2016-09-10 16:21:09 +02:00
# Tutorial
This tutorial will cover an installation from scratch of a uMap instance in an Ubuntu server.
You need sudo grants on this server, and it must be connected to Internet.
## Install system dependencies
2023-09-19 18:32:13 +00:00
sudo apt update
sudo apt install python3 python3-dev python3-venv virtualenv wget nginx uwsgi uwsgi-plugin-python3 postgresql gcc postgis libpq-dev
2016-09-10 16:21:09 +02:00
2020-02-26 21:31:39 +01:00
*Note: nginx and uwsgi are not required for local development environment*
2016-09-10 16:21:09 +02:00
2017-05-10 19:09:31 +02:00
## Create deployment directories:
2016-09-10 16:21:09 +02:00
2023-09-19 18:32:13 +00:00
sudo mkdir -p /etc/umap
2016-09-10 16:21:09 +02:00
*You can change this path, but then remember to adapt the other steps accordingly.*
## Create a Unix user
2018-01-19 21:57:54 +01:00
sudo useradd -N umap -m -d /srv/umap/
2016-09-10 16:21:09 +02:00
*Here we use the name `umap`, but this name is up to you. Remember to change it
on the various commands and configuration files if you go with your own.*
2017-05-10 19:09:31 +02:00
## Give umap user access to the config folder
sudo chown umap:users /etc/umap
2018-11-15 11:41:58 +05:30
sudo chown umap:users /srv/umap
2017-05-10 19:09:31 +02:00
2016-09-10 16:21:09 +02:00
## Create a postgresql user
2023-09-19 18:32:13 +00:00
sudo -u postgres -D ~postgres createuser umap
2016-09-10 16:21:09 +02:00
## Create a postgresql database
2023-09-19 18:32:13 +00:00
sudo -u postgres -D ~postgres createdb umap -O umap
2016-09-10 16:21:09 +02:00
## Activate PostGIS extension
2023-09-19 18:32:13 +00:00
sudo -u postgres -D ~postgres psql umap -c "CREATE EXTENSION postgis"
2016-09-10 16:21:09 +02:00
## Login as umap Unix user
sudo -u umap -i
From now on, unless we say differently, the commands are run as `umap` user.
## Create a virtualenv and activate it
2023-09-19 18:32:13 +00:00
virtualenv /srv/umap/venv --python=/usr/bin/python3.10
. /srv/umap/venv/bin/activate
2016-09-10 16:21:09 +02:00
*Note: this activation is not persistent, so if you open a new terminal window,
you will need to run again this last line.*
## Install umap
2017-02-06 16:34:00 +01:00
pip install umap-project
2016-09-10 16:21:09 +02:00
## Create a local configuration file
2017-05-10 19:09:31 +02:00
wget https://raw.githubusercontent.com/umap-project/umap/master/umap/settings/local.py.sample -O /etc/umap/umap.conf
2016-09-10 16:21:09 +02:00
2020-02-26 21:31:39 +01:00
## Customize umap.conf
nano /etc/umap/umap.conf
2023-09-19 14:58:21 -04:00
* update the [SECRET_KEY](settings.md#secret_key)
2023-09-19 18:32:13 +00:00
* update the ADMINS list
2016-09-10 16:21:09 +02:00
## Create the tables
umap migrate
## Collect the statics
umap collectstatic
## Create a superuser
umap createsuperuser
## Start the demo server
umap runserver
You can now go to [http://localhost:8000/](http://localhost:8000/) and try to create a map for testing.
2020-03-29 20:17:00 +02:00
When you're done with testing, quit the demo server (type Ctrl+C).
2016-09-10 16:21:09 +02:00
## Configure the HTTP API
Now let's configure a proper HTTP server.
### uWSGI
Create a file named `/srv/umap/uwsgi_params`, with this content
(without making any change on it):
uwsgi_param QUERY_STRING $query_string;
uwsgi_param REQUEST_METHOD $request_method;
uwsgi_param CONTENT_TYPE $content_type;
uwsgi_param CONTENT_LENGTH $content_length;
uwsgi_param REQUEST_URI $request_uri;
uwsgi_param PATH_INFO $document_uri;
uwsgi_param DOCUMENT_ROOT $document_root;
uwsgi_param SERVER_PROTOCOL $server_protocol;
uwsgi_param REQUEST_SCHEME $scheme;
uwsgi_param HTTPS $https if_not_empty;
uwsgi_param REMOTE_ADDR $remote_addr;
uwsgi_param REMOTE_PORT $remote_port;
uwsgi_param SERVER_PORT $server_port;
uwsgi_param SERVER_NAME $server_name;
Then create a configuration file for uWSGI:
nano /srv/umap/uwsgi.ini
And paste this content. Double check paths and user name in case you
have customized some of them during this tutorial. If you followed all the bits of the
tutorial without making any change, you can use it as is:
uid = umap
gid = users
# Python related settings
# the base directory (full path)
chdir = /srv/umap/
# umap's wsgi module
module = umap.wsgi
# the virtualenv (full path)
home = /srv/umap/venv
# process-related settings
# master
master = true
# maximum number of worker processes
processes = 4
# the socket (use the full path to be safe
socket = /srv/umap/uwsgi.sock
# ... with appropriate permissions - may be needed
chmod-socket = 666
stats = /srv/umap/stats.sock
# clear environment on exit
vacuum = true
plugins = python3
### Nginx
Create a new file:
nano /srv/umap/nginx.conf
with this content:
# the upstream component nginx needs to connect to
upstream umap {
server unix:///srv/umap/uwsgi.sock;
# configuration of the server
server {
# the port your site will be served on
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
# the domain name it will serve for
server_name your-domain.org;
charset utf-8;
# max upload size
client_max_body_size 5M; # adjust to taste
# Finally, send all non-media requests to the Django server.
location / {
uwsgi_pass umap;
include /srv/umap/uwsgi_params;
Remember to adapt the domain name.
### Activate and restart the services
2020-03-29 20:17:00 +02:00
Now quit the `umap` session, simply by typing Ctrl+D.
2016-09-10 16:21:09 +02:00
You should now be logged in as your normal user, which is sudoer.
- Activate the Nginx configuration file:
sudo ln -s /srv/umap/nginx.conf /etc/nginx/sites-enabled/umap
- Activate the uWSGI configuration file:
sudo ln -s /srv/umap/uwsgi.ini /etc/uwsgi/apps-enabled/umap.ini
- Restart both services:
sudo systemctl restart uwsgi nginx
Now you should access your server through your url and create maps:
- - -
## Troubleshooting
- Nginx logs are in /var/log/nginx/:
sudo tail -f /var/log/nginx/error.log
sudo tail -f /var/log/nginx/access.log
- uWSGI logs are in /var/log/uwsgi:
sudo tail -f /var/log/uwsgi/umap.log
## Before going live
### Add a real SECRET_KEY
In your local.py file, add a real secret and unique `SECRET_KEY`, and do
not share it.
### Remove DEMO flag
In your local.py:
DEBUG = False
2023-02-27 12:32:35 +01:00
### Configure Nginx to serve statics and uploaded files:
2019-10-08 10:06:30 +02:00
In your nginx config:
location /static {
autoindex off;
2023-02-27 12:32:35 +01:00
access_log off;
log_not_found off;
sendfile on;
gzip on;
gzip_vary on;
2019-10-08 10:06:30 +02:00
alias /path/to/umap/var/static/;
location /uploads {
autoindex off;
2023-02-27 12:32:35 +01:00
sendfile on;
gzip on;
gzip_vary on;
alias /path/to/umap/var/data/;
# Exclude direct acces to geojson, as permissions must be
# checked py django.
location /uploads/datalayer/ { return 404; }
2019-10-08 10:06:30 +02:00
2016-09-10 16:21:09 +02:00
### Configure social auth
Now you can login with your superuser, but you may allow users to user social
### Configure default map center
In your local.py change those settings:
### Activate statics compression
In your local.py, set `COMPRESS_ENABLED = True`, and then run the following command
umap compress
2023-02-27 12:32:35 +01:00
Optionally add `COMPRESS_STORAGE = "compressor.storage.GzipCompressorFileStorage"`
and add `gzip_static on` directive to Nginx `/static` location, so Nginx will
serve pregenerated files instead of compressing them on the fly.
2016-09-10 16:21:09 +02:00
### Configure the site URL and short URL
In your local.py:
SITE_URL = "http://localhost:8019"
SHORT_SITE_URL = "http://s.hort"
Also adapt `ALLOWED_HOSTS` accordingly.
2016-11-26 17:39:10 +01:00
2023-02-27 12:32:35 +01:00
### Configure X-Accel-Redirect
In order to let Nginx serve the layer geojsons but uMap still check the permissions,
you can add this settings:
And then add this new location in your nginx config (before the `/` location):
location /internal/ {
gzip_vary on;
gzip_static on;
alias /path/to/umap/var/data/;
Use X-Accel-Redirect for serving ajax-proxy request
uMap allows to use remote URL as data sources, but those URLs
are not always CORS open, so this is why there is this "ajax-proxy"
feature, where the URL is passed to the backend.
Additionally, there is a caching feature, which duration is configurable
through frontend settings. Valid values are: disabled, 5 min, 1 hour,
1 day.
Initially, I wanted this to be totally handled by Nginx, but I never
found a wayt to set the proxy_cache_valid value from a query string.
Since then, at least in OSM France servers, the ajax-proxy is still
handled by a Django view, which then opens the remote URL and transfert
the data. This is not optimal. And I suppose this is what is causing
hicups on the OSM France servers lately.
This PR provides a mix option, where python deals with validating the
URL and parsing the TTL parameter, and then it passes the hand to
nginx which will serve the remote content.
So, roughtly:
- the client calls /ajax-proxy/?url=xxx&ttl=300
- python will validate the URL (not internal calls…)
- if UMAP_SENDFILE_HEADER is set, then the python returns an empty
response with the path /proxy/http://url plus it will set the
cache ttl through the header X-Accel-Expires
- this /proxy/ location is then handled by nginx
2023-08-24 13:09:23 +02:00
2023-02-27 12:32:35 +01:00
### Configure ajax proxy cache
2023-08-28 16:36:50 +02:00
uMap allows to use remote URL as data sources, but those URLs are not always
CORS open, so this is why there is this "ajax-proxy" feature, where the URL is
passed to the backend.
Additionally, there is a caching feature, which duration is configurable through
frontend settings. Valid values are: disabled, 5 min, 1 hour, 1 day.
This configuration provides a mix option, where python deals with validating the
URL and parsing the TTL parameter, and then it passes the hand to nginx which
will serve the remote content.
So, roughly:
- the client calls `/ajax-proxy/?url=xxx&ttl=300`
- python will validate the URL (not internal calls…)
- if `UMAP_XSENDFILE_HEADER` is set, then the python returns an empty response
with the path `/proxy/http://url` plus it will set the cache TTL through the
header `X-Accel-Expires`
- this `/proxy/` location is then handled by nginx
2023-02-27 12:32:35 +01:00
In Nginx:
- add the proxy cache
proxy_cache_path /tmp/nginx_ajax_proxy_cache levels=1:2 keys_zone=ajax_proxy:10m inactive=60m;
2023-08-29 10:37:12 +02:00
proxy_cache_key "$uri$is_args$args";
2023-02-27 12:32:35 +01:00
Use X-Accel-Redirect for serving ajax-proxy request
uMap allows to use remote URL as data sources, but those URLs
are not always CORS open, so this is why there is this "ajax-proxy"
feature, where the URL is passed to the backend.
Additionally, there is a caching feature, which duration is configurable
through frontend settings. Valid values are: disabled, 5 min, 1 hour,
1 day.
Initially, I wanted this to be totally handled by Nginx, but I never
found a wayt to set the proxy_cache_valid value from a query string.
Since then, at least in OSM France servers, the ajax-proxy is still
handled by a Django view, which then opens the remote URL and transfert
the data. This is not optimal. And I suppose this is what is causing
hicups on the OSM France servers lately.
This PR provides a mix option, where python deals with validating the
URL and parsing the TTL parameter, and then it passes the hand to
nginx which will serve the remote content.
So, roughtly:
- the client calls /ajax-proxy/?url=xxx&ttl=300
- python will validate the URL (not internal calls…)
- if UMAP_SENDFILE_HEADER is set, then the python returns an empty
response with the path /proxy/http://url plus it will set the
cache ttl through the header X-Accel-Expires
- this /proxy/ location is then handled by nginx
2023-08-24 13:09:23 +02:00
- add those locations (before the `/` location):
2023-02-27 12:32:35 +01:00
Use X-Accel-Redirect for serving ajax-proxy request
uMap allows to use remote URL as data sources, but those URLs
are not always CORS open, so this is why there is this "ajax-proxy"
feature, where the URL is passed to the backend.
Additionally, there is a caching feature, which duration is configurable
through frontend settings. Valid values are: disabled, 5 min, 1 hour,
1 day.
Initially, I wanted this to be totally handled by Nginx, but I never
found a wayt to set the proxy_cache_valid value from a query string.
Since then, at least in OSM France servers, the ajax-proxy is still
handled by a Django view, which then opens the remote URL and transfert
the data. This is not optimal. And I suppose this is what is causing
hicups on the OSM France servers lately.
This PR provides a mix option, where python deals with validating the
URL and parsing the TTL parameter, and then it passes the hand to
nginx which will serve the remote content.
So, roughtly:
- the client calls /ajax-proxy/?url=xxx&ttl=300
- python will validate the URL (not internal calls…)
- if UMAP_SENDFILE_HEADER is set, then the python returns an empty
response with the path /proxy/http://url plus it will set the
cache ttl through the header X-Accel-Expires
- this /proxy/ location is then handled by nginx
2023-08-24 13:09:23 +02:00
location ~ ^/proxy/(.*) {
2023-02-27 12:32:35 +01:00
add_header X-Proxy-Cache $upstream_cache_status always;
proxy_cache ajax_proxy;
proxy_cache_valid 1m; # Default. Umap will override using X-Accel-Expires
Use X-Accel-Redirect for serving ajax-proxy request
uMap allows to use remote URL as data sources, but those URLs
are not always CORS open, so this is why there is this "ajax-proxy"
feature, where the URL is passed to the backend.
Additionally, there is a caching feature, which duration is configurable
through frontend settings. Valid values are: disabled, 5 min, 1 hour,
1 day.
Initially, I wanted this to be totally handled by Nginx, but I never
found a wayt to set the proxy_cache_valid value from a query string.
Since then, at least in OSM France servers, the ajax-proxy is still
handled by a Django view, which then opens the remote URL and transfert
the data. This is not optimal. And I suppose this is what is causing
hicups on the OSM France servers lately.
This PR provides a mix option, where python deals with validating the
URL and parsing the TTL parameter, and then it passes the hand to
nginx which will serve the remote content.
So, roughtly:
- the client calls /ajax-proxy/?url=xxx&ttl=300
- python will validate the URL (not internal calls…)
- if UMAP_SENDFILE_HEADER is set, then the python returns an empty
response with the path /proxy/http://url plus it will set the
cache ttl through the header X-Accel-Expires
- this /proxy/ location is then handled by nginx
2023-08-24 13:09:23 +02:00
set $target_url $1;
# URL is encoded, so we need a few hack to clean it back.
if ( $target_url ~ (.+)%3A%2F%2F(.+) ){ # fix :// between scheme and destination
set $target_url $1://$2;
if ( $target_url ~ (.+?)%3A(.*) ){ # fix : between destination and port
set $target_url $1:$2;
if ( $target_url ~ (.+?)%2F(.*) ){ # fix / after port, the rest will be decoded by proxy_pass
set $target_url $1/$2;
2023-08-28 18:10:22 +02:00
Use X-Accel-Redirect for serving ajax-proxy request
uMap allows to use remote URL as data sources, but those URLs
are not always CORS open, so this is why there is this "ajax-proxy"
feature, where the URL is passed to the backend.
Additionally, there is a caching feature, which duration is configurable
through frontend settings. Valid values are: disabled, 5 min, 1 hour,
1 day.
Initially, I wanted this to be totally handled by Nginx, but I never
found a wayt to set the proxy_cache_valid value from a query string.
Since then, at least in OSM France servers, the ajax-proxy is still
handled by a Django view, which then opens the remote URL and transfert
the data. This is not optimal. And I suppose this is what is causing
hicups on the OSM France servers lately.
This PR provides a mix option, where python deals with validating the
URL and parsing the TTL parameter, and then it passes the hand to
nginx which will serve the remote content.
So, roughtly:
- the client calls /ajax-proxy/?url=xxx&ttl=300
- python will validate the URL (not internal calls…)
- if UMAP_SENDFILE_HEADER is set, then the python returns an empty
response with the path /proxy/http://url plus it will set the
cache ttl through the header X-Accel-Expires
- this /proxy/ location is then handled by nginx
2023-08-24 13:09:23 +02:00
add_header X-Proxy-Target $target_url; # For debugging
proxy_read_timeout 10s;
proxy_connect_timeout 5s;
proxy_pass $target_url;
proxy_intercept_errors on;
error_page 301 302 307 = @handle_proxy_redirect;
location @handle_proxy_redirect {
2023-08-28 18:10:22 +02:00
Use X-Accel-Redirect for serving ajax-proxy request
uMap allows to use remote URL as data sources, but those URLs
are not always CORS open, so this is why there is this "ajax-proxy"
feature, where the URL is passed to the backend.
Additionally, there is a caching feature, which duration is configurable
through frontend settings. Valid values are: disabled, 5 min, 1 hour,
1 day.
Initially, I wanted this to be totally handled by Nginx, but I never
found a wayt to set the proxy_cache_valid value from a query string.
Since then, at least in OSM France servers, the ajax-proxy is still
handled by a Django view, which then opens the remote URL and transfert
the data. This is not optimal. And I suppose this is what is causing
hicups on the OSM France servers lately.
This PR provides a mix option, where python deals with validating the
URL and parsing the TTL parameter, and then it passes the hand to
nginx which will serve the remote content.
So, roughtly:
- the client calls /ajax-proxy/?url=xxx&ttl=300
- python will validate the URL (not internal calls…)
- if UMAP_SENDFILE_HEADER is set, then the python returns an empty
response with the path /proxy/http://url plus it will set the
cache ttl through the header X-Accel-Expires
- this /proxy/ location is then handled by nginx
2023-08-24 13:09:23 +02:00
set $saved_redirect_location '$upstream_http_location';
proxy_pass $saved_redirect_location;
2023-02-27 12:32:35 +01:00
2016-11-26 17:39:10 +01:00
Use X-Accel-Redirect for serving ajax-proxy request
uMap allows to use remote URL as data sources, but those URLs
are not always CORS open, so this is why there is this "ajax-proxy"
feature, where the URL is passed to the backend.
Additionally, there is a caching feature, which duration is configurable
through frontend settings. Valid values are: disabled, 5 min, 1 hour,
1 day.
Initially, I wanted this to be totally handled by Nginx, but I never
found a wayt to set the proxy_cache_valid value from a query string.
Since then, at least in OSM France servers, the ajax-proxy is still
handled by a Django view, which then opens the remote URL and transfert
the data. This is not optimal. And I suppose this is what is causing
hicups on the OSM France servers lately.
This PR provides a mix option, where python deals with validating the
URL and parsing the TTL parameter, and then it passes the hand to
nginx which will serve the remote content.
So, roughtly:
- the client calls /ajax-proxy/?url=xxx&ttl=300
- python will validate the URL (not internal calls…)
- if UMAP_SENDFILE_HEADER is set, then the python returns an empty
response with the path /proxy/http://url plus it will set the
cache ttl through the header X-Accel-Expires
- this /proxy/ location is then handled by nginx
2023-08-24 13:09:23 +02:00
2016-11-26 17:39:10 +01:00
## Add more tilelayers, pictograms…
Go to the admin: [http://localhost:8020/admin/](http://localhost:8020/admin/),
and create the objects you want.