Skip to content

RolfZurbrugg/lupon

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

131 Commits

docs

docs

 
 

lupon

lupon

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

README.md

README.md

 
 

babel.cfg

babel.cfg

 
 

config-example.py

config-example.py

 
 

manage.py

manage.py

 
 

requirements.txt

requirements.txt

 
 

run.log

run.log

 
 

run.py

run.py

 
 

setup.py

setup.py

 
 

test.py

test.py

 
 

Repository files navigation

LuponCRM

Requirements

  • python3
  • virtualenv
  • git
  • PostgreSQL
  • some kind of OS with root access

Installation

sudo useradd lupon
su lupon
virtualenv -p python3 venv
cd venv
scource bin/activate
git clone https://github.com/RolfZurbrugg/lupon.git
cd lupon
pip install --editable .
# OR
pip install -r requirements.txt

Flask-Script

# Initialize Database and create default user
python manage.py init
# Start appliaction in development mode
python manage.py runserver

Configuration

cp config-example.py config.py
# DATABASE MySQL (deprecated but maybe still working) => you will need to install "pip install mysqlclient"
SQLALCHEMY_DATABASE_URI = 'mysql://username:password@localhost/database'

# DATABASE Postgresql
SQLALCHEMY_DATABASE_URI = 'postgresql://lupon:lupon@localhost/lupon'
SQLALCHEMY_TRACK_MODIFICATIONS = False
SQLALCHEMY_ECHO = False
# Security
SECRET_KEY = 'real_secret_key'
# TOCKEN
SECURITY_PASSWORD_SALT = 'my_precious_two'
# GOOGLE API KEY
# https://developers.google.com/maps/documentation/javascript/get-api-key?hl=de
GOOGLE_API_KEY = 'this-is-my-google-api-key'
# Mail
MAIL_FROM_EMAIL = "no@addre.ss" # For use in application emails
MAIL_SERVER = 'smtp.googlemail.com'
MAIL_PORT = 465
MAIL_USE_TLS = False
MAIL_USE_SSL = True
MAIL_USERNAME = 'MAIL_USERNAME'
MAIL_PASSWORD = 'MAIL_PASSWORD'

Database

Create unprivileged user

sudo useradd lupon

PostgreSQL Installation

Archlinux

Create Database and Database User

pacuar -S postgresql
## ARCHLinux spesific??
initdb --locale $LANG -E UTF8 -D '/var/lib/postgres/data'
#Enable Service
systemctl enable postresql
systemctl start postresql
# Create DB Role and Database
sudo -u postgres -i
# add user to psql
createuser --interactive lupon
# create database lupon
createdb lupon
# drop database lupon
dropdb lupon

CentOS 7

yum install postgesql-server
postgresql-setup
systemctl enable postresql
systemctl start postresql

bug fix: update connection permissions

su postgres
cd /var/lib/pgsql/data
vi pg_hba.conf

@ https://www.depesz.com/2007/10/04/ident/ Edit /var/lib/pgsql/data/pg_hba.conf and change peer/ident to trust

# "local" is for Unix domain socket connections only
local   all             all                                     trust
local   all             lupon                                   trust
# IPv4 local connections:
host    all             all             127.0.0.1/32            trust
# IPv6 local connections:
host    all             all             ::1/128                 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local   replication     postgres                                peer
#host    replication     postgres        127.0.0.1/32            ident
#host    replication     postgres        ::1/128                 ident

Verify DB Connection:

psql -U lupon -d lupon -h 127.0.0.1 -W

Nginx

sudo yum install nginx
sudo yum install certbot-nginx

sudo firewall-cmd --permanenet --add-service=http
sudo firewall-cmd --permanenet --add-service=https

sudo firewall-cmd --reload
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  84.72.0.143 www lupon.ch www.lupon.ch dev.lupon.ch;
        # Redirect to HTTPS
        return       301 https://dev.lupon.ch;
    }

   server {
        listen       443 ssl http2 default_server;
        listen       [::]:443 ssl http2 default_server;
        server_name  84.72.0.143 dev dev.lupon.ch;
        root         /usr/share/nginx/html;

        ssl_certificate /etc/letsencrypt/live/dev.lupon.ch/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/dev.lupon.ch/privkey.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
        ssl_ecdh_curve secp384r1;
        ssl_session_cache shared:SSL:10m;
        ssl_session_tickets off;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
                proxy_pass http://127.0.0.1:5000;
                proxy_buffering                       off;
                proxy_set_header Host                 $http_host;
                proxy_set_header X-Real-IP            $remote_addr;
                proxy_set_header X-Forwarded-For      $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto    $scheme;
        }
   }
}

Let's Encrypt

  1. Create Standalonecertificate as per default nginx will not answer on https port without certificate
sudo certbot certonly -d dev.lupon.ch
  1. Create Diffihelman key
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
  1. Update certbot renew configuration (authenticator and installer)
cat /etc/letsencrypt/renewal/dev.lupon.ch.conf
...
# renew_before_expiry = 30 days
version = 0.19.0
archive_dir = /etc/letsencrypt/archive/dev.lupon.ch
cert = /etc/letsencrypt/live/dev.lupon.ch/cert.pem
privkey = /etc/letsencrypt/live/dev.lupon.ch/privkey.pem
chain = /etc/letsencrypt/live/dev.lupon.ch/chain.pem
fullchain = /etc/letsencrypt/live/dev.lupon.ch/fullchain.pem

# Options used in the renewal process
[renewalparams]
authenticator = nginx
installer = nginx
account = ...
...
  1. Test Certificate Renewal
sudo certbot renew --dry-run
  1. Add a cronjob for autorenewal
sudo crontab -e -u root
...
15 4 * * 1 /usr/bin/certbot renew >> /var/log/renew-certs.log
18 4 * * 1 /usr/bin/systemctl reload nginx
...

Docker

yum install docker systemctl enable docker systemctl start docker

docker build -t lupon . docker run -it --rm --name flaskapp -v "$PWD":/usr/src/app -w /usr/src/app -e LANG=C.UTF-8 -e FLASK_APP=lupon -p 5000:5000 lupon

Dependencies

  • Flask
  • Flask-Babel
  • Flask-Mail
  • Flask-Cache
  • Flask-WTF
  • Flask-Login
  • requests
  • ...

Database

  • Psycopg2
  • Flask-SQLAlchemy
  • ...

Documentation References

Plugins

HowTos & Tutorials

Snippets

Product Backlog

Florian

  • Send eMail on user registration
  • Administrator Interface
  • Customer management

Rolf

  • Offer creation page
    • AJAX
  • Search functionaliy
    • Tasks
    • Customers

About

Lupon CRM

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages