Merge branch 'master' of https://github.com/Adarnof/allianceauth into custom_user

# Conflicts:
#	alliance_auth/settings.py.example
#	eveonline/views.py

Fix some tests.

docs/installation/auth/apache.md

@@ -5,6 +5,8 @@ AllianceAuth gets served using a Web Server Gateway Interface (WSGI) script. Thi
 
 In the interest of ~~laziness~~ time-efficiency, scroll down for example configs. Use these, changing the ServerName to your domain name.
 
+If you're using a small VPS to host services with very limited memory resources, consider using NGINX with [Gunicorn](gunicorn.md). Even if you would like to use Apache, Gunicorn may give you lower memory usage over mod_wsgi.
+
 ### Required Parameters for AllianceAuth Core
 
 The AllianceAuth core requires the following parameters to be set:
@@ -52,6 +54,31 @@ You can supply your own SSL certificates if you so desire. The alternative is ru
 
 ## Sample Config Files
 
+### Minimally functional config
+
+```
+<VirtualHost *:80>
+        ServerName example.com
+        ServerAdmin webmaster@localhost
+ 
+        DocumentRoot /var/www
+ 
+        WSGIDaemonProcess allianceauth python-path=/home/allianceserver/allianceauth
+        WSGIProcessGroup allianceauth
+        WSGIScriptAlias / /home/allianceserver/allianceauth/alliance_auth/wsgi.py
+ 
+        Alias /static/ /home/allianceserver/allianceauth/static/
+ 
+        <Directory /home/allianceserver/allianceauth/>
+                Require all granted
+        </Directory>
+
+        <Directory /var/www/>
+                Require all granted
+        </Directory>        
+</VirtualHost>
+```
+
 ### Own SSL Cert
  - Apache 2.4 or newer:
    - [000-default.conf](http://pastebin.com/3LLzyNmV)

docs/installation/auth/gunicorn.md

@@ -0,0 +1,121 @@
+# Gunicorn
+
+[Gunicorn](http://gunicorn.org) is a Python WSGI HTTP Server for UNIX. The Gunicorn server is light on server resources, and fairly speedy.
+
+If you find Apache's `mod_wsgi` to be a headache or want to use NGINX (or some other webserver), then Gunicorn could be for you. There are a number of other WSGI server options out there and this documentation should be enough for you to piece together how to get them working with your environment.
+
+Check out the full [Gunicorn docs](http://docs.gunicorn.org/en/latest/index.html).
+
+## Setting up Gunicorn
+
+```eval_rst
+.. note::
+    If you're using a virtual environment (and I would encourage you to do so when hosting Alliance Auth), activate it now. `source /path/to/venv/bin/activate`.
+```
+
+Install Gunicorn using pip, `pip install gunicorn`.
+
+In your `allianceauth` base directory, try running `gunicorn --bind 0.0.0.0:8000 alliance_auth.wsgi`. You should be able to browse to http://yourserver:8000 and see your Alliance Auth installation running. Images and styling will be missing, but dont worry, your web server will provide them.
+
+Once you validate its running, you can kill the process with Ctrl+C and continue.
+
+## Running Gunicorn with Supervisor
+
+You should use [Supervisor](supervisor.md) to keep all of Alliance Auth components running (instead of using screen). You don't _have to_ but we will be using it to start and run Gunicorn so you might as well.
+
+### Sample Supervisor config
+You'll want to edit `/etc/supervisor/conf.d/aauth_gunicorn.conf` (or whatever you want to call the config file)
+```
+[program:aauth-gunicorn]
+user = www-data
+directory=/home/allianceserver/allianceauth/
+command=gunicorn alliance_auth.wsgi --workers=3 --timeout 120
+autostart=true
+autorestart=true
+stopsignal=INT
+```
+
+- `[program:aauth-gunicorn]` - Change aauth-gunicorn to whatever you wish to call your process in Supervisor.
+- `user = www-data` - Change to whatever user you wish Gunicorn to run as. You could even set this as allianceserver if you wished. I'll leave the question security of that up to you.
+- `directory=/home/allianceserver/allianceauth/` - Needs to be the path to your Alliance Auth install.
+- `command=gunicorn alliance_auth.wsgi --workers=3 --timeout 120` - Running Gunicorn and the options to launch with. This is where you have some decisions to make, we'll continue below.
+
+#### Gunicorn Arguments
+
+See the [Commonly Used Arguments](http://docs.gunicorn.org/en/latest/run.html#commonly-used-arguments) or [Full list of settings](http://docs.gunicorn.org/en/stable/settings.html) for more information.
+
+##### Where to bind Gunicorn to?
+What address are you going to use to reference it? By default, without a bind parameter, Gunicorn will bind to `127.0.0.1:8000`. This might be fine for your application. If it clashes with another application running on that port you will need to change it. I would suggest using UNIX sockets too, if you can.
+ 
+For UNIX sockets add `--bind=unix:/run/allianceauth.sock` (or to a path you wish to use). Remember that your web server will need to be able to access this socket file.
+ 
+For a TCP address add `--bind=127.0.0.1:8001` (or to the address/port you wish to use, but I would strongly advise against binding it to an external address).
+ 
+Whatever you decide to use, remember it because we'll need it when configuring your webserver.
+
+##### Number of workers
+By default Gunicorn will spawn only one worker. The number you set this to will depend on your own server environment, how many visitors you have etc. Gunicorn suggests between 2-4 workers per core. Really you could probably get away with 2-4 in total for most installs.
+
+Change it by adding `--workers=2` to the command.
+
+##### Running with a virtual environment
+If you're running with a virtual environment, you'll need to add the path to the `command=` config line.
+
+e.g. `command=/path/to/venv/bin/gunicorn alliance_auth.wsgi`
+
+### Starting via Supervisor
+
+Once you have your configuration all sorted, you will need to reload your supervisor config `sudo service supervisor reload` and then you can start the Gunicorn server via `sudo supervisorctl start aauth-gunicorn` (or whatever you renamed it to). You should see something like the following `aauth-gunicorn: started`. If you get some other message, you'll need to consult the Supervisor log files, usually found in `/var/log/supervisor/`.
+
+
+## Configuring your webserver
+
+### NGINX
+To your server config add:
+
+```
+location / {
+    proxy_pass              http://127.0.0.1:8000;
+    proxy_read_timeout      90;
+    proxy_redirect          http://127.0.0.1:8000/ http://$host/;
+    proxy_set_header        Host $host;
+    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header        X-Real-IP $remote_addr;
+    proxy_set_header        X-Forwarded-Proto $scheme;
+}
+```
+
+Set `proxy_pass` and `proxy_redirect` to the address you set under `--bind=`. Set the second part of `proxy_redirect` to the URL you're hosting services on. Tell NGINX to reload your config, job done. Enjoy your lower memory usage and better performance!
+
+If PHP is stopping you moving to NGINX, check out php-fpm as a way to run your PHP applications.
+
+### Apache
+If you were using mod_wsgi before, make a backup of your old config first and then strip out all of the mod_wsgi config from your Apache VirtualHost first config.
+
+Your config will need something along these lines:
+```
+ProxyPreserveHost On
+<Location />
+    SSLRequireSSL
+    ProxyPass http://127.0.0.1:8000/
+    ProxyPassReverse http://127.0.0.1:8000/
+    RequestHeader set X-FORWARDED-PROTOCOL ssl
+    RequestHeader set X-FORWARDED-SSL on
+</Location>
+```
+
+Set `ProxyPass` and `ProxyPassReverse` addresses to your `--bind=` address set earlier. 
+
+You will need to enable some Apache mods. `sudo a2enmod http_proxy` should take care of the dependencies.
+
+Restart Apache and you should be done.
+
+### Other web servers
+
+Any web server capable of proxy passing should be able to sit in front of Gunicorn. Consult their documentation armed with your `--bind=` address and you should be able to find how to do it relatively easy.
+
+
+## Restarting Gunicorn
+In the past when you made changes you restarted the entire Apache server. This is no longer required. When you update or make configuration changes that ask you to restart Apache, instead you can just restart Gunicorn:
+
+`sudo supervisorctl restart aauth-gunicorn`, or the service name you chose for it.

docs/installation/auth/index.md

@@ -7,7 +7,9 @@
     ubuntu
     centos
     settings
+    nginx
     apache
+    gunicorn
     cloudflare
     supervisor
     quickstart

docs/installation/auth/nginx.md

@@ -0,0 +1,93 @@
+# NGINX
+
+## Overivew
+
+Nginx (engine x) is a HTTP server known for its high performance, stability, simple configuration, and low resource consumption. Unlike traditional servers (i.e. Apache), Nginx doesn't rely on threads to serve requests, rather using an asynchronous event driven approach which permits predictable resource usage and performance under load.
+
+If you're trying to cram Alliance Auth into a very small VPS of say, 1-2GB or less, then Nginx will be considerably friendlier to your resources compared to Apache.
+
+You can read more about NGINX on the [NGINX wiki](https://www.nginx.com/resources/wiki/).
+
+## Coming from Apache
+
+If you're converting from Apache, here are some things to consider.
+
+Nginx is lightweight for a reason. It doesn't try to do everything internally and instead concentrates on just being a good HTTP server. This means that, unlike Apache, it wont automatically run PHP scripts via mod_php and doesn't have an internal WSGI server like mod_wsgi. That doesn't mean that it can't, just that it relies on external processes to run these instead. This might be good or bad depending on your outlook. It's good because it allows you to segment your applications, restarting Alliance Auth wont impact your PHP applications. On the other hand it means more config and more management of services. For some people it will be worth it, for others losing the centralised nature of Apache may not be worth it.
+
+```eval_rst
++-----------+----------------------------------------+
+| Apache    | Nginx Replacement                      | 
++===========+========================================+
+| mod_php   | php5-fpm or php7-fpm (PHP FastCGI)     | 
++-----------+----------------------------------------+
+| mod_wsgi  | Gunicorn or other external WSGI server |
++-----------+----------------------------------------+
+
+```
+
+Your .htaccess files wont work. Nginx has a separate way of managing access to folders via the server config. Everything you can do with htaccess files you can do with Nginx config. [Read more on the Nginx wiki](https://www.nginx.com/resources/wiki/start/topics/examples/likeapache-htaccess/)
+
+## Setting up Nginx
+
+Install Nginx via your preferred package manager or other method. If you need help just search, there are plenty of guides on installing Nginx out there.
+
+You will need to have [Gunicorn](gunicorn.md) or some other WSGI server setup for hosting Alliance Auth.
+
+Create a config file in `/etc/nginx/sites-available` call it `alliance-auth.conf` or whatever your preferred name is and copy the basic config in. Make whatever changes you feel are necessary.
+
+Create a symbolic link to enable the site `sudo ln -s /etc/nginx/sites-available/alliance-auth.conf /etc/nginx/sites-enabled/` and then reload Nginx for the config to take effect, `sudo service nginx reload` for Ubuntu.
+
+### Basic config
+
+```
+server {
+    listen 80;
+    server_name example.com;
+
+    location = /favicon.ico { access_log off; log_not_found off; }
+
+    location /static/ {
+        alias /home/allianceserver/allianceauth/static/;
+        autoindex off;
+    }
+
+    # Gunicorn config goes below
+    location / {
+        include proxy_params;
+        proxy_pass http://127.0.0.1:8000;
+    }
+}
+```
+
+#### Adding TLS/SSL
+
+With [Let's Encrypt](https://letsencrypt.org/) offering free SSL certificates, there's no good reason to not run HTTPS anymore.
+
+Your config will need a few additions once you've got your certificate.
+
+```
+    listen 443 ssl http2; # Replace listen 80; with this
+
+    ssl_certificate           /path/to/your/cert.crt;
+    ssl_certificate_key       /path/to/your/cert.key;
+
+    ssl on;
+    ssl_session_cache  builtin:1000  shared:SSL:10m;
+    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
+    ssl_prefer_server_ciphers on;
+```
+
+If you want to redirect all your non-SSL visitors to your secure site, below your main configs `server` block, add the following:
+
+```
+server {
+    listen 80;
+    server_name example.com;
+
+    # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
+    return 301 https://$host$request_uri;
+}
+```
+
+If you have trouble with the `ssl_ciphers` listed here or some other part of the SSL config, try getting the values from [Mozilla's SSL Config Generator](https://mozilla.github.io/server-side-tls/ssl-config-generator/).

docs/installation/auth/quickstart.md

@@ -10,5 +10,5 @@ The big goal of AllianceAuth is the automation of group membership, so we’ll n
 
 To start the background processes to sync groups and check api keys, issue these commands:
 
-    screen -dm bash -c 'python manage.py celeryd'
-    screen -dm bash -c 'python manage.py celerybeat'
+    screen -dm bash -c 'celery -A alliance_auth worker'
+    screen -dm bash -c 'celery -A alliance_auth beat'

docs/installation/auth/supervisor.md

@@ -15,12 +15,12 @@ Ubuntu:
 CentOS:
 
     sudo yum install supervisor
-    sudo systemctl enable supervisor.service
-    sudo systemctl start supervisor.service
+    sudo systemctl enable supervisord.service
+    sudo systemctl start supervisord.service
 
 ## Configuration
 
-Auth provides example config files for the celery workers (celeryd), the periodic task scheduler (celerybeat), and the mumble authenticator. All of these are available in `thirdparty/Supervisor`.
+Auth provides example config files for the celery workers, the periodic task scheduler (celery beat), and the mumble authenticator. All of these are available in `thirdparty/Supervisor`.
 
 For most users, all you have to do is copy the config files to `/etc/supervisor/conf.d` then restart the service. Copy `auth-celerybeat.conf` and `auth-celeryd.conf` for the celery workers, and `auth-mumble.conf` for the mumble authenticator. For all three just use a wildcard:
 
@@ -41,15 +41,15 @@ To ensure the processes are working, check their status:
     sudo supervisorctl status
 
 Processes will be `STARTING`, `RUNNING`, or `ERROR`. If an error has occurred, check their log files:
- - celeryd: `log/worker.log`
- - celerybeat: `log/beat.log`
+ - celery workers: `log/worker.log`
+ - celery beat: `log/beat.log`
  - authenticator: `log/authenticator.log`
 
 ## Customizing Config Files
 
 The only real customization needed is if running in a virtual environment. The python path will have to be changed in order to start in the venv.
 
-Edit the config files and find the line saying `command`. Replace `python` with `/path/to/venv/python`. This can be relative to the `directory` specified in the config file.
+Edit the config files and find the line saying `command`. Replace `python` with `/path/to/venv/bin/python`. For Celery replace `celery` with `/path/to/venv/bin/celery`. This can be relative to the `directory` specified in the config file.
 
 Note that for config changes to be loaded, the supervisor service must be restarted.
 
@@ -60,4 +60,4 @@ Most often this is caused by a permissions issue on the allianceauth directory (
 
 ### Workers are using old settings
 
-Every time the codebase is updated or settings file changed, workers will have to be restarted. Easiest way is to restart the supervisor service (see configuration above for commands)
+Every time the codebase is updated or settings file changed, workers will have to be restarted. Easiest way is to restart the supervisor service (see configuration above for commands)

docs/installation/services/teamspeak3.md

@@ -84,7 +84,7 @@ To enable advanced permissions, on your client go to the `Tools` menu, `Applicat
 ### TS group models not populating on admin site
 The method which populates these runs every 30 minutes. To populate manually, start a celery shell:
 
-    python manage.py celery shell
+    celery -A alliance_auth shell
 
 And execute the update:
 

docs/maintenance/troubleshooting.md

@@ -19,7 +19,7 @@ Either you need to `sudo` that command, or it's a missing dependency. Check [the
 
 ### I'm getting an error 500 trying to connect to the website on a new install
 
-Read the apache error log: `sudo nano /var/log/apache2/error.log`
+Read the apache error log: `sudo less /var/log/apache2/error.log`. Press Shift+G to go to the end of the file.
 
 If it talks about failing to import something, google its name and install it.
 
@@ -36,13 +36,9 @@ Make sure the background processes are running: `ps aux | grep celery` should re
 If that doesn't do it, try clearing the worker queue. First kill all celery processes as described above, then do the following:
 
     redis-cli FLUSHALL
-    python manage.py celeryd --purge
+    celery -A alliance_auth worker --purge
 
-Press control+C once.
-
-    python manage.py celeryd --discard
-
-Press control+C once.
+Press Control+C once.
 
 Now start celery again with [these background process commands.](../installation/auth/quickstart.md)