Difference between revisions of "PYTHONAPP"
Jump to navigation
Jump to search
| (15 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
=Karaoke app Deployment= | |||
== Prerequisite Check == | |||
# ssh into the server | |||
# verify what is installed | |||
apache2 -v | apache2 -v | ||
python3 --version | python3 --version | ||
mysql --version | mysql --version | ||
which certbot | which certbot | ||
# if certbot isn't installed | |||
sudo apt update | |||
sudo apt install certbot python3-certbot-apache -y | |||
# Install Python venv if needed: | |||
sudo apt install python3-venv python3-pip -y | |||
== Create the App Directory == | |||
sudo mkdir -p /var/www/html/myapp | |||
cd /var/www/html/myapp | |||
== Upload App Files == | |||
# Upload the .env file (hidden, so it won't be picked up by scp -r) | |||
'''If you don't see .env in Finder, press Cmd+Shift+. to toggle hidden files.''' | |||
== Set up the Python Environment == | |||
cd /var/www/html/myapp | |||
python3 -m venv venv | |||
source venv/bin/activate | |||
pip install flask pymysql cryptography gunicorn DBUtils | |||
deactivate | |||
'''The cryptography package is required for MySQL caching_sha2_password auth.''' | |||
== Configure the Database == | |||
'''Open phpMyAdmin in your browser. Make sure the user in your .env file has privileges on the dbasename database. If not, in phpMyAdmin run:''' | |||
GRANT ALL PRIVILEGES ON dbasename.* TO 'YourUser'@'localhost'; | |||
FLUSH PRIVILEGES; | |||
'''Verify your .env file on the server has the correct values:''' | |||
cat /var/www/html/myapp/.env | |||
''' It should contain ''' | |||
DB_HOST=localhost | |||
DB_USER=YourUser | |||
DB_PASS=YourPassword | |||
DB_NAME=dbasename | |||
SECRET_KEY=some-random-string | |||
HOST_NAME= name for the host side | |||
PORT=3001 | |||
'''Important: Use a different port from any other apps you have running. I'm using 3001 here — pick whatever's free.''' | |||
==Test App Manually== | |||
cd /var/www/html/myapp | |||
source venv/bin/activate | |||
python3 app.py | |||
'''You should see "Karaoke app running on http://localhost:3001". In another SSH window test''' | |||
sudo nano /etc/systemd/system/myapp.service | |||
== Create the systemd Service == | |||
'''Paste ''' | |||
[Unit] | |||
Description=My App mydir (Gunicorn) | |||
After=network.target | |||
[Service] | |||
User=www-data | |||
Group=www-data | |||
WorkingDirectory=/var/www/html/myapp | |||
Environment="PATH=/var/www/html/myapp/venv/bin" | |||
ExecStart=/var/www/html/myapp/venv/bin/gunicorn --workers 3 --bind 127.0.0.1:3001 app:app | |||
Restart=always | |||
[Install] | |||
WantedBy=multi-user.target | |||
'''Save (Ctrl+O, Enter, Ctrl+X).''' | |||
'''Set permissions:''' | |||
sudo chown -R www-data:www-data /var/www/html/myapp | |||
'''Enable and start ''' | |||
sudo systemctl daemon-reload | |||
sudo systemctl enable myapp | |||
sudo systemctl start myapp | |||
sudo systemctl status myapp | |||
'''You should see active (running). If not:''' | |||
sudo journalctl -u myapp -n 50 | |||
== Configure Apache Reverse Proxy== | |||
'''Enable required modules (only needed once on the server):''' | |||
sudo a2enmod proxy proxy_http ssl rewrite headers | |||
'''Create the HTTP vhost (which certbot will upgrade later):''' | |||
sudo nano /etc/apache2/sites-available/mydomain.conf | |||
'''Paste — replace yourdomain.com with your actual domain'' | |||
<pre> | |||
<VirtualHost *:80> | |||
ServerName yourdomain.com | |||
ServerAlias www.yourdomain.com | |||
ProxyPreserveHost On | |||
ProxyPass / http://127.0.0.1:3001/ | |||
ProxyPassReverse / http://127.0.0.1:3001/ | |||
ErrorLog ${APACHE_LOG_DIR}/mydomain-error.log | |||
CustomLog ${APACHE_LOG_DIR}/mydomain-access.log combined | |||
</VirtualHost> | |||
</pre> | |||
'''Enable and reload''' | |||
sudo a2ensite mydomain.conf | |||
sudo apache2ctl configtest | |||
sudo systemctl reload apache2 | |||
Test in your browser: http://yourdomain.com — you should see the login page. | |||
== Enable HTTPS with Certbot== | |||
'''Make sure your domain's DNS A record points to your server IP first.''' | |||
'''Run certbot:''' | |||
sudo certbot --apache -d yourdomain.com -d www.yourdomain.com | |||
'''Choose 2 (Redirect) when asked, so HTTP automatically redirects to HTTPS.''' | |||
'''Certbot will create /etc/apache2/sites-available/rb222-le-ssl.conf and enable it.''' | |||
sudo apache2ctl configtest | |||
sudo systemctl reload apache2 | |||
'''Visit https://yourdomain.com — you should see the lock icon and the app.''' | |||
'''If certbot fails to auto-configure (it sometimes does), create the SSL vhost manually:''' | |||
sudo nano /etc/apache2/sites-available/mydomain-le-ssl.conf | |||
<pre> | |||
<IfModule mod_ssl.c> | |||
<VirtualHost *:443> | |||
ServerName yourdomain.com | |||
ServerAlias www.yourdomain.com | |||
ProxyPreserveHost On | |||
ProxyPass / http://127.0.0.1:3001/ | |||
ProxyPassReverse / http://127.0.0.1:3001/ | |||
SSLEngine on | |||
SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem | |||
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem | |||
Include /etc/letsencrypt/options-ssl-apache.conf | |||
ErrorLog ${APACHE_LOG_DIR}/rb222-ssl-error.log | |||
CustomLog ${APACHE_LOG_DIR}/rb222-ssl-access.log combined | |||
</VirtualHost> | |||
</IfModule> | |||
</pre> | |||
'''then''' | |||
sudo a2ensite mydomain-le-ssl.conf | |||
sudo systemctl reload apache2 | |||
'''Cert auto-renewal is already enabled by certbot's systemd timer — verify with''' | |||
sudo systemctl list-timers | grep certbot | |||
=Database Optimization= | |||
<pre> | |||
CREATE INDEX idx_songs_title ON songs(Title(100)); | |||
CREATE INDEX idx_songs_artists ON songs(Artists(100)); | |||
CREATE INDEX idx_favorite_name ON Favorite(Name(80), Tag(20)); | |||
CREATE INDEX idx_queue_status ON queue(Status(20)); | |||
CREATE INDEX idx_queue_timestamp ON queue(TimeStamp(20)); | |||
CREATE INDEX idx_archive_name ON Archive_Singers(Name(80)); | |||
</pre> | |||
Latest revision as of 20:25, 21 April 2026
Karaoke app Deployment
Prerequisite Check
- ssh into the server
- verify what is installed
apache2 -v python3 --version mysql --version which certbot
- if certbot isn't installed
sudo apt update sudo apt install certbot python3-certbot-apache -y
- Install Python venv if needed:
sudo apt install python3-venv python3-pip -y
Create the App Directory
sudo mkdir -p /var/www/html/myapp cd /var/www/html/myapp
Upload App Files
- Upload the .env file (hidden, so it won't be picked up by scp -r)
If you don't see .env in Finder, press Cmd+Shift+. to toggle hidden files.
Set up the Python Environment
cd /var/www/html/myapp python3 -m venv venv source venv/bin/activate pip install flask pymysql cryptography gunicorn DBUtils deactivate
The cryptography package is required for MySQL caching_sha2_password auth.
Configure the Database
Open phpMyAdmin in your browser. Make sure the user in your .env file has privileges on the dbasename database. If not, in phpMyAdmin run:
GRANT ALL PRIVILEGES ON dbasename.* TO 'YourUser'@'localhost'; FLUSH PRIVILEGES;
Verify your .env file on the server has the correct values:
cat /var/www/html/myapp/.env
It should contain
DB_HOST=localhost DB_USER=YourUser DB_PASS=YourPassword DB_NAME=dbasename SECRET_KEY=some-random-string HOST_NAME= name for the host side PORT=3001
Important: Use a different port from any other apps you have running. I'm using 3001 here — pick whatever's free.
Test App Manually
cd /var/www/html/myapp source venv/bin/activate python3 app.py
You should see "Karaoke app running on http://localhost:3001". In another SSH window test
sudo nano /etc/systemd/system/myapp.service
Create the systemd Service
Paste
[Unit] Description=My App mydir (Gunicorn) After=network.target [Service] User=www-data Group=www-data WorkingDirectory=/var/www/html/myapp Environment="PATH=/var/www/html/myapp/venv/bin" ExecStart=/var/www/html/myapp/venv/bin/gunicorn --workers 3 --bind 127.0.0.1:3001 app:app Restart=always [Install] WantedBy=multi-user.target
Save (Ctrl+O, Enter, Ctrl+X).
Set permissions:
sudo chown -R www-data:www-data /var/www/html/myapp
Enable and start
sudo systemctl daemon-reload sudo systemctl enable myapp sudo systemctl start myapp sudo systemctl status myapp
You should see active (running). If not:
sudo journalctl -u myapp -n 50
Configure Apache Reverse Proxy
Enable required modules (only needed once on the server):
sudo a2enmod proxy proxy_http ssl rewrite headers
Create the HTTP vhost (which certbot will upgrade later):
sudo nano /etc/apache2/sites-available/mydomain.conf
'Paste — replace yourdomain.com with your actual domain
<VirtualHost *:80>
ServerName yourdomain.com
ServerAlias www.yourdomain.com
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:3001/
ProxyPassReverse / http://127.0.0.1:3001/
ErrorLog ${APACHE_LOG_DIR}/mydomain-error.log
CustomLog ${APACHE_LOG_DIR}/mydomain-access.log combined
</VirtualHost>
Enable and reload
sudo a2ensite mydomain.conf sudo apache2ctl configtest sudo systemctl reload apache2
Test in your browser: http://yourdomain.com — you should see the login page.
Enable HTTPS with Certbot
Make sure your domain's DNS A record points to your server IP first.
Run certbot:
sudo certbot --apache -d yourdomain.com -d www.yourdomain.com
Choose 2 (Redirect) when asked, so HTTP automatically redirects to HTTPS.
Certbot will create /etc/apache2/sites-available/rb222-le-ssl.conf and enable it.
sudo apache2ctl configtest sudo systemctl reload apache2
Visit https://yourdomain.com — you should see the lock icon and the app.
If certbot fails to auto-configure (it sometimes does), create the SSL vhost manually:
sudo nano /etc/apache2/sites-available/mydomain-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName yourdomain.com
ServerAlias www.yourdomain.com
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:3001/
ProxyPassReverse / http://127.0.0.1:3001/
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ErrorLog ${APACHE_LOG_DIR}/rb222-ssl-error.log
CustomLog ${APACHE_LOG_DIR}/rb222-ssl-access.log combined
</VirtualHost>
</IfModule>
then
sudo a2ensite mydomain-le-ssl.conf sudo systemctl reload apache2
Cert auto-renewal is already enabled by certbot's systemd timer — verify with
sudo systemctl list-timers | grep certbot
Database Optimization
CREATE INDEX idx_songs_title ON songs(Title(100)); CREATE INDEX idx_songs_artists ON songs(Artists(100)); CREATE INDEX idx_favorite_name ON Favorite(Name(80), Tag(20)); CREATE INDEX idx_queue_status ON queue(Status(20)); CREATE INDEX idx_queue_timestamp ON queue(TimeStamp(20)); CREATE INDEX idx_archive_name ON Archive_Singers(Name(80));