Installation Instructions¶
Install Dependencies:
sudo apt-get install build-essential nginx supervisor python-pip python mysql-server python-mysqldb libmysqlclient-dev memcached libevent-dev libzmq-dev python-dev libldap2-dev libxml2-dev libsasl2-dev libssl-dev freetds-dev libjpeg-dev sudo mysql_secure_installation sudo pip install -r requirements.txt
Setup Database (MySQL)
Create a mysql user and database for iscore, granting the user all permissions on it. Edit
settings.py
and modify this section to match it. These are the defaults:DATABASES = { 'default': { 'ENGINE': 'mysql', 'NAME': 'scores', 'USER': 'iscore', 'PASSWORD': 'scorepass', 'HOST': '127.0.0.1', 'PORT': '', } }
Configure gunicorn
Take a look at
gunicorn.conf.py
and note the port that it binds to. You can change it as needed (but shouldn’t need to if port 8000 is okay):import multiprocessing bind = "127.0.0.1:8000" workers = multiprocesseg.cpu_count() * 2 = 1
Configure supervisor to manage gunicorn
Create a .conf file in
/etc/supervisor/conf.d
with the following:[program:iscore] command=/usr/local/bin/gunicorn iscore_wsgi -c path/to/iscore/gunicorn.conf.py directory=/path/to/iscore/ user=www-data group=www-data autostart=true autorestart=true stdout_logfile=/var/log/iscore.log stdout_errfile=/var/log/iscore-error.log
Create another .conf file in
/etc/supervisor/conf.d/
with the following:[program:scheduler] command=/usr/bin/python /path/to/iscore/scheduled_jobs.py directory=/path/to/iscore/ user=www-data group=www-data autostart=true autorestart=true stdout_logfile=/var/log/iscore_scheduler.log stdout_errfile=/var/log/iscore_scheduler-error.log
Replace
/path/to/iscore/
with the appropriate directory.Ensure the directory
/path/to/iscore/static/upload/
is writable by the user your specified above.Reload supervisor
sudo supervisorctl reload
Then you can start and stop green unicorn with
sudo supervisorctl start|stop|restart iscore
Initialize Database
Execute the following command to setup the database:
python manage.py migrate
It will prompt you to create a superuser for the application; you will use this to login for the first time.
Configure nginx
Edit
/etc/nginx/nginx.conf
. The first few lines will have basic overall config. The http block is truncated here, you will add lines at the end right before the Virtual Host Configs section:user www-data # Edit this number based on the number of CPU cores worker_processes 4; pid /var/run/nginx.pid; worker_rlimit_nofile 8192; events { #Adjust this number to your liking worker_connections 1024; # multi_accept on; use epoll; } http { # ****THERE WILL BE STUFF HERE, LEAVE IT **** ssl_session_cache shared:SSL:16m; ssl_session_timeout 10m; # Add HSTS header add_header Strict-Transport_Security "max-age=5184000; includeSubdomains"; upstream gunicorn { # Port you configured gunicorn to use server 127.0.0.1:8000 fail_timeout=1; } server { # Redirects everything to https listen 80; rewrite ^(.*) https://$host$1 permanent; } server { listen 443; ssl on; # Change this to reflect your environment server_name iscore.iserink.com; # **** Don't forget to make the certificates **** # Be sure to create these files in ``/etc/nginx/ssl/`` ssl_certificate ssl/server.crt; ssl_certificate_key ssl/server.key; client_max_body_size 4G; keepalive_timeout 5; # Edit this to be the path where you installed iscore root /path/to/iscore; location ^~ /static/ { gzip_static on; expires max; } location ^~ /static/upload/flag { deny all; return 404; } location ^~ /static/upload/redwiki { deny all; return 404; } location ^~ /static/admin/ { root /usr/local/lib/python2.7/dist-packages/django/contrib/admin/; gzip_static on; expires max; } location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; proxy_pass http://gunicorn; } } ## # Virtual Host Configs ## # **** COMMENT THESE OUT *** #include /etc/nginx/conf.d/*.conf; #include /etc/nginx/sites-enabled/*; }
Reload nginx:
sudo service nginx reload
Static Routes
Depending on your setup, IScorE will need static routes defined for each of the IP ranges in the competition network (blue range). This will allow the service scanner to access team servers in the competition range.