Skip to content

Installing eScriptorium on a Cloud Server (Debian 11) with a Fully Qualified Domain Name

Ravi Murugesan edited this page Mar 18, 2024 · 8 revisions

Introduction

The installation guide is for successfully installing eScriptorium on a cloud server running Debian 11 and making the eScriptorium website accessible with a fully qualified domain name (FQDN).

System Requirements

To follow this guide, you should first create a cloud server with

  • At least 2 CPU cores
  • At least 4 GB of RAM
  • At least 20 GB of disk space
  • An IPv4 address
  • Debian 11 as the operating system

Note

The below instructions have been tested on Hetzner's Shared vCPU server with an x86 processor with 2 vCPUs, 4 GB RAM, and 40 GB SSD. However, a shared CPU server may not be ideal for high or sustained workloads. (The author of this article is not affiliated with Hetzner in any way.)

Domain Requirements

In this guide, escriptorium.example.com is used as the FQDN for the eScriptorium site. As you go through this guide, replace this domain name with your own domain name.

  1. Access the DNS records of your domain name.
  2. Add an A record for escriptorium (or any other string) that points to the IPv4 address of the server where you plan to install eScriptorium.

Tip

If you don't have access to the DNS records of your domain name, ask your domain administrator to create a subdomain record to point to the IPv4 address of your server.

Before You Begin

You should

  • have access to a terminal application
  • have basic Debian command line skills
  • know how to use a text editor in Debian (such as vi or nano)
  • have root access to the Debian server where you want to install eScriptorium (or login credentials for a non-root user with sudo permissions)
  • set aside at least 1 to 2 hours for this procedure

Step 1: Secure Your Cloud Server

  1. Open the terminal application of your choice on your computer.

  2. Locate the access credentials of the Debian server you have created (see System Requirements above).

  3. From your terminal application, sign into the server as the root user, using the password or SSH key generated at the time of creating the server.

    If you can't sign into the server using SSH, it could mean that SSH connections are blocked. In that case, sign into your account with your hosting provider and access the server using the hosting provider's browser-based terminal. You can use your terminal application later on after enabling SSH.

  4. Update the server.

    apt update
    apt upgrade
    
  5. Install the firewall application (ufw).

    apt install ufw
    
  6. Ensure SSH is allowed.

    ufw allow ssh
    
  7. Enable the firewall after allowing SSH.

    ufw enable
    
  8. Create a non-root user. Replace htrfan with the username of your choice. And in the steps that follow, replace htrfan with the username you have created.

    adduser htrfan
    

    Generate a strong password when prompted by the adduser command, and save this password.

  9. Give sudo permissions to the newly created non-root user.

    usermod -aG sudo htrfan
    
  10. From a new window or tab of your terminal application, access the server with an SSH connection using the sudo user account. Replace htrfan with your the username you have created, and 77.77.77.77 with the IP address of your server.

    For password-based authentication:

    For key-based authentication (replace .\private-key with the location and filename of your private key):

    ssh -i .\private-key [email protected]
    

Tip

For more rigorous security measures, such as setting up key-based authentication for the non-root user and blocking malicious login attempts, see this guide on the Linux Handbook website.

Step 2: Install the Apache Web Server

  1. Install the Apache web server.

    sudo apt install apache2
    

    Enter the password for the htrfan user when prompted by the sudo command.

  2. The Apache server may be blocked by the firewall set up earlier. To open both port 80 (normal, unencrypted web traffic) and port 443 (TLS/SSL encrypted traffic), enter the below command:

    sudo ufw allow 'WWW Full'
    
  3. Restart the Apache server.

    sudo service apache2 restart
    
  4. Check the status of the Apache server.

    sudo service apache2 status
    
  5. Open a browser tab and go to the IP address of the server, for example, http://77.77.77.77. Replace 77.77.77.77 with the IP address of your server. You should see a page titled Apache2 Debian Default Page.

    Make sure the browser does not redirect you to an HTTPS version of the IP address. This will not work as you have not yet set up HTTPS access.

Step 3: Install an HTTPS Certificate using Certbot

  1. Install snapd

    sudo apt install snapd
    
  2. Remove any previously installed Certbot packages.

    sudo apt remove certbot
    
  3. Install Certbot

    sudo snap install --classic certbot
    
  4. Prepare the Certbot command

    sudo ln -s /snap/bin/certbot /usr/bin/certbot
    
  5. Install a Certbot certificate. This will turn on HTTPS access.

    sudo certbot --apache
    

    Follow the prompts. When asked to enter the domain name for which you would like a certificate, carefully type in the domain name you have created (as per the Domain Requirements section above). For example, escriptorium.example.com.

  6. Test automatic renewal of the Certbot certificate.

    sudo certbot renew --dry-run
    
  7. Test that the Certbot command worked. Open a browser tab and go to the HTTPS-enabled domain name, for example, https://escriptorium.example.com. You should once again see the Apache2 Debian Default Page.

Step 4: Enable Reverse Proxy

  1. Create a new Apache configuration file for eScriptorium.

    cd /etc/apache2/sites-available/
    
    sudo vi escriptorium.conf
    

    Copy the below content into the file.

    # eScriptorium
    <Location "/">
        ProxyPass "http://localhost:8000/"
        ProxyPassReverse "http://localhost:8000/"
        RequestHeader set X-Forwarded-Proto 'https' env=HTTPS
    </Location>
    <Location "/ws/notif/">
        ProxyPass "ws://localhost:8080/ws/notif/"
    </Location>
    
  2. Enable the Apache modules to set up a reverse proxy.

    sudo a2enmod proxy proxy_http proxy_balancer lbmethod_byrequests
    
  3. Restart Apache.

    sudo service apache2 restart
    

Step 5: Install the Programs Required for eScriptorium

Note

These instructions are an edited version of the instructions from UB Mannheim.

  1. Install the programs you need to install eScriptorium.

    sudo apt install git postgresql postgresql-contrib libpq-dev redis-server gettext netcat-traditional jpegoptim pngcrush libvips build-essential python3 python3-dev python3-venv npm
    

    If error messages appear during the PostgreSQL installation, enter the below commands.

    sudo apt update
    sudo apt update --fix-missing
    sudo apt install postgresql
    
  2. Start the PostgreSQL and Redis servers.

    sudo service postgresql start
    sudo service redis-server start
    
  3. Create a username for eScriptorium.

    Decide if you want to use your Linux username as the eScriptorium username.

    If yes, enter this command:

    (cd /tmp && sudo -u postgres createuser --superuser $(whoami))
    

    If you want a different username, enter the below command, replacing yourusername with a name of your choice.

    sudo -u postgres createuser --superuser yourusername
    
  4. Create a database for eScriptorium.

    createdb escriptorium
    
  5. Clone the eScriptorium repository from GitLab.

    git clone https://gitlab.com/scripta/escriptorium.git ~/escriptorium
    

    This command will clone the repository in your home folder, for example, /home/htrfan.

  6. Go to the newly created escriptorium directory.

    cd ~/escriptorium
    
  7. Create and activate the virtual environment.

    Enter the below commands.

    python3 -m venv env
    source env/bin/activate
    pip install -U pip setuptools wheel
    

    Install all the Python packages needed:

    pip install -r app/requirements.txt -r app/requirements-dev.txt
    

    This process can take a while. A good time for a break!

    If you encounter an error related to conflict in dependencies, try to loosen the package version specified for Kraken in /app/requirements.txt. For example, change kraken==4.3.12 to kraken~=4.3.12. And run the above command again.

  8. Create the local_settings.py file.

    cd $HOME/escriptorium/app/escriptorium
    cp local_settings.py.example local_settings.py
    
  9. Open the local_settings.py file with a text editor (such as vi), and add the below lines. Replace the domain name below with your domain for your eScriptorium instance.

    DOMAIN = 'escriptorium.example.com'
    CSRF_TRUSTED_ORIGINS = ['https://escriptorium.example.com']
    
  10. Install the latest version of NPM.

    Go to the front directory (which is in the escriptorium directory).

    cd $HOME/escriptorium/front
    
    sudo npm install -g n
    sudo n latest
    hash -r
    npm install
    

    If you see an error message about vulnerabilities, run the below command. This should fix the critical vulnerabilities. Other vulnerabilities may persist, but you can ignore them for the time being.

    npm audit fix
    

Step 6: Run eScriptorium

  1. Run eScriptorium as a production instance.

    npm run production
    
  2. Check the installation.

    cd ~/escriptorium/app
    python manage.py check --settings escriptorium.local_settings
    
  3. Create the SQL tables required.

    python manage.py migrate --settings escriptorium.local_settings
    
  4. Update the translations for the user interface.

    python manage.py makemessages --all --settings escriptorium.local_settings
    python manage.py compilemessages --settings escriptorium.local_settings
    
  5. Open a new terminal window, and sign in with the sudo user account. Run a simple Celery worker in this terminal.

    DJANGO_SETTINGS_MODULE=escriptorium.local_settings celery -A escriptorium worker -l INFO &
    
  6. In the previously opened terminal, enter the below command to start the server.

    python manage.py runserver --settings escriptorium.local_settings
    

With that, the essential installation steps are completed.

Important

Do not close the terminal window or stop the SSH connection. Keep the previous command running while you verify the installation.

Verify the Installation

Your instance of eScriptorium should now be available on your chosen domain name, for example, https://escriptorium.example.com. Open a browser tab and navigate to this domain.

If you see the eScriptorium landing page, success!

Caution

The first thing you should do on the eScriptorium site is change the admin username and password.

Sign in with the default username and password (admin, admin). Then, go to the profile settings of the admin user account and change the password.

Post Installation

Activate eScriptorium from the Terminal to Use the Site

If you close the SSH connection, you won't be able to access the eScriptorium website.

If you want to use the website again, you should activate eScriptorium again via the terminal. This should be done every time you want to use the eScriptorium website.

cd ~/escriptorium
source env/bin/activate
cd app
sudo service postgresql start
sudo service redis-server start
DJANGO_SETTINGS_MODULE=escriptorium.local_settings celery -A escriptorium worker -l INFO &
python manage.py runserver --settings escriptorium.local_settings

Then, open a browser tab and go to the URL of your eScriptorium instance.

A better option is to enable eScriptorium to run as a service, explained below.

Make eScriptorium Run as a Service

  1. Go to the escriptorium/env/bin directory.

    cd $HOME
    cd escriptorium/env/bin
    
  2. Create a file called run_escriptorium.sh

    vi run_escriptorium.sh
    
  3. Paste the below contents into file. Replace the instances of /home/htrfan/ with your home directory.

    #!/bin/bash
    
    source /home/htrfan/escriptorium/env/bin/activate
    export DJANGO_SETTINGS_MODULE=escriptorium.local_settings
    export ESC_LANGUAGES="de,en,fr"
    
    export OMP_NUM_THREADS=1
    
    cd /home/htrfan/escriptorium/app
    celery --app escriptorium worker --concurrency 4 --loglevel DEBUG &
    python -Wa manage.py runserver --settings escriptorium.local_settings
    
  4. Make the script executable.

    chmod 755 run_escriptorium.sh
    
  5. Create a file called escriptorium.service in /etc/systemd/system/.

    sudo vi /etc/systemd/system/escriptorium.service
    
  6. Paste the below contents into file. Replace the instances of /home/htrfan/ with your home directory, and replace the definitions of User and Group as well.

    [Unit]
    Description=eScriptorium web application
    After=network.target
    
    [Service]
    ExecStart=/home/htrfan/escriptorium/env/bin/run_escriptorium.sh
    WorkingDirectory=/home/htrfan/escriptorium/app
    Restart=on-failure
    User=htrfan
    Group=htrfan
    Environment=TXS=xproduction
    
    [Install]
    WantedBy=multi-user.target
    

Acknowledgments

This guide was written using the installation guide template developed by The Good Docs Project. The author would like to thank Stefan Weil for helping him figure out how to install eScriptorium on a cloud server.