Deployment Guide

Domain Setup

Setting up G-Suite

MX Records Setup: Follow the guide at Nira.com G-Suite MX Records
Email Authentication: Configure using HelloInbox Email Authentication Guide

Deployment Process

Creating and Uploading a Deployment Package

Currently, the deployment process to digital ocean is done through Github actions in which we manually trigger the action.

You can learn more on the .github/actions folder to learn how it goes.

Database Setup

MySQL Installation and Configuration

Install MySQL Server:
```
sudo apt install mysql-server
```
Secure MySQL Installation:
```
sudo mysql_secure_installation
```
Log in to MySQL:
```
sudo mysql
```

Create a Database and User:

CREATE DATABASE your_database_name;
CREATE USER 'your_username'@'localhost' IDENTIFIED BY 'your_password';
GRANT ALL PRIVILEGES ON your_database_name.* TO 'your_username'@'localhost';
FLUSH PRIVILEGES;
EXIT;

Web Server Configuration

Setting up Gunicorn Service

Create Required Directories:
```
mkdir /tmp/app/
```

Create a Systemd Service File for Gunicorn:

sudo nano /etc/systemd/system/rhea_main_backend.service

Add the Following Configuration:

[Unit]
Description=Rhea Main Django backend
After=network.target

[Service]
User=root
Group=root
WorkingDirectory=/home/backend/
Environment="DJANGO_SETTINGS_MODULE=project.settings"
Environment="PYTHONPATH=/home/backend/"
ExecStart=/home/backend/venv/bin/gunicorn --workers 3 --bind unix:/tmp/app/rhea_main_backend.sock project.wsgi:application

[Install]
WantedBy=multi-user.target

Starting and Testing Gunicorn

Reload Systemd and Start the Service:

sudo systemctl daemon-reload
sudo systemctl start rhea_main_backend

Test the Service:

curl --unix-socket /tmp/app/rhea_main_backend.sock http://localhost

Set Proper Permissions:

sudo chown root:www-data /tmp/app/rhea_main_backend.sock
sudo chmod 660 /tmp/app/rhea_main_backend.sock

Check Service Status:
```
sudo systemctl status rhea_main_backend
```

Nginx Configuration

Create Nginx Configuration File:

sudo nano /etc/nginx/sites-available/rhea_main_backend

Backend Configuration:

server {
    listen 80;
    server_name api.rhea.africa www.api.rhea.africa;

    location / {
        proxy_pass http://unix:/tmp/app/rhea_main_backend.sock;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_buffering off;
    }
}

Enable the Site:

sudo ln -s /etc/nginx/sites-available/rhea_main_backend /etc/nginx/sites-enabled/

Restart Nginx:
```
sudo systemctl restart nginx
```
Test Nginx Configuration:
```
sudo nginx -t
```

Redis Setup

Update and Install Redis:

sudo apt update
sudo apt install redis-server -y

Configure Redis:
```
sudo nano /etc/redis/redis.conf
```
Find the line that says supervised no and change it to:
```
supervised systemd
```

Enable and Start Redis:

sudo systemctl start redis-server
sudo systemctl enable redis-server

Check Redis Status:
```
sudo systemctl status redis-server
```

Celery Configuration

Setting up Celery Beat

Create Celery Beat Service File:

sudo nano /etc/systemd/system/celery-beat.service

Production Configuration:

[Unit]
Description=Celery Beat Service
After=network.target

[Service]
User=root
Group=root
WorkingDirectory=/home/backend/
ExecStart=/home/backend/venv/bin/celery -A project beat --loglevel=info

[Install]
WantedBy=multi-user.target

Development Configuration (for local testing):

[Unit]
Description=Celery Beat Service
After=network.target

[Service]
User=root
Group=root
WorkingDirectory=/home/dalmas/E/Rhea/backend/project
ExecStart=/home/dalmas/E/Rhea/backend/project/venv/bin/celery -A project beat --loglevel=info

[Install]
WantedBy=multi-user.target

Setting up Celery Worker

Create Celery Worker Service File:

sudo nano /etc/systemd/system/celery-worker1.service

Production Configuration:

[Unit]
Description=Celery Worker 1 Service
After=network.target

[Service]
User=root
Group=root
WorkingDirectory=/home/backend/
ExecStart=/home/backend/venv/bin/celery -A project worker -l info -n worker1

[Install]
WantedBy=multi-user.target

Development Configuration (for local testing):

[Unit]
Description=Celery Worker 1 Service
After=network.target

[Service]
User=root
Group=root
WorkingDirectory=/home/dalmas/E/Rhea/backend/project
ExecStart=/home/dalmas/E/Rhea/backend/project/venv/bin/celery -A project worker -l info -n worker1

[Install]
WantedBy=multi-user.target

Service Management

Reloading and Enabling Services

Reload Systemd Daemon:
```
sudo systemctl daemon-reload
```

Enable Services:

sudo systemctl enable celery-beat
sudo systemctl enable celery-worker1

Start Services:

sudo systemctl start celery-beat
sudo systemctl start celery-worker1

Check Service Status:

sudo systemctl status celery-beat
sudo systemctl status celery-worker1

Restarting All Services

sudo systemctl restart rhea_main_backend
sudo systemctl restart celery-beat
sudo systemctl restart celery-worker1
sudo systemctl restart nginx

Viewing Service Logs

journalctl -u rhea_main_backend.service -f

Environment Variables

Encrypting Environment Variables

Important: Leave no blank lines in the .env file, as this can cause decryption problems.

sops --encrypt --age '<public-key>' .prod.env > secret.env

Domain Setup​

Setting up G-Suite​

Deployment Process​

Creating and Uploading a Deployment Package​

Database Setup​

MySQL Installation and Configuration​

Web Server Configuration​

Setting up Gunicorn Service​

Starting and Testing Gunicorn​

Nginx Configuration​

Redis Setup​

Celery Configuration​

Setting up Celery Beat​

Setting up Celery Worker​

Service Management​

Reloading and Enabling Services​

Restarting All Services​

Viewing Service Logs​

Environment Variables​

Encrypting Environment Variables​