diff --git a/deploy.sh b/deploy.sh
new file mode 100644
index 0000000000000000000000000000000000000000..f438d17a37dcf8c5c56dfb3bbe345db77599fdac
--- /dev/null
+++ b/deploy.sh
@@ -0,0 +1,47 @@
+#!/bin/sh
+# Running as the 'gliders' user, fetch and deploy the
+# backend tools and website. This script will download
+# all our logs from various dockservers and
+# migrates data (such as users) from the old gliders
+# website database.
+
+# Generate a SSH key
+# We want passwordless authentication when logging into
+# dockservers from scripts etc.
+ssh-keygen
+
+# Install Composer
+mkdir -p /home/gliders/bin
+curl -sS https://getcomposer.org/installer | php -- --install-dir=bin
+ln -s /home/gliders/bin/composer.phar /home/gliders/bin/composer
+
+# Set up python environment and directories
+mkdir -p /home/gliders/code
+mkdir -p /home/gliders/pythonenv
+mkdir -p /var/gliders/www /var/gliders/www_dev /var/gliders/logs
+virtualenv /home/gliders/pythonenv --system-site-packages
+echo 'source /home/gliders/pythonenv/bin/activate' >> /home/gliders/.bash_profile
+source /home/gliders/pythonenv/bin/activate
+
+cd /home/gliders/code
+# Add contents of /home/gliders/.ssh/id_rsa.pub to GitLab, then:
+git clone git@gitlab.noc.soton.ac.uk:owanes/gliders-tools.git
+git clone git@gitlab.noc.soton.ac.uk:owanes/gliders-website.git
+
+# Install the gliders DB and parser python libraries,
+# then fetch all our log files and parse them!
+cd gliders-tools
+python setup.py install
+
+echo "please enter your mysql root user password when prompted (three times)"
+mysql -u root -p < new_schema.sql
+echo "CREATE USER 'gliders'@'%' IDENTIFIED BY 'gliders9876';" | mysql -u root -p
+echo "GRANT ALL ON gliders.* TO 'gliders'@'%';" | mysql -u root -p
+cd bin
+./migrate_data.sh
+./migrate_argos.sh
+
+# Deploy the website
+cd /home/gliders/code/gliders-website
+./bin/deploy.sh
+./bin/deploy_dev.sh
diff --git a/gliders.nginx.conf b/gliders.nginx.conf
index 48367b8966eaf05512141ea2dc229b0e4dbc5f83..b97ec16b5e1532d35f37d3de645ca20197293619 100644
--- a/gliders.nginx.conf
+++ b/gliders.nginx.conf
@@ -16,7 +16,7 @@ map $host $symfony_root_dev {
server {
listen 80;
- server_name gliders.vm;
+ server_name gliders.vm gliders.odj.me;
root $symfony_root/web;
error_log /var/log/nginx/gliders.error.log;
@@ -74,7 +74,65 @@ server {
server {
listen 80;
- server_name dev.gliders.vm;
+ server_name dev.gliders.vm dev.gliders.odj.me;
+
+ root $symfony_root_dev/web;
+
+ error_log /var/log/nginx/dev.gliders.error.log;
+ access_log /var/log/nginx/dev.gliders.access.log;
+
+ # Enable compression. Very helpful when we're getting stuff like
+ # large amounts of vehicle tracks in JSON form!
+ gzip on;
+ gzip_types text/plain application/xml text/html text/css application/json application/x-javascript text/xml text/javascript;
+
+ # strip app.php/ prefix if it is present
+ rewrite ^/app_dev\.php/?(.*)$ /$1 permanent;
+
+ location / {
+ index app_dev.php;
+ try_files $uri @rewriteapp;
+ }
+
+ location ~ ^/(images|fonts|css|js) {
+ access_log off;
+ error_log off;
+ try_files $uri =404;
+ expires 1y;
+ add_header Cache-Control "public";
+ }
+
+ location ~ ^/images/vehicles/(?<vehicle_type>[a-zA-Z0-9]+)_(?<vehicle_name>[a-zA-Z0-9]+)\.(png|jpg)$ {
+ access_log off;
+ error_log off;
+ try_files $uri images/vehicles/$vehicle_type.png =404;
+ }
+
+ location /static/logs {
+ alias /var/gliders/logs;
+ }
+
+ location /var/gliders/logs {
+ alias /var/gliders/logs;
+ }
+
+ location @rewriteapp {
+ rewrite ^(.*)$ /app_dev.php/$1 last;
+ }
+
+ # pass the PHP scripts to FastCGI server from upstream phpfcgi
+ location ~ ^/(app|app_dev|config)\.php(/|$) {
+ fastcgi_pass phpfcgi;
+ include fastcgi_params;
+ fastcgi_split_path_info ^(.+\.php)(/.*)$;
+ fastcgi_param SCRIPT_FILENAME $symfony_root_dev/web$fastcgi_script_name;
+ fastcgi_param HTTPS off;
+ }
+}
+
+server {
+ listen 8000;
+
root $symfony_root_dev/web;
error_log /var/log/nginx/dev.gliders.error.log;
diff --git a/install.sh b/install.sh
index e9513f47da42ff28a9edf7a83780405b559ad330..9b50420b66397032dba2e7feefa15112a41f66df 100644
--- a/install.sh
+++ b/install.sh
@@ -2,9 +2,7 @@
# Install the packages we need to set up our gliders website + backend.
# This file doubles up as notes/instructions.
-# Installed on a VirtualBox VM with 512mb RAM, 1 CPU, 8gb storage
-# Add a second 'Host Only' network adapter to allow SSH/web connections
-# from host machine.
+# Installed on a VirtualBox VM with 2gb RAM, 1 CPU, 8gb storage
# Based on a clean CentOS 7 minimal x64 installation
# (CentOS-7-x86_64-Minimal-1503-01)
@@ -14,7 +12,7 @@
# As root:
yum check-update
-yum install epel-release # enables another software repo
+yum install epel-release # enables 'enterprise' software repo
yum update
# Install needed tools
@@ -32,6 +30,8 @@ pip install css-html-js-minify
pip install bcrypt
# Install (& configure) sendmail
+# This isn't needed yet! But eventually we'd like to have theystem
+# email people alerts for things (e.go velogs an alarm)
yum install sendmail sendmail-cf m4
systemctl enable sendmail
@@ -42,17 +42,30 @@ mysql_secure_installation
# remote root login disabled
systemctl enable mariadb
+# Install ElasticSearch
+# (Used for getting
+yum install java-1.8.0-openjdk
+rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
+cp elasticsearch.repo /etc/yum/repos.d/
+yum check-update
+yum install elasticsearch
+systemctl enable elasticsearch
+
# Install SQLAlchemy
yum install MySQL-python python-sqlalchemy
# Install PHP
yum install php php-fpm php-apc php-pdo php-mcrypt php-mbstring
+cp php.ini /etc/php.ini
+cp php-d-fpm.ini /etc/php.d/fpm.ini
cp php-fpm-www.conf /etc/php-fpm.d/www.conf
systemctl enable php-fpm
# As for the webserver -- either apache or nginx...
# nginx is nice and fast, apache gets better support from
# CentOS etc.
+# Haven't tested apache *at all* and have added stuff
+# to the nginx config that makes the site work correctly
# FOR NGINX
# Based on https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-centos-7
@@ -61,47 +74,29 @@ yum install nginx
useradd -m gliders
gpasswd -a nginx gliders
gpasswd -a apache gliders
+gpasswd -a wheel gliders # let gliders user do sudo?
mkdir -p /home/gliders/www
+mkdir -p /var/gliders/logs /var/gliders/www/ /var/gliders/www_dev/
chmod -R g+x /home/gliders
+chown -R gliders:nginx /var/gliders
cp nginx.conf /etc/nginx/
cp gliders.nginx.conf /etc/nginx/conf.d/
+chown gliders:nginx /etc/nginx/conf.d/gliders.nginx.conf # allow gliders user to edit their nginx config?
systemctl enable nginx
-# Install fail2ban
+# Install fail2ban: This is some intrusion detection software
+# that can help to block people trying to do brute-force
+# logins etc.
yum install fail2ban
systemctl enable fail2ban
# Allow web through the firewall
+systemctl enable firewalld
+systemctl start firewalld
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
-firewall-cmd --permanent --zone=public --add-service=8080/tcp
+firewall-cmd --permanent --zone=public --add-service=8080/tcp # port 8080 for dev branch of site
firewall-cmd --reload
-# Pull glider website and glider scripts from git repos
-mkdir -p /home/gliders/code
-mkdir -p /home/gliders/pythonenv
-virtualenv /home/gliders/pythonenv
-cd /home/gliders/code
-ssh-keygen
-# Add contents of /home/gliders/.ssh/id_rsa.pub to GitLab, then:
-git clone git@gitlab.noc.soton.ac.uk:owanes/gliders-tools.git
-git clone git@gitlab.noc.soton.ac.uk:owanes/gliders-website.git
-
-# Install the gliders DB and parser python libraries,
-# then fetch all our log files and parse them!
-cd gliders-tools
-python setup.py install
-
-echo "please enter your mysql root user password when prompted (three times)"
-mysql -u root -p < new_schema.sql
-echo "CREATE USER 'gliders'@'%' IDENTIFIED BY PASSWORD 'gliders9876';" | mysql -u root -p
-echo "GRANT ALL ON gliders.* TO 'gliders'@'%';" | mysql -u root -p
-cd bin
-./migrate_data.sh
-
-cd /home/gliders/code/gliders-website
-./bin/deploy.sh
-
-# Restart (needed to get firewall to open ports for web, kernel might be
-# updated etc.)
-reboot
+# Set the system timezone to UTC
+timedatectl set-timezone UTC
diff --git a/php-d-fpm.ini b/php-d-fpm.ini
index 2dab3458414ddd703f76c4a072dc43739f7afda3..250146f50d57394aab1411add7f6ca4707f38329 100644
--- a/php-d-fpm.ini
+++ b/php-d-fpm.ini
@@ -1 +1,2 @@
cgi.fix_pathinfo=0
+date.timezone = 'UTC'