Hi,
Here is the really useful tutorial on the subject, however, the author made manual installation of most of the components:
https://www.digitalocean.com/community/tutorials/how-to-install-an-erpnext-stack-on-ubuntu-18-04
But, if you want to get all process a bit simpler, and use easy install script, here are the steps.
1. Initial configuration.
Follow the prerequisites, step 1 and 2 of the tutorial mentioned above. Do not forget to reboot the system after that.
2. ERPNext installation with easy install script.
Download the script to your current location. It may be your home directory. You can remove the script after installation.
wget https://raw.githubusercontent.com/frappe/bench/develop/install.py
Run the script providing appropriate parameters
sudo -H python3 install.py --production --user erpnext --mariadb-version 10.4 --site your.domain.info --verbose
Explanation for some parameters.
--user
- user context which the application will be installed in. If the user does not exist in the system, script will create it.
--mariadb-version
- it is obviously the version of MariaDB. Although the latest stable version is 10.5, I recommend installing version 10.4. You would get a problem installing ver. 10.5. I will describe the workaround for it in another answer to this post.
--site
- specify your domain here. Domain must point at your droplet’s IP address. Domain will be automatically associated with ERPNext installation, and nginx server block will be configured with it, what actually meets one of your defined requirements.
--verbose
- thanks to it you get a lot of information during installation what may be useful for troubleshooting possible problems.
You will be asked for creating two passwords during the installation:
- for MariaDB root user
- for ERPNext Administrator
Keep both those passwords in safe place.
3. Securing the communication with Let’s Encrypt certificate.
It is quite likely you would like to access your application with more than one domain. Let’s assume that you would like to access it using both your.domain.info and www.your.domain.info. In such case, you need to modify ERPNext nginx server block configuration before installing a certificate.
This server block configuration is contained in file /etc/nginx/conf.d/frappe-bench.conf. Find the server_name directive and modify it appropriately.
server_name your.domain.info www.your.domain.info;
Check if syntax of nginx configuration is OK
sudo nginx -t
Restart nginx service.
sudo systemctl restart nginx
Ensure that you can access your ERPNext application with both your domains. If it is OK you can continue the installation.
To install Let’s Encrypt certificate you must install certbot first. So, install certbot’s repository
sudo add-apt-repository ppa:certbot/certbot
You will get a note, accept it pressing Enter.
Output
This is the PPA for packages prepared by Debian Let's Encrypt Team and
backported for Ubuntu.
Note: Packages are only provided for currently supported Ubuntu releases.
More info: https://launchpad.net/~certbot/+archive/ubuntu/certbot
Press [ENTER] to continue or Ctrl-c to cancel adding it.
Then, install certbot
sudo apt install python-certbot-nginx
Now you can obtain a certificate for your domain or domains. I included two domains in exemplary command below.
sudo certbot --nginx -d your.domain.info -d www.your.domain.info
You will be asked for entering email address for sending notices on renewals. It is worthy to enter it. You may be also asked if you would like to redirect HTTP traffic to HTTPS. Agree to redirect.
Output
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
If certificate installation is successful you will get info like
Output
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
...
Installed certbot package takes care of certificate renewal process by adding a renew script to directory /etc/cron.d. You can run renewal test and check if it is going smoothly.
sudo certbot renew --dry-run
4. Disabling access to ERPNext via droplet’s IP address.
To achieve that add the following server block configuration to the file /etc/nginx/conf.d/frappe-bench.conf.
server {
listen 443 ssl;
server_name your-droplet-ip;
return 444;
}
Replace your-droplet-ip with corresponding IP address. You can also replace response code 444 (“Connection closed without response”) with the more appropriate one.
The above configuration is related to HTTPS traffic. HTTP traffic was redirected to HTTPS by modifications done by certbot, so you do not have to do anything with that. You can just replace response code 404 with the one you like.
server {
if ($host = www.your.domain.info) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = your.domain.info) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name your.domain.info www.your.domain.info;
return 404; # managed by Certbot
}
After the modifications check if syntax of nginx configuration is OK
sudo nginx -t
Restart nginx service.
sudo systemctl restart nginx
Now, you should have ERPNext installed, and have HTTPS access to it via your domain only, not via droplet’s IP address :)