This was extremely helpful, thank you so much On Wednesday, 8 April 2015 00:11:12 UTC-4, Jonathon wrote: > > *Written by someone who doesn't really know what he's doing either.* > > This install guide steps through how I got Mayan version 1.1 up and > running on a raspberry Pi to act as a home document management server. > The Raspberry Pi is a reasonably low powered computing system, so I have > tried to keep things lean by using SQLite and Nginx and not installed > Libreoffice (as I will only be storing scanned documents). > > Hardware > Mayan EDMS works on the Pi B, but for only a little bit more money the Pi > 2 works much better. > Also a class 10 SD card is important to speed up those IO cycles. > I installed Raspbian and stripped out as much of the Xorg stuff as I could > by following this stackexchange thread: > http://raspberrypi.stackexchange.com/questions/4745/how-to-uninstall-x-server-and-desktop-manager-when-running-as-headless-server > > Software > These instructions are based on the following articles that were > invaluable: > > - > > http://michal.karzynski.pl/blog/2013/06/09/django-nginx-gunicorn-virtualenv-supervisor/ > - > > http://michal.karzynski.pl/blog/2014/05/18/setting-up-an-asynchronous-task-queue-for-django-using-celery-redis/ > - https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html > - > > https://raymii.org/s/tutorials/HTTP_Strict_Transport_Security_for_Apache_NGINX_and_Lighttpd.html > > *Set up system user* > $ sudo groupadd --system mayan > $ sudo useradd --system mayan --gid mayan --shell /bin/bash --create-home > mayan > $ sudo mkdir /home/mayan > > It is probably better to use /opt/mayan or /opt/www as the home directory, > but I don't know if it make much difference. > > *Install dependancies* > $ sudo apt-get install libjpeg-dev libmagic1 libpng-dev libtiff-dev gcc > ghostscript gpgv \ > python-dev python-virtualenv tesseract-ocr unpaper poppler-utils -y > $ sudo apt-get install graphicsmagick nginx openssl supervisor redis- > server > > *Install Mayan EDMS application* > Set up a second session so that you can switch back & forth from the mayan > user and your normal user with sudo rights. > > $ sudo su - mayan > mayan@edms:~$ virtualenv venv > mayan@edms:~$ source venv/bin/activate > (venv)mayan@host ~ $ pip install mayan-edms > (venv)mayan@host ~ $ mayan-edms.py initialsetup > (venv)mayan@host ~ $ mayan-edms.py collectstatic > > I got errors using the built-in Python image backend, so we will enable > graphicsmagick: > > (venv)mayan@host ~ $ vi venv/lib/python2.7/site-packages/mayan/settings/ > production.py > > Add the following lines: > > CONVERTER_GRAPHICS_BACKEND = > 'converter.backends.graphicsmagick.GraphicsMagick' > CONVERTER_GM_SETTINGS = '-limit files 1 -limit memory 512MB -limit map 1GB > -density 200' > > Test that it works: > > (venv)mayan@host ~ $ mayan-edms.py runserver > --settings=mayan.settings.production > 0.0.0.0:8000 > > Point your web browser to the Raspberry Pi on port 8000. > Press Control-c on the terminal windows to quit. > > *Install Gunucorn* > (venv)mayan@host ~ $ pip install gunicorn > (venv)mayan@host ~ $ gunicorn mayan.wsgi:application --bind 0.0.0.0:8080 > > Test that it works by pointing your browser to the Raspberry Pi on port > 8080. > > We can set up a start script for gunicorn: > > (venv)mayan@host ~ $ vi venv/bin/gunicorn_start > > Enter the following lines: > > #!/bin/bash > > DJANGODIR=/home/mayan/venv/lib > SOCKFILE=/home/mayan/venv/run/gunicorn.sock > USER=mayan > GROUP=mayan > NUM_WORKERS=5 #how many worker processes should Gunicorn spawn, 2x CPU + 1 > DJANGO_SETTINGS_MODULE=mayan.settings.production > DJANGO_WSGI_MODULE=mayan.wsgi > LOGLEVEL=debug #options are: debug, info, warning, error, critical > > echo "Starting $NAME as `whoami`" > cd $DJANGODIR > source ../bin/activate > export DJANGO_SETTINGS_MODULE=$DJANGO_SETTINGS_MODULE > > # Create the run directory if it doesn't exist > RUNDIR=$(dirname $SOCKFILE) > test -d $RUNDIR || mkdir -p $RUNDIR > > exec ../bin/gunicorn ${DJANGO_WSGI_MODULE}:application \ > --workers $NUM_WORKERS \ > --user=$USER --group=$GROUP \ > --bind=unix:$SOCKFILE \ > --log-level=$LOGLEVEL \ > --log-file=- > > Set permissions and create logging directory: > > (venv)mayan@host ~ $ chmod 744 venv/bin/gunicorn_start > (venv)mayan@host ~ $ mkdir venv/logs > (venv)mayan@host ~ $ touch venv/logs/gunicorn_supervisor.log > > Switch back to your normal user and set up supervisord to start up the > gunicorn process: > > $ sudo vi /etc/supervisor/conf.d/mayan.conf > > Enter the following: > > [program:mayan] > command = /home/mayan/venv/bin/gunicorn_start > user = mayan > stdout_logfile = /home/mayan/venv/logs/gunicorn_supervisor.log > redirect_stderr = true > environment=LANG=en_US.UTF-8,LC_ALL=en_US.UTF-8 ; Set UTF-8 as default > encoding > > Update supervisord: > > $ sudo supervisorctl reread > $ sudo supervisorctl update > $ sudo supervisorctl status > > *Set up Nginx* > We will implement some reasonable security (I hope) by enabling SSL with > strong ciphers and strict transport security. > Note that the cipher suite that is chosen here requires modern browsers. > If you are using on old version of IE then it really is time to upgrade. > > First up create a certificate and a strong diffie-helman key: > > $ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ > nginx/mayan.key -out /etc/nginx/mayan.crt > $ sudo chmod 400 /etc/nginx/mayan.* > $ sudo openssl dhparam -out /etc/nginx/mayan.pem 4096 > $ sudo chmod 400 /etc/nginx/mayan.pem > > Note that the openssl dhparm comand takes a *long* time on the Raspberry > Pi - it's best to leave it running over night. > > Now configure Nginx: > > $ sudo vi /etc/nginx/sites-available/mayan > > Enter the following: > > upstream mayan_app_server { > server unix:/home/mayan/venv/run/gunicorn.sock fail_timeout=0; > } > > server { > listen 80; > return 301 https://$host$request_uri; > } > > server { > listen 443; > ssl on; > server_name mayan; > ssl_certificate /etc/nginx/mayan.crt; > ssl_certificate_key /etc/nginx/mayan.key; > ssl_dhparam /etc/nginx/mayan.pem; > ssl_session_cache builtin:1000 shared:SSL:10m; > ssl_protocols TLSv1 TLSv1.1 TLSv1.2; > ssl_ciphers 'AES128+EECDH:AES128+EDH'; > ssl_prefer_server_ciphers on; > add_header Strict-Transport-Security "max-age=63072000; > includeSubdomains; preload"; > client_max_body_size 4G; > > location /static/ { > alias > /home/mayan/venv/local/lib/python2.7/site-packages/mayan/media/static/; > } > location /media/ { > alias > /home/mayan/venv/local/lib/python2.7/site-packages/mayan/media/; > } > location / { > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header Host $http_host; > proxy_redirect off; > if (!-f $request_filename) { > proxy_pass http://mayan_app_server; > break; > } > } > } > > Link the config to the enabled sites and restart Nginx: > > $ sudo ln -s /etc/nginx/sites-available/mayan /etc/nginx/sites-enabled/ > mayan > $ sudo rm /etc/nginx/sites-enabled/default > $ sudo /etc/init.d/nginx restart > > You can now test by pointing browser at the RPi on port 80 and it should > redirect to port 443. > > At this point the Mayan EDMS system is usable and you may be happy to > leave it there. However you will probably get page timeouts occurring when > doing OCR as it is a CPU intensive operation. > To fix this we will configure celery and redis to allow tasks to be handed > off to workers without tying up the main user interface process. > > *Configure Celery & Redis* > Switch back to the mayan user and install celery: > > (venv)mayan@host ~ $ pip install celery[redis] > > Switch to your normal user and set up supervisord to start the celery > workers: > > $ sudo vi /etc/supervisor/conf.d/mayan-celery.conf > > Enter the following: > > [program:converter] > command=/home/mayan/venv/bin/celery -A mayan worker -l DEBUG -n > worker1.%%h -Ofair -Q converter > user=mayan > numprocs=1 > stdout_logfile=/home/mayan/venv/logs/celery-worker.log > stderr_logfile=/home/mayan/venv/logs/celery-worker.log > autostart=true > autorestart=true > startsecs=10 > stopwaitsecs=600 > killasgroup=true > priority=998 > > [program:ocr] > command=/home/mayan/venv/bin/celery -A mayan worker -l DEBUG -n > worker2.%%h -Ofair -Q ocr > user=mayan > numprocs=1 > stdout_logfile=/home/mayan/venv/logs/celery-worker.log > stderr_logfile=/home/mayan/venv/logs/celery-worker.log > autostart=true > autorestart=true > startsecs=10 > stopwaitsecs=600 > killasgroup=true > priority=998 > > [program:uploads] > command=/home/mayan/venv/bin/celery -A mayan worker -l DEBUG -n > worker3.%%h -Ofair -Q uploads,checkouts > user=mayan > numprocs=1 > stdout_logfile=/home/mayan/venv/logs/celery-worker.log > stderr_logfile=/home/mayan/venv/logs/celery-worker.log > autostart=true > autorestart=true > startsecs=10 > stopwaitsecs=600 > killasgroup=true > priority=998 > > [group:mayan-celery] > programs=converter,ocr,uploads > > *This seems inelegant to me - there must be a better way to do this. * > > Update supervisord: > > $ sudo supervisorctl reread > $ sudo supervisorctl update > $ sudo supervisorctl status > > Switch back to the mayan user and configure the Mayan EDMS application to > use redis: > > (venv)mayan@host ~ $ vi venv/lib/python2.7/site-packages/mayan/settings/ > production.py > > Add these lines to the settings file: > > BROKER_URL = 'redis://127.0.0.1:6379/0' > CELERY_RESULT_BACKEND = 'redis://127.0.0.1:6379/0' > CELERY_ALWAYS_EAGER = False > > Restart the gunicorn process to pick up the new settings (as your normal > user): > > ...
-- --- You received this message because you are subscribed to the Google Groups "Mayan EDMS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
