should be able to send emails to its maintainers, e.g. to notify them when a cron job fails.

# apt install sendmail
# nano /etc/aliases   # add your email address
# newaliases

Install your first site ¶

You will run getlino startsite for every new site on your server:

$ sudo su
# getlino startsite APPNAME PRJNAME

Where:

APPNAME is one of the Lino applications known by getlino (noi, cosi, avanti, voga…)
PRJNAME is a unique internal name of your site on this server.

For example:

# getlino startsite cosi first

And then point your browser to http://first.localhost

If something goes wrong, consult the getlino startsite documentation.

Some useful additions to your shell ¶

We suggest that you add the following to your system-wide /etc/bash.bashrc:

alias ll='ls -al'
alias a='. env/bin/activate'

function pywhich() {
  python -c "import $1; print($1.__file__)"
}

# find another name if your team also uses golang
function go() {
    for BASE in /usr/local/lino/lino_local
    do
      if [ -d $BASE/$1 ] ; then
        cd $BASE/$1;
        return;
      fi
    done
    echo Oops: no project $1
    return -1
}

Test whether it works ¶

Close and reopen your terminal to activate them.

Quickly go to a project directory and activate its Python environment:

$ go prj1
$ a

You can always try the following admin commands (they don’t modify the database, so they won’t break anything):

$ pm status
$ pm show users.AllUsers

Configure your mail system ¶

A production site should be able to send emails at least to the server administrator. The default Lino configuration sends all emails to localhost.

If you know an SMTP server, then run sudo apt install postfix, select “Satellite system” and give the name of that SMTP server.

If you use monit, then edit /etc/monit/monitrc and add the following line:

set mailserver localhost

More options ¶

You may want to set your server’s timezone:

$ sudo timedatectl set-timezone Europe/Tallinn

If you want to optimize the cron jobs created by getlino, see Our cron cheat sheet.

If you want to log every bash command, then add the following to your system-wide /etc/bash.bashrc

# copied from http://backdrift.org/logging-bash-history-to-syslog-using-traps
function log2syslog
{
   declare COMMAND
   COMMAND=$(fc -ln -0)
   logger -p local1.notice -t bash -i -- "${USER}:${COMMAND}"
}
trap log2syslog DEBUG