[Tutorial] Install v13 Production on Debian 10 VPS - Using “Easy Install” script - Now includes setting up SSL certificate!

EDIT - 05/28/2021 - Okay. By popular request, this post has been edited to now include the fastest and easiest way to get your server not only successfully installed but to also get it setup with a URL and an auto-renewing SSL certificate. ~ BKM :nerd_face:

I did a post like this for Ubuntu 20.04 recently and it went over very well. After a while I started noticing problems with the Ubuntu 20.04 images on several of my VPS providers so I switched to using Debian 10 (Buster) release for my production test servers.

The Debian 10 images do not contain everything that you would find already included in a Ubuntu image, so there are a few extra steps to get some of the extra prerequisites out of the way. (For instance Debian 10 did not include “sudo”) Let’s get started…

  • Pick your favorite VPS provider and spin up a Debian v10 image

  • login as ‘root’ user and perform the following commands:
    apt-get update
    apt-get upgrade

  • When that is finished we need to add ‘sudo’ so we can use it with regular non-root users
    apt-get install sudo

  • Now we add the new user and assign them ‘sudo’ privileges Remember to replace [USER] with your username.
    adduser [USER]
    usermod -aG sudo [USER]

  • Now we install all of the prerequisites for the install.py script to work properly
    apt install git libffi-dev python3-minimal build-essential python3-distutils python3-setuptools python3-pip python3-testresources libssl-dev wkhtmltopdf redis

  • Once all of that is done, we edit the redis.conf file to avoid errors during the install.
    nano /etc/redis/redis.conf
    (search for 127.0.0.1 ::1 and change it to 127.0.0.1 then save)

  • Now we reboot the server to get all of the new stuff initialized and running.
    reboot

  • After reboot, login to the server as [USER] and perform the following commands:
    export LC_ALL=C.UTF-8
    wget https://raw.githubusercontent.com/frappe/bench/develop/install.py

  • In this next command, remember to replace [USER] with your username.
    sudo python3 install.py --verbose --production --user [USER] --mariadb-version 10.5 --frappe-branch version-13 --erpnext-branch version-13
    (about 1 min into install enter mariadb root password and administrator password when prompted)

  • After a long wait, you get “Successfully Installed” then do these commands:
    cd frappe-bench
    bench --site site1.local enable-scheduler

  • You can close the command line window to your server and open your favorite browser. Type the IP Address of your server into the browser address bar to access your new server for the first time.

  • At the ERPNext login screen use “Administrator” as the username and type in the password you selected for the Administrator during the installation process.

  • Answer all of the question to setup the system for your business. Once this is done we can safely start setting up URL and DNS pointers, and SSL certificates so your server will work properly in modern browsers. So, make sure you have logged int to ERPNext as Administrator and answered all the questions to complete the setup wizard, then continue here:

  • Chose a URL for your online presence, make sure you own it, and then use your domain name providers DNS editor to make your URL point the the IP Address of your new frappe/erpnext server. (Sorry, there are far too many different providers for me to provide any specific instructions for this. Have your domain name provider help you do this).

  • Now login to the server using your favorite ssh client as the [USER] you used to install ERPNext above and then perform the following commands
    cd frappe-bench
    bench config dns_multitenant on
    bench setup add-domain --site site1.local [your.new.URL]
    bench setup nginx (answer Y to the question about replacing the config file)
    sudo service nginx restart
    cd ~

  • Now it is time to work on the SSL certificate. First we need to make sure that ‘certbot’ is not already installed, so we will attempt to remove it just in case
    sudo apt-get remove certbot

  • Now we are going to install the package bundle provider and make sure it is all up-to-date with the latest release of ‘snapd’ and let it handle the certbot for us
    sudo apt install snapd
    sudo snap install core
    sudo snap refresh core

  • Now we use ‘snap’ service to automatically install and configure certbot to work perfectly with your new ERPNext server
    sudo snap install --classic certbot
    sudo ln -s /snap/bin/certbot /usr/bin/certbot

  • Now we can safely use the pre-configured certbot to install your SSL certificate
    sudo certbot --nginx
    (The system will pause at some point and ask you to select the site name you wish to install the certificate from a list of names it found. Be sure to select the URL you used and not ‘site1.local’ at this point)

  • Once this is done, you can close your ssh client, open a browser and type the URL of your server into the address bar and it should take you to the secured version of your ERPNext server.

  • One final note here. This method specifically does NOT rename bench or the site directories in order to provide flexibility later in the event you need to have multiple URL’s pointing to the same instance of ERPNext or if you need to change your URL for some reason in the future. Using the bench setup add-domain command makes this much simpler. The SSL certificate instructions I provided above are tailored to support this configuration.

Hope this helps… :sunglasses:

BKM

19 Likes

Great! Thanks @bkm!

What about these warnings [Release Note] ERPNext and Frappe Version 13.3.0 - #9 by krnkris?

To SSL certificate do you run sudo apt-get install certbot or sudo bench setup lets-encrypt?

You install certbot using snap. Then do certbot --nginx as the letscrypt / certbot site shows.

bench letsencrypt does not work (unless it got updated) - but its not needed since certbot --nginx works anyway.

1 Like

I do not get those warnings using this method.

As for SSL certificates, there are several ways to install them. At this point I was only concerned about getting a successful and clean install of the core system. On the 4 installs I did today I ended up with
ERPNext v13.3.1
Frappe v13.3.0

BKM

1 Like

The original post has now been updated (improved) to include setting up your URL and certbot for the SSL auto-renewing certificate.

BKM :sunglasses:

2 Likes

Hello,

Thanks for this great Tutorial

I just install a virtual machine using Debian 10.9 image

I have to install yum as well

sudo apt install yum

But still have some errors running the install.py script

There are no enabled repos.
 Run "yum repolist all" to see the repos you have.
 You can enable repos with yum-config-manager --enable <repo>
Traceback (most recent call last):
  File "install.py", line 495, in <module>
    install_prerequisites()
  File "install.py", line 158, in install_prerequisites
    'sudo yum install -y epel-release redhat-lsb-core git python-setuptools python-devel openssl-devel libffi-devel'
  File "install.py", line 143, in run_os_command
    returncode = subprocess.check_call(command, shell=True, stdout=log_stream, stderr=sys.stderr)
  File "/usr/lib/python3.7/subprocess.py", line 347, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command 'sudo yum groupinstall -y "Development tools"' returned non-zero exit status 1.

Running the command :

sudo yum install -y epel-release redhat-lsb-core git python-setuptools python-devel openssl-devel libffi-devel

Got this return :

There are no enabled repos.
 Run "yum repolist all" to see the repos you have.
 You can enable repos with yum-config-manager --enable <repo>

The command :

yum repolist all

return:

repolist: 0

Any idea how to solve this issue ?

Regards
Valta

Hello,

Just a quick follow up in case of someone get the same issue :

The Debian image : Debian 10.9 DVD1 have some issue, running on Debian image Net install that working properly

Regards

Valta

In order to use this “add-domain” approach, do we need to name the site using .local?
Or can it be anything (include no extension at all)? For example name it site1.myerp or site1.client or just site1, or even a random hash?

There is no real requirement that I know of in frappe for what you name your site.

The bench setup add-domain command works (I believe) on any site name. You should be able to use it to point 2 different URLs to the same site as long as the the “currentsite.txt” contains the same name as the site directory name your are using in /home/[USER]/frappe-bench/sites

In my limited experiments I have always used “site1.local” because it was the first site I ever encountered in my experiments with ERPNext several years ago and I continue to use it out of nostalgia I think. Plus, it is still the default site name that the easy install script method creates. So by always talking about it I never say anything confusing (I hope) to the new users that are trying their first server configuration. :nerd_face:

So, as far as I know and based on my own experiments, it does not matter what the site folder is named as long as that name appears in the currentsite.txt file. Then any usage of the bench setup add-domain command will just add more available domains to the site_config.json file and tie them into the nginx configuration. That way what ever DNS pointer you have for alternate URL’s as long as they point to the ip address and the URL is listed in the site_config.json properly, etc. then you should have no trouble adding multiple names to the same site.

BKM

I think I remember reading somewhere in the docs (I’ll try to find it) that for the multitenants to work, the currentsite.txt must be emptied.

And I think this is also not required in the sitename = URL scenario. I never see or set the site name in the site_config.json.
Is this also required for the add-domain scenario?

I would suggest to add a auto renew to the certificate :

Add in your crontab :

30 2 * * 1 /usr/bin/certbot renew >> /var/log/le-renew.log

Regards

Valta

The bench add-domain command places the URL into the site_config.json and if you use it multiple times, then you will have multiple valid URLs available to the outside world (provided of course that you have setup up the DNS pointers).

Side Note…

I figured all of this out by building many different servers and experimenting with the configurations. While there was some documentation around back then, it was not always easy to find. So quite honestly, I encourage you to just try it out for yourself. Spin up a few servers and run the installs. Reconfigure them with your different ideas. It is easy to buy a URL for a few dollars and then make as many sub domains from it as you want to experiment on. The servers make a great sandbox for trying out the stuff you find on the forum. You may even still be able to get a bunch of free trial server time on Google Cloud Platform. If not, you can go to lowendbox.com and look for deals on cheap VPS. I have several of them right now that give me 4gb memory with 2 or 4 cpu KVM servers for less than $39US per year. I consider that my investment in learning more about how this all works.

You can read stuff on the forums or in old documentation for days on end, but actually trying it out is where the real learning happens.

BKM

OK Thank you @bkm for the explanation.

I would certainly try it becasue this scenario will probably solve a problem for me in setting up a new client site. A too-eager client can open the site before it’s ready. So by assigning non-domain name to the site, it can’t be accessed until it’s ready and a bench add-domain is done to it.

This is really great. Thank you @bkm.
Can you guide through the Email Account and Email Domain setup. Have been stuck there.

Worked for me as well, however there were these warnings:

WARN: bench is installed in editable mode!

This is not the recommended mode of installation for production. Instead, install the package from PyPI with: pip install frappe-bench

Enabled for site1.local

Should I worry :slight_smile:

No, this is actually the new normal for ERPNext installs. Nothing to worry about.

BKM

Yep, works like a charm… thank you for the steps… however, i run into hurdles if I want to upgrade the version of ERPNext from say 13.4 to the latest 13.5… Bench update runs with the Pip warning, but when I login to the application, it is still on 13.4… Any tips? Pointers?

Did you use the “Reload” function to refresh the frappe-erpnext cache in the browser?

Click on your icon in the upper right corner of the screen and select “Reload” from the drop down list. After it resets, check the version number again.

BKM

Seems like I was doing it wrong. I had to cd to the frappe-bench folder before updating bench. Once I did it properly, it worked well… Thank you for responding

Happily running 13.6 now