UUGRN:Services/pad.uugrn.org: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Sdk (Diskussion | Beiträge) |
Sdk (Diskussion | Beiträge) |
||
| Zeile 35: | Zeile 35: | ||
Etherpad Lite läuft unter dem User "etherpad". | Etherpad Lite läuft unter dem User "etherpad". | ||
Das Home directory des users ist /data/etherpad-lite. | Das Home directory des users ist /data/etherpad-lite. | ||
=== User anlegen === | |||
</pre> | |||
$ mkdir /data | |||
$ adduser etherpad --system --group --home /data/etherpad-lite | |||
$ chown -R etherpad:etherpad /data | |||
</pre> | |||
=== Datenbank anlegen === | |||
<pre> | |||
$ apt-get install postgresql | |||
$ pg_ctlcluster 11 main start | |||
$ psql | |||
CREATE USER etherpad; | |||
ALTER USER etherpad WITH PASSWORD '******'; | |||
CREATE DATABASE etherpad OWNER etherpad; | |||
^D | |||
</pre> | |||
=== Etherpad installieren === | |||
<pre> | |||
$ cd /data | |||
$ git clone --branch master git://github.com/ether/etherpad-lite.git | |||
$ chown -R etherpad:etherpad etherpad-liste | |||
</pre> | |||
Die Datei settings.json im ethernet-lite verzeichnis wurde folgendermaßen verändert: | Die Datei settings.json im ethernet-lite verzeichnis wurde folgendermaßen verändert: | ||
<pre> | <pre> | ||
$ diff settings.json.orig settings.json | |||
171c171 | 171c171 | ||
> /* | > /* | ||
| Zeile 71: | Zeile 99: | ||
</pre> | </pre> | ||
=== SystemD Service installieren === | |||
<pre> | <pre> | ||
$ cat /etc/systemd/system/etherpad-lite.service | |||
[Unit] | [Unit] | ||
Description=etherpad-lite (real-time collaborative document editing) | Description=etherpad-lite (real-time collaborative document editing) | ||
| Zeile 88: | Zeile 116: | ||
[Install] | [Install] | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
$ systemctl enable etherpad | |||
$ service etherpad start | |||
</pre> | </pre> | ||
=== NGINX Reverse Proxy installieren === | |||
<pre> | <pre> | ||
$ | $ apt-get install nginx === | ||
$ rm /etc/nginx/sites-enabled/default | |||
$ cat /etc/nginx/sites-enabled/etherpad | |||
server { | |||
^ | |||
listen 443 ssl; | |||
server_name pad.new.uugrn.org; | |||
access_log /var/log/nginx/pad.uugrn.org.access.log; | |||
error_log /var/log/nginx/pad.uugrn.org.error.log; | |||
ssl_certificate /etc/letsencrypt/live/pad.new.uugrn.org/fullchain.pem; | |||
ssl_certificate_key /etc/letsencrypt/live/pad.new.uugrn.org/privkey.pem; | |||
include /etc/letsencrypt/options-ssl-nginx.conf; | |||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; | |||
location / { | |||
proxy_pass http://localhost:9001/; | |||
proxy_set_header Host $host; | |||
proxy_pass_header Server; | |||
proxy_buffering off; | |||
proxy_set_header X-Real-IP $remote_addr; | |||
proxy_set_header X-Forwarded-For $remote_addr; | |||
proxy_set_header X-Forwarded-Proto $scheme; | |||
proxy_set_header Host $host; | |||
proxy_http_version 1.1; | |||
proxy_set_header Upgrade $http_upgrade; | |||
proxy_set_header Connection $connection_upgrade; | |||
} | |||
} | |||
# we're in the http context here | |||
map $http_upgrade $connection_upgrade { | |||
default upgrade; | |||
'' close; | |||
} | |||
server { | |||
listen 80; | |||
server_name pad.new.uugrn.org; | |||
rewrite ^(.*) https://$server_name$1 permanent; | |||
} | |||
</pre> | |||
=== Letsencrypt einrichten === | |||
</pre> | |||
$ apt-get install certbot python3-certbot-nginx | |||
$ certbot | |||
<run through wizard> | |||
$ cat /etc/cron.weekly/certbot.sh | |||
#!/bin/sh | |||
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin | |||
certbot renew | |||
service nginx reload | |||
</pre> | </pre> | ||
Version vom 24. Mai 2020, 11:50 Uhr
__
____ ____ _____/ / __ ____ ______ __________ ____ _________ _
/ __ \/ __ `/ __ / / / / / / / / __ `/ ___/ __ \ / __ \/ ___/ __ `/
/ /_/ / /_/ / /_/ /_/ /_/ / /_/ / /_/ / / / / / // /_/ / / / /_/ /
/ .___/\__,_/\__,_/(_)__,_/\__,_/\__, /_/ /_/ /_(_)____/_/ \__, /
/_/ Admin:sh+pad[at]uugrn.org /____/ /____/
OS: Debian Version: 10 (Buster) Architecture: amd64
CPU: 1x Intel Xeon Processor (Skylake, IBRS)
SPEED: 2294Mhz Memory: 1983MB
Welcome to pad.uugrn.org
ETHERPAD LITE SERVER
Produktivschaltung am 20.06.2020
Das neue Etherpad Lite mit WebRTC Support
- Host: pad.new.uugrn.org
ADMIN: sdk (sh+uugrn@codevoid.de)
INSTALL LOG
OS: Debian Buster (10)
Installierte Software
- etherpad-lite
- nginx (als reverse proxy)
- posgresql
Etherpad Lite läuft unter dem User "etherpad". Das Home directory des users ist /data/etherpad-lite.
User anlegen
$ mkdir /data $ adduser etherpad --system --group --home /data/etherpad-lite $ chown -R etherpad:etherpad /data
Datenbank anlegen
$ apt-get install postgresql $ pg_ctlcluster 11 main start $ psql CREATE USER etherpad; ALTER USER etherpad WITH PASSWORD '******'; CREATE DATABASE etherpad OWNER etherpad; ^D
Etherpad installieren
$ cd /data $ git clone --branch master git://github.com/ether/etherpad-lite.git $ chown -R etherpad:etherpad etherpad-liste
Die Datei settings.json im ethernet-lite verzeichnis wurde folgendermaßen verändert:
$ diff settings.json.orig settings.json
171c171
> /*
175a176,184
> */
> "dbType" : "postgres",
> "dbSettings" : {
> "user" : "etherpad",
> "host" : "/var/run/postgresql",
> "password": "*******",
> "database": "etherpad",
> "charset" : "utf8mb4"
> },
407d415
< /*
410,412c418
< // 1) "password" can be replaced with "hash" if you install ep_hash_auth
< // 2) please note that if password is null, the user will not be created
< "password": "changeme1",
---
> "password": "******",
414,419d419
< },
< "user": {
< // 1) "password" can be replaced with "hash" if you install ep_hash_auth
< // 2) please note that if password is null, the user will not be created
< "password": "changeme1",
< "is_admin": false
422d421
< */
SystemD Service installieren
$ cat /etc/systemd/system/etherpad-lite.service [Unit] Description=etherpad-lite (real-time collaborative document editing) After=syslog.target network.target [Service] Type=simple User=etherpad Group=etherpad Environment=NODE_ENV=production ExecStart=/bin/sh /data/etherpad-lite/bin/run.sh [Install] WantedBy=multi-user.target $ systemctl enable etherpad $ service etherpad start
NGINX Reverse Proxy installieren
$ apt-get install nginx ===
$ rm /etc/nginx/sites-enabled/default
$ cat /etc/nginx/sites-enabled/etherpad
server {
listen 443 ssl;
server_name pad.new.uugrn.org;
access_log /var/log/nginx/pad.uugrn.org.access.log;
error_log /var/log/nginx/pad.uugrn.org.error.log;
ssl_certificate /etc/letsencrypt/live/pad.new.uugrn.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pad.new.uugrn.org/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://localhost:9001/;
proxy_set_header Host $host;
proxy_pass_header Server;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
# we're in the http context here
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name pad.new.uugrn.org;
rewrite ^(.*) https://$server_name$1 permanent;
}
Letsencrypt einrichten
$ apt-get install certbot python3-certbot-nginx $ certbot <run through wizard>
$ cat /etc/cron.weekly/certbot.sh
- !/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin certbot renew service nginx reload