Setting up a Lino production server¶

Here is a set of conventions we suggest to use as a site maintainer when setting up a Lino production server.

Configure the domain name
Configure the default umask
Set up a master environment
Activate the master environment
Check /etc/aliases
Install your first site
Some useful additions to your shell

Configure the domain name ¶

If your customers want to access their Lino from outside of their intranet, then you need to setup a domain name. See How to get a public domain name.

Configure the default umask ¶

All maintainers must have a umask 002 or 007 (not 022 or 077 as is the default value).

Edit the file /etc/bash.bashrc (site-wide for all users):

# nano /etc/bash.bashrc

And add the following line at the end:

umask 002

The umask command is used to mask (disable) certain file permissions from any new file created by a given user. See The umask command for more detailed information.

Set up a master environment ¶

If you are the first site maintainer on this server, you must set up the master environment:

$ sudo su
# apt-get install python3-venv
# mkdir -p /usr/local/lino/shared/env
# cd /usr/local/lino/shared/env
# chown root:www-data .
# chmod g+ws .
# python3 -m venv master
# . /usr/local/lino/shared/env/master/bin/activate

Edit your /root/.bashrc file and add the following line at the end so that the master environment is activated also in future root sessions on this server:

. /usr/local/lino/shared/env/master/bin/activate

Install the wheel python package (todo: why?):

# pip install wheel

Install getlino into the master environment:

# pip install getlino

Run getlino configure as root:

# getlino configure --no-clone --appy --web-server nginx --https

The --web-server option can be either nginx or apache. Your choice.

The --https option causes getlino configure to (1) install certbot and (2) have it request a new certificate for every getlino startsite.

When at least one Lino site of a server uses lino_xl.lib.appypod, then the server must have a LibreOffice service running so that the users of your site can print documents using the appypdf, appydoc or appyrtf methods (the appyodt method does not require a LO service). You say this using the getlino configure --appy option. For background information see Running a LibreOffice server.

For details see the documentation about getlino.

Activate the master environment ¶

For every new maintainer of a production site, add the following line to your .bashrc in order to have the master environment activated each time you connect to the server:

. /usr/local/lino/shared/env/master/bin/activate

master environment¶: A virtualenv to be used as default virtualenv for all site maintainers on this production server. It mainly contains getlino. It is usually located in /usr/local/lino/shared/env.

Check `/etc/aliases`¶

Every production server should be able to send emails to its maintainers, e.g. to notify them when a cron job fails.

$ sudo apt install sendmail
$ sudo nano /etc/aliases   # add your email address
$ sudo newaliases

Install your first site ¶

You will do the following for every new site on your server.

# getlino startsite <application_name> <site_name>

Where:

application_name is one of the Lino applications known by getlino (noi, cosi, avanti, voga…)
site_name is a unique internal name of your site on this server.

For example:

# getlino startsite cosi first

And then point your browser to http://first.localhost

Some useful additions to your shell ¶

We suggest that you add the following to your system-wide /etc/bash.bashrc:

alias ll='ls -al'
alias a='. env/bin/activate'

function pywhich() {
  python -c "import $1; print($1.__file__)"
}

# find another name if your team also uses golang
function go() {
    for BASE in /usr/local/lino/lino_local
    do
      if [ -d $BASE/$1 ] ; then
        cd $BASE/$1;
        return;
      fi
    done
    echo Oops: no project $1
    return -1
}

If you want Logging all bash commands to syslog, then add also this:

# copied from http://backdrift.org/logging-bash-history-to-syslog-using-traps
function log2syslog
{
   declare COMMAND
   COMMAND=$(fc -ln -0)
   logger -p local1.notice -t bash -i -- "${USER}:${COMMAND}"
}
trap log2syslog DEBUG

After these changes you must close and reopen your terminal to activate them.

You can now do the following to quickly go to a project directory and activate its Python environment:

$ go prj1
$ a

To activate a hourly health check:

$ sudo ln -s /usr/local/bin/healthcheck.sh /etc/cron.hourly/