-
Notifications
You must be signed in to change notification settings - Fork 149
Installing
Because RatticWeb doesn't make any attempt to keep passwords encrypted in the database we strongly recommend that you install it on a disk encrypted partition. You can choose to encrypt the entire system, in which case console access will be required on a reboot, or you can simply choose to only encrypt the database partiton, in which case you could decrypt the volume via SSH. What you do is your decision but a few rules always apply:
-
When in doubt, err on the side of caution
-
The physical security of the box is paramount
-
Analyse the impact and risk of a breach before deciding on actions
RatticWeb is known to run on RHEL with MySQL, it will most likely also run on SQLite, Postgres and other distributions, but it doesn't get as rigorous testing. Software that should be installed as is its required by pip:
-
GCC
-
mysql-devel
-
openssl-devel
-
openldap-devel
You will also want:
-
python-devel
-
libxml2-devel
-
libxslt-devel
Once you have these installed you can install all the python modules required. You can choose to do this within a virtualenv if you like, just make sure you add it to the python-path in the apache config below. You install the python modules with this command:
pip install -r requirements-mysql.txt
We suggest installing the application into /opt/apps/RatticWeb. Just extract one of the GitHub release tarballs from here to /opt/apps to install this way: https://github.com/tildaslash/RatticWeb/tags
You should then create a directory for the static web files to go, we suggest /opt/apps/RatticWeb/static.
You also need to setup a database for RatticDB, simply start MySQL and create a database, user and password. Grant the user permission to the database. Remember the password; you'll need it later.
By default RatticWeb runs in debug mode using an SQLite database. To change this and configure the MySQL connection, create a /opt/apps/RatticWeb/conf/local.cfg file with the following contents:
[ratticweb]
debug = False
secretkey = [enter a string of random secret data]
hostname = demo.rattic.org
[filepaths]
static = /opt/apps/RatticWeb/static
[database]
engine = django.db.backends.mysql
name = rattic
user = root
password =
host =
port =
Change the database settings to match the ones you have just created. If you want to configure RatticWeb to use LDAP, see LDAP.
To create and setup the database you should now run the following commands:
cd /opt/apps/RatticWeb/
./manage.py syncdb --noinput
./manage.py migrate --all
to build the language files:
./manage.py compilemessages
and to populate the static files directory:
cd /opt/apps/RatticWeb/
./manage.py collectstatic -c --noinput
and finally to create an initial user account (Username: admin, Password: rattic) do this:
cd /opt/apps/RatticWeb/
./manage.py demosetup
You should also look at the settings in /opt/apps/RatticWeb/conf/default.cfg as you might want to adjust some of these, particularly the time zone.
First follow your distribution's instructions to install Apache, and your CA's instructions to setup your SSL certificates. You also need to install the libapache2-mod-wsgi package. The first thing you should then do is setup a redirect from HTTP to HTTPS. We use these settings on our Vagrant test boxes, but there are many ways to do it and ultimately its up to you. Replace FQDN and hostname with values appropriate to your server.
NameVirtualHost *:80
<VirtualHost *:80>
ServerName {{ FQDN }}
ServerAlias {{ hostname }}
Redirect permanent / https://{{ FQDN }}/
</VirtualHost>
Once you have the redirect setup, configure Apache to serve RatticDB and its static assets as follows:
Alias /robots.txt /opt/apps/RatticWeb/static/robots.txt
Alias /favicon.ico /opt/apps/RatticWeb/static/favicon.ico
AliasMatch ^/([^/]*\.css) /opt/apps/RatticWeb/static/styles/$1
Alias /media/ /opt/apps/RatticWeb/media/
Alias /static/ /opt/apps/RatticWeb/static/
<Directory /opt/apps/RatticWeb/static>
Order deny,allow
Allow from all
</Directory>
<Directory /opt/apps/RatticWeb/media>
Order deny,allow
Allow from all
</Directory>
WSGIScriptAlias / /opt/apps/RatticWeb/ratticweb/wsgi.py
WSGIPassAuthorization On
WSGIDaemonProcess rattic processes=2 threads=25 home=/opt/apps/RatticWeb/ python-path=/opt/apps/RatticWeb display-name=%{GROUP}
WSGIProcessGroup rattic
<Directory /opt/apps/RatticWeb/ratticweb>
<Files wsgi.py>
Order deny,allow
Allow from all
</Files>
</Directory>
The paths should be changed if you installed RatticWeb at a different location.
If the rewrite to https isn't working for you, make sure to enable mod_rewrite for apache, as on some systems it isn't enabled by default.
You should now be able to start Apache, and login with the demo credentials. We suggest that you create your own account and delete the admin user as soon as possible. Make sure that you make yourself into a staff member.
Upgrading RatticDB is quite simple, you mostly follow the same steps you would to install. Follow these steps:
Update the RatticDB files. This can be done by repeating the steps you used when installing. Take care to ensure that files that have been deleted between versions get deleted. As an example if you run RatticDB from a git checkout you could do the following:
git fetch
git checkout v1.1.0
Install the pip requirements. This is done exactly the same way as when you originally installed it. If you are using globally installed pip modules the following command will work, if you are using a python virtualenv you will need to enter that environment first.
pip install -r requirements-mysql.txt
Finally you need to run the RatticDB setup scripts. To do so, simply change to the directory where RatticDB is installed and run them. If you are scripting this process, you may wish to add --noinput so that they do not prompt for information.
./manage.py syncdb
./manage.py migrate
./manage.py collectstatic
./manage.py compilemessages