Setup
Dependencies
SkyPortal requires the following software to be installed. We show how to install them on MacOS and Debian-based systems below.
Python 3.8 or later (<3.11, since
numba
requires <3.11)Supervisor (v>=4.2.1)
NGINX (v>=1.7)
PostgreSQL (v>=14.0)
Node.JS/npm (v>=16.14.0/8.3.2)
When installing SkyPortal on Debian-based systems, 2 additional packages are required to be able to install pycurl
later on:
libcurl4-gnutls-dev
libgnutls28-dev
Source download, Python environment
Clone the SkyPortal repository and start a new virtual environment.
git clone https://github.com/skyportal/skyportal.git
cd skyportal/
virtualenv skyportal_env
source skyportal_env/bin/activate
You can also use conda
or pipenv
to create your environment.
If you developing on a Mac with an ARM (M1/M2) you might consider using a Rosetta-driven environment so that you more easily install dependencies (that tend to be x86-centric):
CONDA_SUBDIR=osx-64 conda create -n skyportal_env \
python=3.10
conda activate skyportal_env
conda config --env --set subdir osx-64
conda config --add channels conda-forge
conda config --set channel_priority strict
If you are using Windows Subsystem for Linux (WSL) be sure you clone the repository onto a location on the virtual machine, not the mounted Windows drive. Additionally, we recommend that you use WSL 2, and not WSL 1, in order to avoid complications in interfacing with the Linux image’s localhost
network.
Installation: MacOS
These instructions assume that you have Homebrew installed.
Install dependencies
brew install supervisor nginx postgresql node \ llvm libomp gsl rust nvm install node
Start the PostgreSQL server:
To start automatically at login:
brew services start postgresql
To start manually:
pg_ctl -D /usr/local/var/postgres start
You may also need to run the following command to create the proper admin user:
/usr/local/opt/postgres/bin/createuser -s postgres
To run the test suite, you’ll need Geckodriver:
brew install geckodriver
To build the docs, you’ll need graphviz:
brew install graphviz
Activate the environment and add a few (hard-to install-with-pip) packages by hand:
conda activate skyportal_env conda install pyproj numba Shapely
(ARM M1/M2) Explicitly install ligo.skymap using conda rather than pip:
conda activate skyportal_env conda install ligo.skymap
Installation: Debian-based Linux and WSL
Install dependencies
sudo apt install nginx supervisor postgresql \ libpq-dev npm python3-pip \ libcurl4-gnutls-dev libgnutls28-dev
Configure your database permissions.
In
pg_hba.conf
(typically located in/etc/postgresql/<postgres-version>/main
), insert the following lines before any otherhost
lines:host skyportal skyportal 127.0.0.1/32 trust host skyportal_test skyportal 127.0.0.1/32 trust host all postgres 127.0.0.1/32 trust
If you are deploying SkyPortal using IPv6 rather than IPv4, you should add the following lines instead:
host skyportal skyportal ::1/128 trust host skyportal_test skyportal ::1/128 trust host all postgres ::1/128 trust
In some PostgreSQL installations, the default TCP port may be different from the 5432 value assumed in our default configuration file values. To remedy this, you can either edit your config.yaml file to reflect your system’s PostgreSQL default port, or update your system-wide config to use port 5432 by editing /etc/postgresql/14/main/postgresql.conf (replace “14” with your installed version number) and changing the line
port = XXXX
(where “XXXX” is whatever the system default was) toport = 5432
.Restart PostgreSQL:
sudo service postgresql restart
To run the test suite, you’ll need Geckodriver:
Download the latest version from https://github.com/mozilla/geckodriver/releases/
Extract the binary to somewhere on your path
Ensure it runs with
geckodriver --version
In later versions of Ubuntu (16.04+), you can install Geckodriver through apt:
sudo apt install firefox-geckodriver
To build the docs, you’ll need graphviz:
sudo apt install graphviz-dev graphviz
Launch
Make sure you are in the skyportal env:
conda activate skyportal_env
Initialize the database with
make db_init
(this only needs to happen once).Copy
config.yaml.defaults
toconfig.yaml
.Run
make log
to monitor the service and, in a separate window,make run
to start the server.Direct your browser to
http://localhost:5000
.If you want some test data to play with, run
make load_demo_data
(do this while the server is running!).Change users by navigating to
http://localhost:5000/become_user/<#>
where # is a number from 1-5. Different users have different privileges and can see more or less of the demo data.
Troubleshooting
If you have trouble getting the demo data try doing
make db_clear && make db_init && make run
and then, from a different window, do make load_demo_data
.
If you are using WSL, be sure everything (the git repository and all dependencies) are on the Linux machine and not the Windows side, as connection oddities can otherwise cause several errors.
Mac users may need to disable Airplay Receiver in System Preferences to free up port 5000 and avoid a 403 Forbidden error.
Additional Configuration
The configuration file lives in config.yaml
, and is meant to be
self-documenting. Please modify as you see fit.
Before deploying this on a public server change app:secret-key
to a unique value.
If you want to use a different configuration file, you may launch any of the SkyPortal commands with the FLAGS environment variable set:
FLAGS="--config=myconfig.yaml" make run
Authentication
By default, the server allows anyone to log in (even if it presents a
login screen). If you are running a public-facing instance of
SkyPortal, you should enable multi-user login by adding Google
credentials to the server:auth
section of the configuration file and
setting debug_login
to False
.
Creating an administrative user
By default, no user has permission to perform system administration.
You can give this and other permissions to an existing user by running the following from your terminal in the skyportal
directory:
PYTHONPATH=. python tools/set_user_role.py --username="<username>" --role="<role>"
The role
argument is optional, and defaults to Super admin
.
You may also list all users and their roles:
PYTHONPATH=. python tools/set_user_role.py --list
Test data
By default, SkyPortal contains no data. You can ingest some sample light curves by running
make load_demo_data
This also adds testuser@cesium-ml.org
as an administrator.
Deploying secure HTTP / SSL certificate
When running a public server, you will likely want to deploy an SSL certificate (i.e., serve https://your.url
instead of http://your.url
). Certificates can be obtained for free from services such as Let’s Encrypt (https://letsencrypt.org/).
certbot is software for helping you obtain a new SSL certificate from Let’s Encrypt. To do so, it first verifies that your server is running (without SSL) at the specified domain.
Start SkyPortal using make run
.
Then, install certbot
:
pip install certbot-nginx
Ask certbot
to verify the service and retrieve a new certificate:
sudo certbot certonly –standalone –preferred-challenges http -d http://your.url
or similar if using https
sudo certbot certonly –standalone –preferred-challenges https -d https://your.url
To renew and retrieve the certificate, do: sudo certbot renew
Next, modify the nginx configuration in baselayer/services/nginx/nginx.conf.template
to use the newly generated certificate, placing it at the top of the server section:
server {
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/{YOUR_DOMAIN_HERE}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{YOUR_DOMAIN_HERE}/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
...
}
Finally, stop the app and run it again using make run
.