FIR is a web application designed by CERT Société Générale. It's coded in Python and uses Django.
Installation as documented uses Nginx and pip, two tools I'm not using. I already run several Apache servers, and I do prefer relying on pkg for software installation. For me, pip is more a developer tool: very convenient with virtualenv but not what I would use for production.
If you want to use pip, just go with the official documentation :)
So on a FreeBSD 11.2-RELEASE server, you need to install all required packages. Be careful, py27-MySQLdb
uses mysql56-server
, not mysql57-server
, and FIR works with Python 2.7, not 3.x (as far as I can say).
$ sudo pkg install gettext mysql56-server py27-pip py27-virtualenv git apache24 uwsgi py27-MySQLdb py27-django py27-cssselect py27-django-filter py27-djangorestframework py27-flup6 py27-gunicorn py27-lxml py27-markdown py27-pymongo py27-pyquery py27-dateutil py27-pytz py27-six py27-django-treebeard py27-markdown2 py27-bleach py27-python-gettext
Add those lines to /etc/rc.conf
:
mysql_enable="yes" uwsgi_enable="yes" apache24_enable="yes"
The requirement list includes dj-database-url
and whitenoise
, but I was not able to find them in FreeBSD's packages. I've just ignored them and everything seems to work fine.
If needed, sudo pip install…
should do the trick.
Follow the documentation:
- configure MySQL
- install FIR without virtualenv
(in /usr/local/www
for example)
- create and tune production.py
- create installed_apps.txt
(you do want the plugins)
- create tables in the db
- create the admin user
- populate the db
- collect static files
On FreeBSD we run uwsgi
as a service, under uwsgi
UID. So chown
must reflect that:
$ sudo chown uwsgi logs/errors.log uploads $ sudo chmod 750 logs/errors.log uploads
Skip the uWSGI section of the documentation. Instead, create config file for uwsgi
with this content:
$ cat /usr/local/etc/uwsgi/uwsgi.ini [uwsgi] chdir = /usr/local/www/FIR module = fir.wsgi
You can now start the service:
$ sudo service uwsgi start
Then, skip the nginx part, and go configure Apache:
- load proxy_module
and proxy_uwsgi_module
in httpd.conf
- add the following to the relevant part of Apache configuration:
# FIR ProxyPass /FIR unix:/tmp/uwsgi.sock|uwsgi://usr/local/www/FIR Alias /files/ /usr/local/www/FIR/files/ Alias /static/ /usr/local/www/FIR/static/ <Directory /usr/local/www/FIR/static> Require all granted </Directory> <Directory /usr/local/www/FIR/files> Require all granted </Directory>
Restart Apache: you're all set, point your browser to https://your-server/FIR/