Linux Servers Set Up & Management
# Install SeedDMS Guide
## Step 1: System Requirements
Ensure your server meets the following requirements:
- Ubuntu 20.04
- Apache Web Server
- PHP version 7.4 or above
- MySQL installed
- SSL certificates configured (Let's Encrypt or other)
## Step 2: Download SeedDMS
Download SeedDMS version 6.0.28 from the official website or use the following command:
```bash
wget https://sourceforge.net/projects/seeddms/files/seeddms-quickstart-6.0.28.tar.gz
```
## Step 3: Extract Files
Create the directory where you want to extract SeedDMS and extract the downloaded tarball:
```bash
mkdir /var/www/seeddms-6.0.28
sudo tar -xzvf seeddms-quickstart-6.0.28.tar.gz -C /var/www/seeddms-6.0.28 --strip-components=1
```
## Step 4: Configure Apache
Create a new Apache configuration file for SeedDMS. For example, `/etc/apache2/sites-available/seeddms.conf`:
```apache
ServerAdmin webmaster@localhost
DocumentRoot /var/www/seeddms-6.0.28/www
ServerName dms.anita.flast.com.au
ServerAlias dms.anita.flast.com.au
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
DirectoryIndex install.php index.php
ErrorLog ${APACHE_LOG_DIR}/seeddms_error.log
CustomLog ${APACHE_LOG_DIR}/seeddms_access.log combined
```
Add the SSL configuration to your existing SSL configuration file or create a new one:
```apache
ServerAdmin webmaster@localhost
ServerName dms.anita.flast.com.au
ServerAlias dms.anita.flast.com.au
DocumentRoot /var/www/seeddms-6.0.28/www
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
DirectoryIndex install.php index.php
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/anita.flast.com.au/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/anita.flast.com.au/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ErrorLog ${APACHE_LOG_DIR}/seeddms_ssl_error.log
CustomLog ${APACHE_LOG_DIR}/seeddms_ssl_access.log combined
```
## Step 5: Enable Apache Configuration
Enable the newly created configuration and restart Apache:
```bash
sudo a2ensite seeddms.conf
sudo systemctl restart apache2
```
## Step 6: Set Permissions
Ensure that the appropriate permissions are set for the SeedDMS directory:
```bash
sudo chown -R www-data:www-data /var/www/seeddms-6.0.28/
sudo chmod -R 755 /var/www/seeddms-6.0.28/
```
## Step 7: Install SeedDMS
Navigate to the installation script in your web browser:
```
https://dms.anita.flast.com.au/install/install.php
```
If prompted, create the `ENABLE_INSTALL_TOOL` file in the `conf` directory:
```bash
touch /var/www/seeddms-6.0.28/conf/ENABLE_INSTALL_TOOL
```
Follow the on-screen instructions to complete the installation.
## Step 8: Post Installation
After the installation is completed, remove the `ENABLE_INSTALL_TOOL` file to prevent unauthorized changes:
```bash
rm /var/www/seeddms-6.0.28/conf/ENABLE_INSTALL_TOOL
```
Log in to SeedDMS using the default credentials (`admin/admin`) and configure your system settings as needed.
## Troubleshooting
- **404 Not Found Error**: Ensure that the `DocumentRoot` and `` paths in the Apache configuration point to the correct directory where SeedDMS files are located.
- **ERR\_TOO\_MANY\_REDIRECTS**: Check the `.htaccess` file or Apache configuration for conflicting redirects. Make sure the `DirectoryIndex` is correctly specified.
- **Missing ****`create_tables-innodb.sql`**** Error**: Verify that the SQL file is present in the `/install` directory, and try running the command manually:
```bash
mysql -u seeddms -p seeddms < /var/www/seeddms-6.0.28/install/create_tables-innodb.sql
```
Config File
siteName = "Anita Document Management System"
footNote = "Anita Document Management System"
printDisclaimer = "true"
language = "en_GB"
theme = "bootstrap4"
previewWidthList = "40"
previewWidthDetail = "100"
onePageMode="true"
/>
strictFormCheck = "false"
viewOnlineFileTypes = ".txt;.text;.html;.htm;.xml;.pdf;.gif;.png;.jpg;.jpeg;.mp4"
enableConverting = "true"
enableEmail = "true"
enableUsersView = "true"
enableFullSearch = "true"
enableClipboard = "true"
enableFolderTree = "true"
expandFolderTree = "1"
enableLanguageSelector = "true"
stopWordsFile = ""
sortUsersInList = ""
enableDropUpload = "true"
enableRecursiveCount = "true"
maxRecursiveCount = "0"
enableThemeSelector = "true"
fullSearchEngine = "sqlitefts"
sortFoldersDefault = "u"
defaultDocPosition = "end"
defaultFolderPosition = "end"
/>
enableCalendar = "true"
calendarDefaultView = "y"
firstDayOfWeek = "0"
/>
enableWebdavReplaceDoc="true"
/>
rootDir = "/var/www/html/dms/"
httpRoot = "/dms/"
contentDir = "/var/www/html/dms/data/"
stagingDir = "/var/www/html/dms/data/staging/"
luceneDir = "/var/www/html/dms/data/lucene/"
logFileEnable = "true"
logFileRotation = "d"
enableLargeFileUpload = "true"
partitionSize = "2000000"
dropFolderDir = "/var/www/html/dms/data/drop/"
cacheDir = "/var/www/html/dms/data/cache/"
backupDir = "/var/www/html/dms/data/backup"
debugLevel="3"
/>
enableGuestLogin = "false"
enablePasswordForgotten = "false"
restricted = "true"
enableUserImage = "false"
disableSelfEdit = "false"
disableChangePassword = "false"
passwordStrength = "0"
passwordStrengthAlgorithm = "simple"
passwordExpiration = "0"
passwordHistory = "0"
loginFailure = "0"
autoLoginUser = "0"
quota = "0"
undelUserIds = ""
encryptionKey = "XXXXXXXXXXXXXXXXXX"
cookieLifetime = "0">
enable = "false"
type = "ldap"
host = "ldaps://ldap.host.com"
port = "389"
baseDN = ""
bindDN = ""
bindPw = ""
filter = ""
groupField = ""
/>
enable = "false"
type = "AD"
host = "ldap.example.com"
port = "389"
baseDN = ""
accountDomainName = "example.com"
bindDN = ""
bindPw = ""
filter = ""
groupField = ""
/>
ADOdbPath="/var/www/html/dms/pear"
dbDriver="mysql"
dbHostname="localhost"
dbDatabase="XXXXXXX"
dbUser="XXXXXXX"
dbPass="XXXXXXX"
/>
smtpServer = "localhost"
smtpPort = "25"
smtpSendFrom = "anita@localhost"
smtpUser = ""
smtpPassword = ""
/>
siteDefaultPage = ""
rootFolderID = "1"
showMissingTranslations = "false"
/>
guestID = "2"
adminIP = ""
/>
enableAdminRevApp = "false"
versioningFileName = "versioning_info.txt"
workflowMode = "traditional"
enableVersionDeletion = "true"
enableVersionModification = "true"
enableDuplicateDocNames = "true"
enableDuplicateSubFolderNames = "true"
enableOwnerRevApp = "false"
enableSelfRevApp = "false"
presetExpirationDate = ""
overrideMimeType = "false"
/>
coreDir = ""
luceneClassDir = ""
contentOffsetDir = "1048576"
maxDirID = "0"
updateNotifyTime = "86400"
extraPath = ""
maxExecutionTime = "30"
cmdTimeout = "10"
/>
enableNotificationAppRev = "true"
enableOwnerNotification = "false"
enableNotificationWorkflow = "false"
/>
pdftotext -nopgbrk %s - | sed -e 's/ [a-zA-Z0-9.]\{1\} / /g' -e 's/[0-9.]//g'
catdoc %s
ssconvert -T Gnumeric_stf:stf_csv -S %s fd://1
id3 -l -R %s | egrep '(Title|Artist|Album)' | sed 's/^[^:]*: //g'
id3 -l -R %s | egrep '(Title|Artist|Album)' | sed 's/^[^:]*: //g'
cat %s
html2text %s
docx2txt %s -
unoconv -d document -e PageRange=1 -f pdf --stdout -v '%f'|gs -dBATCH -dNOPAUSE -sDEVICE=pngalpha -dPDFFitPage -r72x72 -sOutputFile=- -dFirstPage=1 -dLastPage=1 -q - | convert -resize %wx png:- '%o'
convert -resize %wx '%f' '%o'
convert -resize %wx '%f' '%o'
convert -resize %wx '%f' '%o'
a2ps -1 -a1 -R -B -o - '%f' | gs -dBATCH -dNOPAUSE -sDEVICE=pngalpha -dFirstPage=1 -dLastPage=1 -dPDFFitPage -r72x72 -sOutputFile=- -q - | convert -resize %wx png:- '%o'
<server
rootDir="/var/www/seeddms-6.0.28/"
httpRoot="/"
contentDir="data/"
stagingDir="data/staging/"
luceneDir="data/lucene/"
logFileEnable="true"
logFileRotation="d"
enableLargeFileUpload="true"
partitionSize="2000000"
dropFolderDir="data/drop/"
cacheDir="data/cache/"
backupDir="data/backup"
ADOdbPath="/var/www/seeddms-6.0.28/pear"
/>
database
type="mysql"
host="localhost"
database="seeddms"
user="seeddms"
password="your_password_here"
/>
Proxmox VM Network
Subnet = IP with .0/24 not 255.255.255.0/24
Gatway is .254 always
Network with Bridge
edit /etc/netplan
copy and back up existing file.
create a new file with nano
insert :
network:
version: 2
ethernets:
eno3:
dhcp4: no # Disable DHCP since you have static IPs
addresses:
- 142.44.212.192/24 # Your main static IP
- 54.39.92.189/32 # Additional IP 1
- 54.39.92.191/32 # Additional IP 2
- 54.39.118.47/32 # Additional IP 3
- 54.39.118.48/32 # Additional IP 4
- 2607:5300:203:25c0::1/64
routes:
- to: 0.0.0.0/0 # Default IPv4 route
via: 142.44.212.254
- to: ::/0 # Default IPv6 route
via: 2607:5300:203:25ff:ff:ff:ff:ff # Or your actual IPv6 gateway
nameservers:
addresses: [8.8.8.8, 1.1.1.1, 2001:41d0:3:163::1]
accept-ra: false
match:
macaddress: 0c:c4:7a:c8:76:ae
Ping to test
ping -I 54.39.92.191 8.8.8.8
For example you have been assigned :
54.39.92.191
and
54.39.92.189
Here is ip a readout:
root@contractout:/var/lib/vz/template/iso# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group defaul t qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eno3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP group default qlen 1000
link/ether 0c:c4:7a:c8:76:ae brd ff:ff:ff:ff:ff:ff
altname enp3s0f0
3: eno4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 0c:c4:7a:c8:76:af brd ff:ff:ff:ff:ff:ff
altname enp3s0f1
4: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP grou p default qlen 1000
link/ether 0c:c4:7a:c8:76:ae brd ff:ff:ff:ff:ff:ff
inet 142.44.212.192/24 scope global vmbr0
valid_lft forever preferred_lft forever
5: tap100i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr100i0 state UNKNOWN group default qlen 1000
link/ether 2e:71:17:63:af:19 brd ff:ff:ff:ff:ff:ff
6: fwbr100i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 5a:40:8e:1b:8a:e7 brd ff:ff:ff:ff:ff:ff
7: fwpr100p0@fwln100i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
link/ether be:6d:0e:18:91:8d brd ff:ff:ff:ff:ff:ff
8: fwln100i0@fwpr100p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr100i0 state UP group default qlen 1000
link/ether 5a:40:8e:1b:8a:e7 brd ff:ff:ff:ff:ff:ff
root@contractout:/var/lib/vz/template/iso# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eno3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP group default qlen 1000
link/ether 0c:c4:7a:c8:76:ae brd ff:ff:ff:ff:ff:ff
altname enp3s0f0
3: eno4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 0c:c4:7a:c8:76:af brd ff:ff:ff:ff:ff:ff
altname enp3s0f1
4: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 0c:c4:7a:c8:76:ae brd ff:ff:ff:ff:ff:ff
inet 142.44.212.192/24 scope global vmbr0
valid_lft forever preferred_lft forever
5: tap100i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr100i0 state UNKNOWN group default qlen 1000
link/ether 2e:71:17:63:af:19 brd ff:ff:ff:ff:ff:ff
6: fwbr100i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 5a:40:8e:1b:8a:e7 brd ff:ff:ff:ff:ff:ff
7: fwpr100p0@fwln100i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
link/ether be:6d:0e:18:91:8d brd ff:ff:ff:ff:ff:ff
8: fwln100i0@fwpr100p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr100i0 state UP group default qlen 1000
link/ether 5a:40:8e:1b:8a:e7 brd ff:ff:ff:ff:ff:ff
Next you need to :
sudo nano /etc/network/interfaces
- Add the new IP addresses: Add the new IP addresses to the
vmbr0interface. Your configuration should look something like this:
auto lo
iface lo inet loopback
iface eno3 inet manual
auto vmbr0
iface vmbr0 inet static
address 142.44.212.192/24
gateway 142.44.212.254
bridge-ports eno3
bridge-stp off
bridge-fd 0
hwaddress 0C:C4:7A:C8:76:AE
iface vmbr0 inet6 static
address 2607:5300:203:25c0::1/128
gateway 2607:5300:203:25ff:ff:ff:ff:ff
# Add the new IP addresses here
up ip addr add 54.39.92.191/24 dev vmbr0
up ip addr add 54.39.92.189/24 dev vmbr0
ave and exit: Save the file and exit the text editor (in nano, you can do this by pressing Ctrl+X, then Y, and Enter).
Restart the networking service: Restart the networking service to apply the changes:
sudo systemctl restart networking
Verify the new IP addresses: Check if the new IP addresses have been added successfully:
ip addr show vmbr0
This should add the two new IP addresses to your vmbr0 interface.
Proxmox
SSH in
su - = root
apt-get update = first time it may error
root@contractout:~# rm /etc/apt/sources.list.d/pve-enterprise.list
root@contractout:~# nano /etc/apt/sources.list
root@contractout:~# apt-get update
Now let's give the user access:
root@contractout:~# usermod -aG sudo danny
root@contractout:~# sudo whoami root
root@contractout:~# sudo systemctl restart pveproxy.service
root@contractout:~# sudo systemctl restart pvedaemon.service
root@contractout:~# pveum user add danny@pam
root@contractout:~# pveum acl modify / --roles PVEAdmin --users danny@pam
Upload Images Directly
root@contractout:~# cd /var/lib/vz/template/iso/
root@contractout:/var/lib/vz/template/iso# ls
root@contractout:/var/lib/vz/template/iso# wget https://releases.ubuntu.com/20.04.6/ubuntu-20.04.6-live-server-amd64.iso
Here are the steps to install Elasticsearch on Ubuntu:
- Update your system: Use the following command to update your system:
sudo apt update
- Import the Elasticsearch public GPG key into APT: You can use cURL for this12. Here is the command:
curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
- Add the Elasticsearch source list to the sources.list.d directory12. Use this command:
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
- Update your package lists so APT will read the new Elastic source12. Here is the command:
sudo apt update
sudo apt install elasticsearch
- Reload the daemon services and enable Elasticsearch to start on boot12.
- Start the Elasticsearch service and check its status12.
- Edit the elasticsearch.yml file and configure the host IP, port, and discovery settings2.
- Restart the Elasticsearch service and check its status again12.
- Go to the browser and enter the IP and port of the host to see the Elasticsearch configuration2.
To clone your private repository to another server, you'll need to use a method that allows authentication. Here are the two main approaches:
1. SSH (Recommended):
This is the most secure and convenient way to clone a private repository.
Prerequisites:
- SSH Key Pair on the New Server: Generate an SSH key pair on the server where you want to clone the repository (if it doesn't have one already). You can use
ssh-keygenfor this. - Public Key Added to GitHub: Make sure the public key from the new server is added to the list of "SSH and GPG keys" in your GitHub account settings.
Steps:
- Get the SSH URL:
- Go to your GitHub repository.
Click the "Code" button and select the "SSH" tab to copy the SSH URL. It should look like this:git@github.com:cr0atz/flast-ai-v5.1.git
- Clone the Repository:
- On the new server, open a terminal and run:Bash
git clone git@github.com:cr0atz/flast-ai-v5.1.git
- content_copy
- This will clone the repository using SSH authentication.
2. Personal Access Token (PAT):
This method is an alternative if you don't want to use SSH keys.
Prerequisites:
- Personal Access Token (PAT): Generate a PAT in your GitHub account settings with the "repo" scope.
Steps:
- Clone the Repository:On the new server, run the following command, replacing
<your_pat>with your actual PAT:Bash
git clone https://<your_pat>@github.com/cr0atz/flast-ai-v5.1.git
- content_copy
- This will prompt you for your GitHub username (which you can enter). Git will use the PAT you've included in the URL for authentication.
Important Considerations:
- HTTPS vs. SSH: The SSH method uses the
git@github.comURL, while the PAT method uses thehttps://github.comURL. - Security: SSH keys are generally more secure than embedding your PAT directly in the URL.
- 2FA: If you have two-factor authentication (2FA) enabled on GitHub, you'll be prompted for a 2FA code during the cloning process if you use the PAT method.
Additional Tips:
- Virtual Environments: If your project uses a virtual environment, remember to create and activate a new virtual environment on the new server before installing dependencies.
- Troubleshooting: If you encounter permission errors, ensure that the user running the
git clonecommand has the necessary permissions to create the repository directory and files on the new server.
Let me know if you have any other questions!
First of all if running the YT - transcriber we need to make sure the service is running within the venv environment.
[Unit]
Description= flastai engine client
After=network.target
[Service]
User=flastai
WorkingDirectory=/var/www/html/BlogEngine_v5.0/
# ExecStart=/var/www/html/BlogEngine_v5.0/venv/bin/streamlit run home.py --server.port 30000
ExecStart=/bin/bash -c 'source venv/bin/activate && /var/www/html/BlogEngine_v5.0/venv/bin/streamlit run home.py --server.port 30000'
Restart=always
[Install]
WantedBy=multi-user.target
New Code (inside home.py) :
class Document:
def __init__(self):
self.text = ""
def set_text(self, text):
self.text = text
def transcribing_function(video_id):
st.warning("Transcribing video...")
# Define the path to the Whisper model files and audio folder
whisper_model_path = f"../{folder_root}/"
audio_path = f"{folder_audio}/{video_id}.mp3"
# Execute yt-dlp command to download and convert video audio to mp3
result = subprocess.run(
[yt_dlp_path, '-f', 'bestaudio', '-o', audio_path, f"https://www.youtube.com/watch?v={video_id}"],
capture_output=True,
text=True
)
# Check for errors in the subprocess execution
if result.returncode != 0:
st.error("Failed to download and convert video.")
st.error(result.stderr)
return
# Load Whisper model
model = whisper.load_model("base.en", download_root=whisper_model_path)
# Transcribe the audio file
try:
transcription_result = model.transcribe(audio_path)
text = transcription_result['text'].strip()
except Exception as e:
st.error(f"Error transcribing video: {str(e)}")
return
# Split the text into parts
max_chars = 28000
parts = [text[i:i + max_chars] for i in range(0, len(text), max_chars)]
docs = []
for part in parts:
doc = Document()
doc.set_text(part)
docs.append(doc)
# Save each part to a separate file
for i, doc in enumerate(docs):
filename = os.path.join(folder_files, f"transcribed-{video_id}_{i}.txt")
with open(filename, "w", encoding="utf-8") as f:
f.write(doc.text)
st.success(f"Transcribed chunk_{i} saved.")
# Assuming right_column is defined correctly elsewhere
with right_column:
# Get and display transcribed files
transcribed_files = [file for file in os.listdir(folder_files) if file.endswith(".txt") and video_id in file]
if not transcribed_files:
st.error("No transcribed files found.")
return
st.success("Video transcribed and split into parts successfully.")
num_columns = min(len(transcribed_files), 3)
columns = st.columns(num_columns, gap="small")
for i, column in enumerate(columns):
for j in range(i, len(transcribed_files), num_columns):
file_path = os.path.join(folder_files, transcribed_files[j])
with open(file_path, "rb") as f:
contents = f.read()
encoded = base64.b64encode(contents).decode()
href = f'<a href="data:application/octet-stream;base64,{encoded}" download="{transcribed_files[j]}" target="_blank">{transcribed_files[j]}</a>'
column.markdown(href, unsafe_allow_html=True)
with st.expander("Transcribed files (Click to hide/unhide text)"):
for filename in transcribed_files:
with open(os.path.join(folder_files, filename), "r") as file:
file_contents = file.read()
st.success(f"File name: {filename}\n\n{file_contents}")
return docs
Configuration - Requirements.
Activate the virtual environment:
Bash
source /var/www/html/BlogEngine_v5.0/venv/bin/activate
Uninstall Whisper:Bash
pip uninstall whisper
Increase memory
sudo mount -o remount,size=6G /tmp
Reinstall Whisper: Make sure you're installing the latest version.
pip install -U openai-whisper --no-cache-dir
This class you will learn how to:
- Set-Up a mini-conda environment
- deploy a Custom AI Instance
Set-Up MiniConda
You should do this as the user/domain folder which will be the host.
mkdir -p ~/miniconda3
wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh -O ~/miniconda3/miniconda.sh
bash ~/miniconda3/miniconda.sh -b -u -p ~/miniconda3
rm -rf ~/miniconda3/miniconda.sh
After installing, initialize your newly-installed Miniconda. The following commands initialize for bash and zsh shells:
~/miniconda3/bin/conda init bash
~/miniconda3/bin/conda init zsh
Restart the shell
exec bash
Source the updated .bash configuration
source ~/.bashrc
Create your conda environment
conda create --name aiinstancename python=3.11
Activate your conda enviroment
conda activate aiinstancename
Install dependancies
pip install streamlit pip install openai
Set up the System Service
This you need to do as root
su -
Create the service eg: aiinstance.service
[Unit]
Description=v1 client
After=network.target
[Service]
User=flastcom
WorkingDirectory=/home/xxxcom/xxxServers/aiinstance
ExecStart=/home/xxxcom/miniconda3/envs/aiinstance/bin/python -m streamlit run /home/xxxcom/xxxServers/aiinstance/app_anyscale_streamlit.workswithprompt.py --server.port 35003
Restart=always
[Install]
WantedBy=multi-user.target
Enable - Start - Status
systemctl enable aiinstance.service systemctl start aiinstance.service systemctl status aiinstance.service
You should see your aiinstance running like this
[root@server:system]$ systemctl status v1-lmw.client.service
? v1-lmw.client.service - v1 client
Loaded: loaded (/etc/systemd/system/v1-lmw.client.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2024-02-08 00:48:40 EST; 7s ago
Main PID: 1822956 (python)
CGroup: /system.slice/v1-lmw.client.service
??1822956 /home/xxxcom/miniconda3/envs/aiinstance/bin/python -m streamlit run /home/xxxcom/xxxServers/aiinstance/app_anyscale_streamlit.workswithprompt.py --server.port 35003
Feb 08 00:48:40 server.xxx.life systemd[1]: Started v1 client.
Feb 08 00:48:42 server.xxx.life python[1822956]: Collecting usage statistics. To deactivate, set browser.gatherUsageStats to False.
Feb 08 00:48:42 server.xxx.life python[1822956]: You can now view your Streamlit app in your browser.
Feb 08 00:48:42 server.xxx.life python[1822956]: Network URL: http://xxx.249.5.201:35003
Feb 08 00:48:42 server.xxx.life python[1822956]: External URL: http://xxx.249.5.201:35003
Finally you need to use stunnel to push the http over https:
[File-AiInstance-domain]
accept = 35003 # this is the http port
connect = 35004 # this is the https port
cert = /var/cpanel/ssl/apache_tls/xxx.com.au/combined #these are the domains SSL certs locations
key = /var/cpanel/ssl/apache_tls/xxx.com.au/combined
If you did a rsync change the root password
sudo passwd root
cd to the working directory.
cd /var/www/html/BlogEngine_v5
edit the .env file ENDPOINT with the new domain
nano .env
Run UVICORN and check for dependencies / errors
uvicorn engine:app --host 0.0.0.0 --port 8502 --reload
If you get an error about tensorflow - install it
pip install tensorflow
Run Streamlit in working directory to test.
streamlit run home.py --server.port 5173
Now let's re-configure the services
cd /etc/systemd/system
rename the service using cp command
cp name.client.service newname.client.service cp name.server.service newname.server.service
Edit the new client service file: Change the Description and User
nano newname.client.service
Edit the new server service file: Change the Description and User
nano newname.server.service
Edit the Streamlit.conf file in /etc/stunnel - Change the Name in the Top and the user in both SSL's
nano /etc/stunnel/streamlit.conf
Create new User matching what you have in the Service files.
sudo adduser newuser
Now cd back to the working directory and let's change file permissions.
sudo chown -R newuser:newuser .
Change the permissions of engine.py, .env, home.py, images, prompts, .streamlit, and style to rwxrwxrwx (777):
sudo chmod 777 engine.py .env home.py sudo chmod -R 777 images prompts .streamlit style
Change the hostname if you just did a rsync
sudo hostnamectl set-hostname xxxx.flast.com.au
Check Apache Configuration: Before generating a new SSL certificate, ensure that Apache is not referencing the old certificate.
Edit the Apache configuration file where the SSL certificates are referenced (usually found in /etc/apache2/sites-available/ or /etc/apache2/sites-enabled/).
Look for the lines mentioning SSLCertificateFile and SSLCertificateKeyFile, and either comment them out or update them with the new paths (if you already know where the new certificates will be located).
The file on an Ubuntu system that you need to edit is 000-default-le-ssl.conf
Restart Apache: After editing the configuration, restart Apache to apply the changes:
sudo systemctl restart apache2
Check Current Certificates
sudo certbot certificates
Delete Current Certificates
sudo certbot delete --cert-name [your-old-domain.com]
Generate New Certificate: Now, try generating a new SSL certificate with Certbot. Ensure that your domain name is correctly pointing to your server's IP address. DNS propagation might take some time if you have recently changed it.
sudo certbot --apache
Update Apache Configuration (if needed): If you had commented out the SSL lines in step 1, go back and update these lines with the new paths provided by Certbot. They should be in /etc/letsencrypt/live/yourdomain.com/.
Final Restart of Apache: After updating the configuration with the new certificate paths, restart Apache once more:
sudo systemctl restart apache2
Verify Configuration: Finally, verify that your site is accessible via HTTPS and that the SSL certificate is correctly installed. You can use online tools like SSL Labs to test your SSL configuration.
Update /etc/stunnel/streamlit.conf
Update /var/www/html/flast/.env
So we don't want to expose a http open port publicly.
We can use the firewall to block http
We can then use a reverseproxy whereas if the external user on the internet goes to :
https://abc.com.au/api/generate_answers/ it will be redirected to http://localhost:33333 and send the answer back out through the https://
In /etc/apache2/sites-available/000-default.conf add the following where the Virtual Host section is on :443
443>
DocumentRoot /var/www/html/
ServerName server.abc.com
ServerAlias server.abc.com
<Directory /var/www/html/>
Options FollowSymlinks
AllowOverride All
Require all granted
Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPass /api/generate_answers/ http://localhost:30013/generate_answers/
ProxyPassReverse /api/generate_answers/ http://localhost:30013/generate_answers/
ProxyPass /engine http://localhost:30013
ProxyPassReverse /engine http://localhost:30013
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/server.abc.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/server.abc.com/privkey.pem
## Include /etc/letsencrypt/options-ssl-apache.conf
VirtualHost>
IfModule>
Making sure you change the "abc" to your domain and the port number to the one you assigned.
After Editting the .conf file - enable proxy and reverse proxy in Apache.
sudo a2enmod proxy sudo a2enmod proxy_http
Restart Apache.