https://eden.sahanafoundation.org/api.php?action=feedcontributions&feedformat=atom&user=DominicSahana Eden Wiki - User contributions [en]2026-04-27T13:02:27ZUser contributionsMediaWiki 1.44.0https://eden.sahanafoundation.org/index.php?title=Guidelines:DualHost&diff=273Guidelines:DualHost2026-02-04T07:52:03Z<p>Dominic: /* Configuring Key-based Login */</p>
<hr />
<div>[[Guidelines:Deployment|All Deployment Guidelines]]<br />
<br />
= Dual Host Setup =<br />
* ''new in Eden-6.2 (not yet released)''<br />
<br />
In certain situations, you may want to deploy Eden with the database on a separate host. Follow these steps for Debian/Linux:<br />
<br />
== Prerequisites and Terminology ==<br />
<br />
This guideline assumes that you have two hosts running on Debian/Linux - we will use the '''App Host''' and '''DB Host''' designations here to distinguish between the two.<br />
<br />
Further, we assume that each host has a '''public IP''' (exposed to the internet) and a '''private IP''' (local network only; in some intranet setups, public IP and private IP may be the same). Make a note of the IPs, like this:<br />
<br />
<pre><br />
apphost-public-ip 000.000.000.000<br />
apphost-private-ip 000.000.000.000<br />
dbhost-public-ip 000.000.000.000<br />
dbhost-private-ip 000.000.000.000<br />
</pre><br />
<br />
...so that you have them readily at hand when walking through this guide. We will use designations like ''<apphost-public-ip>'', for instance, to refer to the public IP of the App Host. In these places, replace the designation with the respective IP address.<br />
<br />
Make sure that you have a '''DNS A-record''' set up for the public IP of the App Host, e.g. in the '''FQDN''' (fully qualified domain name) "eden.example.com", the "eden" part constitutes the '''hostname''', and "example.com" the '''domain'''.<br />
<br />
== Setting Up Eden Account ==<br />
<br />
Login to the DB Host and create a user account for Eden:<br />
<br />
<syntaxhighlight lang="bash"><br />
adduser eden<br />
</syntaxhighlight><br />
<br />
Use <code>visudo</code> to add the following lines to the ''sudoers'' configuration:<br />
<br />
<syntaxhighlight lang="bash"><br />
# User rules for eden<br />
eden ALL=(ALL) NOPASSWD:ALL<br />
</syntaxhighlight><br />
<br />
This will allow Eden to become ''root'' without password.<br />
<br />
== Configuring Key-based Login ==<br />
<br />
On your local machine, generate a new RSA key pair:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh-keygen -t rsa -m PEM -b 4096 -f eden -C "eden"<br />
</syntaxhighlight><br />
<br />
'''''Note:''' Leave the password empty as this key is to be used for script automation''<br />
<br />
This will generate two files, ''eden'' (=private key) and ''eden.pub'' (=public key), in the current directory. Install the public key on the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
cat eden.pub | ssh eden@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</syntaxhighlight><br />
<br />
Copy the private key to the App Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
scp eden admin@<apphost-public-ip>:/tmp<br />
</syntaxhighlight><br />
<br />
Login to the App Host and store the key in a safe location:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
cp /tmp/eden ~/.ssh<br />
chown root.root ~/.ssh/eden<br />
chmod 600 ~/.ssh/eden<br />
</syntaxhighlight><br />
<br />
Verify that you can use this key to SSH-login from the App Host to the DB Host (via private IP), as user ''eden'':<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i ~/.ssh/eden eden@<dbhost-private-ip><br />
</syntaxhighlight><br />
<br />
== PostgreSQL ==<br />
<br />
=== Installing PostgreSQL ===<br />
<br />
On the DB Host, make yourself ''root'':<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
</syntaxhighlight><br />
<br />
Then install PostgreSQL and PostGIS:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -y postgresql-17 postgresql-17-postgis-3<br />
</syntaxhighlight><br />
<br />
=== Configuring Host-based Access ===<br />
<br />
You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file <code>/etc/postgresql/17/main/pg_hba.conf</code>, adding the following lines at the end (using the private IP of the App Host):<br />
<br />
<syntaxhighlight lang="bash"><br />
# Eden App Host<br />
host all all <apphost-private-ip>/32 md5<br />
</syntaxhighlight><br />
<br />
'''''Note:''' if your DB Host is behind a firewall, access from this IP/subnet to the port 5432 must be allowed. Adjust your firewall configuration as necessary.''<br />
<br />
Further, you must tell PostgreSQL to listen on the private IP of the DB Host. For that, edit the file <code>/etc/postgresql/17/main/postgresql.conf</code>, and modify the <code>listen_address</code> setting, adding the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="python"><br />
listen_address = '<dbhost-private-ip>,localhost' # what IP address(es) to listen on;<br />
</syntaxhighlight><br />
<br />
Finally, restart PostgreSQL:<br />
<br />
<syntaxhighlight lang="bash"><br />
systemctl restart postgresql<br />
</syntaxhighlight><br />
<br />
Logout from the DB Host, going back to the App Host.<br />
<br />
== Eden ==<br />
<br />
=== Installing Release Package ===<br />
<br />
Copy the Eden DEB-package to the App Host - either using <code>scp</code> from your local machine, or <code>wget</code> to fetch it from GitHub, e.g.:<br />
<br />
<syntaxhighlight lang="bash"><br />
cd /tmp<br />
wget https://github.com/sahana/eden/releases/download/6.2/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
'''''Note:''' The actual location and name of the package depends on the release - check on GitHub for the latest available package.''<br />
<br />
Login to the App Host and make yourself ''root'':<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
</syntaxhighlight><br />
<br />
Install the package:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
=== Configuring DB Host ===<br />
<br />
Create a file <code>/etc/sahana/dbhost.conf</code>, with the details of the DB Host, so that ''edenctl'' can login there:<br />
<br />
<syntaxhighlight lang="bash" line><br />
DBHOST=<dbhost-private-ip><br />
DBHOST_USER=eden<br />
DBHOST_KEY=/root/.ssh/eden<br />
</syntaxhighlight><br />
<br />
=== Setup with Edenctl ===<br />
<br />
After that, you can set up the Eden instance as usual:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
Eventually, start the Eden instance with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight></div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:DualHost&diff=272Guidelines:DualHost2026-02-04T07:50:36Z<p>Dominic: </p>
<hr />
<div>[[Guidelines:Deployment|All Deployment Guidelines]]<br />
<br />
= Dual Host Setup =<br />
* ''new in Eden-6.2 (not yet released)''<br />
<br />
In certain situations, you may want to deploy Eden with the database on a separate host. Follow these steps for Debian/Linux:<br />
<br />
== Prerequisites and Terminology ==<br />
<br />
This guideline assumes that you have two hosts running on Debian/Linux - we will use the '''App Host''' and '''DB Host''' designations here to distinguish between the two.<br />
<br />
Further, we assume that each host has a '''public IP''' (exposed to the internet) and a '''private IP''' (local network only; in some intranet setups, public IP and private IP may be the same). Make a note of the IPs, like this:<br />
<br />
<pre><br />
apphost-public-ip 000.000.000.000<br />
apphost-private-ip 000.000.000.000<br />
dbhost-public-ip 000.000.000.000<br />
dbhost-private-ip 000.000.000.000<br />
</pre><br />
<br />
...so that you have them readily at hand when walking through this guide. We will use designations like ''<apphost-public-ip>'', for instance, to refer to the public IP of the App Host. In these places, replace the designation with the respective IP address.<br />
<br />
Make sure that you have a '''DNS A-record''' set up for the public IP of the App Host, e.g. in the '''FQDN''' (fully qualified domain name) "eden.example.com", the "eden" part constitutes the '''hostname''', and "example.com" the '''domain'''.<br />
<br />
== Setting Up Eden Account ==<br />
<br />
Login to the DB Host and create a user account for Eden:<br />
<br />
<syntaxhighlight lang="bash"><br />
adduser eden<br />
</syntaxhighlight><br />
<br />
Use <code>visudo</code> to add the following lines to the ''sudoers'' configuration:<br />
<br />
<syntaxhighlight lang="bash"><br />
# User rules for eden<br />
eden ALL=(ALL) NOPASSWD:ALL<br />
</syntaxhighlight><br />
<br />
This will allow Eden to become ''root'' without password.<br />
<br />
== Configuring Key-based Login ==<br />
<br />
On your local machine, generate a new RSA key pair:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh-keygen -t rsa -m PEM -b 4096 -f eden -C "eden"<br />
</syntaxhighlight><br />
<br />
'''''Note:''' Leave the password empty as this key is to be used for script automation''<br />
<br />
This will generate two files, ''eden'' (=private key) and ''eden.pub'' (=public key), in the current directory. Install the public key on the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
cat eden.pub | ssh eden@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</syntaxhighlight><br />
<br />
Copy the private key to the App Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
scp eden admin@<apphost-public-ip>:/tmp<br />
</syntaxhighlight><br />
<br />
Login to the App Host and store the key in a safe location:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
cp /tmp/eden ~/.ssh<br />
chown root.root ~/.ssh/eden<br />
chmod 600 ~/.ssh/eden<br />
</syntaxhighlight><br />
<br />
Verify that you can SSH-login from the App Host to the DB Host (via private IP), as user ''eden'':<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i ~/.ssh/eden eden@<dbhost-private-ip><br />
</syntaxhighlight><br />
<br />
== PostgreSQL ==<br />
<br />
=== Installing PostgreSQL ===<br />
<br />
On the DB Host, make yourself ''root'':<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
</syntaxhighlight><br />
<br />
Then install PostgreSQL and PostGIS:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -y postgresql-17 postgresql-17-postgis-3<br />
</syntaxhighlight><br />
<br />
=== Configuring Host-based Access ===<br />
<br />
You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file <code>/etc/postgresql/17/main/pg_hba.conf</code>, adding the following lines at the end (using the private IP of the App Host):<br />
<br />
<syntaxhighlight lang="bash"><br />
# Eden App Host<br />
host all all <apphost-private-ip>/32 md5<br />
</syntaxhighlight><br />
<br />
'''''Note:''' if your DB Host is behind a firewall, access from this IP/subnet to the port 5432 must be allowed. Adjust your firewall configuration as necessary.''<br />
<br />
Further, you must tell PostgreSQL to listen on the private IP of the DB Host. For that, edit the file <code>/etc/postgresql/17/main/postgresql.conf</code>, and modify the <code>listen_address</code> setting, adding the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="python"><br />
listen_address = '<dbhost-private-ip>,localhost' # what IP address(es) to listen on;<br />
</syntaxhighlight><br />
<br />
Finally, restart PostgreSQL:<br />
<br />
<syntaxhighlight lang="bash"><br />
systemctl restart postgresql<br />
</syntaxhighlight><br />
<br />
Logout from the DB Host, going back to the App Host.<br />
<br />
== Eden ==<br />
<br />
=== Installing Release Package ===<br />
<br />
Copy the Eden DEB-package to the App Host - either using <code>scp</code> from your local machine, or <code>wget</code> to fetch it from GitHub, e.g.:<br />
<br />
<syntaxhighlight lang="bash"><br />
cd /tmp<br />
wget https://github.com/sahana/eden/releases/download/6.2/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
'''''Note:''' The actual location and name of the package depends on the release - check on GitHub for the latest available package.''<br />
<br />
Login to the App Host and make yourself ''root'':<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
</syntaxhighlight><br />
<br />
Install the package:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
=== Configuring DB Host ===<br />
<br />
Create a file <code>/etc/sahana/dbhost.conf</code>, with the details of the DB Host, so that ''edenctl'' can login there:<br />
<br />
<syntaxhighlight lang="bash" line><br />
DBHOST=<dbhost-private-ip><br />
DBHOST_USER=eden<br />
DBHOST_KEY=/root/.ssh/eden<br />
</syntaxhighlight><br />
<br />
=== Setup with Edenctl ===<br />
<br />
After that, you can set up the Eden instance as usual:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
Eventually, start the Eden instance with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight></div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:DualHost&diff=271Guidelines:DualHost2026-02-02T23:26:39Z<p>Dominic: /* Configure Host-based Access */</p>
<hr />
<div>[[Guidelines:Deployment|All Deployment Guidelines]]<br />
<br />
= Dual Host Setup =<br />
* ''new in Eden-6.2 (not yet released)''<br />
<br />
In certain situations, you may want to deploy Eden with the database on a separate host. Follow these steps for Debian/Linux:<br />
<br />
== Prerequisites and Terminology ==<br />
<br />
This guideline assumes that you have two hosts running on Debian/Linux - we will use the '''App Host''' and '''DB Host''' designations here to distinguish between the two.<br />
<br />
Further, we assume that each host has a '''public IP''' (exposed to the internet) and a '''private IP''' (local network only; in some intranet setups, public IP and private IP may be the same). Make a note of the IPs, like this:<br />
<br />
<pre><br />
apphost-public-ip 000.000.000.000<br />
apphost-private-ip 000.000.000.000<br />
dbhost-public-ip 000.000.000.000<br />
dbhost-private-ip 000.000.000.000<br />
</pre><br />
<br />
...so that you have them readily at hand when walking through this guide. We will use designations like ''<apphost-public-ip>'', for instance, to refer to the public IP of the App Host. In these places, replace the designation with the respective IP address.<br />
<br />
Make sure that you have a '''DNS A-record''' set up for the public IP of the App Host, e.g. in the '''FQDN''' (fully qualified domain name) "eden.example.com", the "eden" part constitutes the '''hostname''', and "example.com" the '''domain'''. Make a note of these details, too:<br />
<br />
<pre><br />
FQDN eden.example.com<br />
Hostname eden<br />
Domain example.com<br />
</pre><br />
<br />
This guideline further assumes that you have set up the servers for key-based SSH login (see [[Guidelines:SecureOperation]]) with a non-privileged user account ''serveradm'' (replace this with the actual user name as required).<br />
<br />
== Preparing the Servers ==<br />
<br />
First, we need to setup an additional key pair on the App Host, for ''edenctl'' to login at the DB Host. On your local machine, generate a key pair with:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh-keygen -t rsa -m PEM -b 4096 -C "apphost" -f apphost<br />
</syntaxhighlight><br />
<br />
Leave the password empty, as the private key is to be used by the ''edenctl'' script.<br />
<br />
This will generate two files <code>apphost</code> and <code>apphost.pub</code> in the local directory. Copy the private key (''apphost'') to the App Host, using the private key of the <code>serveradm</code> user:<br />
<br />
<syntaxhighlight lang="bash"><br />
scp -i serveradm apphost serveradm@<apphost-public-ip>:/tmp<br />
</syntaxhighlight><br />
<br />
Install the public key (''apphost.pub'') for the <code>serveradm</code> user on the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
cat apphost.pub | ssh -i serveradm serveradm@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</syntaxhighlight><br />
<br />
Login to the App Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i serveradm serveradm@<apphost-public-ip><br />
</syntaxhighlight><br />
<br />
Make yourself <code>root</code> and move the private key into a secure location:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
mv /tmp/apphost ~/.ssh/apphost<br />
chown root.root ~/.ssh/apphost<br />
chmod 600 ~/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
Now you should be able to login from the App Host to the DB Host using this key and the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i ~/.ssh/apphost serveradm@<dbhost-private-ip><br />
</syntaxhighlight><br />
<br />
== Installing PostgreSQL ==<br />
<br />
On the DB Host, make yourself <code>root</code>:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
</syntaxhighlight><br />
<br />
Then install PostgreSQL and PostGIS:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -y postgresql-17 postgresql-17-postgis-3<br />
</syntaxhighlight><br />
<br />
=== Configure Host-based Access ===<br />
<br />
You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file <code>/etc/postgresql/17/main/pg_hba.conf</code>, adding the following lines at the end (using the private IP of the App Host):<br />
<br />
<syntaxhighlight lang="bash"><br />
# Eden App Host<br />
host all all <apphost-private-ip>/32 md5<br />
</syntaxhighlight><br />
<br />
'''''Note:''' if your DB Host is behind a firewall, access from this IP/subnet to the port 5432 must be allowed. Adjust your firewall configuration as necessary.''<br />
<br />
Further, you must tell PostgreSQL to listen on the private IP of the DB Host. For that, edit the file <code>/etc/postgresql/17/main/postgresql.conf</code>, and modify the <code>listen_address</code> setting, adding the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="python"><br />
listen_address = '<dbhost-private-ip>,localhost' # what IP address(es) to listen on;<br />
</syntaxhighlight><br />
<br />
Finally, restart PostgreSQL:<br />
<br />
<syntaxhighlight lang="bash"><br />
systemctl restart postgresql<br />
</syntaxhighlight><br />
<br />
Logout from the DB Host, going back to the App Host.<br />
<br />
== Setting Up Eden ==<br />
<br />
Copy the Eden DEB-package to the App Host - either using <code>scp</code> from your local machine, or <code>wget</code> to fetch it from GitHub, e.g.:<br />
<br />
<syntaxhighlight lang="bash"><br />
cd /tmp<br />
wget https://github.com/sahana/eden/releases/download/6.2/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
'''''Note:''' The actual location and name of the package depends on the release - check on GitHub for the latest available package.''<br />
<br />
Install the package:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
Create a file <code>/etc/sahana/dbhost.conf</code>, with the details of the DB Host, so that ''edenctl'' can login there:<br />
<br />
<syntaxhighlight lang="bash" line><br />
DBHOST=<dbhost-private-ip><br />
DBHOST_USER=serveradm<br />
DBHOST_KEY=/root/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
After that, you can set up the Eden instance as usual:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
Eventually, start the Eden instance with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight></div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:DualHost&diff=270Guidelines:DualHost2026-02-02T23:24:53Z<p>Dominic: /* Prerequisites and Terminology */</p>
<hr />
<div>[[Guidelines:Deployment|All Deployment Guidelines]]<br />
<br />
= Dual Host Setup =<br />
* ''new in Eden-6.2 (not yet released)''<br />
<br />
In certain situations, you may want to deploy Eden with the database on a separate host. Follow these steps for Debian/Linux:<br />
<br />
== Prerequisites and Terminology ==<br />
<br />
This guideline assumes that you have two hosts running on Debian/Linux - we will use the '''App Host''' and '''DB Host''' designations here to distinguish between the two.<br />
<br />
Further, we assume that each host has a '''public IP''' (exposed to the internet) and a '''private IP''' (local network only; in some intranet setups, public IP and private IP may be the same). Make a note of the IPs, like this:<br />
<br />
<pre><br />
apphost-public-ip 000.000.000.000<br />
apphost-private-ip 000.000.000.000<br />
dbhost-public-ip 000.000.000.000<br />
dbhost-private-ip 000.000.000.000<br />
</pre><br />
<br />
...so that you have them readily at hand when walking through this guide. We will use designations like ''<apphost-public-ip>'', for instance, to refer to the public IP of the App Host. In these places, replace the designation with the respective IP address.<br />
<br />
Make sure that you have a '''DNS A-record''' set up for the public IP of the App Host, e.g. in the '''FQDN''' (fully qualified domain name) "eden.example.com", the "eden" part constitutes the '''hostname''', and "example.com" the '''domain'''. Make a note of these details, too:<br />
<br />
<pre><br />
FQDN eden.example.com<br />
Hostname eden<br />
Domain example.com<br />
</pre><br />
<br />
This guideline further assumes that you have set up the servers for key-based SSH login (see [[Guidelines:SecureOperation]]) with a non-privileged user account ''serveradm'' (replace this with the actual user name as required).<br />
<br />
== Preparing the Servers ==<br />
<br />
First, we need to setup an additional key pair on the App Host, for ''edenctl'' to login at the DB Host. On your local machine, generate a key pair with:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh-keygen -t rsa -m PEM -b 4096 -C "apphost" -f apphost<br />
</syntaxhighlight><br />
<br />
Leave the password empty, as the private key is to be used by the ''edenctl'' script.<br />
<br />
This will generate two files <code>apphost</code> and <code>apphost.pub</code> in the local directory. Copy the private key (''apphost'') to the App Host, using the private key of the <code>serveradm</code> user:<br />
<br />
<syntaxhighlight lang="bash"><br />
scp -i serveradm apphost serveradm@<apphost-public-ip>:/tmp<br />
</syntaxhighlight><br />
<br />
Install the public key (''apphost.pub'') for the <code>serveradm</code> user on the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
cat apphost.pub | ssh -i serveradm serveradm@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</syntaxhighlight><br />
<br />
Login to the App Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i serveradm serveradm@<apphost-public-ip><br />
</syntaxhighlight><br />
<br />
Make yourself <code>root</code> and move the private key into a secure location:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
mv /tmp/apphost ~/.ssh/apphost<br />
chown root.root ~/.ssh/apphost<br />
chmod 600 ~/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
Now you should be able to login from the App Host to the DB Host using this key and the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i ~/.ssh/apphost serveradm@<dbhost-private-ip><br />
</syntaxhighlight><br />
<br />
== Installing PostgreSQL ==<br />
<br />
On the DB Host, make yourself <code>root</code>:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
</syntaxhighlight><br />
<br />
Then install PostgreSQL and PostGIS:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -y postgresql-17 postgresql-17-postgis-3<br />
</syntaxhighlight><br />
<br />
=== Configure Host-based Access ===<br />
<br />
You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file <code>/etc/postgresql/17/main/pg_hba.conf</code>, adding the following lines at the end (using the private IP of the App Host):<br />
<br />
<syntaxhighlight lang="bash"><br />
# Eden App Host<br />
host all all <apphost-private-ip>/32 md5<br />
</syntaxhighlight><br />
<br />
'''''Note:''' if your DB Host is behind a firewall, access from this IP/subnet to the port 5432 must be allowed. Adjust your firewall configuration as necessary.''<br />
<br />
Further, you must tell PostgreSQL to listen on the private IP of the DB Host. For that, edit the file <code>/etc/postgresql/17/main/postgresql.conf</code>, and modify the listen_address setting, adding the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="python"><br />
listen_address = '<dbhost-private-ip>,localhost' # what IP address(es) to listen on;<br />
</syntaxhighlight><br />
<br />
Finally, restart PostgreSQL:<br />
<br />
<syntaxhighlight lang="bash"><br />
systemctl restart postgresql<br />
</syntaxhighlight><br />
<br />
Logout from the DB Host, going back to the App Host.<br />
<br />
== Setting Up Eden ==<br />
<br />
Copy the Eden DEB-package to the App Host - either using <code>scp</code> from your local machine, or <code>wget</code> to fetch it from GitHub, e.g.:<br />
<br />
<syntaxhighlight lang="bash"><br />
cd /tmp<br />
wget https://github.com/sahana/eden/releases/download/6.2/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
'''''Note:''' The actual location and name of the package depends on the release - check on GitHub for the latest available package.''<br />
<br />
Install the package:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
Create a file <code>/etc/sahana/dbhost.conf</code>, with the details of the DB Host, so that ''edenctl'' can login there:<br />
<br />
<syntaxhighlight lang="bash" line><br />
DBHOST=<dbhost-private-ip><br />
DBHOST_USER=serveradm<br />
DBHOST_KEY=/root/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
After that, you can set up the Eden instance as usual:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
Eventually, start the Eden instance with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight></div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:DualHost&diff=269Guidelines:DualHost2026-02-02T23:22:03Z<p>Dominic: /* Prerequisites and Terminology */</p>
<hr />
<div>[[Guidelines:Deployment|All Deployment Guidelines]]<br />
<br />
= Dual Host Setup =<br />
* ''new in Eden-6.2 (not yet released)''<br />
<br />
In certain situations, you may want to deploy Eden with the database on a separate host. Follow these steps for Debian/Linux:<br />
<br />
== Prerequisites and Terminology ==<br />
<br />
This guideline assumes that you have two hosts running on Debian/Linux - we will use the '''App Host''' and '''DB Host''' designations here to distinguish between the two.<br />
<br />
Further, we assume that each host has a '''public IP''' (exposed to the internet) and a '''private IP''' (local network only; in some intranet setups, public IP and private IP may be the same). Make a note of the IPs, like this:<br />
<br />
<pre><br />
apphost-public-ip 000.000.000.000<br />
apphost-private-ip 000.000.000.000<br />
dbhost-public-ip 000.000.000.000<br />
dbhost-private-ip 000.000.000.000<br />
</pre><br />
<br />
...so that you have them readily at hand when walking through this guide. We will use designations like ''<apphost-public-ip>'', for instance, to refer to the public IP of the App Host.<br />
<br />
Make sure that you have a '''DNS A-record''' set up for the public IP of the App Host, e.g. in the '''FQDN''' (fully qualified domain name) "eden.example.com", the "eden" part constitutes the '''hostname''', and "example.com" the '''domain'''. Make a note of these details, too:<br />
<br />
<pre><br />
FQDN eden.example.com<br />
Hostname eden<br />
Domain example.com<br />
</pre><br />
<br />
This guideline further assumes that you have set up the servers for key-based SSH login (see [[Guidelines:SecureOperation]]) with a non-privileged user account ''serveradm'' (replace this with the actual user name as required).<br />
<br />
== Preparing the Servers ==<br />
<br />
First, we need to setup an additional key pair on the App Host, for ''edenctl'' to login at the DB Host. On your local machine, generate a key pair with:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh-keygen -t rsa -m PEM -b 4096 -C "apphost" -f apphost<br />
</syntaxhighlight><br />
<br />
Leave the password empty, as the private key is to be used by the ''edenctl'' script.<br />
<br />
This will generate two files <code>apphost</code> and <code>apphost.pub</code> in the local directory. Copy the private key (''apphost'') to the App Host, using the private key of the <code>serveradm</code> user:<br />
<br />
<syntaxhighlight lang="bash"><br />
scp -i serveradm apphost serveradm@<apphost-public-ip>:/tmp<br />
</syntaxhighlight><br />
<br />
Install the public key (''apphost.pub'') for the <code>serveradm</code> user on the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
cat apphost.pub | ssh -i serveradm serveradm@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</syntaxhighlight><br />
<br />
Login to the App Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i serveradm serveradm@<apphost-public-ip><br />
</syntaxhighlight><br />
<br />
Make yourself <code>root</code> and move the private key into a secure location:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
mv /tmp/apphost ~/.ssh/apphost<br />
chown root.root ~/.ssh/apphost<br />
chmod 600 ~/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
Now you should be able to login from the App Host to the DB Host using this key and the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i ~/.ssh/apphost serveradm@<dbhost-private-ip><br />
</syntaxhighlight><br />
<br />
== Installing PostgreSQL ==<br />
<br />
On the DB Host, make yourself <code>root</code>:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
</syntaxhighlight><br />
<br />
Then install PostgreSQL and PostGIS:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -y postgresql-17 postgresql-17-postgis-3<br />
</syntaxhighlight><br />
<br />
=== Configure Host-based Access ===<br />
<br />
You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file <code>/etc/postgresql/17/main/pg_hba.conf</code>, adding the following lines at the end (using the private IP of the App Host):<br />
<br />
<syntaxhighlight lang="bash"><br />
# Eden App Host<br />
host all all <apphost-private-ip>/32 md5<br />
</syntaxhighlight><br />
<br />
'''''Note:''' if your DB Host is behind a firewall, access from this IP/subnet to the port 5432 must be allowed. Adjust your firewall configuration as necessary.''<br />
<br />
Further, you must tell PostgreSQL to listen on the private IP of the DB Host. For that, edit the file <code>/etc/postgresql/17/main/postgresql.conf</code>, and modify the listen_address setting, adding the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="python"><br />
listen_address = '<dbhost-private-ip>,localhost' # what IP address(es) to listen on;<br />
</syntaxhighlight><br />
<br />
Finally, restart PostgreSQL:<br />
<br />
<syntaxhighlight lang="bash"><br />
systemctl restart postgresql<br />
</syntaxhighlight><br />
<br />
Logout from the DB Host, going back to the App Host.<br />
<br />
== Setting Up Eden ==<br />
<br />
Copy the Eden DEB-package to the App Host - either using <code>scp</code> from your local machine, or <code>wget</code> to fetch it from GitHub, e.g.:<br />
<br />
<syntaxhighlight lang="bash"><br />
cd /tmp<br />
wget https://github.com/sahana/eden/releases/download/6.2/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
'''''Note:''' The actual location and name of the package depends on the release - check on GitHub for the latest available package.''<br />
<br />
Install the package:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
Create a file <code>/etc/sahana/dbhost.conf</code>, with the details of the DB Host, so that ''edenctl'' can login there:<br />
<br />
<syntaxhighlight lang="bash" line><br />
DBHOST=<dbhost-private-ip><br />
DBHOST_USER=serveradm<br />
DBHOST_KEY=/root/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
After that, you can set up the Eden instance as usual:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
Eventually, start the Eden instance with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight></div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:DualHost&diff=268Guidelines:DualHost2026-02-02T23:21:43Z<p>Dominic: /* Prerequisites and Terminology */</p>
<hr />
<div>[[Guidelines:Deployment|All Deployment Guidelines]]<br />
<br />
= Dual Host Setup =<br />
* ''new in Eden-6.2 (not yet released)''<br />
<br />
In certain situations, you may want to deploy Eden with the database on a separate host. Follow these steps for Debian/Linux:<br />
<br />
== Prerequisites and Terminology ==<br />
<br />
This guideline assumes that you have two hosts running on Debian/Linux - we will use the '''App Host''' and '''DB Host''' designations here to distinguish between the two.<br />
<br />
Further, we assume that each host has a '''public IP''' (exposed to the internet) and a '''private IP''' (local network only; in some intranet setups, public IP and private IP may be the same). Make a note of the IPs, like this:<br />
<br />
<pre><br />
apphost-public-ip 000.000.000.000<br />
apphost-private-ip 000.000.000.000<br />
dbhost-public-ip 000.000.000.000<br />
dbhost-private-ip 000.000.000.000<br />
</pre><br />
<br />
...so that you have them readily at hand when walking through this guide. We will use designations like ''<apphost-public-ip>'', for instance, to refer to the public IP of the App Host.<br />
<br />
Make sure that you have a '''DNS A-record''' set up for the public IP of the App Host, e.g. in the '''FQDN''' (fully qualified domain name) "eden.example.com", the "eden" part constitutes the '''hostname''', and "example.com" the '''domain'''. Note these details down:<br />
<br />
<pre><br />
FQDN eden.example.com<br />
Hostname eden<br />
Domain example.com<br />
</pre><br />
<br />
This guideline further assumes that you have set up the servers for key-based SSH login (see [[Guidelines:SecureOperation]]) with a non-privileged user account ''serveradm'' (replace this with the actual user name as required).<br />
<br />
== Preparing the Servers ==<br />
<br />
First, we need to setup an additional key pair on the App Host, for ''edenctl'' to login at the DB Host. On your local machine, generate a key pair with:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh-keygen -t rsa -m PEM -b 4096 -C "apphost" -f apphost<br />
</syntaxhighlight><br />
<br />
Leave the password empty, as the private key is to be used by the ''edenctl'' script.<br />
<br />
This will generate two files <code>apphost</code> and <code>apphost.pub</code> in the local directory. Copy the private key (''apphost'') to the App Host, using the private key of the <code>serveradm</code> user:<br />
<br />
<syntaxhighlight lang="bash"><br />
scp -i serveradm apphost serveradm@<apphost-public-ip>:/tmp<br />
</syntaxhighlight><br />
<br />
Install the public key (''apphost.pub'') for the <code>serveradm</code> user on the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
cat apphost.pub | ssh -i serveradm serveradm@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</syntaxhighlight><br />
<br />
Login to the App Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i serveradm serveradm@<apphost-public-ip><br />
</syntaxhighlight><br />
<br />
Make yourself <code>root</code> and move the private key into a secure location:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
mv /tmp/apphost ~/.ssh/apphost<br />
chown root.root ~/.ssh/apphost<br />
chmod 600 ~/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
Now you should be able to login from the App Host to the DB Host using this key and the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i ~/.ssh/apphost serveradm@<dbhost-private-ip><br />
</syntaxhighlight><br />
<br />
== Installing PostgreSQL ==<br />
<br />
On the DB Host, make yourself <code>root</code>:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
</syntaxhighlight><br />
<br />
Then install PostgreSQL and PostGIS:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -y postgresql-17 postgresql-17-postgis-3<br />
</syntaxhighlight><br />
<br />
=== Configure Host-based Access ===<br />
<br />
You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file <code>/etc/postgresql/17/main/pg_hba.conf</code>, adding the following lines at the end (using the private IP of the App Host):<br />
<br />
<syntaxhighlight lang="bash"><br />
# Eden App Host<br />
host all all <apphost-private-ip>/32 md5<br />
</syntaxhighlight><br />
<br />
'''''Note:''' if your DB Host is behind a firewall, access from this IP/subnet to the port 5432 must be allowed. Adjust your firewall configuration as necessary.''<br />
<br />
Further, you must tell PostgreSQL to listen on the private IP of the DB Host. For that, edit the file <code>/etc/postgresql/17/main/postgresql.conf</code>, and modify the listen_address setting, adding the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="python"><br />
listen_address = '<dbhost-private-ip>,localhost' # what IP address(es) to listen on;<br />
</syntaxhighlight><br />
<br />
Finally, restart PostgreSQL:<br />
<br />
<syntaxhighlight lang="bash"><br />
systemctl restart postgresql<br />
</syntaxhighlight><br />
<br />
Logout from the DB Host, going back to the App Host.<br />
<br />
== Setting Up Eden ==<br />
<br />
Copy the Eden DEB-package to the App Host - either using <code>scp</code> from your local machine, or <code>wget</code> to fetch it from GitHub, e.g.:<br />
<br />
<syntaxhighlight lang="bash"><br />
cd /tmp<br />
wget https://github.com/sahana/eden/releases/download/6.2/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
'''''Note:''' The actual location and name of the package depends on the release - check on GitHub for the latest available package.''<br />
<br />
Install the package:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
Create a file <code>/etc/sahana/dbhost.conf</code>, with the details of the DB Host, so that ''edenctl'' can login there:<br />
<br />
<syntaxhighlight lang="bash" line><br />
DBHOST=<dbhost-private-ip><br />
DBHOST_USER=serveradm<br />
DBHOST_KEY=/root/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
After that, you can set up the Eden instance as usual:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
Eventually, start the Eden instance with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight></div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:DualHost&diff=267Guidelines:DualHost2026-02-02T23:20:09Z<p>Dominic: /* Dual Host Setup */</p>
<hr />
<div>[[Guidelines:Deployment|All Deployment Guidelines]]<br />
<br />
= Dual Host Setup =<br />
* ''new in Eden-6.2 (not yet released)''<br />
<br />
In certain situations, you may want to deploy Eden with the database on a separate host. Follow these steps for Debian/Linux:<br />
<br />
== Prerequisites and Terminology ==<br />
<br />
This guideline assumes that you have two hosts running on Debian/Linux - we will use the '''App Host''' and '''DB Host''' designations here to distinguish between the two.<br />
<br />
Further, we assume that each host has a '''public IP''' (exposed to the internet) and a '''private IP''' (local network only; in some intranet setups, public IP and private IP may be the same). Make a note of the IPs, like this:<br />
<br />
<pre><br />
apphost-public-ip 000.000.000.000<br />
apphost-private-ip 000.000.000.000<br />
dbhost-public-ip 000.000.000.000<br />
dbhost-private-ip 000.000.000.000<br />
</pre><br />
<br />
...so that you have them readily at hand when walking through this guide. We will use designations like ''<apphost-public-ip>'', for instance, to refer to the public IP of the App Host.<br />
<br />
Make sure that you have a '''DNS A-record''' set up for the public IP of the App Host, e.g. in the '''FQDN''' (fully qualified domain name) "eden.example.com", the "eden" part constitutes the '''hostname''', and "example.com" the '''domain''':<br />
<br />
<pre><br />
FQDN eden.example.com<br />
Hostname eden<br />
Domain example.com<br />
</pre><br />
<br />
This guideline further assumes that you have set up the servers for key-based SSH login (see [[Guidelines:SecureOperation]]) with a non-privileged user account ''serveradm'' (replace this with the actual user name as required).<br />
<br />
== Preparing the Servers ==<br />
<br />
First, we need to setup an additional key pair on the App Host, for ''edenctl'' to login at the DB Host. On your local machine, generate a key pair with:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh-keygen -t rsa -m PEM -b 4096 -C "apphost" -f apphost<br />
</syntaxhighlight><br />
<br />
Leave the password empty, as the private key is to be used by the ''edenctl'' script.<br />
<br />
This will generate two files <code>apphost</code> and <code>apphost.pub</code> in the local directory. Copy the private key (''apphost'') to the App Host, using the private key of the <code>serveradm</code> user:<br />
<br />
<syntaxhighlight lang="bash"><br />
scp -i serveradm apphost serveradm@<apphost-public-ip>:/tmp<br />
</syntaxhighlight><br />
<br />
Install the public key (''apphost.pub'') for the <code>serveradm</code> user on the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
cat apphost.pub | ssh -i serveradm serveradm@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</syntaxhighlight><br />
<br />
Login to the App Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i serveradm serveradm@<apphost-public-ip><br />
</syntaxhighlight><br />
<br />
Make yourself <code>root</code> and move the private key into a secure location:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
mv /tmp/apphost ~/.ssh/apphost<br />
chown root.root ~/.ssh/apphost<br />
chmod 600 ~/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
Now you should be able to login from the App Host to the DB Host using this key and the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i ~/.ssh/apphost serveradm@<dbhost-private-ip><br />
</syntaxhighlight><br />
<br />
== Installing PostgreSQL ==<br />
<br />
On the DB Host, make yourself <code>root</code>:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
</syntaxhighlight><br />
<br />
Then install PostgreSQL and PostGIS:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -y postgresql-17 postgresql-17-postgis-3<br />
</syntaxhighlight><br />
<br />
=== Configure Host-based Access ===<br />
<br />
You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file <code>/etc/postgresql/17/main/pg_hba.conf</code>, adding the following lines at the end (using the private IP of the App Host):<br />
<br />
<syntaxhighlight lang="bash"><br />
# Eden App Host<br />
host all all <apphost-private-ip>/32 md5<br />
</syntaxhighlight><br />
<br />
'''''Note:''' if your DB Host is behind a firewall, access from this IP/subnet to the port 5432 must be allowed. Adjust your firewall configuration as necessary.''<br />
<br />
Further, you must tell PostgreSQL to listen on the private IP of the DB Host. For that, edit the file <code>/etc/postgresql/17/main/postgresql.conf</code>, and modify the listen_address setting, adding the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="python"><br />
listen_address = '<dbhost-private-ip>,localhost' # what IP address(es) to listen on;<br />
</syntaxhighlight><br />
<br />
Finally, restart PostgreSQL:<br />
<br />
<syntaxhighlight lang="bash"><br />
systemctl restart postgresql<br />
</syntaxhighlight><br />
<br />
Logout from the DB Host, going back to the App Host.<br />
<br />
== Setting Up Eden ==<br />
<br />
Copy the Eden DEB-package to the App Host - either using <code>scp</code> from your local machine, or <code>wget</code> to fetch it from GitHub, e.g.:<br />
<br />
<syntaxhighlight lang="bash"><br />
cd /tmp<br />
wget https://github.com/sahana/eden/releases/download/6.2/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
'''''Note:''' The actual location and name of the package depends on the release - check on GitHub for the latest available package.''<br />
<br />
Install the package:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
Create a file <code>/etc/sahana/dbhost.conf</code>, with the details of the DB Host, so that ''edenctl'' can login there:<br />
<br />
<syntaxhighlight lang="bash" line><br />
DBHOST=<dbhost-private-ip><br />
DBHOST_USER=serveradm<br />
DBHOST_KEY=/root/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
After that, you can set up the Eden instance as usual:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
Eventually, start the Eden instance with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight></div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:DualHost&diff=266Guidelines:DualHost2026-02-02T23:18:42Z<p>Dominic: /* Configure Host-based Access */</p>
<hr />
<div>[[Guidelines:Deployment|All Deployment Guidelines]]<br />
<br />
= Dual Host Setup =<br />
* ''new in Eden-6.2 (not yet released)''<br />
<br />
In certain situations, you may want to deploy Eden with a database on a separate host. Follow these steps for Debian/Linux:<br />
<br />
== Prerequisites and Terminology ==<br />
<br />
This guideline assumes that you have two hosts running on Debian/Linux - we will use the '''App Host''' and '''DB Host''' designations here to distinguish between the two.<br />
<br />
Further, we assume that each host has a '''public IP''' (exposed to the internet) and a '''private IP''' (local network only; in some intranet setups, public IP and private IP may be the same). Make a note of the IPs, like this:<br />
<br />
<pre><br />
apphost-public-ip 000.000.000.000<br />
apphost-private-ip 000.000.000.000<br />
dbhost-public-ip 000.000.000.000<br />
dbhost-private-ip 000.000.000.000<br />
</pre><br />
<br />
...so that you have them readily at hand when walking through this guide. We will use designations like ''<apphost-public-ip>'', for instance, to refer to the public IP of the App Host.<br />
<br />
Make sure that you have a '''DNS A-record''' set up for the public IP of the App Host, e.g. in the '''FQDN''' (fully qualified domain name) "eden.example.com", the "eden" part constitutes the '''hostname''', and "example.com" the '''domain''':<br />
<br />
<pre><br />
FQDN eden.example.com<br />
Hostname eden<br />
Domain example.com<br />
</pre><br />
<br />
This guideline further assumes that you have set up the servers for key-based SSH login (see [[Guidelines:SecureOperation]]) with a non-privileged user account ''serveradm'' (replace this with the actual user name as required).<br />
<br />
== Preparing the Servers ==<br />
<br />
First, we need to setup an additional key pair on the App Host, for ''edenctl'' to login at the DB Host. On your local machine, generate a key pair with:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh-keygen -t rsa -m PEM -b 4096 -C "apphost" -f apphost<br />
</syntaxhighlight><br />
<br />
Leave the password empty, as the private key is to be used by the ''edenctl'' script.<br />
<br />
This will generate two files <code>apphost</code> and <code>apphost.pub</code> in the local directory. Copy the private key (''apphost'') to the App Host, using the private key of the <code>serveradm</code> user:<br />
<br />
<syntaxhighlight lang="bash"><br />
scp -i serveradm apphost serveradm@<apphost-public-ip>:/tmp<br />
</syntaxhighlight><br />
<br />
Install the public key (''apphost.pub'') for the <code>serveradm</code> user on the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
cat apphost.pub | ssh -i serveradm serveradm@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</syntaxhighlight><br />
<br />
Login to the App Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i serveradm serveradm@<apphost-public-ip><br />
</syntaxhighlight><br />
<br />
Make yourself <code>root</code> and move the private key into a secure location:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
mv /tmp/apphost ~/.ssh/apphost<br />
chown root.root ~/.ssh/apphost<br />
chmod 600 ~/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
Now you should be able to login from the App Host to the DB Host using this key and the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i ~/.ssh/apphost serveradm@<dbhost-private-ip><br />
</syntaxhighlight><br />
<br />
== Installing PostgreSQL ==<br />
<br />
On the DB Host, make yourself <code>root</code>:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
</syntaxhighlight><br />
<br />
Then install PostgreSQL and PostGIS:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -y postgresql-17 postgresql-17-postgis-3<br />
</syntaxhighlight><br />
<br />
=== Configure Host-based Access ===<br />
<br />
You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file <code>/etc/postgresql/17/main/pg_hba.conf</code>, adding the following lines at the end (using the private IP of the App Host):<br />
<br />
<syntaxhighlight lang="bash"><br />
# Eden App Host<br />
host all all <apphost-private-ip>/32 md5<br />
</syntaxhighlight><br />
<br />
'''''Note:''' if your DB Host is behind a firewall, access from this IP/subnet to the port 5432 must be allowed. Adjust your firewall configuration as necessary.''<br />
<br />
Further, you must tell PostgreSQL to listen on the private IP of the DB Host. For that, edit the file <code>/etc/postgresql/17/main/postgresql.conf</code>, and modify the listen_address setting, adding the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="python"><br />
listen_address = '<dbhost-private-ip>,localhost' # what IP address(es) to listen on;<br />
</syntaxhighlight><br />
<br />
Finally, restart PostgreSQL:<br />
<br />
<syntaxhighlight lang="bash"><br />
systemctl restart postgresql<br />
</syntaxhighlight><br />
<br />
Logout from the DB Host, going back to the App Host.<br />
<br />
== Setting Up Eden ==<br />
<br />
Copy the Eden DEB-package to the App Host - either using <code>scp</code> from your local machine, or <code>wget</code> to fetch it from GitHub, e.g.:<br />
<br />
<syntaxhighlight lang="bash"><br />
cd /tmp<br />
wget https://github.com/sahana/eden/releases/download/6.2/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
'''''Note:''' The actual location and name of the package depends on the release - check on GitHub for the latest available package.''<br />
<br />
Install the package:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
Create a file <code>/etc/sahana/dbhost.conf</code>, with the details of the DB Host, so that ''edenctl'' can login there:<br />
<br />
<syntaxhighlight lang="bash" line><br />
DBHOST=<dbhost-private-ip><br />
DBHOST_USER=serveradm<br />
DBHOST_KEY=/root/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
After that, you can set up the Eden instance as usual:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
Eventually, start the Eden instance with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight></div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:DualHost&diff=265Guidelines:DualHost2026-02-02T23:13:38Z<p>Dominic: /* Dual Host Setup */</p>
<hr />
<div>[[Guidelines:Deployment|All Deployment Guidelines]]<br />
<br />
= Dual Host Setup =<br />
* ''new in Eden-6.2 (not yet released)''<br />
<br />
In certain situations, you may want to deploy Eden with a database on a separate host. Follow these steps for Debian/Linux:<br />
<br />
== Prerequisites and Terminology ==<br />
<br />
This guideline assumes that you have two hosts running on Debian/Linux - we will use the '''App Host''' and '''DB Host''' designations here to distinguish between the two.<br />
<br />
Further, we assume that each host has a '''public IP''' (exposed to the internet) and a '''private IP''' (local network only; in some intranet setups, public IP and private IP may be the same). Make a note of the IPs, like this:<br />
<br />
<pre><br />
apphost-public-ip 000.000.000.000<br />
apphost-private-ip 000.000.000.000<br />
dbhost-public-ip 000.000.000.000<br />
dbhost-private-ip 000.000.000.000<br />
</pre><br />
<br />
...so that you have them readily at hand when walking through this guide. We will use designations like ''<apphost-public-ip>'', for instance, to refer to the public IP of the App Host.<br />
<br />
Make sure that you have a '''DNS A-record''' set up for the public IP of the App Host, e.g. in the '''FQDN''' (fully qualified domain name) "eden.example.com", the "eden" part constitutes the '''hostname''', and "example.com" the '''domain''':<br />
<br />
<pre><br />
FQDN eden.example.com<br />
Hostname eden<br />
Domain example.com<br />
</pre><br />
<br />
This guideline further assumes that you have set up the servers for key-based SSH login (see [[Guidelines:SecureOperation]]) with a non-privileged user account ''serveradm'' (replace this with the actual user name as required).<br />
<br />
== Preparing the Servers ==<br />
<br />
First, we need to setup an additional key pair on the App Host, for ''edenctl'' to login at the DB Host. On your local machine, generate a key pair with:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh-keygen -t rsa -m PEM -b 4096 -C "apphost" -f apphost<br />
</syntaxhighlight><br />
<br />
Leave the password empty, as the private key is to be used by the ''edenctl'' script.<br />
<br />
This will generate two files <code>apphost</code> and <code>apphost.pub</code> in the local directory. Copy the private key (''apphost'') to the App Host, using the private key of the <code>serveradm</code> user:<br />
<br />
<syntaxhighlight lang="bash"><br />
scp -i serveradm apphost serveradm@<apphost-public-ip>:/tmp<br />
</syntaxhighlight><br />
<br />
Install the public key (''apphost.pub'') for the <code>serveradm</code> user on the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
cat apphost.pub | ssh -i serveradm serveradm@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</syntaxhighlight><br />
<br />
Login to the App Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i serveradm serveradm@<apphost-public-ip><br />
</syntaxhighlight><br />
<br />
Make yourself <code>root</code> and move the private key into a secure location:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
mv /tmp/apphost ~/.ssh/apphost<br />
chown root.root ~/.ssh/apphost<br />
chmod 600 ~/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
Now you should be able to login from the App Host to the DB Host using this key and the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i ~/.ssh/apphost serveradm@<dbhost-private-ip><br />
</syntaxhighlight><br />
<br />
== Installing PostgreSQL ==<br />
<br />
On the DB Host, make yourself <code>root</code>:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
</syntaxhighlight><br />
<br />
Then install PostgreSQL and PostGIS:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -y postgresql-17 postgresql-17-postgis-3<br />
</syntaxhighlight><br />
<br />
=== Configure Host-based Access ===<br />
<br />
You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file <code>/etc/postgresql/17/main/pg_hba.conf</code>, adding the following lines at the end (using the private IP of the App Host):<br />
<br />
<syntaxhighlight lang="bash"><br />
# Eden App Host<br />
host all all <apphost-private-ip>/32 md5<br />
</syntaxhighlight><br />
<br />
'''''Note:''' if your DB Host is behind a firewall, access from this IP/subnet to the port 5432 must be allowed. Adjust your firewall configuration as necessary.''<br />
<br />
Further, you must tell PostgreSQL to listen on the private IP of the DB Host. For that, edit the file <code>/etc/postgresql/17/main/postgresql.conf</code>, and modify the listen_addresses setting, adding the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="python"><br />
listen_address = '<dbhost-private-ip>,localhost' # what IP address(es) to listen on;<br />
</syntaxhighlight><br />
<br />
Finally, restart PostgreSQL:<br />
<br />
<syntaxhighlight lang="bash"><br />
systemctl restart postgresql<br />
</syntaxhighlight><br />
<br />
Logout from the DB Host, going back to the App Host.<br />
<br />
== Setting Up Eden ==<br />
<br />
Copy the Eden DEB-package to the App Host - either using <code>scp</code> from your local machine, or <code>wget</code> to fetch it from GitHub, e.g.:<br />
<br />
<syntaxhighlight lang="bash"><br />
cd /tmp<br />
wget https://github.com/sahana/eden/releases/download/6.2/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
'''''Note:''' The actual location and name of the package depends on the release - check on GitHub for the latest available package.''<br />
<br />
Install the package:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
Create a file <code>/etc/sahana/dbhost.conf</code>, with the details of the DB Host, so that ''edenctl'' can login there:<br />
<br />
<syntaxhighlight lang="bash" line><br />
DBHOST=<dbhost-private-ip><br />
DBHOST_USER=serveradm<br />
DBHOST_KEY=/root/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
After that, you can set up the Eden instance as usual:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
Eventually, start the Eden instance with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight></div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:Edenctl&diff=264Guidelines:Edenctl2026-02-02T23:12:44Z<p>Dominic: /* Server Administration with Edenctl */</p>
<hr />
<div>[[Guidelines:Deployment|All Deployment Guidelines]]<br />
<br />
= Server Administration with Edenctl =<br />
<br />
The '''edenctl''' tool is a ''bash'' script for Eden server administration on '''Debian/Linux''' that comes with the DEB-Packages of the Eden release. The general usage of this script is (as root user):<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl [command] [parameters]<br />
</syntaxhighlight><br />
<br />
=== Commands Overview ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Command !! Explanation !! Comments<br />
|-<br />
| setup || Set up a newly installed Eden instance ||<br />
|-<br />
| teardown || Undo a completed setup ||<br />
|-<br />
| start || Start the web interface || <br />
|-<br />
| stop || Stop the web interface || <br />
|-<br />
| shell || Open a Python shell in the web2py+Eden environment || <br />
|-<br />
| run || Run a Python script in the web2py+Eden environment || <br />
|-<br />
| clean || Reset the Eden instance || <br />
|-<br />
| pull || Update Eden from GitHub || new in Eden-6.1<br />
|-<br />
| template || Switch to another configuration template || new in Eden-6.2 (not yet released)<br />
|-<br />
| compile || (Re-)compile models, controllers and views || <br />
|}<br />
<br />
== Setup and Teardown ==<br />
<br />
To set up a newly installed Eden, run:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
This will run you step-by-step through the setup process. Enter your server details as prompted for (or click enter to accept the default value as shown in square brackets).<br />
<br />
'''''Note:''' The '''setup''' command will not work if the Eden instance has already been set up. To make changes in an already-configured instance, you must edit the configuration files manually.''<br />
<br />
Once completed, you can undo the setup with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl teardown<br />
</syntaxhighlight><br />
<br />
'''''Note:''' The '''teardown''' command will not drop the Eden database - this must be done manually.''<br />
<br />
== Start and Stop ==<br />
<br />
After the setup, you can start the Eden web interface using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight><br />
<br />
To stop the Eden web interface and thereby prevent user access, run:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl stop<br />
</syntaxhighlight><br />
<br />
'''''Note:''' the front-end web server is always running, so that it can deliver a maintenance info-page to the web user if Eden is not active - the '''start''' and '''stop''' commands only start/stop the uWSGI daemon.''<br />
<br />
== Pull ==<br />
<br />
It is possible to upgrade your Eden instance directly from GitHub, using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl pull<br />
</syntaxhighlight><br />
<br />
'''''Note:''' It can be necessary to perform certain database migrations after the '''pull''' for Eden to work correctly - always check the release for migration advice.''<br />
<br />
== Shell ==<br />
<br />
To open a Python shell in the web2py+Eden environment, you can use:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl shell<br />
</syntaxhighlight><br />
<br />
== Running Scripts ==<br />
<br />
To run a Python script in the web2py+Eden shell, use:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl run /path/to/script.py<br />
</syntaxhighlight><br />
<br />
== Clean ==<br />
<br />
You can reset the Eden database using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl clean<br />
</syntaxhighlight><br />
<br />
This will remove all data from the database, and perform a fresh '''first run'''.<br />
<br />
'''''Note:''' This operation is primarily intended for demos, and not recommended for production servers.''<br />
<br />
== Switching Templates ==<br />
<br />
* ''new in Eden-6.2 (not yet released)''<br />
<br />
You can switch to a different template using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl template "TEMPLATE"<br />
</syntaxhighlight><br />
<br />
Instead of a single template, you can also specify a template cascade as a comma-separated list of templates:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl template "TEMPLATE,TEMPLATE.SUB,TEMPLATE.SUB.Demo"<br />
</syntaxhighlight><br />
<br />
'''''Note:''' After switching templates, you need to reset the instance using <code>edenctl clean</code>.''</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:Edenctl&diff=263Guidelines:Edenctl2026-02-02T20:22:11Z<p>Dominic: /* Server Administration with Edenctl */</p>
<hr />
<div>[[Guidelines:Deployment|All Deployment Guidelines]]<br />
<br />
= Server Administration with Edenctl =<br />
<br />
The '''edenctl''' tool is a ''bash'' script for Eden server administration on '''Debian/Linux''' that comes with the DEB-Packages of the Eden release. The general usage of this script is (as root user):<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl [command] [parameters]<br />
</syntaxhighlight><br />
<br />
=== Commands Overview ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Command !! Explanation !! Comments<br />
|-<br />
| setup || Set up a newly installed Eden instance ||<br />
|-<br />
| teardown || Undo a completed setup ||<br />
|-<br />
| start || Start the web interface || <br />
|-<br />
| stop || Stop the web interface || <br />
|-<br />
| shell || Open a Python shell in the web2py+Eden environment || <br />
|-<br />
| run || Run a Python script in the web2py+Eden environment || <br />
|-<br />
| clean || Reset the Eden instance || <br />
|-<br />
| template || Switch to another configuration template || <br />
|-<br />
| compile || (Re-)compile models, controllers and views || <br />
|}<br />
<br />
== Setup and Teardown ==<br />
<br />
To set up a newly installed Eden, run:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
This will run you step-by-step through the setup process. Enter your server details as prompted for (or click enter to accept the default value as shown in square brackets).<br />
<br />
'''''Note:''' The '''setup''' command will not work if the Eden instance has already been set up. To make changes in an already-configured instance, you must edit the configuration files manually.''<br />
<br />
Once completed, you can undo the setup with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl teardown<br />
</syntaxhighlight><br />
<br />
'''''Note:''' The '''teardown''' command will not drop the Eden database - this must be done manually.''<br />
<br />
== Start and Stop ==<br />
<br />
After the setup, you can start the Eden web interface using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight><br />
<br />
To stop the Eden web interface and thereby prevent user access, run:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl stop<br />
</syntaxhighlight><br />
<br />
'''''Note:''' the front-end web server is always running, so that it can deliver a maintenance info-page to the web user if Eden is not active - the '''start''' and '''stop''' commands only start/stop the uWSGI daemon.''<br />
<br />
== Pull ==<br />
<br />
It is possible to upgrade your Eden instance directly from GitHub, using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl pull<br />
</syntaxhighlight><br />
<br />
'''''Note:''' It can be necessary to perform certain database migrations after the '''pull''' for Eden to work correctly - always check the release for migration advice.''<br />
<br />
== Shell ==<br />
<br />
To open a Python shell in the web2py+Eden environment, you can use:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl shell<br />
</syntaxhighlight><br />
<br />
== Running Scripts ==<br />
<br />
To run a Python script in the web2py+Eden shell, use:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl run /path/to/script.py<br />
</syntaxhighlight><br />
<br />
== Clean ==<br />
<br />
You can reset the Eden database using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl clean<br />
</syntaxhighlight><br />
<br />
This will remove all data from the database, and perform a fresh '''first run'''.<br />
<br />
'''''Note:''' This operation is primarily intended for demos, and not recommended for production servers.''<br />
<br />
== Switching Templates ==<br />
<br />
You can switch to a different template using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl template "TEMPLATE"<br />
</syntaxhighlight><br />
<br />
Instead of a single template, you can also specify a template cascade as a comma-separated list of templates:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl template "TEMPLATE,TEMPLATE.SUB,TEMPLATE.SUB.Demo"<br />
</syntaxhighlight><br />
<br />
'''''Note:''' After switching templates, you need to reset the instance using <code>edenctl clean</code>.''</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:Edenctl&diff=262Guidelines:Edenctl2026-02-02T20:21:22Z<p>Dominic: </p>
<hr />
<div>[[Guidelines:Deployment|All Deployment Guidelines]]<br />
<br />
= Server Administration with Edenctl =<br />
<br />
The '''edenctl''' tool is a ''bash'' script for Eden server administration on '''Debian/Linux'''. The general usage of this script is (as root user):<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl [command] [parameters]<br />
</syntaxhighlight><br />
<br />
=== Commands Overview ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Command !! Explanation !! Comments<br />
|-<br />
| setup || Set up a newly installed Eden instance ||<br />
|-<br />
| teardown || Undo a completed setup ||<br />
|-<br />
| start || Start the web interface || <br />
|-<br />
| stop || Stop the web interface || <br />
|-<br />
| shell || Open a Python shell in the web2py+Eden environment || <br />
|-<br />
| run || Run a Python script in the web2py+Eden environment || <br />
|-<br />
| clean || Reset the Eden instance || <br />
|-<br />
| template || Switch to another configuration template || <br />
|-<br />
| compile || (Re-)compile models, controllers and views || <br />
|}<br />
<br />
== Setup and Teardown ==<br />
<br />
To set up a newly installed Eden, run:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
This will run you step-by-step through the setup process. Enter your server details as prompted for (or click enter to accept the default value as shown in square brackets).<br />
<br />
'''''Note:''' The '''setup''' command will not work if the Eden instance has already been set up. To make changes in an already-configured instance, you must edit the configuration files manually.''<br />
<br />
Once completed, you can undo the setup with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl teardown<br />
</syntaxhighlight><br />
<br />
'''''Note:''' The '''teardown''' command will not drop the Eden database - this must be done manually.''<br />
<br />
== Start and Stop ==<br />
<br />
After the setup, you can start the Eden web interface using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight><br />
<br />
To stop the Eden web interface and thereby prevent user access, run:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl stop<br />
</syntaxhighlight><br />
<br />
'''''Note:''' the front-end web server is always running, so that it can deliver a maintenance info-page to the web user if Eden is not active - the '''start''' and '''stop''' commands only start/stop the uWSGI daemon.''<br />
<br />
== Pull ==<br />
<br />
It is possible to upgrade your Eden instance directly from GitHub, using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl pull<br />
</syntaxhighlight><br />
<br />
'''''Note:''' It can be necessary to perform certain database migrations after the '''pull''' for Eden to work correctly - always check the release for migration advice.''<br />
<br />
== Shell ==<br />
<br />
To open a Python shell in the web2py+Eden environment, you can use:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl shell<br />
</syntaxhighlight><br />
<br />
== Running Scripts ==<br />
<br />
To run a Python script in the web2py+Eden shell, use:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl run /path/to/script.py<br />
</syntaxhighlight><br />
<br />
== Clean ==<br />
<br />
You can reset the Eden database using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl clean<br />
</syntaxhighlight><br />
<br />
This will remove all data from the database, and perform a fresh '''first run'''.<br />
<br />
'''''Note:''' This operation is primarily intended for demos, and not recommended for production servers.''<br />
<br />
== Switching Templates ==<br />
<br />
You can switch to a different template using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl template "TEMPLATE"<br />
</syntaxhighlight><br />
<br />
Instead of a single template, you can also specify a template cascade as a comma-separated list of templates:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl template "TEMPLATE,TEMPLATE.SUB,TEMPLATE.SUB.Demo"<br />
</syntaxhighlight><br />
<br />
'''''Note:''' After switching templates, you need to reset the instance using <code>edenctl clean</code>.''</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:Edenctl&diff=261Guidelines:Edenctl2026-02-02T20:20:59Z<p>Dominic: /* Start and Stop */</p>
<hr />
<div>= Server Administration with Edenctl =<br />
<br />
The '''edenctl''' tool is a ''bash'' script for Eden server administration on '''Debian/Linux'''. The general usage of this script is (as root user):<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl [command] [parameters]<br />
</syntaxhighlight><br />
<br />
=== Commands Overview ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Command !! Explanation !! Comments<br />
|-<br />
| setup || Set up a newly installed Eden instance ||<br />
|-<br />
| teardown || Undo a completed setup ||<br />
|-<br />
| start || Start the web interface || <br />
|-<br />
| stop || Stop the web interface || <br />
|-<br />
| shell || Open a Python shell in the web2py+Eden environment || <br />
|-<br />
| run || Run a Python script in the web2py+Eden environment || <br />
|-<br />
| clean || Reset the Eden instance || <br />
|-<br />
| template || Switch to another configuration template || <br />
|-<br />
| compile || (Re-)compile models, controllers and views || <br />
|}<br />
<br />
== Setup and Teardown ==<br />
<br />
To set up a newly installed Eden, run:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
This will run you step-by-step through the setup process. Enter your server details as prompted for (or click enter to accept the default value as shown in square brackets).<br />
<br />
'''''Note:''' The '''setup''' command will not work if the Eden instance has already been set up. To make changes in an already-configured instance, you must edit the configuration files manually.''<br />
<br />
Once completed, you can undo the setup with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl teardown<br />
</syntaxhighlight><br />
<br />
'''''Note:''' The '''teardown''' command will not drop the Eden database - this must be done manually.''<br />
<br />
== Start and Stop ==<br />
<br />
After the setup, you can start the Eden web interface using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight><br />
<br />
To stop the Eden web interface and thereby prevent user access, run:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl stop<br />
</syntaxhighlight><br />
<br />
'''''Note:''' the front-end web server is always running, so that it can deliver a maintenance info-page to the web user if Eden is not active - the '''start''' and '''stop''' commands only start/stop the uWSGI daemon.''<br />
<br />
== Pull ==<br />
<br />
It is possible to upgrade your Eden instance directly from GitHub, using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl pull<br />
</syntaxhighlight><br />
<br />
'''''Note:''' It can be necessary to perform certain database migrations after the '''pull''' for Eden to work correctly - always check the release for migration advice.''<br />
<br />
== Shell ==<br />
<br />
To open a Python shell in the web2py+Eden environment, you can use:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl shell<br />
</syntaxhighlight><br />
<br />
== Running Scripts ==<br />
<br />
To run a Python script in the web2py+Eden shell, use:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl run /path/to/script.py<br />
</syntaxhighlight><br />
<br />
== Clean ==<br />
<br />
You can reset the Eden database using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl clean<br />
</syntaxhighlight><br />
<br />
This will remove all data from the database, and perform a fresh '''first run'''.<br />
<br />
'''''Note:''' This operation is primarily intended for demos, and not recommended for production servers.''<br />
<br />
== Switching Templates ==<br />
<br />
You can switch to a different template using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl template "TEMPLATE"<br />
</syntaxhighlight><br />
<br />
Instead of a single template, you can also specify a template cascade as a comma-separated list of templates:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl template "TEMPLATE,TEMPLATE.SUB,TEMPLATE.SUB.Demo"<br />
</syntaxhighlight><br />
<br />
'''''Note:''' After switching templates, you need to reset the instance using <code>edenctl clean</code>.''</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:Edenctl&diff=260Guidelines:Edenctl2026-02-02T20:20:05Z<p>Dominic: /* Setup and Teardown */</p>
<hr />
<div>= Server Administration with Edenctl =<br />
<br />
The '''edenctl''' tool is a ''bash'' script for Eden server administration on '''Debian/Linux'''. The general usage of this script is (as root user):<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl [command] [parameters]<br />
</syntaxhighlight><br />
<br />
=== Commands Overview ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Command !! Explanation !! Comments<br />
|-<br />
| setup || Set up a newly installed Eden instance ||<br />
|-<br />
| teardown || Undo a completed setup ||<br />
|-<br />
| start || Start the web interface || <br />
|-<br />
| stop || Stop the web interface || <br />
|-<br />
| shell || Open a Python shell in the web2py+Eden environment || <br />
|-<br />
| run || Run a Python script in the web2py+Eden environment || <br />
|-<br />
| clean || Reset the Eden instance || <br />
|-<br />
| template || Switch to another configuration template || <br />
|-<br />
| compile || (Re-)compile models, controllers and views || <br />
|}<br />
<br />
== Setup and Teardown ==<br />
<br />
To set up a newly installed Eden, run:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
This will run you step-by-step through the setup process. Enter your server details as prompted for (or click enter to accept the default value as shown in square brackets).<br />
<br />
'''''Note:''' The '''setup''' command will not work if the Eden instance has already been set up. To make changes in an already-configured instance, you must edit the configuration files manually.''<br />
<br />
Once completed, you can undo the setup with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl teardown<br />
</syntaxhighlight><br />
<br />
'''''Note:''' The '''teardown''' command will not drop the Eden database - this must be done manually.''<br />
<br />
== Start and Stop ==<br />
<br />
After the setup, you can start the Eden application using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight><br />
<br />
To stop the Eden application and prevent user access, run:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl stop<br />
</syntaxhighlight><br />
<br />
'''''Note:''' the front-end web server is always running, so that it can deliver a maintenance info-page to the user if Eden is not active - the '''start''' and '''stop''' commands only start/stop the uWSGI daemon.''<br />
<br />
== Pull ==<br />
<br />
It is possible to upgrade your Eden instance directly from GitHub, using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl pull<br />
</syntaxhighlight><br />
<br />
'''''Note:''' It can be necessary to perform certain database migrations after the '''pull''' for Eden to work correctly - always check the release for migration advice.''<br />
<br />
== Shell ==<br />
<br />
To open a Python shell in the web2py+Eden environment, you can use:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl shell<br />
</syntaxhighlight><br />
<br />
== Running Scripts ==<br />
<br />
To run a Python script in the web2py+Eden shell, use:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl run /path/to/script.py<br />
</syntaxhighlight><br />
<br />
== Clean ==<br />
<br />
You can reset the Eden database using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl clean<br />
</syntaxhighlight><br />
<br />
This will remove all data from the database, and perform a fresh '''first run'''.<br />
<br />
'''''Note:''' This operation is primarily intended for demos, and not recommended for production servers.''<br />
<br />
== Switching Templates ==<br />
<br />
You can switch to a different template using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl template "TEMPLATE"<br />
</syntaxhighlight><br />
<br />
Instead of a single template, you can also specify a template cascade as a comma-separated list of templates:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl template "TEMPLATE,TEMPLATE.SUB,TEMPLATE.SUB.Demo"<br />
</syntaxhighlight><br />
<br />
'''''Note:''' After switching templates, you need to reset the instance using <code>edenctl clean</code>.''</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:Edenctl&diff=259Guidelines:Edenctl2026-02-02T20:19:43Z<p>Dominic: /* Setup and Teardown */</p>
<hr />
<div>= Server Administration with Edenctl =<br />
<br />
The '''edenctl''' tool is a ''bash'' script for Eden server administration on '''Debian/Linux'''. The general usage of this script is (as root user):<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl [command] [parameters]<br />
</syntaxhighlight><br />
<br />
=== Commands Overview ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Command !! Explanation !! Comments<br />
|-<br />
| setup || Set up a newly installed Eden instance ||<br />
|-<br />
| teardown || Undo a completed setup ||<br />
|-<br />
| start || Start the web interface || <br />
|-<br />
| stop || Stop the web interface || <br />
|-<br />
| shell || Open a Python shell in the web2py+Eden environment || <br />
|-<br />
| run || Run a Python script in the web2py+Eden environment || <br />
|-<br />
| clean || Reset the Eden instance || <br />
|-<br />
| template || Switch to another configuration template || <br />
|-<br />
| compile || (Re-)compile models, controllers and views || <br />
|}<br />
<br />
== Setup and Teardown ==<br />
<br />
To set up a newly installed Eden, run:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
This will run you step-by-step through the setup process. Enter your server details as prompted for (or click enter to accept the default value as shown in square brackets).<br />
<br />
'''''Note:''' The setup command will not work if the Eden instance has already been set up. To make changes in an already-configured instance, you must edit the configuration files manually.''<br />
<br />
Once completed, you can undo the setup with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl teardown<br />
</syntaxhighlight><br />
<br />
'''''Note:''' The teardown command will not drop the Eden database - this must be done manually.''<br />
<br />
== Start and Stop ==<br />
<br />
After the setup, you can start the Eden application using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight><br />
<br />
To stop the Eden application and prevent user access, run:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl stop<br />
</syntaxhighlight><br />
<br />
'''''Note:''' the front-end web server is always running, so that it can deliver a maintenance info-page to the user if Eden is not active - the '''start''' and '''stop''' commands only start/stop the uWSGI daemon.''<br />
<br />
== Pull ==<br />
<br />
It is possible to upgrade your Eden instance directly from GitHub, using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl pull<br />
</syntaxhighlight><br />
<br />
'''''Note:''' It can be necessary to perform certain database migrations after the '''pull''' for Eden to work correctly - always check the release for migration advice.''<br />
<br />
== Shell ==<br />
<br />
To open a Python shell in the web2py+Eden environment, you can use:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl shell<br />
</syntaxhighlight><br />
<br />
== Running Scripts ==<br />
<br />
To run a Python script in the web2py+Eden shell, use:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl run /path/to/script.py<br />
</syntaxhighlight><br />
<br />
== Clean ==<br />
<br />
You can reset the Eden database using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl clean<br />
</syntaxhighlight><br />
<br />
This will remove all data from the database, and perform a fresh '''first run'''.<br />
<br />
'''''Note:''' This operation is primarily intended for demos, and not recommended for production servers.''<br />
<br />
== Switching Templates ==<br />
<br />
You can switch to a different template using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl template "TEMPLATE"<br />
</syntaxhighlight><br />
<br />
Instead of a single template, you can also specify a template cascade as a comma-separated list of templates:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl template "TEMPLATE,TEMPLATE.SUB,TEMPLATE.SUB.Demo"<br />
</syntaxhighlight><br />
<br />
'''''Note:''' After switching templates, you need to reset the instance using <code>edenctl clean</code>.''</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:Edenctl&diff=258Guidelines:Edenctl2026-02-02T20:17:15Z<p>Dominic: /* Setup and Teardown */</p>
<hr />
<div>= Server Administration with Edenctl =<br />
<br />
The '''edenctl''' tool is a ''bash'' script for Eden server administration on '''Debian/Linux'''. The general usage of this script is (as root user):<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl [command] [parameters]<br />
</syntaxhighlight><br />
<br />
=== Commands Overview ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Command !! Explanation !! Comments<br />
|-<br />
| setup || Set up a newly installed Eden instance ||<br />
|-<br />
| teardown || Undo a completed setup ||<br />
|-<br />
| start || Start the web interface || <br />
|-<br />
| stop || Stop the web interface || <br />
|-<br />
| shell || Open a Python shell in the web2py+Eden environment || <br />
|-<br />
| run || Run a Python script in the web2py+Eden environment || <br />
|-<br />
| clean || Reset the Eden instance || <br />
|-<br />
| template || Switch to another configuration template || <br />
|-<br />
| compile || (Re-)compile models, controllers and views || <br />
|}<br />
<br />
== Setup and Teardown ==<br />
<br />
To set up a newly installed Eden, run:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
This will run you step-by-step through the setup process. Enter your server details as prompted for (or click enter to accept the default value as shown in square brackets).<br />
<br />
'''''Note:''' The setup command will not work if the Eden instance has already been set up.''<br />
<br />
Once completed, you can undo the setup with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl teardown<br />
</syntaxhighlight><br />
<br />
'''''Note:''' The teardown command will not drop the Eden database - this must be done manually.''<br />
<br />
== Start and Stop ==<br />
<br />
After the setup, you can start the Eden application using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight><br />
<br />
To stop the Eden application and prevent user access, run:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl stop<br />
</syntaxhighlight><br />
<br />
'''''Note:''' the front-end web server is always running, so that it can deliver a maintenance info-page to the user if Eden is not active - the '''start''' and '''stop''' commands only start/stop the uWSGI daemon.''<br />
<br />
== Pull ==<br />
<br />
It is possible to upgrade your Eden instance directly from GitHub, using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl pull<br />
</syntaxhighlight><br />
<br />
'''''Note:''' It can be necessary to perform certain database migrations after the '''pull''' for Eden to work correctly - always check the release for migration advice.''<br />
<br />
== Shell ==<br />
<br />
To open a Python shell in the web2py+Eden environment, you can use:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl shell<br />
</syntaxhighlight><br />
<br />
== Running Scripts ==<br />
<br />
To run a Python script in the web2py+Eden shell, use:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl run /path/to/script.py<br />
</syntaxhighlight><br />
<br />
== Clean ==<br />
<br />
You can reset the Eden database using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl clean<br />
</syntaxhighlight><br />
<br />
This will remove all data from the database, and perform a fresh '''first run'''.<br />
<br />
'''''Note:''' This operation is primarily intended for demos, and not recommended for production servers.''<br />
<br />
== Switching Templates ==<br />
<br />
You can switch to a different template using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl template "TEMPLATE"<br />
</syntaxhighlight><br />
<br />
Instead of a single template, you can also specify a template cascade as a comma-separated list of templates:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl template "TEMPLATE,TEMPLATE.SUB,TEMPLATE.SUB.Demo"<br />
</syntaxhighlight><br />
<br />
'''''Note:''' After switching templates, you need to reset the instance using <code>edenctl clean</code>.''</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:Edenctl&diff=257Guidelines:Edenctl2026-02-02T20:16:34Z<p>Dominic: /* Server Administration with Edenctl */</p>
<hr />
<div>= Server Administration with Edenctl =<br />
<br />
The '''edenctl''' tool is a ''bash'' script for Eden server administration on '''Debian/Linux'''. The general usage of this script is (as root user):<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl [command] [parameters]<br />
</syntaxhighlight><br />
<br />
=== Commands Overview ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Command !! Explanation !! Comments<br />
|-<br />
| setup || Set up a newly installed Eden instance ||<br />
|-<br />
| teardown || Undo a completed setup ||<br />
|-<br />
| start || Start the web interface || <br />
|-<br />
| stop || Stop the web interface || <br />
|-<br />
| shell || Open a Python shell in the web2py+Eden environment || <br />
|-<br />
| run || Run a Python script in the web2py+Eden environment || <br />
|-<br />
| clean || Reset the Eden instance || <br />
|-<br />
| template || Switch to another configuration template || <br />
|-<br />
| compile || (Re-)compile models, controllers and views || <br />
|}<br />
<br />
== Setup and Teardown ==<br />
<br />
To set up a newly installed Eden, run:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
This will run you step-by-step through the setup process. Enter your server details as prompted for (or click enter to accept the default value as shown in square brackets).<br />
<br />
The setup command will not work if the Eden instance has already been set up.<br />
<br />
Once completed, you can undo the setup with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl teardown<br />
</syntaxhighlight><br />
<br />
'''''Note:''' The teardown command will not drop the Eden database - this must be done manually.''<br />
<br />
== Start and Stop ==<br />
<br />
After the setup, you can start the Eden application using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight><br />
<br />
To stop the Eden application and prevent user access, run:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl stop<br />
</syntaxhighlight><br />
<br />
'''''Note:''' the front-end web server is always running, so that it can deliver a maintenance info-page to the user if Eden is not active - the '''start''' and '''stop''' commands only start/stop the uWSGI daemon.''<br />
<br />
== Pull ==<br />
<br />
It is possible to upgrade your Eden instance directly from GitHub, using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl pull<br />
</syntaxhighlight><br />
<br />
'''''Note:''' It can be necessary to perform certain database migrations after the '''pull''' for Eden to work correctly - always check the release for migration advice.''<br />
<br />
== Shell ==<br />
<br />
To open a Python shell in the web2py+Eden environment, you can use:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl shell<br />
</syntaxhighlight><br />
<br />
== Running Scripts ==<br />
<br />
To run a Python script in the web2py+Eden shell, use:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl run /path/to/script.py<br />
</syntaxhighlight><br />
<br />
== Clean ==<br />
<br />
You can reset the Eden database using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl clean<br />
</syntaxhighlight><br />
<br />
This will remove all data from the database, and perform a fresh '''first run'''.<br />
<br />
'''''Note:''' This operation is primarily intended for demos, and not recommended for production servers.''<br />
<br />
== Switching Templates ==<br />
<br />
You can switch to a different template using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl template "TEMPLATE"<br />
</syntaxhighlight><br />
<br />
Instead of a single template, you can also specify a template cascade as a comma-separated list of templates:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl template "TEMPLATE,TEMPLATE.SUB,TEMPLATE.SUB.Demo"<br />
</syntaxhighlight><br />
<br />
'''''Note:''' After switching templates, you need to reset the instance using <code>edenctl clean</code>.''</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:Edenctl&diff=256Guidelines:Edenctl2026-02-02T20:15:43Z<p>Dominic: /* Server Administration with Edenctl */</p>
<hr />
<div>= Server Administration with Edenctl =<br />
<br />
The '''edenctl''' tool is a ''bash'' script for server administration on '''Debian/Linux'''. The general usage of this script is (as root user):<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl [command] [parameters]<br />
</syntaxhighlight><br />
<br />
=== Commands Overview ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Command !! Explanation !! Comments<br />
|-<br />
| setup || Set up a newly installed Eden instance ||<br />
|-<br />
| teardown || Undo a completed setup ||<br />
|-<br />
| start || Start the web interface || <br />
|-<br />
| stop || Stop the web interface || <br />
|-<br />
| shell || Open a Python shell in the web2py+Eden environment || <br />
|-<br />
| run || Run a Python script in the web2py+Eden environment || <br />
|-<br />
| clean || Reset the Eden instance || <br />
|-<br />
| template || Switch to another configuration template || <br />
|-<br />
| compile || (Re-)compile models, controllers and views || <br />
|}<br />
<br />
== Setup and Teardown ==<br />
<br />
To set up a newly installed Eden, run:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
This will run you step-by-step through the setup process. Enter your server details as prompted for (or click enter to accept the default value as shown in square brackets).<br />
<br />
The setup command will not work if the Eden instance has already been set up.<br />
<br />
Once completed, you can undo the setup with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl teardown<br />
</syntaxhighlight><br />
<br />
'''''Note:''' The teardown command will not drop the Eden database - this must be done manually.''<br />
<br />
== Start and Stop ==<br />
<br />
After the setup, you can start the Eden application using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight><br />
<br />
To stop the Eden application and prevent user access, run:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl stop<br />
</syntaxhighlight><br />
<br />
'''''Note:''' the front-end web server is always running, so that it can deliver a maintenance info-page to the user if Eden is not active - the '''start''' and '''stop''' commands only start/stop the uWSGI daemon.''<br />
<br />
== Pull ==<br />
<br />
It is possible to upgrade your Eden instance directly from GitHub, using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl pull<br />
</syntaxhighlight><br />
<br />
'''''Note:''' It can be necessary to perform certain database migrations after the '''pull''' for Eden to work correctly - always check the release for migration advice.''<br />
<br />
== Shell ==<br />
<br />
To open a Python shell in the web2py+Eden environment, you can use:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl shell<br />
</syntaxhighlight><br />
<br />
== Running Scripts ==<br />
<br />
To run a Python script in the web2py+Eden shell, use:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl run /path/to/script.py<br />
</syntaxhighlight><br />
<br />
== Clean ==<br />
<br />
You can reset the Eden database using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl clean<br />
</syntaxhighlight><br />
<br />
This will remove all data from the database, and perform a fresh '''first run'''.<br />
<br />
'''''Note:''' This operation is primarily intended for demos, and not recommended for production servers.''<br />
<br />
== Switching Templates ==<br />
<br />
You can switch to a different template using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl template "TEMPLATE"<br />
</syntaxhighlight><br />
<br />
Instead of a single template, you can also specify a template cascade as a comma-separated list of templates:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl template "TEMPLATE,TEMPLATE.SUB,TEMPLATE.SUB.Demo"<br />
</syntaxhighlight><br />
<br />
'''''Note:''' After switching templates, you need to reset the instance using <code>edenctl clean</code>.''</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:Edenctl&diff=255Guidelines:Edenctl2026-02-02T20:15:27Z<p>Dominic: /* Server Administration with Edenctl */</p>
<hr />
<div>= Server Administration with Edenctl =<br />
<br />
The '''edenctl''' tool is a ''bash'' script for server administration on Debian/Linux. The general usage of this script is (as root user):<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl [command] [parameters]<br />
</syntaxhighlight><br />
<br />
=== Commands Overview ===<br />
<br />
{| class="wikitable"<br />
|-<br />
! Command !! Explanation !! Comments<br />
|-<br />
| setup || Set up a newly installed Eden instance ||<br />
|-<br />
| teardown || Undo a completed setup ||<br />
|-<br />
| start || Start the web interface || <br />
|-<br />
| stop || Stop the web interface || <br />
|-<br />
| shell || Open a Python shell in the web2py+Eden environment || <br />
|-<br />
| run || Run a Python script in the web2py+Eden environment || <br />
|-<br />
| clean || Reset the Eden instance || <br />
|-<br />
| template || Switch to another configuration template || <br />
|-<br />
| compile || (Re-)compile models, controllers and views || <br />
|}<br />
<br />
== Setup and Teardown ==<br />
<br />
To set up a newly installed Eden, run:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
This will run you step-by-step through the setup process. Enter your server details as prompted for (or click enter to accept the default value as shown in square brackets).<br />
<br />
The setup command will not work if the Eden instance has already been set up.<br />
<br />
Once completed, you can undo the setup with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl teardown<br />
</syntaxhighlight><br />
<br />
'''''Note:''' The teardown command will not drop the Eden database - this must be done manually.''<br />
<br />
== Start and Stop ==<br />
<br />
After the setup, you can start the Eden application using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight><br />
<br />
To stop the Eden application and prevent user access, run:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl stop<br />
</syntaxhighlight><br />
<br />
'''''Note:''' the front-end web server is always running, so that it can deliver a maintenance info-page to the user if Eden is not active - the '''start''' and '''stop''' commands only start/stop the uWSGI daemon.''<br />
<br />
== Pull ==<br />
<br />
It is possible to upgrade your Eden instance directly from GitHub, using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl pull<br />
</syntaxhighlight><br />
<br />
'''''Note:''' It can be necessary to perform certain database migrations after the '''pull''' for Eden to work correctly - always check the release for migration advice.''<br />
<br />
== Shell ==<br />
<br />
To open a Python shell in the web2py+Eden environment, you can use:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl shell<br />
</syntaxhighlight><br />
<br />
== Running Scripts ==<br />
<br />
To run a Python script in the web2py+Eden shell, use:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl run /path/to/script.py<br />
</syntaxhighlight><br />
<br />
== Clean ==<br />
<br />
You can reset the Eden database using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl clean<br />
</syntaxhighlight><br />
<br />
This will remove all data from the database, and perform a fresh '''first run'''.<br />
<br />
'''''Note:''' This operation is primarily intended for demos, and not recommended for production servers.''<br />
<br />
== Switching Templates ==<br />
<br />
You can switch to a different template using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl template "TEMPLATE"<br />
</syntaxhighlight><br />
<br />
Instead of a single template, you can also specify a template cascade as a comma-separated list of templates:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl template "TEMPLATE,TEMPLATE.SUB,TEMPLATE.SUB.Demo"<br />
</syntaxhighlight><br />
<br />
'''''Note:''' After switching templates, you need to reset the instance using <code>edenctl clean</code>.''</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:Edenctl&diff=254Guidelines:Edenctl2026-02-02T20:09:22Z<p>Dominic: </p>
<hr />
<div>= Server Administration with Edenctl =<br />
<br />
The '''edenctl''' tool is a ''bash'' script for server administration on Debian/Linux. The general usage of this script is (as root user):<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl [command] [parameters]<br />
</syntaxhighlight><br />
<br />
== Setup and Teardown ==<br />
<br />
To set up a newly installed Eden, run:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
This will run you step-by-step through the setup process. Enter your server details as prompted for (or click enter to accept the default value as shown in square brackets).<br />
<br />
The setup command will not work if the Eden instance has already been set up.<br />
<br />
Once completed, you can undo the setup with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl teardown<br />
</syntaxhighlight><br />
<br />
'''''Note:''' The teardown command will not drop the Eden database - this must be done manually.''<br />
<br />
== Start and Stop ==<br />
<br />
After the setup, you can start the Eden application using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight><br />
<br />
To stop the Eden application and prevent user access, run:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl stop<br />
</syntaxhighlight><br />
<br />
'''''Note:''' the front-end web server is always running, so that it can deliver a maintenance info-page to the user if Eden is not active - the '''start''' and '''stop''' commands only start/stop the uWSGI daemon.''<br />
<br />
== Pull ==<br />
<br />
It is possible to upgrade your Eden instance directly from GitHub, using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl pull<br />
</syntaxhighlight><br />
<br />
'''''Note:''' It can be necessary to perform certain database migrations after the '''pull''' for Eden to work correctly - always check the release for migration advice.''<br />
<br />
== Shell ==<br />
<br />
To open a Python shell in the web2py+Eden environment, you can use:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl shell<br />
</syntaxhighlight><br />
<br />
== Running Scripts ==<br />
<br />
To run a Python script in the web2py+Eden shell, use:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl run /path/to/script.py<br />
</syntaxhighlight><br />
<br />
== Clean ==<br />
<br />
You can reset the Eden database using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl clean<br />
</syntaxhighlight><br />
<br />
This will remove all data from the database, and perform a fresh '''first run'''.<br />
<br />
'''''Note:''' This operation is primarily intended for demos, and not recommended for production servers.''<br />
<br />
== Switching Templates ==<br />
<br />
You can switch to a different template using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl template "TEMPLATE"<br />
</syntaxhighlight><br />
<br />
Instead of a single template, you can also specify a template cascade as a comma-separated list of templates:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl template "TEMPLATE,TEMPLATE.SUB,TEMPLATE.SUB.Demo"<br />
</syntaxhighlight><br />
<br />
'''''Note:''' After switching templates, you need to reset the instance using <code>edenctl clean</code>.''</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:Edenctl&diff=253Guidelines:Edenctl2026-02-02T20:05:59Z<p>Dominic: Created page with "= Server Administration with Edenctl = The '''edenctl''' tool is a ''bash'' script for server administration on Debian/Linux. The general usage of this script is (as root user): <syntaxhighlight lang="bash"> edenctl [command] [parameters] </syntaxhighlight> == Setup and Teardown == To set up a newly installed Eden, run: <syntaxhighlight lang="bash"> edenctl setup </syntaxhighlight> This will run you step-by-step through the setup process. Enter your server details..."</p>
<hr />
<div>= Server Administration with Edenctl =<br />
<br />
The '''edenctl''' tool is a ''bash'' script for server administration on Debian/Linux. The general usage of this script is (as root user):<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl [command] [parameters]<br />
</syntaxhighlight><br />
<br />
== Setup and Teardown ==<br />
<br />
To set up a newly installed Eden, run:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
This will run you step-by-step through the setup process. Enter your server details as prompted for (or click enter to accept the default value as shown in square brackets).<br />
<br />
The setup command will not work if the Eden instance has already been set up.<br />
<br />
Once completed, you can undo the setup with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl teardown<br />
</syntaxhighlight><br />
<br />
'''''Note:''' The teardown command will not drop the Eden database - this must be done manually.''<br />
<br />
== Start and Stop ==<br />
<br />
After the setup, you can start the Eden application using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight><br />
<br />
To stop the Eden application and prevent user access, run:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl stop<br />
</syntaxhighlight><br />
<br />
'''''Note:''' the front-end web server is always running, so that it can deliver a maintenance info-page to the user if Eden is not active - the '''start''' and '''stop''' commands only start/stop the uWSGI daemon.''<br />
<br />
== Pull ==<br />
<br />
It is possible to upgrade your Eden instance directly from GitHub, using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl pull<br />
</syntaxhighlight><br />
<br />
'''''Note:''' It can be necessary to perform certain database migrations after the '''pull''' for Eden to work correctly - always check the release for migration advice.''<br />
<br />
== Clean ==<br />
<br />
You can reset the Eden database using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl clean<br />
</syntaxhighlight><br />
<br />
This will remove all data from the database, and perform a fresh '''first run'''.<br />
<br />
'''''Note:''' This operation is primarily intended for demos, and not recommended for production servers.''<br />
<br />
== Switching Templates ==<br />
<br />
You can switch to a different template using:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl template "TEMPLATE"<br />
</syntaxhighlight><br />
<br />
Instead of a single template, you can also specify a template cascade as a comma-separated list of templates:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl template "TEMPLATE,TEMPLATE.SUB,TEMPLATE.SUB.Demo"<br />
</syntaxhighlight><br />
<br />
'''''Note:''' After switching templates, you need to reset the instance using <code>edenctl clean</code>.''</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:DualHost&diff=252Guidelines:DualHost2026-02-02T19:43:29Z<p>Dominic: </p>
<hr />
<div>[[Guidelines:Deployment|All Deployment Guidelines]]<br />
<br />
= Dual Host Setup =<br />
<br />
In certain situations, you may want to deploy Eden with a database on a separate host. Follow these steps for Debian/Linux:<br />
<br />
== Prerequisites and Terminology ==<br />
<br />
This guideline assumes that you have two hosts running on Debian/Linux - we will use the '''App Host''' and '''DB Host''' designations here to distinguish between the two.<br />
<br />
Further, we assume that each host has a '''public IP''' (exposed to the internet) and a '''private IP''' (local network only; in some intranet setups, public IP and private IP may be the same). Make a note of the IPs, like this:<br />
<br />
<pre><br />
apphost-public-ip 000.000.000.000<br />
apphost-private-ip 000.000.000.000<br />
dbhost-public-ip 000.000.000.000<br />
dbhost-private-ip 000.000.000.000<br />
</pre><br />
<br />
...so that you have them readily at hand when walking through this guide. We will use designations like ''<apphost-public-ip>'', for instance, to refer to the public IP of the App Host.<br />
<br />
Make sure that you have a '''DNS A-record''' set up for the public IP of the App Host, e.g. in the '''FQDN''' (fully qualified domain name) "eden.example.com", the "eden" part constitutes the '''hostname''', and "example.com" the '''domain''':<br />
<br />
<pre><br />
FQDN eden.example.com<br />
Hostname eden<br />
Domain example.com<br />
</pre><br />
<br />
This guideline further assumes that you have set up the servers for key-based SSH login (see [[Guidelines:SecureOperation]]) with a non-privileged user account ''serveradm'' (replace this with the actual user name as required).<br />
<br />
== Preparing the Servers ==<br />
<br />
First, we need to setup an additional key pair on the App Host, for ''edenctl'' to login at the DB Host. On your local machine, generate a key pair with:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh-keygen -t rsa -m PEM -b 4096 -C "apphost" -f apphost<br />
</syntaxhighlight><br />
<br />
Leave the password empty, as the private key is to be used by the ''edenctl'' script.<br />
<br />
This will generate two files <code>apphost</code> and <code>apphost.pub</code> in the local directory. Copy the private key (''apphost'') to the App Host, using the private key of the <code>serveradm</code> user:<br />
<br />
<syntaxhighlight lang="bash"><br />
scp -i serveradm apphost serveradm@<apphost-public-ip>:/tmp<br />
</syntaxhighlight><br />
<br />
Install the public key (''apphost.pub'') for the <code>serveradm</code> user on the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
cat apphost.pub | ssh -i serveradm serveradm@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</syntaxhighlight><br />
<br />
Login to the App Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i serveradm serveradm@<apphost-public-ip><br />
</syntaxhighlight><br />
<br />
Make yourself <code>root</code> and move the private key into a secure location:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
mv /tmp/apphost ~/.ssh/apphost<br />
chown root.root ~/.ssh/apphost<br />
chmod 600 ~/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
Now you should be able to login from the App Host to the DB Host using this key and the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i ~/.ssh/apphost serveradm@<dbhost-private-ip><br />
</syntaxhighlight><br />
<br />
== Installing PostgreSQL ==<br />
<br />
On the DB Host, make yourself <code>root</code>:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
</syntaxhighlight><br />
<br />
Then install PostgreSQL and PostGIS:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -y postgresql-17 postgresql-17-postgis-3<br />
</syntaxhighlight><br />
<br />
=== Configure Host-based Access ===<br />
<br />
You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file <code>/etc/postgresql/17/main/pg_hba.conf</code>, adding the following lines at the end (using the private IP of the App Host):<br />
<br />
<syntaxhighlight lang="bash"><br />
# Eden App Host<br />
host all all <apphost-private-ip>/32 md5<br />
</syntaxhighlight><br />
<br />
'''''Note:''' if your DB Host is behind a firewall, access from this IP/subnet to the port 5432 must be allowed. Adjust your firewall configuration as necessary.''<br />
<br />
Further, you must tell PostgreSQL to listen on the private IP of the DB Host. For that, edit the file <code>/etc/postgresql/17/main/postgresql.conf</code>, and modify the listen_addresses setting, adding the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="python"><br />
listen_address = '<dbhost-private-ip>,localhost' # what IP address(es) to listen on;<br />
</syntaxhighlight><br />
<br />
Finally, restart PostgreSQL:<br />
<br />
<syntaxhighlight lang="bash"><br />
systemctl restart postgresql<br />
</syntaxhighlight><br />
<br />
Logout from the DB Host, going back to the App Host.<br />
<br />
== Setting Up Eden ==<br />
<br />
Copy the Eden DEB-package to the App Host - either using <code>scp</code> from your local machine, or <code>wget</code> to fetch it from GitHub, e.g.:<br />
<br />
<syntaxhighlight lang="bash"><br />
cd /tmp<br />
wget https://github.com/sahana/eden/releases/download/6.2/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
'''''Note:''' The actual location and name of the package depends on the release - check on GitHub for the latest available package.''<br />
<br />
Install the package:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
Create a file <code>/etc/sahana/dbhost.conf</code>, with the details of the DB Host, so that ''edenctl'' can login there:<br />
<br />
<syntaxhighlight lang="bash" line><br />
DBHOST=<dbhost-private-ip><br />
DBHOST_USER=serveradm<br />
DBHOST_KEY=/root/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
After that, you can set up the Eden instance as usual:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
Eventually, start the Eden instance with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight></div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:SecureOperation&diff=251Guidelines:SecureOperation2026-02-02T19:42:50Z<p>Dominic: </p>
<hr />
<div>[[Guidelines:Deployment|All Deployment Guidelines]]<br />
<br />
= Secure Server Operation =<br />
<br />
The following steps are recommended to secure your Eden server back-end under Debian/Linux.<br />
<br />
'''''Note:''' this configuration is standard on many clouds, e.g. AWS EC2, so you do not need to do this manually. Check with your cloud service provider for details.''<br />
<br />
== Unprivileged Account ==<br />
<br />
You should use an unprivileged user account for SSH login. To do so, login as root and create a new user, e.g. "serveradm":<br />
<br />
<code><br />
adduser serveradm<br />
</code><br />
<br />
Enter a password for the new account when prompted for, and provide additional information as required. <br />
<br />
To permit the new user to <code>sudo</code> without password, edit the sudoers configuration file using the command <code>visudo</code>. Add the following lines at the end of the file:<br />
<br />
<syntaxhighlight lang="bash" line><br />
# User rules for serveradm<br />
serveradm ALL=(ALL) NOPASSWD:ALL<br />
</syntaxhighlight><br />
<br />
Login to the server using the new account and password, and verify that sudo is working as expected:<br />
<br />
<code><br />
sudo su -<br />
</code><br />
<br />
After that, you should be ''root''.<br />
<br />
== Key-based Login ==<br />
<br />
You should use RSA keys for SSH login instead of passwords. To do so, generate a key pair on your local machine:<br />
<br />
<code><br />
ssh-keygen -t rsa -m PEM -b 4096 -f serveradm -C "serveradm"<br />
</code><br />
<br />
Choose a passphrase for the private key when prompted (for purposes of script automation, e.g. edenctl, leave the passphrase empty).<br />
<br />
Install the public key on the server:<br />
<br />
<code><br />
cat serveradm.pub | ssh serveradm@[server-public-ip] "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</code><br />
<br />
...replacing [server-public-ip] with the public IP address of the server. You will be prompted for the password of the ''serveradm'' user.<br />
<br />
Next, login to the server using the newly installed key:<br />
<br />
<code><br />
ssh -i serveradm serveradm@[server-public-up]<br />
</code><br />
<br />
...to verify everything is working as expected. <br />
<br />
You can repeat this process for a second key pair, as/if required, e.g. for a representative or as backup key. Make sure that all private keys are securely stored, and protected by passphrases.<br />
<br />
== Disable Root Login and Password Authentication ==<br />
<br />
If you are not logged-in as ''serveradm'' yet, login now (using the private key):<br />
<br />
<code><br />
ssh -i serveradm serveradm@[server-public-up]<br />
</code><br />
<br />
Make yourself ''root'':<br />
<br />
<code><br />
sudo su -<br />
</code><br />
<br />
...and edit the <code>/etc/ssh/sshd_config</code> file. Uncomment or add the following lines:<br />
<br />
<syntaxhighlight lang="bash" line><br />
PermitRootLogin no<br />
PasswordAuthentication no<br />
</syntaxhighlight><br />
<br />
After that, reload the <code>sshd</code> service:<br />
<br />
<code><br />
systemctl reload sshd<br />
</code><br />
<br />
Now, you can no longer SSH-login as ''root'', but only as ''serveradm'' - and you must use a private key, as passwords will no longer be accepted.</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:SecureOperation&diff=250Guidelines:SecureOperation2026-02-02T19:42:21Z<p>Dominic: </p>
<hr />
<div>[[Guidelines:Deployment|All Deployment Guidelines]]<br />
<br />
= Secure Server Operation =<br />
<br />
The following steps are recommended to secure your Eden server back-end under Debian/Linux.<br />
<br />
'''''Note:''' this configuration is standard on many clouds, e.g. AWS EC2, so you do not need to do this manually. Check with your cloud service provider for details.''<br />
<br />
=== Unprivileged Account ===<br />
<br />
You should use an unprivileged user account for SSH login. To do so, login as root and create a new user, e.g. "serveradm":<br />
<br />
<code><br />
adduser serveradm<br />
</code><br />
<br />
Enter a password for the new account when prompted for, and provide additional information as required. <br />
<br />
To permit the new user to <code>sudo</code> without password, edit the sudoers configuration file using the command <code>visudo</code>. Add the following lines at the end of the file:<br />
<br />
<syntaxhighlight lang="bash" line><br />
# User rules for serveradm<br />
serveradm ALL=(ALL) NOPASSWD:ALL<br />
</syntaxhighlight><br />
<br />
Login to the server using the new account and password, and verify that sudo is working as expected:<br />
<br />
<code><br />
sudo su -<br />
</code><br />
<br />
After that, you should be ''root''.<br />
<br />
=== Key-based Login ===<br />
<br />
You should use RSA keys for SSH login instead of passwords. To do so, generate a key pair on your local machine:<br />
<br />
<code><br />
ssh-keygen -t rsa -m PEM -b 4096 -f serveradm -C "serveradm"<br />
</code><br />
<br />
Choose a passphrase for the private key when prompted (for purposes of script automation, e.g. edenctl, leave the passphrase empty).<br />
<br />
Install the public key on the server:<br />
<br />
<code><br />
cat serveradm.pub | ssh serveradm@[server-public-ip] "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</code><br />
<br />
...replacing [server-public-ip] with the public IP address of the server. You will be prompted for the password of the ''serveradm'' user.<br />
<br />
Next, login to the server using the newly installed key:<br />
<br />
<code><br />
ssh -i serveradm serveradm@[server-public-up]<br />
</code><br />
<br />
...to verify everything is working as expected. <br />
<br />
You can repeat this process for a second key pair, as/if required, e.g. for a representative or as backup key. Make sure that all private keys are securely stored, and protected by passphrases.<br />
<br />
=== Disable Root Login and Password Authentication ===<br />
<br />
If you are not logged-in as ''serveradm'' yet, login now (using the private key):<br />
<br />
<code><br />
ssh -i serveradm serveradm@[server-public-up]<br />
</code><br />
<br />
Make yourself ''root'':<br />
<br />
<code><br />
sudo su -<br />
</code><br />
<br />
...and edit the <code>/etc/ssh/sshd_config</code> file. Uncomment or add the following lines:<br />
<br />
<syntaxhighlight lang="bash" line><br />
PermitRootLogin no<br />
PasswordAuthentication no<br />
</syntaxhighlight><br />
<br />
After that, reload the <code>sshd</code> service:<br />
<br />
<code><br />
systemctl reload sshd<br />
</code><br />
<br />
Now, you can no longer SSH-login as ''root'', but only as ''serveradm'' - and you must use a private key, as passwords will no longer be accepted.</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:DualHost&diff=249Guidelines:DualHost2026-02-02T19:41:55Z<p>Dominic: /* Dual Host Setup */</p>
<hr />
<div>[[Guidelines:Deployment|All Deployment Guidelines]]<br />
<br />
= Dual Host Setup =<br />
<br />
In certain situations, you may want to deploy Eden with a database on a separate host. Follow these steps for Debian/Linux:<br />
<br />
=== Prerequisites and Terminology ===<br />
<br />
This guideline assumes that you have two hosts running on Debian/Linux - we will use the '''App Host''' and '''DB Host''' designations here to distinguish between the two.<br />
<br />
Further, we assume that each host has a '''public IP''' (exposed to the internet) and a '''private IP''' (local network only; in some intranet setups, public IP and private IP may be the same). Make a note of the IPs, like this:<br />
<br />
<pre><br />
apphost-public-ip 000.000.000.000<br />
apphost-private-ip 000.000.000.000<br />
dbhost-public-ip 000.000.000.000<br />
dbhost-private-ip 000.000.000.000<br />
</pre><br />
<br />
...so that you have them readily at hand when walking through this guide. We will use designations like ''<apphost-public-ip>'', for instance, to refer to the public IP of the App Host.<br />
<br />
Make sure that you have a '''DNS A-record''' set up for the public IP of the App Host, e.g. in the '''FQDN''' (fully qualified domain name) "eden.example.com", the "eden" part constitutes the '''hostname''', and "example.com" the '''domain''':<br />
<br />
<pre><br />
FQDN eden.example.com<br />
Hostname eden<br />
Domain example.com<br />
</pre><br />
<br />
This guideline further assumes that you have set up the servers for key-based SSH login (see [[Guidelines:SecureOperation]]) with a non-privileged user account ''serveradm'' (replace this with the actual user name as required).<br />
<br />
=== Preparing the Servers ===<br />
<br />
First, we need to setup an additional key pair on the App Host, for ''edenctl'' to login at the DB Host. On your local machine, generate a key pair with:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh-keygen -t rsa -m PEM -b 4096 -C "apphost" -f apphost<br />
</syntaxhighlight><br />
<br />
Leave the password empty, as the private key is to be used by the ''edenctl'' script.<br />
<br />
This will generate two files <code>apphost</code> and <code>apphost.pub</code> in the local directory. Copy the private key (''apphost'') to the App Host, using the private key of the <code>serveradm</code> user:<br />
<br />
<syntaxhighlight lang="bash"><br />
scp -i serveradm apphost serveradm@<apphost-public-ip>:/tmp<br />
</syntaxhighlight><br />
<br />
Install the public key (''apphost.pub'') for the <code>serveradm</code> user on the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
cat apphost.pub | ssh -i serveradm serveradm@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</syntaxhighlight><br />
<br />
Login to the App Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i serveradm serveradm@<apphost-public-ip><br />
</syntaxhighlight><br />
<br />
Make yourself <code>root</code> and move the private key into a secure location:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
mv /tmp/apphost ~/.ssh/apphost<br />
chown root.root ~/.ssh/apphost<br />
chmod 600 ~/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
Now you should be able to login from the App Host to the DB Host using this key and the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i ~/.ssh/apphost serveradm@<dbhost-private-ip><br />
</syntaxhighlight><br />
<br />
=== Installing PostgreSQL ===<br />
<br />
On the DB Host, make yourself <code>root</code>:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
</syntaxhighlight><br />
<br />
Then install PostgreSQL and PostGIS:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -y postgresql-17 postgresql-17-postgis-3<br />
</syntaxhighlight><br />
<br />
=== Configure Host-based Access ===<br />
<br />
You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file <code>/etc/postgresql/17/main/pg_hba.conf</code>, adding the following lines at the end (using the private IP of the App Host):<br />
<br />
<syntaxhighlight lang="bash"><br />
# Eden App Host<br />
host all all <apphost-private-ip>/32 md5<br />
</syntaxhighlight><br />
<br />
'''''Note:''' if your DB Host is behind a firewall, access from this IP/subnet to the port 5432 must be allowed. Adjust your firewall configuration as necessary.''<br />
<br />
Further, you must tell PostgreSQL to listen on the private IP of the DB Host. For that, edit the file <code>/etc/postgresql/17/main/postgresql.conf</code>, and modify the listen_addresses setting, adding the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="python"><br />
listen_address = '<dbhost-private-ip>,localhost' # what IP address(es) to listen on;<br />
</syntaxhighlight><br />
<br />
Finally, restart PostgreSQL:<br />
<br />
<syntaxhighlight lang="bash"><br />
systemctl restart postgresql<br />
</syntaxhighlight><br />
<br />
Logout from the DB Host, going back to the App Host.<br />
<br />
=== Setting Up Eden ===<br />
<br />
Copy the Eden DEB-package to the App Host - either using <code>scp</code> from your local machine, or <code>wget</code> to fetch it from GitHub, e.g.:<br />
<br />
<syntaxhighlight lang="bash"><br />
cd /tmp<br />
wget https://github.com/sahana/eden/releases/download/6.2/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
'''''Note:''' The actual location and name of the package depends on the release - check on GitHub for the latest available package.''<br />
<br />
Install the package:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
Create a file <code>/etc/sahana/dbhost.conf</code>, with the details of the DB Host, so that ''edenctl'' can login there:<br />
<br />
<syntaxhighlight lang="bash" line><br />
DBHOST=<dbhost-private-ip><br />
DBHOST_USER=serveradm<br />
DBHOST_KEY=/root/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
After that, you can set up the Eden instance as usual:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
Eventually, start the Eden instance with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight></div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:SecureOperation&diff=248Guidelines:SecureOperation2026-02-02T19:41:30Z<p>Dominic: </p>
<hr />
<div>[[Guidelines:Deployment|All Deployment Guidelines]]<br />
<br />
== Secure Server Operation ==<br />
<br />
The following steps are recommended to secure your Eden server back-end under Debian/Linux.<br />
<br />
'''''Note:''' this configuration is standard on many clouds, e.g. AWS EC2, so you do not need to do this manually. Check with your cloud service provider for details.''<br />
<br />
=== Unprivileged Account ===<br />
<br />
You should use an unprivileged user account for SSH login. To do so, login as root and create a new user, e.g. "serveradm":<br />
<br />
<code><br />
adduser serveradm<br />
</code><br />
<br />
Enter a password for the new account when prompted for, and provide additional information as required. <br />
<br />
To permit the new user to <code>sudo</code> without password, edit the sudoers configuration file using the command <code>visudo</code>. Add the following lines at the end of the file:<br />
<br />
<syntaxhighlight lang="bash" line><br />
# User rules for serveradm<br />
serveradm ALL=(ALL) NOPASSWD:ALL<br />
</syntaxhighlight><br />
<br />
Login to the server using the new account and password, and verify that sudo is working as expected:<br />
<br />
<code><br />
sudo su -<br />
</code><br />
<br />
After that, you should be ''root''.<br />
<br />
=== Key-based Login ===<br />
<br />
You should use RSA keys for SSH login instead of passwords. To do so, generate a key pair on your local machine:<br />
<br />
<code><br />
ssh-keygen -t rsa -m PEM -b 4096 -f serveradm -C "serveradm"<br />
</code><br />
<br />
Choose a passphrase for the private key when prompted (for purposes of script automation, e.g. edenctl, leave the passphrase empty).<br />
<br />
Install the public key on the server:<br />
<br />
<code><br />
cat serveradm.pub | ssh serveradm@[server-public-ip] "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</code><br />
<br />
...replacing [server-public-ip] with the public IP address of the server. You will be prompted for the password of the ''serveradm'' user.<br />
<br />
Next, login to the server using the newly installed key:<br />
<br />
<code><br />
ssh -i serveradm serveradm@[server-public-up]<br />
</code><br />
<br />
...to verify everything is working as expected. <br />
<br />
You can repeat this process for a second key pair, as/if required, e.g. for a representative or as backup key. Make sure that all private keys are securely stored, and protected by passphrases.<br />
<br />
=== Disable Root Login and Password Authentication ===<br />
<br />
If you are not logged-in as ''serveradm'' yet, login now (using the private key):<br />
<br />
<code><br />
ssh -i serveradm serveradm@[server-public-up]<br />
</code><br />
<br />
Make yourself ''root'':<br />
<br />
<code><br />
sudo su -<br />
</code><br />
<br />
...and edit the <code>/etc/ssh/sshd_config</code> file. Uncomment or add the following lines:<br />
<br />
<syntaxhighlight lang="bash" line><br />
PermitRootLogin no<br />
PasswordAuthentication no<br />
</syntaxhighlight><br />
<br />
After that, reload the <code>sshd</code> service:<br />
<br />
<code><br />
systemctl reload sshd<br />
</code><br />
<br />
Now, you can no longer SSH-login as ''root'', but only as ''serveradm'' - and you must use a private key, as passwords will no longer be accepted.</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:DualHost&diff=247Guidelines:DualHost2026-02-02T19:41:07Z<p>Dominic: </p>
<hr />
<div>[[Guidelines:Deployment|All Deployment Guidelines]]<br />
<br />
== Dual Host Setup ==<br />
<br />
In certain situations, you may want to deploy Eden with a database on a separate host. Follow these steps for Debian/Linux:<br />
<br />
=== Prerequisites and Terminology ===<br />
<br />
This guideline assumes that you have two hosts running on Debian/Linux - we will use the '''App Host''' and '''DB Host''' designations here to distinguish between the two.<br />
<br />
Further, we assume that each host has a '''public IP''' (exposed to the internet) and a '''private IP''' (local network only; in some intranet setups, public IP and private IP may be the same). Make a note of the IPs, like this:<br />
<br />
<pre><br />
apphost-public-ip 000.000.000.000<br />
apphost-private-ip 000.000.000.000<br />
dbhost-public-ip 000.000.000.000<br />
dbhost-private-ip 000.000.000.000<br />
</pre><br />
<br />
...so that you have them readily at hand when walking through this guide. We will use designations like ''<apphost-public-ip>'', for instance, to refer to the public IP of the App Host.<br />
<br />
Make sure that you have a '''DNS A-record''' set up for the public IP of the App Host, e.g. in the '''FQDN''' (fully qualified domain name) "eden.example.com", the "eden" part constitutes the '''hostname''', and "example.com" the '''domain''':<br />
<br />
<pre><br />
FQDN eden.example.com<br />
Hostname eden<br />
Domain example.com<br />
</pre><br />
<br />
This guideline further assumes that you have set up the servers for key-based SSH login (see [[Guidelines:SecureOperation]]) with a non-privileged user account ''serveradm'' (replace this with the actual user name as required).<br />
<br />
=== Preparing the Servers ===<br />
<br />
First, we need to setup an additional key pair on the App Host, for ''edenctl'' to login at the DB Host. On your local machine, generate a key pair with:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh-keygen -t rsa -m PEM -b 4096 -C "apphost" -f apphost<br />
</syntaxhighlight><br />
<br />
Leave the password empty, as the private key is to be used by the ''edenctl'' script.<br />
<br />
This will generate two files <code>apphost</code> and <code>apphost.pub</code> in the local directory. Copy the private key (''apphost'') to the App Host, using the private key of the <code>serveradm</code> user:<br />
<br />
<syntaxhighlight lang="bash"><br />
scp -i serveradm apphost serveradm@<apphost-public-ip>:/tmp<br />
</syntaxhighlight><br />
<br />
Install the public key (''apphost.pub'') for the <code>serveradm</code> user on the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
cat apphost.pub | ssh -i serveradm serveradm@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</syntaxhighlight><br />
<br />
Login to the App Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i serveradm serveradm@<apphost-public-ip><br />
</syntaxhighlight><br />
<br />
Make yourself <code>root</code> and move the private key into a secure location:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
mv /tmp/apphost ~/.ssh/apphost<br />
chown root.root ~/.ssh/apphost<br />
chmod 600 ~/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
Now you should be able to login from the App Host to the DB Host using this key and the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i ~/.ssh/apphost serveradm@<dbhost-private-ip><br />
</syntaxhighlight><br />
<br />
=== Installing PostgreSQL ===<br />
<br />
On the DB Host, make yourself <code>root</code>:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
</syntaxhighlight><br />
<br />
Then install PostgreSQL and PostGIS:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -y postgresql-17 postgresql-17-postgis-3<br />
</syntaxhighlight><br />
<br />
=== Configure Host-based Access ===<br />
<br />
You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file <code>/etc/postgresql/17/main/pg_hba.conf</code>, adding the following lines at the end (using the private IP of the App Host):<br />
<br />
<syntaxhighlight lang="bash"><br />
# Eden App Host<br />
host all all <apphost-private-ip>/32 md5<br />
</syntaxhighlight><br />
<br />
'''''Note:''' if your DB Host is behind a firewall, access from this IP/subnet to the port 5432 must be allowed. Adjust your firewall configuration as necessary.''<br />
<br />
Further, you must tell PostgreSQL to listen on the private IP of the DB Host. For that, edit the file <code>/etc/postgresql/17/main/postgresql.conf</code>, and modify the listen_addresses setting, adding the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="python"><br />
listen_address = '<dbhost-private-ip>,localhost' # what IP address(es) to listen on;<br />
</syntaxhighlight><br />
<br />
Finally, restart PostgreSQL:<br />
<br />
<syntaxhighlight lang="bash"><br />
systemctl restart postgresql<br />
</syntaxhighlight><br />
<br />
Logout from the DB Host, going back to the App Host.<br />
<br />
=== Setting Up Eden ===<br />
<br />
Copy the Eden DEB-package to the App Host - either using <code>scp</code> from your local machine, or <code>wget</code> to fetch it from GitHub, e.g.:<br />
<br />
<syntaxhighlight lang="bash"><br />
cd /tmp<br />
wget https://github.com/sahana/eden/releases/download/6.2/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
'''''Note:''' The actual location and name of the package depends on the release - check on GitHub for the latest available package.''<br />
<br />
Install the package:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
Create a file <code>/etc/sahana/dbhost.conf</code>, with the details of the DB Host, so that ''edenctl'' can login there:<br />
<br />
<syntaxhighlight lang="bash" line><br />
DBHOST=<dbhost-private-ip><br />
DBHOST_USER=serveradm<br />
DBHOST_KEY=/root/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
After that, you can set up the Eden instance as usual:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
Eventually, start the Eden instance with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight></div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:DebianPackages&diff=246Guidelines:DebianPackages2026-02-02T19:40:49Z<p>Dominic: </p>
<hr />
<div>[[Guidelines:Deployment|All Deployment Guidelines]]<br />
<br />
= Debian Packages =<br />
<br />
As of version 6.0, Eden provides packaged releases for installation, setup and server administration. Packages for Debian (*.deb) are currently provided as assets attached to the respective GitHub release:<br />
<br />
* https://github.com/sahana/eden/releases<br />
<br />
Using packaged releases is the recommended setup method for production servers.<br />
<br />
== Prerequisites ==<br />
<br />
Before starting the installation, you must have a server machine (virtual or bare metal) ready, installed with a suitable '''Debian/Linux''' distribution. As a rule, Eden supports the last two Debian releases ([https://wiki.debian.org/DebianStable stable] and [https://wiki.debian.org/DebianOldStable oldstable]). <br />
<br />
'''''Note''': Occasionally, support for the current stable can be delayed while we are fixing incompatibilities - but the oldstable should always be available.''<br />
<br />
The server must have access to corresponding Debian repositories in order to install dependencies, either locally or via internet.<br />
<br />
You must be able to access the server via '''SSH''' (alternatively physical console), and to become the <code>root</code> user. See our [[Guidelines:SecureOperation]] for recommendations for a safe SSH setup.<br />
<br />
Additionally, you will need a '''DNS A-record''' for the intended '''server URL''' pointing to the server's IP address, which you can obtain from your domain services provider. Make sure the server is accessible from the network under that server URL via both HTTP and HTTPs.<br />
<br />
'''''Note:''' for setting up with a separate DB host ("Dual Host Setup") see our [[Guidelines:DualHost]] instead.''<br />
<br />
== Installation ==<br />
<br />
Login to the server via SSH, and make yourself root with <code>sudo su -</code>.<br />
<br />
Download the release package matching your Debian version, e.g. for Eden-6.0 on Debian-12 Bookworm:<br />
<br />
cd /tmp<br />
<nowiki>wget https://github.com/sahana/eden/releases/download/6.0/sahana-eden-debian12_6.0-1_all.deb</nowiki><br />
<br />
Install the package:<br />
<br />
apt-get update<br />
apt-get install -f sahana-eden-debian12_6.0-1_all.deb<br />
<br />
This will install all necessary dependencies, including '''PostgreSQL''' with '''PostGIS''', the '''web2py''' framework, the '''nginx''' web server and '''uWSGI''', and finally '''Eden''' itself.<br />
<br />
The package also deploys the <code>[[Guidelines:Edenctl|edenctl]]</code> tool to configure and manage the server.<br />
<br />
== Configuration ==<br />
<br />
If you want to use a custom configuration '''template''', add a symbolic link for it in the <code>/home/web2py/applications/eden/modules/templates</code> directory.<br />
<br />
Use <code>[[Guidelines:Edenctl|edenctl]]</code> to configure the Eden instance on your server:<br />
<br />
edenctl setup<br />
<br />
Enter your server details as you are prompted for them.<br />
<br />
'''Tip''': if your server URL is ''eden.example.com'', then the hostname would be ''eden'', and the domain ''example.com''<br />
<br />
Edenctl will configure the '''nginx''' web server and set up a '''uWSGI''' daemon to connect it to web2py/Eden. It will also set up and initialize the database, and '''pre-populate''' it with some basic data from the configuration template you selected.<br />
<br />
It will also configure SSL (HTTPs) with [https://certbot.eff.org/pages/about Certbot] to manage the server certificate and key.<br />
<br />
Once this is done, you can start your Eden instance with<br />
<br />
edenctl start</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:SecureOperation&diff=245Guidelines:SecureOperation2026-02-02T19:39:49Z<p>Dominic: /* Secure Server Operation */</p>
<hr />
<div>== Secure Server Operation ==<br />
<br />
The following steps are recommended to secure your Eden server back-end under Debian/Linux.<br />
<br />
'''''Note:''' this configuration is standard on many clouds, e.g. AWS EC2, so you do not need to do this manually. Check with your cloud service provider for details.''<br />
<br />
=== Unprivileged Account ===<br />
<br />
You should use an unprivileged user account for SSH login. To do so, login as root and create a new user, e.g. "serveradm":<br />
<br />
<code><br />
adduser serveradm<br />
</code><br />
<br />
Enter a password for the new account when prompted for, and provide additional information as required. <br />
<br />
To permit the new user to <code>sudo</code> without password, edit the sudoers configuration file using the command <code>visudo</code>. Add the following lines at the end of the file:<br />
<br />
<syntaxhighlight lang="bash" line><br />
# User rules for serveradm<br />
serveradm ALL=(ALL) NOPASSWD:ALL<br />
</syntaxhighlight><br />
<br />
Login to the server using the new account and password, and verify that sudo is working as expected:<br />
<br />
<code><br />
sudo su -<br />
</code><br />
<br />
After that, you should be ''root''.<br />
<br />
=== Key-based Login ===<br />
<br />
You should use RSA keys for SSH login instead of passwords. To do so, generate a key pair on your local machine:<br />
<br />
<code><br />
ssh-keygen -t rsa -m PEM -b 4096 -f serveradm -C "serveradm"<br />
</code><br />
<br />
Choose a passphrase for the private key when prompted (for purposes of script automation, e.g. edenctl, leave the passphrase empty).<br />
<br />
Install the public key on the server:<br />
<br />
<code><br />
cat serveradm.pub | ssh serveradm@[server-public-ip] "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</code><br />
<br />
...replacing [server-public-ip] with the public IP address of the server. You will be prompted for the password of the ''serveradm'' user.<br />
<br />
Next, login to the server using the newly installed key:<br />
<br />
<code><br />
ssh -i serveradm serveradm@[server-public-up]<br />
</code><br />
<br />
...to verify everything is working as expected. <br />
<br />
You can repeat this process for a second key pair, as/if required, e.g. for a representative or as backup key. Make sure that all private keys are securely stored, and protected by passphrases.<br />
<br />
=== Disable Root Login and Password Authentication ===<br />
<br />
If you are not logged-in as ''serveradm'' yet, login now (using the private key):<br />
<br />
<code><br />
ssh -i serveradm serveradm@[server-public-up]<br />
</code><br />
<br />
Make yourself ''root'':<br />
<br />
<code><br />
sudo su -<br />
</code><br />
<br />
...and edit the <code>/etc/ssh/sshd_config</code> file. Uncomment or add the following lines:<br />
<br />
<syntaxhighlight lang="bash" line><br />
PermitRootLogin no<br />
PasswordAuthentication no<br />
</syntaxhighlight><br />
<br />
After that, reload the <code>sshd</code> service:<br />
<br />
<code><br />
systemctl reload sshd<br />
</code><br />
<br />
Now, you can no longer SSH-login as ''root'', but only as ''serveradm'' - and you must use a private key, as passwords will no longer be accepted.</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:DualHost&diff=244Guidelines:DualHost2026-02-02T19:39:07Z<p>Dominic: /* Setting Up Eden */</p>
<hr />
<div>== Dual Host Setup ==<br />
<br />
In certain situations, you may want to deploy Eden with a database on a separate host. Follow these steps for Debian/Linux:<br />
<br />
=== Prerequisites and Terminology ===<br />
<br />
This guideline assumes that you have two hosts running on Debian/Linux - we will use the '''App Host''' and '''DB Host''' designations here to distinguish between the two.<br />
<br />
Further, we assume that each host has a '''public IP''' (exposed to the internet) and a '''private IP''' (local network only; in some intranet setups, public IP and private IP may be the same). Make a note of the IPs, like this:<br />
<br />
<pre><br />
apphost-public-ip 000.000.000.000<br />
apphost-private-ip 000.000.000.000<br />
dbhost-public-ip 000.000.000.000<br />
dbhost-private-ip 000.000.000.000<br />
</pre><br />
<br />
...so that you have them readily at hand when walking through this guide. We will use designations like ''<apphost-public-ip>'', for instance, to refer to the public IP of the App Host.<br />
<br />
Make sure that you have a '''DNS A-record''' set up for the public IP of the App Host, e.g. in the '''FQDN''' (fully qualified domain name) "eden.example.com", the "eden" part constitutes the '''hostname''', and "example.com" the '''domain''':<br />
<br />
<pre><br />
FQDN eden.example.com<br />
Hostname eden<br />
Domain example.com<br />
</pre><br />
<br />
This guideline further assumes that you have set up the servers for key-based SSH login (see [[Guidelines:SecureOperation]]) with a non-privileged user account ''serveradm'' (replace this with the actual user name as required).<br />
<br />
=== Preparing the Servers ===<br />
<br />
First, we need to setup an additional key pair on the App Host, for ''edenctl'' to login at the DB Host. On your local machine, generate a key pair with:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh-keygen -t rsa -m PEM -b 4096 -C "apphost" -f apphost<br />
</syntaxhighlight><br />
<br />
Leave the password empty, as the private key is to be used by the ''edenctl'' script.<br />
<br />
This will generate two files <code>apphost</code> and <code>apphost.pub</code> in the local directory. Copy the private key (''apphost'') to the App Host, using the private key of the <code>serveradm</code> user:<br />
<br />
<syntaxhighlight lang="bash"><br />
scp -i serveradm apphost serveradm@<apphost-public-ip>:/tmp<br />
</syntaxhighlight><br />
<br />
Install the public key (''apphost.pub'') for the <code>serveradm</code> user on the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
cat apphost.pub | ssh -i serveradm serveradm@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</syntaxhighlight><br />
<br />
Login to the App Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i serveradm serveradm@<apphost-public-ip><br />
</syntaxhighlight><br />
<br />
Make yourself <code>root</code> and move the private key into a secure location:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
mv /tmp/apphost ~/.ssh/apphost<br />
chown root.root ~/.ssh/apphost<br />
chmod 600 ~/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
Now you should be able to login from the App Host to the DB Host using this key and the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i ~/.ssh/apphost serveradm@<dbhost-private-ip><br />
</syntaxhighlight><br />
<br />
=== Installing PostgreSQL ===<br />
<br />
On the DB Host, make yourself <code>root</code>:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
</syntaxhighlight><br />
<br />
Then install PostgreSQL and PostGIS:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -y postgresql-17 postgresql-17-postgis-3<br />
</syntaxhighlight><br />
<br />
=== Configure Host-based Access ===<br />
<br />
You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file <code>/etc/postgresql/17/main/pg_hba.conf</code>, adding the following lines at the end (using the private IP of the App Host):<br />
<br />
<syntaxhighlight lang="bash"><br />
# Eden App Host<br />
host all all <apphost-private-ip>/32 md5<br />
</syntaxhighlight><br />
<br />
'''''Note:''' if your DB Host is behind a firewall, access from this IP/subnet to the port 5432 must be allowed. Adjust your firewall configuration as necessary.''<br />
<br />
Further, you must tell PostgreSQL to listen on the private IP of the DB Host. For that, edit the file <code>/etc/postgresql/17/main/postgresql.conf</code>, and modify the listen_addresses setting, adding the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="python"><br />
listen_address = '<dbhost-private-ip>,localhost' # what IP address(es) to listen on;<br />
</syntaxhighlight><br />
<br />
Finally, restart PostgreSQL:<br />
<br />
<syntaxhighlight lang="bash"><br />
systemctl restart postgresql<br />
</syntaxhighlight><br />
<br />
Logout from the DB Host, going back to the App Host.<br />
<br />
=== Setting Up Eden ===<br />
<br />
Copy the Eden DEB-package to the App Host - either using <code>scp</code> from your local machine, or <code>wget</code> to fetch it from GitHub, e.g.:<br />
<br />
<syntaxhighlight lang="bash"><br />
cd /tmp<br />
wget https://github.com/sahana/eden/releases/download/6.2/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
'''''Note:''' The actual location and name of the package depends on the release - check on GitHub for the latest available package.''<br />
<br />
Install the package:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
Create a file <code>/etc/sahana/dbhost.conf</code>, with the details of the DB Host, so that ''edenctl'' can login there:<br />
<br />
<syntaxhighlight lang="bash" line><br />
DBHOST=<dbhost-private-ip><br />
DBHOST_USER=serveradm<br />
DBHOST_KEY=/root/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
After that, you can set up the Eden instance as usual:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
Eventually, start the Eden instance with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight></div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:DualHost&diff=243Guidelines:DualHost2026-02-02T19:38:53Z<p>Dominic: /* Configure Host-based Access */</p>
<hr />
<div>== Dual Host Setup ==<br />
<br />
In certain situations, you may want to deploy Eden with a database on a separate host. Follow these steps for Debian/Linux:<br />
<br />
=== Prerequisites and Terminology ===<br />
<br />
This guideline assumes that you have two hosts running on Debian/Linux - we will use the '''App Host''' and '''DB Host''' designations here to distinguish between the two.<br />
<br />
Further, we assume that each host has a '''public IP''' (exposed to the internet) and a '''private IP''' (local network only; in some intranet setups, public IP and private IP may be the same). Make a note of the IPs, like this:<br />
<br />
<pre><br />
apphost-public-ip 000.000.000.000<br />
apphost-private-ip 000.000.000.000<br />
dbhost-public-ip 000.000.000.000<br />
dbhost-private-ip 000.000.000.000<br />
</pre><br />
<br />
...so that you have them readily at hand when walking through this guide. We will use designations like ''<apphost-public-ip>'', for instance, to refer to the public IP of the App Host.<br />
<br />
Make sure that you have a '''DNS A-record''' set up for the public IP of the App Host, e.g. in the '''FQDN''' (fully qualified domain name) "eden.example.com", the "eden" part constitutes the '''hostname''', and "example.com" the '''domain''':<br />
<br />
<pre><br />
FQDN eden.example.com<br />
Hostname eden<br />
Domain example.com<br />
</pre><br />
<br />
This guideline further assumes that you have set up the servers for key-based SSH login (see [[Guidelines:SecureOperation]]) with a non-privileged user account ''serveradm'' (replace this with the actual user name as required).<br />
<br />
=== Preparing the Servers ===<br />
<br />
First, we need to setup an additional key pair on the App Host, for ''edenctl'' to login at the DB Host. On your local machine, generate a key pair with:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh-keygen -t rsa -m PEM -b 4096 -C "apphost" -f apphost<br />
</syntaxhighlight><br />
<br />
Leave the password empty, as the private key is to be used by the ''edenctl'' script.<br />
<br />
This will generate two files <code>apphost</code> and <code>apphost.pub</code> in the local directory. Copy the private key (''apphost'') to the App Host, using the private key of the <code>serveradm</code> user:<br />
<br />
<syntaxhighlight lang="bash"><br />
scp -i serveradm apphost serveradm@<apphost-public-ip>:/tmp<br />
</syntaxhighlight><br />
<br />
Install the public key (''apphost.pub'') for the <code>serveradm</code> user on the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
cat apphost.pub | ssh -i serveradm serveradm@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</syntaxhighlight><br />
<br />
Login to the App Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i serveradm serveradm@<apphost-public-ip><br />
</syntaxhighlight><br />
<br />
Make yourself <code>root</code> and move the private key into a secure location:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
mv /tmp/apphost ~/.ssh/apphost<br />
chown root.root ~/.ssh/apphost<br />
chmod 600 ~/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
Now you should be able to login from the App Host to the DB Host using this key and the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i ~/.ssh/apphost serveradm@<dbhost-private-ip><br />
</syntaxhighlight><br />
<br />
=== Installing PostgreSQL ===<br />
<br />
On the DB Host, make yourself <code>root</code>:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
</syntaxhighlight><br />
<br />
Then install PostgreSQL and PostGIS:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -y postgresql-17 postgresql-17-postgis-3<br />
</syntaxhighlight><br />
<br />
=== Configure Host-based Access ===<br />
<br />
You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file <code>/etc/postgresql/17/main/pg_hba.conf</code>, adding the following lines at the end (using the private IP of the App Host):<br />
<br />
<syntaxhighlight lang="bash"><br />
# Eden App Host<br />
host all all <apphost-private-ip>/32 md5<br />
</syntaxhighlight><br />
<br />
'''''Note:''' if your DB Host is behind a firewall, access from this IP/subnet to the port 5432 must be allowed. Adjust your firewall configuration as necessary.''<br />
<br />
Further, you must tell PostgreSQL to listen on the private IP of the DB Host. For that, edit the file <code>/etc/postgresql/17/main/postgresql.conf</code>, and modify the listen_addresses setting, adding the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="python"><br />
listen_address = '<dbhost-private-ip>,localhost' # what IP address(es) to listen on;<br />
</syntaxhighlight><br />
<br />
Finally, restart PostgreSQL:<br />
<br />
<syntaxhighlight lang="bash"><br />
systemctl restart postgresql<br />
</syntaxhighlight><br />
<br />
Logout from the DB Host, going back to the App Host.<br />
<br />
=== Setting Up Eden ===<br />
<br />
Copy the Eden DEB-package to the App Host - either using <code>scp</code> from your local machine, or <code>wget</code> to fetch it from GitHub, e.g.:<br />
<br />
<syntaxhighlight lang="bash"><br />
cd /tmp<br />
wget https://github.com/sahana/eden/releases/download/6.2/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
'''Note:''' The actual location and name of the package depends on the release - check on GitHub for the latest available package.<br />
<br />
Install the package:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
Create a file <code>/etc/sahana/dbhost.conf</code>, with the details of the DB Host, so that ''edenctl'' can login there:<br />
<br />
<syntaxhighlight lang="bash" line><br />
DBHOST=<dbhost-private-ip><br />
DBHOST_USER=serveradm<br />
DBHOST_KEY=/root/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
After that, you can set up the Eden instance as usual:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
Eventually, start the Eden instance with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight></div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:DebianPackages&diff=242Guidelines:DebianPackages2026-02-02T19:38:30Z<p>Dominic: /* Debian Packages */</p>
<hr />
<div>= Debian Packages =<br />
<br />
As of version 6.0, Eden provides packaged releases for installation, setup and server administration. Packages for Debian (*.deb) are currently provided as assets attached to the respective GitHub release:<br />
<br />
* https://github.com/sahana/eden/releases<br />
<br />
Using packaged releases is the recommended setup method for production servers.<br />
<br />
== Prerequisites ==<br />
<br />
Before starting the installation, you must have a server machine (virtual or bare metal) ready, installed with a suitable '''Debian/Linux''' distribution. As a rule, Eden supports the last two Debian releases ([https://wiki.debian.org/DebianStable stable] and [https://wiki.debian.org/DebianOldStable oldstable]). <br />
<br />
'''''Note''': Occasionally, support for the current stable can be delayed while we are fixing incompatibilities - but the oldstable should always be available.''<br />
<br />
The server must have access to corresponding Debian repositories in order to install dependencies, either locally or via internet.<br />
<br />
You must be able to access the server via '''SSH''' (alternatively physical console), and to become the <code>root</code> user. See our [[Guidelines:SecureOperation]] for recommendations for a safe SSH setup.<br />
<br />
Additionally, you will need a '''DNS A-record''' for the intended '''server URL''' pointing to the server's IP address, which you can obtain from your domain services provider. Make sure the server is accessible from the network under that server URL via both HTTP and HTTPs.<br />
<br />
'''''Note:''' for setting up with a separate DB host ("Dual Host Setup") see our [[Guidelines:DualHost]] instead.''<br />
<br />
== Installation ==<br />
<br />
Login to the server via SSH, and make yourself root with <code>sudo su -</code>.<br />
<br />
Download the release package matching your Debian version, e.g. for Eden-6.0 on Debian-12 Bookworm:<br />
<br />
cd /tmp<br />
<nowiki>wget https://github.com/sahana/eden/releases/download/6.0/sahana-eden-debian12_6.0-1_all.deb</nowiki><br />
<br />
Install the package:<br />
<br />
apt-get update<br />
apt-get install -f sahana-eden-debian12_6.0-1_all.deb<br />
<br />
This will install all necessary dependencies, including '''PostgreSQL''' with '''PostGIS''', the '''web2py''' framework, the '''nginx''' web server and '''uWSGI''', and finally '''Eden''' itself.<br />
<br />
The package also deploys the <code>[[Guidelines:Edenctl|edenctl]]</code> tool to configure and manage the server.<br />
<br />
== Configuration ==<br />
<br />
If you want to use a custom configuration '''template''', add a symbolic link for it in the <code>/home/web2py/applications/eden/modules/templates</code> directory.<br />
<br />
Use <code>[[Guidelines:Edenctl|edenctl]]</code> to configure the Eden instance on your server:<br />
<br />
edenctl setup<br />
<br />
Enter your server details as you are prompted for them.<br />
<br />
'''Tip''': if your server URL is ''eden.example.com'', then the hostname would be ''eden'', and the domain ''example.com''<br />
<br />
Edenctl will configure the '''nginx''' web server and set up a '''uWSGI''' daemon to connect it to web2py/Eden. It will also set up and initialize the database, and '''pre-populate''' it with some basic data from the configuration template you selected.<br />
<br />
It will also configure SSL (HTTPs) with [https://certbot.eff.org/pages/about Certbot] to manage the server certificate and key.<br />
<br />
Once this is done, you can start your Eden instance with<br />
<br />
edenctl start</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:DebianPackages&diff=241Guidelines:DebianPackages2026-02-02T19:35:50Z<p>Dominic: /* Prerequisites */</p>
<hr />
<div>= Debian Packages =<br />
<br />
As of version 6.0, Eden provides packaged releases for installation, setup and server administration. Packages for Debian (*.deb) are currently provided as assets attached to the respective GitHub release:<br />
<br />
* https://github.com/sahana/eden/releases<br />
<br />
Using packaged releases is the recommended setup method for production servers.<br />
<br />
== Prerequisites ==<br />
<br />
Before starting the installation, you must have a server machine (virtual or bare metal) ready, installed with a suitable '''Debian/Linux''' distribution. As a rule, Eden supports the last two Debian releases ([https://wiki.debian.org/DebianStable stable] and [https://wiki.debian.org/DebianOldStable oldstable]). <br />
<br />
'''''Note''': Occasionally, support for the current stable can be delayed while we are fixing incompatibilities - but the oldstable should always be available.''<br />
<br />
The server must have access to corresponding Debian repositories in order to install dependencies, either locally or via internet.<br />
<br />
You must be able to access the server via '''SSH''' (alternatively physical console), and to become the <code>root</code> user. See our [[Guidelines:SecureOperation]] for recommendations for a safe SSH setup.<br />
<br />
Additionally, you will need a '''DNS A-record''' for the intended '''server URL''' pointing to the server's IP address, which you can obtain from your domain services provider. Make sure the server is accessible from the network under that server URL via both HTTP and HTTPs.<br />
<br />
== Installation ==<br />
<br />
Login to the server via SSH, and make yourself root with <code>sudo su -</code>.<br />
<br />
Download the release package matching your Debian version, e.g. for Eden-6.0 on Debian-12 Bookworm:<br />
<br />
cd /tmp<br />
<nowiki>wget https://github.com/sahana/eden/releases/download/6.0/sahana-eden-debian12_6.0-1_all.deb</nowiki><br />
<br />
Install the package:<br />
<br />
apt-get update<br />
apt-get install -f sahana-eden-debian12_6.0-1_all.deb<br />
<br />
This will install all necessary dependencies, including '''PostgreSQL''' with '''PostGIS''', the '''web2py''' framework, the '''nginx''' web server and '''uWSGI''', and finally '''Eden''' itself.<br />
<br />
The package also deploys the <code>[[Guidelines:Edenctl|edenctl]]</code> tool to configure and manage the server.<br />
<br />
== Configuration ==<br />
<br />
If you want to use a custom configuration '''template''', add a symbolic link for it in the <code>/home/web2py/applications/eden/modules/templates</code> directory.<br />
<br />
Use <code>[[Guidelines:Edenctl|edenctl]]</code> to configure the Eden instance on your server:<br />
<br />
edenctl setup<br />
<br />
Enter your server details as you are prompted for them.<br />
<br />
'''Tip''': if your server URL is ''eden.example.com'', then the hostname would be ''eden'', and the domain ''example.com''<br />
<br />
Edenctl will configure the '''nginx''' web server and set up a '''uWSGI''' daemon to connect it to web2py/Eden. It will also set up and initialize the database, and '''pre-populate''' it with some basic data from the configuration template you selected.<br />
<br />
It will also configure SSL (HTTPs) with [https://certbot.eff.org/pages/about Certbot] to manage the server certificate and key.<br />
<br />
Once this is done, you can start your Eden instance with<br />
<br />
edenctl start</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:Deployment&diff=240Guidelines:Deployment2026-02-02T19:34:22Z<p>Dominic: /* Installation from Release Package */</p>
<hr />
<div>= Installation and Setup =<br />
<br />
== Installation from Release Package ==<br />
<br />
As of version 6.0, Eden provides packaged releases. This is the recommended setup method for production servers. The packages are available as assets attached to the respective GitHub release.<br />
<br />
* [[Guidelines:DebianPackages|Installation on Debian/Linux]]<br />
* [[Guidelines:DualHost|Installation on Debian/Linux with separate DB Host]]<br />
* [[Guidelines:Edenctl|Server Setup and Management with edenctl]]<br />
* [[Guidelines:SecureOperation|SSH Setup Recommendations]]<br />
<br />
== Installation from GitHub Repository ==<br />
<br />
It is also possible to install Eden directly from a GitHub repository. This option is recommended for demos and UAT, where you want to install a development version.<br />
<br />
* [[Guidelines:InstallationScripts|Installation and Configuration scripts for Debian/Linux]]<br />
* [[Guidelines:ServiceScripts|Server Setup and Management using traditional Service Scripts]]</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:DualHost&diff=239Guidelines:DualHost2026-02-02T19:23:57Z<p>Dominic: /* Setting Up Eden */</p>
<hr />
<div>== Dual Host Setup ==<br />
<br />
In certain situations, you may want to deploy Eden with a database on a separate host. Follow these steps for Debian/Linux:<br />
<br />
=== Prerequisites and Terminology ===<br />
<br />
This guideline assumes that you have two hosts running on Debian/Linux - we will use the '''App Host''' and '''DB Host''' designations here to distinguish between the two.<br />
<br />
Further, we assume that each host has a '''public IP''' (exposed to the internet) and a '''private IP''' (local network only; in some intranet setups, public IP and private IP may be the same). Make a note of the IPs, like this:<br />
<br />
<pre><br />
apphost-public-ip 000.000.000.000<br />
apphost-private-ip 000.000.000.000<br />
dbhost-public-ip 000.000.000.000<br />
dbhost-private-ip 000.000.000.000<br />
</pre><br />
<br />
...so that you have them readily at hand when walking through this guide. We will use designations like ''<apphost-public-ip>'', for instance, to refer to the public IP of the App Host.<br />
<br />
Make sure that you have a '''DNS A-record''' set up for the public IP of the App Host, e.g. in the '''FQDN''' (fully qualified domain name) "eden.example.com", the "eden" part constitutes the '''hostname''', and "example.com" the '''domain''':<br />
<br />
<pre><br />
FQDN eden.example.com<br />
Hostname eden<br />
Domain example.com<br />
</pre><br />
<br />
This guideline further assumes that you have set up the servers for key-based SSH login (see [[Guidelines:SecureOperation]]) with a non-privileged user account ''serveradm'' (replace this with the actual user name as required).<br />
<br />
=== Preparing the Servers ===<br />
<br />
First, we need to setup an additional key pair on the App Host, for ''edenctl'' to login at the DB Host. On your local machine, generate a key pair with:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh-keygen -t rsa -m PEM -b 4096 -C "apphost" -f apphost<br />
</syntaxhighlight><br />
<br />
Leave the password empty, as the private key is to be used by the ''edenctl'' script.<br />
<br />
This will generate two files <code>apphost</code> and <code>apphost.pub</code> in the local directory. Copy the private key (''apphost'') to the App Host, using the private key of the <code>serveradm</code> user:<br />
<br />
<syntaxhighlight lang="bash"><br />
scp -i serveradm apphost serveradm@<apphost-public-ip>:/tmp<br />
</syntaxhighlight><br />
<br />
Install the public key (''apphost.pub'') for the <code>serveradm</code> user on the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
cat apphost.pub | ssh -i serveradm serveradm@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</syntaxhighlight><br />
<br />
Login to the App Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i serveradm serveradm@<apphost-public-ip><br />
</syntaxhighlight><br />
<br />
Make yourself <code>root</code> and move the private key into a secure location:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
mv /tmp/apphost ~/.ssh/apphost<br />
chown root.root ~/.ssh/apphost<br />
chmod 600 ~/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
Now you should be able to login from the App Host to the DB Host using this key and the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i ~/.ssh/apphost serveradm@<dbhost-private-ip><br />
</syntaxhighlight><br />
<br />
=== Installing PostgreSQL ===<br />
<br />
On the DB Host, make yourself <code>root</code>:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
</syntaxhighlight><br />
<br />
Then install PostgreSQL and PostGIS:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -y postgresql-17 postgresql-17-postgis-3<br />
</syntaxhighlight><br />
<br />
=== Configure Host-based Access ===<br />
<br />
You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file <code>/etc/postgresql/17/main/pg_hba.conf</code>, adding the following lines at the end (using the private IP of the App Host):<br />
<br />
<syntaxhighlight lang="bash"><br />
# Eden App Host<br />
host all all <apphost-private-ip>/32 md5<br />
</syntaxhighlight><br />
<br />
'''Note:''' if your DB Host is behind a firewall, access from this IP/subnet to the port 5432 must be allowed. Adjust your firewall configuration as necessary.<br />
<br />
Further, you must tell PostgreSQL to listen on the private IP of the DB Host. For that, edit the file <code>/etc/postgresql/17/main/postgresql.conf</code>, and modify the listen_addresses setting, adding the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="python"><br />
listen_address = '<dbhost-private-ip>,localhost' # what IP address(es) to listen on;<br />
</syntaxhighlight><br />
<br />
Finally, restart PostgreSQL:<br />
<br />
<syntaxhighlight lang="bash"><br />
systemctl restart postgresql<br />
</syntaxhighlight><br />
<br />
Logout from the DB Host, going back to the App Host.<br />
<br />
=== Setting Up Eden ===<br />
<br />
Copy the Eden DEB-package to the App Host - either using <code>scp</code> from your local machine, or <code>wget</code> to fetch it from GitHub, e.g.:<br />
<br />
<syntaxhighlight lang="bash"><br />
cd /tmp<br />
wget https://github.com/sahana/eden/releases/download/6.2/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
'''Note:''' The actual location and name of the package depends on the release - check on GitHub for the latest available package.<br />
<br />
Install the package:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
Create a file <code>/etc/sahana/dbhost.conf</code>, with the details of the DB Host, so that ''edenctl'' can login there:<br />
<br />
<syntaxhighlight lang="bash" line><br />
DBHOST=<dbhost-private-ip><br />
DBHOST_USER=serveradm<br />
DBHOST_KEY=/root/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
After that, you can set up the Eden instance as usual:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
Eventually, start the Eden instance with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight></div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:DualHost&diff=238Guidelines:DualHost2026-02-02T19:22:43Z<p>Dominic: /* Configure Host-based Access */</p>
<hr />
<div>== Dual Host Setup ==<br />
<br />
In certain situations, you may want to deploy Eden with a database on a separate host. Follow these steps for Debian/Linux:<br />
<br />
=== Prerequisites and Terminology ===<br />
<br />
This guideline assumes that you have two hosts running on Debian/Linux - we will use the '''App Host''' and '''DB Host''' designations here to distinguish between the two.<br />
<br />
Further, we assume that each host has a '''public IP''' (exposed to the internet) and a '''private IP''' (local network only; in some intranet setups, public IP and private IP may be the same). Make a note of the IPs, like this:<br />
<br />
<pre><br />
apphost-public-ip 000.000.000.000<br />
apphost-private-ip 000.000.000.000<br />
dbhost-public-ip 000.000.000.000<br />
dbhost-private-ip 000.000.000.000<br />
</pre><br />
<br />
...so that you have them readily at hand when walking through this guide. We will use designations like ''<apphost-public-ip>'', for instance, to refer to the public IP of the App Host.<br />
<br />
Make sure that you have a '''DNS A-record''' set up for the public IP of the App Host, e.g. in the '''FQDN''' (fully qualified domain name) "eden.example.com", the "eden" part constitutes the '''hostname''', and "example.com" the '''domain''':<br />
<br />
<pre><br />
FQDN eden.example.com<br />
Hostname eden<br />
Domain example.com<br />
</pre><br />
<br />
This guideline further assumes that you have set up the servers for key-based SSH login (see [[Guidelines:SecureOperation]]) with a non-privileged user account ''serveradm'' (replace this with the actual user name as required).<br />
<br />
=== Preparing the Servers ===<br />
<br />
First, we need to setup an additional key pair on the App Host, for ''edenctl'' to login at the DB Host. On your local machine, generate a key pair with:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh-keygen -t rsa -m PEM -b 4096 -C "apphost" -f apphost<br />
</syntaxhighlight><br />
<br />
Leave the password empty, as the private key is to be used by the ''edenctl'' script.<br />
<br />
This will generate two files <code>apphost</code> and <code>apphost.pub</code> in the local directory. Copy the private key (''apphost'') to the App Host, using the private key of the <code>serveradm</code> user:<br />
<br />
<syntaxhighlight lang="bash"><br />
scp -i serveradm apphost serveradm@<apphost-public-ip>:/tmp<br />
</syntaxhighlight><br />
<br />
Install the public key (''apphost.pub'') for the <code>serveradm</code> user on the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
cat apphost.pub | ssh -i serveradm serveradm@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</syntaxhighlight><br />
<br />
Login to the App Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i serveradm serveradm@<apphost-public-ip><br />
</syntaxhighlight><br />
<br />
Make yourself <code>root</code> and move the private key into a secure location:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
mv /tmp/apphost ~/.ssh/apphost<br />
chown root.root ~/.ssh/apphost<br />
chmod 600 ~/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
Now you should be able to login from the App Host to the DB Host using this key and the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i ~/.ssh/apphost serveradm@<dbhost-private-ip><br />
</syntaxhighlight><br />
<br />
=== Installing PostgreSQL ===<br />
<br />
On the DB Host, make yourself <code>root</code>:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
</syntaxhighlight><br />
<br />
Then install PostgreSQL and PostGIS:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -y postgresql-17 postgresql-17-postgis-3<br />
</syntaxhighlight><br />
<br />
=== Configure Host-based Access ===<br />
<br />
You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file <code>/etc/postgresql/17/main/pg_hba.conf</code>, adding the following lines at the end (using the private IP of the App Host):<br />
<br />
<syntaxhighlight lang="bash"><br />
# Eden App Host<br />
host all all <apphost-private-ip>/32 md5<br />
</syntaxhighlight><br />
<br />
'''Note:''' if your DB Host is behind a firewall, access from this IP/subnet to the port 5432 must be allowed. Adjust your firewall configuration as necessary.<br />
<br />
Further, you must tell PostgreSQL to listen on the private IP of the DB Host. For that, edit the file <code>/etc/postgresql/17/main/postgresql.conf</code>, and modify the listen_addresses setting, adding the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="python"><br />
listen_address = '<dbhost-private-ip>,localhost' # what IP address(es) to listen on;<br />
</syntaxhighlight><br />
<br />
Finally, restart PostgreSQL:<br />
<br />
<syntaxhighlight lang="bash"><br />
systemctl restart postgresql<br />
</syntaxhighlight><br />
<br />
Logout from the DB Host, going back to the App Host.<br />
<br />
=== Setting Up Eden ===<br />
<br />
Copy the Eden DEB-package to the App Host - either using <code>scp</code> from your local machine, or <code>wget</code> to fetch it from GitHub, e.g.:<br />
<br />
<syntaxhighlight lang="bash"><br />
cd /tmp<br />
wget https://github.com/sahana/eden/releases/download/6.2/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
'''Note:''' The actual name of the package depends on the release - check the release on GitHub for the latest available package.<br />
<br />
Install the package:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
Create a file <code>/etc/sahana/dbhost.conf</code>, with the details of the DB Host, so that ''edenctl'' can login there:<br />
<br />
<syntaxhighlight lang="bash" line><br />
DBHOST=<dbhost-private-ip><br />
DBHOST_USER=serveradm<br />
DBHOST_KEY=/root/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
After that, you can set up the Eden instance as usual:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
Eventually, start the Eden instance with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight></div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:DualHost&diff=237Guidelines:DualHost2026-02-02T19:22:32Z<p>Dominic: /* Setting Up Eden */</p>
<hr />
<div>== Dual Host Setup ==<br />
<br />
In certain situations, you may want to deploy Eden with a database on a separate host. Follow these steps for Debian/Linux:<br />
<br />
=== Prerequisites and Terminology ===<br />
<br />
This guideline assumes that you have two hosts running on Debian/Linux - we will use the '''App Host''' and '''DB Host''' designations here to distinguish between the two.<br />
<br />
Further, we assume that each host has a '''public IP''' (exposed to the internet) and a '''private IP''' (local network only; in some intranet setups, public IP and private IP may be the same). Make a note of the IPs, like this:<br />
<br />
<pre><br />
apphost-public-ip 000.000.000.000<br />
apphost-private-ip 000.000.000.000<br />
dbhost-public-ip 000.000.000.000<br />
dbhost-private-ip 000.000.000.000<br />
</pre><br />
<br />
...so that you have them readily at hand when walking through this guide. We will use designations like ''<apphost-public-ip>'', for instance, to refer to the public IP of the App Host.<br />
<br />
Make sure that you have a '''DNS A-record''' set up for the public IP of the App Host, e.g. in the '''FQDN''' (fully qualified domain name) "eden.example.com", the "eden" part constitutes the '''hostname''', and "example.com" the '''domain''':<br />
<br />
<pre><br />
FQDN eden.example.com<br />
Hostname eden<br />
Domain example.com<br />
</pre><br />
<br />
This guideline further assumes that you have set up the servers for key-based SSH login (see [[Guidelines:SecureOperation]]) with a non-privileged user account ''serveradm'' (replace this with the actual user name as required).<br />
<br />
=== Preparing the Servers ===<br />
<br />
First, we need to setup an additional key pair on the App Host, for ''edenctl'' to login at the DB Host. On your local machine, generate a key pair with:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh-keygen -t rsa -m PEM -b 4096 -C "apphost" -f apphost<br />
</syntaxhighlight><br />
<br />
Leave the password empty, as the private key is to be used by the ''edenctl'' script.<br />
<br />
This will generate two files <code>apphost</code> and <code>apphost.pub</code> in the local directory. Copy the private key (''apphost'') to the App Host, using the private key of the <code>serveradm</code> user:<br />
<br />
<syntaxhighlight lang="bash"><br />
scp -i serveradm apphost serveradm@<apphost-public-ip>:/tmp<br />
</syntaxhighlight><br />
<br />
Install the public key (''apphost.pub'') for the <code>serveradm</code> user on the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
cat apphost.pub | ssh -i serveradm serveradm@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</syntaxhighlight><br />
<br />
Login to the App Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i serveradm serveradm@<apphost-public-ip><br />
</syntaxhighlight><br />
<br />
Make yourself <code>root</code> and move the private key into a secure location:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
mv /tmp/apphost ~/.ssh/apphost<br />
chown root.root ~/.ssh/apphost<br />
chmod 600 ~/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
Now you should be able to login from the App Host to the DB Host using this key and the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i ~/.ssh/apphost serveradm@<dbhost-private-ip><br />
</syntaxhighlight><br />
<br />
=== Installing PostgreSQL ===<br />
<br />
On the DB Host, make yourself <code>root</code>:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
</syntaxhighlight><br />
<br />
Then install PostgreSQL and PostGIS:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -y postgresql-17 postgresql-17-postgis-3<br />
</syntaxhighlight><br />
<br />
=== Configure Host-based Access ===<br />
<br />
You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file <code>/etc/postgresql/17/main/pg_hba.conf</code>, adding the following lines at the end (using the private IP of the App Host):<br />
<br />
<syntaxhighlight lang="bash"><br />
# Eden App Host<br />
host all all <apphost-private-ip>/32 md5<br />
</syntaxhighlight><br />
<br />
Note: if your DB Host is behind a firewall, access from this IP/subnet to the port 5432 must be allowed. Adjust your firewall configuration as necessary.<br />
<br />
Further, you must tell PostgreSQL to listen on the private IP of the DB Host. For that, edit the file <code>/etc/postgresql/17/main/postgresql.conf</code>, and modify the listen_addresses setting, adding the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="python"><br />
listen_address = '<dbhost-private-ip>,localhost' # what IP address(es) to listen on;<br />
</syntaxhighlight><br />
<br />
Finally, restart PostgreSQL:<br />
<br />
<syntaxhighlight lang="bash"><br />
systemctl restart postgresql<br />
</syntaxhighlight><br />
<br />
Logout from the DB Host, going back to the App Host.<br />
<br />
=== Setting Up Eden ===<br />
<br />
Copy the Eden DEB-package to the App Host - either using <code>scp</code> from your local machine, or <code>wget</code> to fetch it from GitHub, e.g.:<br />
<br />
<syntaxhighlight lang="bash"><br />
cd /tmp<br />
wget https://github.com/sahana/eden/releases/download/6.2/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
'''Note:''' The actual name of the package depends on the release - check the release on GitHub for the latest available package.<br />
<br />
Install the package:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
Create a file <code>/etc/sahana/dbhost.conf</code>, with the details of the DB Host, so that ''edenctl'' can login there:<br />
<br />
<syntaxhighlight lang="bash" line><br />
DBHOST=<dbhost-private-ip><br />
DBHOST_USER=serveradm<br />
DBHOST_KEY=/root/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
After that, you can set up the Eden instance as usual:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
Eventually, start the Eden instance with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight></div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:DualHost&diff=236Guidelines:DualHost2026-02-02T19:21:11Z<p>Dominic: /* Prerequisites and Terminology */</p>
<hr />
<div>== Dual Host Setup ==<br />
<br />
In certain situations, you may want to deploy Eden with a database on a separate host. Follow these steps for Debian/Linux:<br />
<br />
=== Prerequisites and Terminology ===<br />
<br />
This guideline assumes that you have two hosts running on Debian/Linux - we will use the '''App Host''' and '''DB Host''' designations here to distinguish between the two.<br />
<br />
Further, we assume that each host has a '''public IP''' (exposed to the internet) and a '''private IP''' (local network only; in some intranet setups, public IP and private IP may be the same). Make a note of the IPs, like this:<br />
<br />
<pre><br />
apphost-public-ip 000.000.000.000<br />
apphost-private-ip 000.000.000.000<br />
dbhost-public-ip 000.000.000.000<br />
dbhost-private-ip 000.000.000.000<br />
</pre><br />
<br />
...so that you have them readily at hand when walking through this guide. We will use designations like ''<apphost-public-ip>'', for instance, to refer to the public IP of the App Host.<br />
<br />
Make sure that you have a '''DNS A-record''' set up for the public IP of the App Host, e.g. in the '''FQDN''' (fully qualified domain name) "eden.example.com", the "eden" part constitutes the '''hostname''', and "example.com" the '''domain''':<br />
<br />
<pre><br />
FQDN eden.example.com<br />
Hostname eden<br />
Domain example.com<br />
</pre><br />
<br />
This guideline further assumes that you have set up the servers for key-based SSH login (see [[Guidelines:SecureOperation]]) with a non-privileged user account ''serveradm'' (replace this with the actual user name as required).<br />
<br />
=== Preparing the Servers ===<br />
<br />
First, we need to setup an additional key pair on the App Host, for ''edenctl'' to login at the DB Host. On your local machine, generate a key pair with:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh-keygen -t rsa -m PEM -b 4096 -C "apphost" -f apphost<br />
</syntaxhighlight><br />
<br />
Leave the password empty, as the private key is to be used by the ''edenctl'' script.<br />
<br />
This will generate two files <code>apphost</code> and <code>apphost.pub</code> in the local directory. Copy the private key (''apphost'') to the App Host, using the private key of the <code>serveradm</code> user:<br />
<br />
<syntaxhighlight lang="bash"><br />
scp -i serveradm apphost serveradm@<apphost-public-ip>:/tmp<br />
</syntaxhighlight><br />
<br />
Install the public key (''apphost.pub'') for the <code>serveradm</code> user on the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
cat apphost.pub | ssh -i serveradm serveradm@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</syntaxhighlight><br />
<br />
Login to the App Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i serveradm serveradm@<apphost-public-ip><br />
</syntaxhighlight><br />
<br />
Make yourself <code>root</code> and move the private key into a secure location:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
mv /tmp/apphost ~/.ssh/apphost<br />
chown root.root ~/.ssh/apphost<br />
chmod 600 ~/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
Now you should be able to login from the App Host to the DB Host using this key and the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i ~/.ssh/apphost serveradm@<dbhost-private-ip><br />
</syntaxhighlight><br />
<br />
=== Installing PostgreSQL ===<br />
<br />
On the DB Host, make yourself <code>root</code>:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
</syntaxhighlight><br />
<br />
Then install PostgreSQL and PostGIS:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -y postgresql-17 postgresql-17-postgis-3<br />
</syntaxhighlight><br />
<br />
=== Configure Host-based Access ===<br />
<br />
You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file <code>/etc/postgresql/17/main/pg_hba.conf</code>, adding the following lines at the end (using the private IP of the App Host):<br />
<br />
<syntaxhighlight lang="bash"><br />
# Eden App Host<br />
host all all <apphost-private-ip>/32 md5<br />
</syntaxhighlight><br />
<br />
Note: if your DB Host is behind a firewall, access from this IP/subnet to the port 5432 must be allowed. Adjust your firewall configuration as necessary.<br />
<br />
Further, you must tell PostgreSQL to listen on the private IP of the DB Host. For that, edit the file <code>/etc/postgresql/17/main/postgresql.conf</code>, and modify the listen_addresses setting, adding the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="python"><br />
listen_address = '<dbhost-private-ip>,localhost' # what IP address(es) to listen on;<br />
</syntaxhighlight><br />
<br />
Finally, restart PostgreSQL:<br />
<br />
<syntaxhighlight lang="bash"><br />
systemctl restart postgresql<br />
</syntaxhighlight><br />
<br />
Logout from the DB Host, going back to the App Host.<br />
<br />
=== Setting Up Eden ===<br />
<br />
Copy the Eden DEB-package to the App Host - either using <code>scp</code> from your local machine, or <code>wget</code> to fetch it from GitHub, e.g.:<br />
<br />
<syntaxhighlight lang="bash"><br />
cd /tmp<br />
wget https://github.com/sahana/eden/releases/download/6.2/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
Install the package:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
Create a file <code>/etc/sahana/dbhost.conf</code>, with the details of the DB Host, so that ''edenctl'' can login there:<br />
<br />
<syntaxhighlight lang="bash" line><br />
DBHOST=<dbhost-private-ip><br />
DBHOST_USER=serveradm<br />
DBHOST_KEY=/root/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
After that, you can set up the Eden instance as usual:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
Eventually, start the Eden instance with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight></div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:DualHost&diff=235Guidelines:DualHost2026-02-02T19:15:09Z<p>Dominic: </p>
<hr />
<div>== Dual Host Setup ==<br />
<br />
In certain situations, you may want to deploy Eden with a database on a separate host. Follow these steps for Debian/Linux:<br />
<br />
=== Prerequisites and Terminology ===<br />
<br />
This guideline assumes that you have two hosts running on Debian/Linux - we will use the '''App Host''' and '''DB Host''' designations here to distinguish between the two.<br />
<br />
Further, we assume that each host has a '''public IP''' (exposed to the internet) and a '''private IP''' (local network only; in some intranet setups, public IP and private IP may be the same). Thus, a designation like ''apphost-public-ip'', for instance, refers to the public IP of the App Host. <br />
<br />
Make sure that you have a '''DNS A-record''' set up for the public IP of the App Host, e.g. in the '''FQDN''' (fully qualified domain name) "eden.example.com", the "eden" part constitutes the '''hostname''', and "example.com" the '''domain'''.<br />
<br />
This guideline further assumes that you have set up the servers for key-based SSH login (see [[Guidelines:SecureOperation]]) with a non-privileged user account ''serveradm'' (replace this with the actual user name where required).<br />
<br />
=== Preparing the Servers ===<br />
<br />
First, we need to setup an additional key pair on the App Host, for ''edenctl'' to login at the DB Host. On your local machine, generate a key pair with:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh-keygen -t rsa -m PEM -b 4096 -C "apphost" -f apphost<br />
</syntaxhighlight><br />
<br />
Leave the password empty, as the private key is to be used by the ''edenctl'' script.<br />
<br />
This will generate two files <code>apphost</code> and <code>apphost.pub</code> in the local directory. Copy the private key (''apphost'') to the App Host, using the private key of the <code>serveradm</code> user:<br />
<br />
<syntaxhighlight lang="bash"><br />
scp -i serveradm apphost serveradm@<apphost-public-ip>:/tmp<br />
</syntaxhighlight><br />
<br />
Install the public key (''apphost.pub'') for the <code>serveradm</code> user on the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
cat apphost.pub | ssh -i serveradm serveradm@<dbhost-public-ip> "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</syntaxhighlight><br />
<br />
Login to the App Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i serveradm serveradm@<apphost-public-ip><br />
</syntaxhighlight><br />
<br />
Make yourself <code>root</code> and move the private key into a secure location:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
mv /tmp/apphost ~/.ssh/apphost<br />
chown root.root ~/.ssh/apphost<br />
chmod 600 ~/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
Now you should be able to login from the App Host to the DB Host using this key and the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="bash"><br />
ssh -i ~/.ssh/apphost serveradm@<dbhost-private-ip><br />
</syntaxhighlight><br />
<br />
=== Installing PostgreSQL ===<br />
<br />
On the DB Host, make yourself <code>root</code>:<br />
<br />
<syntaxhighlight lang="bash"><br />
sudo su -<br />
</syntaxhighlight><br />
<br />
Then install PostgreSQL and PostGIS:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -y postgresql-17 postgresql-17-postgis-3<br />
</syntaxhighlight><br />
<br />
=== Configure Host-based Access ===<br />
<br />
You need to tell PostgreSQL that the App Host is permitted to access the DB server. To do so, edit the file <code>/etc/postgresql/17/main/pg_hba.conf</code>, adding the following lines at the end (using the private IP of the App Host):<br />
<br />
<syntaxhighlight lang="bash"><br />
# Eden App Host<br />
host all all <apphost-private-ip>/32 md5<br />
</syntaxhighlight><br />
<br />
Note: if your DB Host is behind a firewall, access from this IP/subnet to the port 5432 must be allowed. Adjust your firewall configuration as necessary.<br />
<br />
Further, you must tell PostgreSQL to listen on the private IP of the DB Host. For that, edit the file <code>/etc/postgresql/17/main/postgresql.conf</code>, and modify the listen_addresses setting, adding the private IP of the DB Host:<br />
<br />
<syntaxhighlight lang="python"><br />
listen_address = '<dbhost-private-ip>,localhost' # what IP address(es) to listen on;<br />
</syntaxhighlight><br />
<br />
Finally, restart PostgreSQL:<br />
<br />
<syntaxhighlight lang="bash"><br />
systemctl restart postgresql<br />
</syntaxhighlight><br />
<br />
Logout from the DB Host, going back to the App Host.<br />
<br />
=== Setting Up Eden ===<br />
<br />
Copy the Eden DEB-package to the App Host - either using <code>scp</code> from your local machine, or <code>wget</code> to fetch it from GitHub, e.g.:<br />
<br />
<syntaxhighlight lang="bash"><br />
cd /tmp<br />
wget https://github.com/sahana/eden/releases/download/6.2/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
Install the package:<br />
<br />
<syntaxhighlight lang="bash"><br />
apt-get update<br />
apt-get install -f /tmp/sahana-eden-debian13_6.2-1_all.deb<br />
</syntaxhighlight><br />
<br />
Create a file <code>/etc/sahana/dbhost.conf</code>, with the details of the DB Host, so that ''edenctl'' can login there:<br />
<br />
<syntaxhighlight lang="bash" line><br />
DBHOST=<dbhost-private-ip><br />
DBHOST_USER=serveradm<br />
DBHOST_KEY=/root/.ssh/apphost<br />
</syntaxhighlight><br />
<br />
After that, you can set up the Eden instance as usual:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl setup<br />
</syntaxhighlight><br />
<br />
Eventually, start the Eden instance with:<br />
<br />
<syntaxhighlight lang="bash"><br />
edenctl start<br />
</syntaxhighlight></div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:DualHost&diff=234Guidelines:DualHost2026-02-02T16:46:44Z<p>Dominic: Created page with "== Dual Host Setup == In certain situations, you may want to deploy Eden with a database on a separate host. Follow these steps for Debian/Linux: === Terminology === This guideline assumes that you have two hosts running on Debian/Linux - we will use the '''AppHost''' and '''DBHost''' designations here to distinguish between the two. Further, we assume that each host has a '''public IP''' (exposed to the internet) and a '''private IP''' (local network only). Thus, a..."</p>
<hr />
<div>== Dual Host Setup ==<br />
<br />
In certain situations, you may want to deploy Eden with a database on a separate host. Follow these steps for Debian/Linux:<br />
<br />
=== Terminology ===<br />
<br />
This guideline assumes that you have two hosts running on Debian/Linux - we will use the '''AppHost''' and '''DBHost''' designations here to distinguish between the two.<br />
<br />
Further, we assume that each host has a '''public IP''' (exposed to the internet) and a '''private IP''' (local network only). Thus, a designation like ''apphost-public-ip'', for instance, refers to the public IP of the AppHost. In some intranet setups, public IP and private IP may be the same.<br />
<br />
Make sure that you have a '''DNS A-record''' set up for the public IP of the AppHost, e.g. in the '''FQDN''' (fully qualified domain name) "eden.example.com", the "eden" part constitutes the '''hostname''', and "example.com" the '''domain'''.<br />
<br />
Preparing the Servers<br />
<br />
''tbc''</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:SecureOperation&diff=233Guidelines:SecureOperation2026-02-02T16:36:28Z<p>Dominic: /* Secure Server Operation */</p>
<hr />
<div>== Secure Server Operation ==<br />
<br />
The following steps are recommended to secure your Eden server back-end under Debian/Linux.<br />
<br />
Note: this configuration is standard on many clouds, e.g. AWS EC2, so you do not need to do this manually. Check with your cloud service provider for details.<br />
<br />
=== Unprivileged Account ===<br />
<br />
You should use an unprivileged user account for SSH login. To do so, login as root and create a new user, e.g. "serveradm":<br />
<br />
<code><br />
adduser serveradm<br />
</code><br />
<br />
Enter a password for the new account when prompted for, and provide additional information as required. <br />
<br />
To permit the new user to <code>sudo</code> without password, edit the sudoers configuration file using the command <code>visudo</code>. Add the following lines at the end of the file:<br />
<br />
<syntaxhighlight lang="bash" line><br />
# User rules for serveradm<br />
serveradm ALL=(ALL) NOPASSWD:ALL<br />
</syntaxhighlight><br />
<br />
Login to the server using the new account and password, and verify that sudo is working as expected:<br />
<br />
<code><br />
sudo su -<br />
</code><br />
<br />
After that, you should be ''root''.<br />
<br />
=== Key-based Login ===<br />
<br />
You should use RSA keys for SSH login instead of passwords. To do so, generate a key pair on your local machine:<br />
<br />
<code><br />
ssh-keygen -t rsa -m PEM -b 4096 -f serveradm -C "serveradm"<br />
</code><br />
<br />
Choose a passphrase for the private key when prompted (for purposes of script automation, e.g. edenctl, leave the passphrase empty).<br />
<br />
Install the public key on the server:<br />
<br />
<code><br />
cat serveradm.pub | ssh serveradm@[server-public-ip] "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</code><br />
<br />
...replacing [server-public-ip] with the public IP address of the server. You will be prompted for the password of the ''serveradm'' user.<br />
<br />
Next, login to the server using the newly installed key:<br />
<br />
<code><br />
ssh -i serveradm serveradm@[server-public-up]<br />
</code><br />
<br />
...to verify everything is working as expected. <br />
<br />
You can repeat this process for a second key pair, as/if required, e.g. for a representative or as backup key. Make sure that all private keys are securely stored, and protected by passphrases.<br />
<br />
=== Disable Root Login and Password Authentication ===<br />
<br />
If you are not logged-in as ''serveradm'' yet, login now (using the private key):<br />
<br />
<code><br />
ssh -i serveradm serveradm@[server-public-up]<br />
</code><br />
<br />
Make yourself ''root'':<br />
<br />
<code><br />
sudo su -<br />
</code><br />
<br />
...and edit the <code>/etc/ssh/sshd_config</code> file. Uncomment or add the following lines:<br />
<br />
<syntaxhighlight lang="bash" line><br />
PermitRootLogin no<br />
PasswordAuthentication no<br />
</syntaxhighlight><br />
<br />
After that, reload the <code>sshd</code> service:<br />
<br />
<code><br />
systemctl reload sshd<br />
</code><br />
<br />
Now, you can no longer SSH-login as ''root'', but only as ''serveradm'' - and you must use a private key, as passwords will no longer be accepted.</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:SecureOperation&diff=232Guidelines:SecureOperation2026-02-02T16:35:45Z<p>Dominic: </p>
<hr />
<div>== Secure Server Operation ==<br />
<br />
The following steps are recommended to secure your Eden server back-end.<br />
<br />
Note: this configuration is standard on many clouds, e.g. AWS EC2, so you do not need to do this manually. Check with your cloud service provider for details.<br />
<br />
=== Unprivileged Account ===<br />
<br />
You should use an unprivileged user account for SSH login. To do so, login as root and create a new user, e.g. "serveradm":<br />
<br />
<code><br />
adduser serveradm<br />
</code><br />
<br />
Enter a password for the new account when prompted for, and provide additional information as required. <br />
<br />
To permit the new user to <code>sudo</code> without password, edit the sudoers configuration file using the command <code>visudo</code>. Add the following lines at the end of the file:<br />
<br />
<syntaxhighlight lang="bash" line><br />
# User rules for serveradm<br />
serveradm ALL=(ALL) NOPASSWD:ALL<br />
</syntaxhighlight><br />
<br />
Login to the server using the new account and password, and verify that sudo is working as expected:<br />
<br />
<code><br />
sudo su -<br />
</code><br />
<br />
After that, you should be ''root''.<br />
<br />
=== Key-based Login ===<br />
<br />
You should use RSA keys for SSH login instead of passwords. To do so, generate a key pair on your local machine:<br />
<br />
<code><br />
ssh-keygen -t rsa -m PEM -b 4096 -f serveradm -C "serveradm"<br />
</code><br />
<br />
Choose a passphrase for the private key when prompted (for purposes of script automation, e.g. edenctl, leave the passphrase empty).<br />
<br />
Install the public key on the server:<br />
<br />
<code><br />
cat serveradm.pub | ssh serveradm@[server-public-ip] "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</code><br />
<br />
...replacing [server-public-ip] with the public IP address of the server. You will be prompted for the password of the ''serveradm'' user.<br />
<br />
Next, login to the server using the newly installed key:<br />
<br />
<code><br />
ssh -i serveradm serveradm@[server-public-up]<br />
</code><br />
<br />
...to verify everything is working as expected. <br />
<br />
You can repeat this process for a second key pair, as/if required, e.g. for a representative or as backup key. Make sure that all private keys are securely stored, and protected by passphrases.<br />
<br />
=== Disable Root Login and Password Authentication ===<br />
<br />
If you are not logged-in as ''serveradm'' yet, login now (using the private key):<br />
<br />
<code><br />
ssh -i serveradm serveradm@[server-public-up]<br />
</code><br />
<br />
Make yourself ''root'':<br />
<br />
<code><br />
sudo su -<br />
</code><br />
<br />
...and edit the <code>/etc/ssh/sshd_config</code> file. Uncomment or add the following lines:<br />
<br />
<syntaxhighlight lang="bash" line><br />
PermitRootLogin no<br />
PasswordAuthentication no<br />
</syntaxhighlight><br />
<br />
After that, reload the <code>sshd</code> service:<br />
<br />
<code><br />
systemctl reload sshd<br />
</code><br />
<br />
Now, you can no longer SSH-login as ''root'', but only as ''serveradm'' - and you must use a private key, as passwords will no longer be accepted.</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:SecureOperation&diff=231Guidelines:SecureOperation2026-02-02T16:32:51Z<p>Dominic: /* Secure Server Operation */</p>
<hr />
<div>== Secure Server Operation ==<br />
<br />
The following steps are recommended to secure your Eden server back-end.<br />
<br />
Note: this configuration is standard on many clouds, e.g. AWS EC2, so you do not need to do this manually. Check with your cloud service provider for details.<br />
<br />
=== Unprivileged Account ===<br />
<br />
You should use an unprivileged user account for SSH login. To do so, login as root and create a new user, e.g. "serveradmin":<br />
<br />
<code><br />
adduser serveradmin<br />
</code><br />
<br />
Enter a password for the new account when prompted for, and provide additional information as required. <br />
<br />
To permit the new user to <code>sudo</code> without password, edit the sudoers configuration file using the command <code>visudo</code>. Add the following lines at the end of the file:<br />
<br />
<syntaxhighlight lang="bash" line><br />
# User rules for serveradmin<br />
serveradmin ALL=(ALL) NOPASSWD:ALL<br />
</syntaxhighlight><br />
<br />
Login to the server using the new account and password, and verify that sudo is working as expected:<br />
<br />
<code><br />
sudo su -<br />
</code><br />
<br />
After that, you should be ''root''.<br />
<br />
=== Key-based Login ===<br />
<br />
You should use RSA keys for SSH login instead of passwords. To do so, generate a key pair on your local machine:<br />
<br />
<code><br />
ssh-keygen -t rsa -m PEM -b 4096 -f serveradmin -C "serveradmin"<br />
</code><br />
<br />
Choose a passphrase for the private key when prompted (for purposes of script automation, e.g. edenctl, leave the passphrase empty).<br />
<br />
Install the public key on the server:<br />
<br />
<code><br />
cat serveradmin.pub | ssh serveradmin@[server-public-ip] "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</code><br />
<br />
...replacing [server-public-ip] with the public IP address of the server. You will be prompted for the password of the ''serveradmin'' user.<br />
<br />
Next, login to the server using the newly installed key:<br />
<br />
<code><br />
ssh -i serveradmin serveradmin@[server-public-up]<br />
</code><br />
<br />
...to verify everything is working as expected. <br />
<br />
You can repeat this process for a second key pair, as/if required, e.g. for a representative or as backup key. Make sure that all private keys are securely stored, and protected by passphrases.<br />
<br />
=== Disable Root Login and Password Authentication ===<br />
<br />
If you are not logged-in as ''serveradmin'' yet, login now (using the private key):<br />
<br />
<code><br />
ssh -i serveradmin serveradmin@[server-public-up]<br />
</code><br />
<br />
Make yourself ''root'':<br />
<br />
<code><br />
sudo su -<br />
</code><br />
<br />
...and edit the <code>/etc/ssh/sshd_config</code> file. Uncomment or add the following lines:<br />
<br />
<syntaxhighlight lang="bash" line><br />
PermitRootLogin no<br />
PasswordAuthentication no<br />
</syntaxhighlight><br />
<br />
After that, reload the <code>sshd</code> service:<br />
<br />
<code><br />
systemctl reload sshd<br />
</code><br />
<br />
Now, you can no longer SSH-login as ''root'', but only as ''serveradmin'' - and you must use a private key, as passwords will no longer be accepted.</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:SecureOperation&diff=230Guidelines:SecureOperation2026-02-02T16:32:37Z<p>Dominic: /* Secure Server Operation */</p>
<hr />
<div>== Secure Server Operation ==<br />
<br />
The following steps are recommended to secure your Eden server back-end.<br />
<br />
Note: this configuration is standard on many clouds, e.g. AWS EC2, so you do not need to do this manually. Check with your cloud service provider for details.<br />
<br />
=== Unprivileged Account ===<br />
<br />
You should use an unprivileged user account for SSH login. To do so, login as root and create a new user, e.g. "serveradmin":<br />
<br />
<code><br />
adduser serveradmin<br />
</code><br />
<br />
Enter a password for the new account when prompted for, and provide additional information as required. <br />
<br />
To permit the new user to <code>sudo</code> without password, edit the sudoers configuration file using the command <code>visudo</code>. Add the following lines at the end of the file:<br />
<br />
<syntaxhighlight lang="bash" line><br />
# User rules for serveradmin<br />
serveradmin ALL=(ALL) NOPASSWD:ALL<br />
</syntaxhighlight><br />
<br />
Login to the server using the new account and password, and verify that sudo is working as expected:<br />
<br />
<code><br />
sudo su -<br />
</code><br />
<br />
After that, you should be ''root''.<br />
<br />
=== Key-based Login ===<br />
<br />
You should use RSA keys for SSH login instead of passwords. To do so, generate a key pair on your local machine:<br />
<br />
<code><br />
ssh-keygen -t rsa -m PEM -b 4096 -f serveradmin -C "serveradmin"<br />
</code><br />
<br />
Choose a passphrase for the private key when prompted (for purposes of script automation, e.g. edenctl, leave the passphrase empty).<br />
<br />
Install the public key on the server:<br />
<br />
<code><br />
cat serveradmin.pub | ssh serveradmin@[server-public-ip] "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</code><br />
<br />
...replacing [server-public-ip] with the public IP address of the server. You will be prompted for the password of the ''serveradmin'' user.<br />
<br />
Next, login to the server using the newly installed key:<br />
<br />
<code><br />
ssh -i serveradmin serveradmin@[server-public-up]<br />
</code><br />
<br />
...to verify everything is working as expected. <br />
<br />
You can repeat this process for a second key pair, as/if required, e.g. for a representative or as backup key. Make sure that all private keys are securely stored, and protected by passphrases.<br />
<br />
=== Disable Root Login and Password Authentication ===<br />
<br />
If you are not logged-in as ''serveradmin'' yet, login now (using the private key):<br />
<br />
<code><br />
ssh -i serveradmin serveradmin@[server-public-up]<br />
</code><br />
<br />
Make yourself ''root'':<br />
<br />
<code><br />
sudo su -<br />
</code><br />
<br />
...and edit the <code>/etc/ssh/sshd_config</code> file. Uncomment or add the following lines:<br />
<br />
<syntaxhighlight lang="bash" line><br />
PermitRootLogin no<br />
PasswordAuthentication no<br />
</syntaxhighlight><br />
<br />
After that, reload the <code>sshd</code> service:<br />
<br />
<code><br />
systemctl reload sshd<br />
</code><br />
<br />
Now, you can no longer SSH-login as ''root'', but only as ''serveradmin'' - and you must use a private key, as passwords will no longer be accepted.</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:SecureOperation&diff=229Guidelines:SecureOperation2026-02-02T16:31:05Z<p>Dominic: /* Secure Server Operation */</p>
<hr />
<div>== Secure Server Operation ==<br />
<br />
The following steps are recommended to secure your Eden server back-end.<br />
<br />
Note: this configuration is standard on many clouds, e.g. AWS EC2.<br />
<br />
=== Unprivileged Account ===<br />
<br />
You should use an unprivileged user account for SSH login. To do so, login as root and create a new user, e.g. "serveradmin":<br />
<br />
<code><br />
adduser serveradmin<br />
</code><br />
<br />
Enter a password for the new account when prompted for, and provide additional information as required. <br />
<br />
To permit the new user to <code>sudo</code> without password, edit the sudoers configuration file using the command <code>visudo</code>. Add the following lines at the end of the file:<br />
<br />
<syntaxhighlight lang="bash" line><br />
# User rules for serveradmin<br />
serveradmin ALL=(ALL) NOPASSWD:ALL<br />
</syntaxhighlight><br />
<br />
Login to the server using the new account and password, and verify that sudo is working as expected:<br />
<br />
<code><br />
sudo su -<br />
</code><br />
<br />
After that, you should be ''root''.<br />
<br />
=== Key-based Login ===<br />
<br />
You should use RSA keys for SSH login instead of passwords. To do so, generate a key pair on your local machine:<br />
<br />
<code><br />
ssh-keygen -t rsa -m PEM -b 4096 -f serveradmin -C "serveradmin"<br />
</code><br />
<br />
Choose a passphrase for the private key when prompted (for purposes of script automation, e.g. edenctl, leave the passphrase empty).<br />
<br />
Install the public key on the server:<br />
<br />
<code><br />
cat serveradmin.pub | ssh serveradmin@[server-public-ip] "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</code><br />
<br />
...replacing [server-public-ip] with the public IP address of the server. You will be prompted for the password of the ''serveradmin'' user.<br />
<br />
Next, login to the server using the newly installed key:<br />
<br />
<code><br />
ssh -i serveradmin serveradmin@[server-public-up]<br />
</code><br />
<br />
...to verify everything is working as expected. <br />
<br />
You can repeat this process for a second key pair, as/if required, e.g. for a representative or as backup key. Make sure that all private keys are securely stored, and protected by passphrases.<br />
<br />
=== Disable Root Login and Password Authentication ===<br />
<br />
If you are not logged-in as ''serveradmin'' yet, login now (using the private key):<br />
<br />
<code><br />
ssh -i serveradmin serveradmin@[server-public-up]<br />
</code><br />
<br />
Make yourself ''root'':<br />
<br />
<code><br />
sudo su -<br />
</code><br />
<br />
...and edit the <code>/etc/ssh/sshd_config</code> file. Uncomment or add the following lines:<br />
<br />
<syntaxhighlight lang="bash" line><br />
PermitRootLogin no<br />
PasswordAuthentication no<br />
</syntaxhighlight><br />
<br />
After that, reload the <code>sshd</code> service:<br />
<br />
<code><br />
systemctl reload sshd<br />
</code><br />
<br />
Now, you can no longer SSH-login as ''root'', but only as ''serveradmin'' - and you must use a private key, as passwords will no longer be accepted.</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:SecureOperation&diff=228Guidelines:SecureOperation2026-02-02T16:27:43Z<p>Dominic: /* Secure Server Operation */</p>
<hr />
<div>== Secure Server Operation ==<br />
<br />
The following steps are recommended to secure your Eden server back-end:<br />
<br />
=== Unprivileged Account ===<br />
<br />
You should use an unprivileged user account for SSH login. To do so, login as root and create a new user, e.g. "serveradmin":<br />
<br />
<code><br />
adduser serveradmin<br />
</code><br />
<br />
Enter a password for the new account when prompted for, and provide additional information as required. <br />
<br />
To permit the new user to <code>sudo</code> without password, edit the sudoers configuration file using the command <code>visudo</code>. Add the following lines at the end of the file:<br />
<br />
<syntaxhighlight lang="bash" line><br />
# User rules for serveradmin<br />
serveradmin ALL=(ALL) NOPASSWD:ALL<br />
</syntaxhighlight><br />
<br />
Login to the server using the new account and password, and verify that sudo is working as expected:<br />
<br />
<code><br />
sudo su -<br />
</code><br />
<br />
After that, you should be ''root''.<br />
<br />
=== Key-based Login ===<br />
<br />
You should use RSA keys for SSH login instead of passwords. To do so, generate a key pair on your local machine:<br />
<br />
<code><br />
ssh-keygen -t rsa -m PEM -b 4096 -f serveradmin -C "serveradmin"<br />
</code><br />
<br />
Choose a passphrase for the private key when prompted (for purposes of script automation, e.g. edenctl, leave the passphrase empty).<br />
<br />
Install the public key on the server:<br />
<br />
<code><br />
cat serveradmin.pub | ssh serveradmin@[server-public-ip] "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</code><br />
<br />
...replacing [server-public-ip] with the public IP address of the server. You will be prompted for the password of the ''serveradmin'' user.<br />
<br />
Next, login to the server using the newly installed key:<br />
<br />
<code><br />
ssh -i serveradmin serveradmin@[server-public-up]<br />
</code><br />
<br />
...to verify everything is working as expected. <br />
<br />
You can repeat this process for a second key pair, as/if required, e.g. for a representative or as backup key. Make sure that all private keys are securely stored, and protected by passphrases.<br />
<br />
=== Disable Root Login and Password Authentication ===<br />
<br />
If you are not logged-in as ''serveradmin'' yet, login now (using the private key):<br />
<br />
<code><br />
ssh -i serveradmin serveradmin@[server-public-up]<br />
</code><br />
<br />
Make yourself ''root'':<br />
<br />
<code><br />
sudo su -<br />
</code><br />
<br />
...and edit the <code>/etc/ssh/sshd_config</code> file. Uncomment or add the following lines:<br />
<br />
<syntaxhighlight lang="bash" line><br />
PermitRootLogin no<br />
PasswordAuthentication no<br />
</syntaxhighlight><br />
<br />
After that, reload the <code>sshd</code> service:<br />
<br />
<code><br />
systemctl reload sshd<br />
</code><br />
<br />
Now, you can no longer SSH-login as ''root'', but only as ''serveradmin'' - and you must use a private key, as passwords will no longer be accepted.</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:SecureOperation&diff=227Guidelines:SecureOperation2026-02-02T16:27:28Z<p>Dominic: Created page with "== Secure Server Operation == The following steps are recommended to secure your Eden server: === Unprivileged Account === You should use an unprivileged user account for SSH login. To do so, login as root and create a new user, e.g. "serveradmin": <code> adduser serveradmin </code> Enter a password for the new account when prompted for, and provide additional information as required. To permit the new user to <code>sudo</code> without password, edit the sudoers c..."</p>
<hr />
<div>== Secure Server Operation ==<br />
<br />
The following steps are recommended to secure your Eden server:<br />
<br />
=== Unprivileged Account ===<br />
<br />
You should use an unprivileged user account for SSH login. To do so, login as root and create a new user, e.g. "serveradmin":<br />
<br />
<code><br />
adduser serveradmin<br />
</code><br />
<br />
Enter a password for the new account when prompted for, and provide additional information as required. <br />
<br />
To permit the new user to <code>sudo</code> without password, edit the sudoers configuration file using the command <code>visudo</code>. Add the following lines at the end of the file:<br />
<br />
<syntaxhighlight lang="bash" line><br />
# User rules for serveradmin<br />
serveradmin ALL=(ALL) NOPASSWD:ALL<br />
</syntaxhighlight><br />
<br />
Login to the server using the new account and password, and verify that sudo is working as expected:<br />
<br />
<code><br />
sudo su -<br />
</code><br />
<br />
After that, you should be ''root''.<br />
<br />
=== Key-based Login ===<br />
<br />
You should use RSA keys for SSH login instead of passwords. To do so, generate a key pair on your local machine:<br />
<br />
<code><br />
ssh-keygen -t rsa -m PEM -b 4096 -f serveradmin -C "serveradmin"<br />
</code><br />
<br />
Choose a passphrase for the private key when prompted (for purposes of script automation, e.g. edenctl, leave the passphrase empty).<br />
<br />
Install the public key on the server:<br />
<br />
<code><br />
cat serveradmin.pub | ssh serveradmin@[server-public-ip] "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"<br />
</code><br />
<br />
...replacing [server-public-ip] with the public IP address of the server. You will be prompted for the password of the ''serveradmin'' user.<br />
<br />
Next, login to the server using the newly installed key:<br />
<br />
<code><br />
ssh -i serveradmin serveradmin@[server-public-up]<br />
</code><br />
<br />
...to verify everything is working as expected. <br />
<br />
You can repeat this process for a second key pair, as/if required, e.g. for a representative or as backup key. Make sure that all private keys are securely stored, and protected by passphrases.<br />
<br />
=== Disable Root Login and Password Authentication ===<br />
<br />
If you are not logged-in as ''serveradmin'' yet, login now (using the private key):<br />
<br />
<code><br />
ssh -i serveradmin serveradmin@[server-public-up]<br />
</code><br />
<br />
Make yourself ''root'':<br />
<br />
<code><br />
sudo su -<br />
</code><br />
<br />
...and edit the <code>/etc/ssh/sshd_config</code> file. Uncomment or add the following lines:<br />
<br />
<syntaxhighlight lang="bash" line><br />
PermitRootLogin no<br />
PasswordAuthentication no<br />
</syntaxhighlight><br />
<br />
After that, reload the <code>sshd</code> service:<br />
<br />
<code><br />
systemctl reload sshd<br />
</code><br />
<br />
Now, you can no longer SSH-login as ''root'', but only as ''serveradmin'' - and you must use a private key, as passwords will no longer be accepted.</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:DebianPackages&diff=226Guidelines:DebianPackages2025-11-25T11:25:08Z<p>Dominic: /* Prerequisites */</p>
<hr />
<div>= Debian Packages =<br />
<br />
As of version 6.0, Eden provides packaged releases for installation, setup and server administration. Packages for Debian (*.deb) are currently provided as assets attached to the respective GitHub release:<br />
<br />
* https://github.com/sahana/eden/releases<br />
<br />
Using packaged releases is the recommended setup method for production servers.<br />
<br />
== Prerequisites ==<br />
<br />
Before starting the installation, you must have a server machine (virtual or bare metal) ready, installed with a suitable '''Debian/Linux''' distribution. As a rule, Eden supports the last two Debian releases ([https://wiki.debian.org/DebianStable stable] and [https://wiki.debian.org/DebianOldStable oldstable]). <br />
<br />
'''''Note''': Occasionally, support for the current stable can be delayed while we are fixing incompatibilities - but the oldstable should always be available.''<br />
<br />
The server must have access to corresponding Debian repositories in order to install dependencies, either locally or via internet.<br />
<br />
You must be able to access the server via '''SSH''' (alternatively physical console), and to become the <code>root</code> user.<br />
<br />
Additionally, you will need a '''DNS A-record''' for the intended '''server URL''' pointing to the server's IP address, which you can obtain from your domain services provider. Make sure the server is accessible from the network under that server URL via both HTTP and HTTPs.<br />
<br />
== Installation ==<br />
<br />
Login to the server via SSH, and make yourself root with <code>sudo su -</code>.<br />
<br />
Download the release package matching your Debian version, e.g. for Eden-6.0 on Debian-12 Bookworm:<br />
<br />
cd /tmp<br />
<nowiki>wget https://github.com/sahana/eden/releases/download/6.0/sahana-eden-debian12_6.0-1_all.deb</nowiki><br />
<br />
Install the package:<br />
<br />
apt-get update<br />
apt-get install -f sahana-eden-debian12_6.0-1_all.deb<br />
<br />
This will install all necessary dependencies, including '''PostgreSQL''' with '''PostGIS''', the '''web2py''' framework, the '''nginx''' web server and '''uWSGI''', and finally '''Eden''' itself.<br />
<br />
The package also deploys the <code>[[Guidelines:Edenctl|edenctl]]</code> tool to configure and manage the server.<br />
<br />
== Configuration ==<br />
<br />
If you want to use a custom configuration '''template''', add a symbolic link for it in the <code>/home/web2py/applications/eden/modules/templates</code> directory.<br />
<br />
Use <code>[[Guidelines:Edenctl|edenctl]]</code> to configure the Eden instance on your server:<br />
<br />
edenctl setup<br />
<br />
Enter your server details as you are prompted for them.<br />
<br />
'''Tip''': if your server URL is ''eden.example.com'', then the hostname would be ''eden'', and the domain ''example.com''<br />
<br />
Edenctl will configure the '''nginx''' web server and set up a '''uWSGI''' daemon to connect it to web2py/Eden. It will also set up and initialize the database, and '''pre-populate''' it with some basic data from the configuration template you selected.<br />
<br />
It will also configure SSL (HTTPs) with [https://certbot.eff.org/pages/about Certbot] to manage the server certificate and key.<br />
<br />
Once this is done, you can start your Eden instance with<br />
<br />
edenctl start</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:DebianPackages&diff=225Guidelines:DebianPackages2025-11-25T11:24:28Z<p>Dominic: /* Prerequisites */</p>
<hr />
<div>= Debian Packages =<br />
<br />
As of version 6.0, Eden provides packaged releases for installation, setup and server administration. Packages for Debian (*.deb) are currently provided as assets attached to the respective GitHub release:<br />
<br />
* https://github.com/sahana/eden/releases<br />
<br />
Using packaged releases is the recommended setup method for production servers.<br />
<br />
== Prerequisites ==<br />
<br />
Before starting the installation, you should have a server machine (virtual or bare metal) ready, installed with a suitable '''Debian/Linux''' distribution. As a rule, Eden supports the last two Debian releases ([https://wiki.debian.org/DebianStable stable] and [https://wiki.debian.org/DebianOldStable oldstable]). <br />
<br />
'''''Note''': Occasionally, support for the current stable can be delayed while we are fixing incompatibilities - but the oldstable should always be available.''<br />
<br />
The server must have access to corresponding Debian repositories in order to install dependencies, either locally or via internet.<br />
<br />
You must be able to access the server via '''SSH''' (alternatively physical console), and to become the <code>root</code> user.<br />
<br />
Additionally, you will need a '''DNS A-record''' for the intended '''server URL''' pointing to the server's IP address, which you can obtain from your domain services provider. Make sure the server is accessible from the network under that server URL via both HTTP and HTTPs.<br />
<br />
== Installation ==<br />
<br />
Login to the server via SSH, and make yourself root with <code>sudo su -</code>.<br />
<br />
Download the release package matching your Debian version, e.g. for Eden-6.0 on Debian-12 Bookworm:<br />
<br />
cd /tmp<br />
<nowiki>wget https://github.com/sahana/eden/releases/download/6.0/sahana-eden-debian12_6.0-1_all.deb</nowiki><br />
<br />
Install the package:<br />
<br />
apt-get update<br />
apt-get install -f sahana-eden-debian12_6.0-1_all.deb<br />
<br />
This will install all necessary dependencies, including '''PostgreSQL''' with '''PostGIS''', the '''web2py''' framework, the '''nginx''' web server and '''uWSGI''', and finally '''Eden''' itself.<br />
<br />
The package also deploys the <code>[[Guidelines:Edenctl|edenctl]]</code> tool to configure and manage the server.<br />
<br />
== Configuration ==<br />
<br />
If you want to use a custom configuration '''template''', add a symbolic link for it in the <code>/home/web2py/applications/eden/modules/templates</code> directory.<br />
<br />
Use <code>[[Guidelines:Edenctl|edenctl]]</code> to configure the Eden instance on your server:<br />
<br />
edenctl setup<br />
<br />
Enter your server details as you are prompted for them.<br />
<br />
'''Tip''': if your server URL is ''eden.example.com'', then the hostname would be ''eden'', and the domain ''example.com''<br />
<br />
Edenctl will configure the '''nginx''' web server and set up a '''uWSGI''' daemon to connect it to web2py/Eden. It will also set up and initialize the database, and '''pre-populate''' it with some basic data from the configuration template you selected.<br />
<br />
It will also configure SSL (HTTPs) with [https://certbot.eff.org/pages/about Certbot] to manage the server certificate and key.<br />
<br />
Once this is done, you can start your Eden instance with<br />
<br />
edenctl start</div>Dominichttps://eden.sahanafoundation.org/index.php?title=Guidelines:DebianPackages&diff=224Guidelines:DebianPackages2025-11-25T11:23:59Z<p>Dominic: /* Prerequisites */</p>
<hr />
<div>= Debian Packages =<br />
<br />
As of version 6.0, Eden provides packaged releases for installation, setup and server administration. Packages for Debian (*.deb) are currently provided as assets attached to the respective GitHub release:<br />
<br />
* https://github.com/sahana/eden/releases<br />
<br />
Using packaged releases is the recommended setup method for production servers.<br />
<br />
== Prerequisites ==<br />
<br />
Before starting the installation, you should have a server machine (virtual or bare metal) ready, installed with a suitable '''Debian/Linux''' distribution. As a rule, Eden supports the last two Debian releases ([https://wiki.debian.org/DebianStable stable] and [https://wiki.debian.org/DebianOldStable oldstable]). <br />
<br />
'''''Note''': Occasionally, support for the current stable can be delayed while we are fixing incompatibilities - but the oldstable should always be available.''<br />
<br />
The server should have access to corresponding Debian repositories in order to install dependencies, either locally or via internet.<br />
<br />
You should be able to access the server via '''SSH''' (alternatively physical console), and to become the <code>root</code> user.<br />
<br />
Additionally, you will need a '''DNS A-record''' for the intended '''server URL''' pointing to the server's IP address, which you can obtain from your domain services provider. Make sure the server is accessible from the network under that server URL via both HTTP and HTTPs.<br />
<br />
== Installation ==<br />
<br />
Login to the server via SSH, and make yourself root with <code>sudo su -</code>.<br />
<br />
Download the release package matching your Debian version, e.g. for Eden-6.0 on Debian-12 Bookworm:<br />
<br />
cd /tmp<br />
<nowiki>wget https://github.com/sahana/eden/releases/download/6.0/sahana-eden-debian12_6.0-1_all.deb</nowiki><br />
<br />
Install the package:<br />
<br />
apt-get update<br />
apt-get install -f sahana-eden-debian12_6.0-1_all.deb<br />
<br />
This will install all necessary dependencies, including '''PostgreSQL''' with '''PostGIS''', the '''web2py''' framework, the '''nginx''' web server and '''uWSGI''', and finally '''Eden''' itself.<br />
<br />
The package also deploys the <code>[[Guidelines:Edenctl|edenctl]]</code> tool to configure and manage the server.<br />
<br />
== Configuration ==<br />
<br />
If you want to use a custom configuration '''template''', add a symbolic link for it in the <code>/home/web2py/applications/eden/modules/templates</code> directory.<br />
<br />
Use <code>[[Guidelines:Edenctl|edenctl]]</code> to configure the Eden instance on your server:<br />
<br />
edenctl setup<br />
<br />
Enter your server details as you are prompted for them.<br />
<br />
'''Tip''': if your server URL is ''eden.example.com'', then the hostname would be ''eden'', and the domain ''example.com''<br />
<br />
Edenctl will configure the '''nginx''' web server and set up a '''uWSGI''' daemon to connect it to web2py/Eden. It will also set up and initialize the database, and '''pre-populate''' it with some basic data from the configuration template you selected.<br />
<br />
It will also configure SSL (HTTPs) with [https://certbot.eff.org/pages/about Certbot] to manage the server certificate and key.<br />
<br />
Once this is done, you can start your Eden instance with<br />
<br />
edenctl start</div>Dominic