StreetSign Admin’s guide

Here’s first a guide on how to set up streetsign to play with. For full proper deployment (for real live production usage) check the Deploying Streetsign in Production page.

Instalation

StreetSign requires python 2.7, imagemagick (to generate thumbnails). If you are installing on a fresh server, you may need to install python-headers or python27-dev or whatever your distribution calls it.

(On a stock OSX computer, it doesn’t need anything.)

Once you’ve cloned or otherwise downloaded StreetSign and put it where you want it to be, you need to run the setup script:

./setup.sh

which will create a python virtualenv in .virtualenv, and install all the libraries and other requirements into there.

Running it.

To run the server in ‘production mode’ you can use the built in waitress web server:

./run.py waitress

Which will spin up a version which should be totally capable for small deployments (up to a hundred screens or so, I guess). If you are going to be on a public network, then it’s advised that you run streetsign - either with waitress or another WSGI server of your choice - behind nginx or another reverse proxy, which should keep things a bit saner. If you’re on a public network, also remember to set up your reverse proxy to use SSL, so that you aren’t sending log-in credentials around in plaintext.

If you want to run anther WSGI server, remember the virtualenv that streetsign is using, so any scripts you write need to use the python found in there (.virtualenv/bin/python). You can use pip from in there to install any pypi packages you need too (.virtualenv/bin/pip install gunicorn, say).

Some links:

• The official flask deployment docs
• The waitress server docs

Users

When you first install, the setup.sh script will create some default users for you. The admin user has the default password password. You should change this as soon as possible.

Since some things display differently for admins compared to ‘normal’ users, it’s probably a good idea if you are supporting other users, to create a ‘normal’ user for yourself as well. Then if someone is finding something confusing, you can check from that non-admin user quickly.

Password hashes and moving the database

The user passwords are stored in the database hashed using two salts - an individual salt per password (stored in standard passlib style in the password field) and also with the site-wide “secret”. This “secret” is generated automatically when you run the setup script, and is stored in the config.py file. (It’s also used by flask for encrypting session data, and so should NEVER be stored in a repository, or shared outside deployment.)

What this means is that if you move a database.db file from one installation to anonther, you will also need to bring the same config.py (or, at least, copy the SECRET from there.)

Housekeeping & removing old content

By default, streetsign will tag content that has a lifetime which ended over a week ago as “archived”. This means it no longer shows up on the interface for anyone except admin users. After a month, it will be deleted, including any uploaded images.

This “housekeeping” should take milliseconds to run as long as it’s run regularly, so each screen view will fire a request to the server to do it once an hour or so. It and can also be triggered through the interface by hitting the “housekeeping” button on the “All Posts” page, or on the front page (Dashboard).

If you want to ensure that this runs every hour or so, you can use standard unix cron, or any other task scheduling program.

• HTTP POST to /posts/housekeeping

so if you’re using cron:

0 * * * * nobody curl -d "" 'http://streetsign_url/posts/housekeeping' > /dev/null

should do it.

For automatically updating content from external feeds, again, screen views will automatically do this once a minute, but you can also trigger it manually (or via cron) with a

• HTTP POST to /external_data_sources/

If you are on a public network, and worry about DOS issues, then realistically, you should be running behind a revese proxy such as nginx. With nginx you can add restrictions on what URLS are accessble by any IP address, so you can limit these addresses to only be accessed by the machine with cron, for instance.

Server Time

You may well have your main server running in one timezone (say GMT), but actually be using the signs in another time zone. By default, clients will all use their own local time zone, and the server uses the server time. There is a configuration option you can set in config.py:

TIME_OFFSET=60

for example, which will offset post lifetimes, etc, by an hour. (Minutes are used so that half-hour-off timezones are supported).