UUGRN:Services/pad.uugrn.org: Unterschied zwischen den Versionen

Aus UUGRN
Zeile 35: Zeile 35:
Etherpad Lite läuft unter dem User "etherpad".
Etherpad Lite läuft unter dem User "etherpad".
Das Home directory des users ist /data/etherpad-lite.
Das Home directory des users ist /data/etherpad-lite.
=== User anlegen ===
</pre>
$ mkdir /data
$ adduser etherpad --system --group --home /data/etherpad-lite
$ chown -R etherpad:etherpad /data
</pre>
=== Datenbank anlegen ===
<pre>
$ apt-get install postgresql
$ pg_ctlcluster 11 main start
$ psql
CREATE USER etherpad;
ALTER USER etherpad WITH PASSWORD '******';
CREATE DATABASE etherpad OWNER etherpad;
^D
</pre>
=== Etherpad installieren ===
<pre>
$ cd /data
$ git clone --branch master git://github.com/ether/etherpad-lite.git
$ chown -R etherpad:etherpad etherpad-liste
</pre>


Die Datei settings.json im ethernet-lite verzeichnis wurde folgendermaßen verändert:
Die Datei settings.json im ethernet-lite verzeichnis wurde folgendermaßen verändert:
root@pad:/data/etherpad-lite# diff settings.json.orig settings.json
<pre>
<pre>
$ diff settings.json.orig settings.json
171c171
171c171
>  /*
>  /*
Zeile 71: Zeile 99:
</pre>
</pre>


Etherpad wird über einen systemd service gestartet
=== SystemD Service installieren ===


cat /etc/systemd/system/etherpad-lite.service
<pre>
<pre>
$ cat /etc/systemd/system/etherpad-lite.service
[Unit]
[Unit]
Description=etherpad-lite (real-time collaborative document editing)
Description=etherpad-lite (real-time collaborative document editing)
Zeile 88: Zeile 116:
[Install]
[Install]
WantedBy=multi-user.target
WantedBy=multi-user.target
$ systemctl enable etherpad
$ service etherpad start
</pre>
</pre>


Die Postgresql DB wurde angelegt mit:
=== NGINX Reverse Proxy installieren ===
 
<pre>
<pre>
$ psql
$ apt-get install nginx ===
CREATE USER etherpad;
$ rm /etc/nginx/sites-enabled/default
ALTER USER etherpad WITH PASSWORD '******';
$ cat /etc/nginx/sites-enabled/etherpad
CREATE DATABASE etherpad OWNER etherpad;
server {
^D
 
        listen      443 ssl;
        server_name  pad.new.uugrn.org;
 
        access_log  /var/log/nginx/pad.uugrn.org.access.log;
        error_log  /var/log/nginx/pad.uugrn.org.error.log;
 
        ssl_certificate /etc/letsencrypt/live/pad.new.uugrn.org/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/pad.new.uugrn.org/privkey.pem;
 
        include /etc/letsencrypt/options-ssl-nginx.conf;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
        location / {
            proxy_pass            http://localhost:9001/;
            proxy_set_header      Host $host;
            proxy_pass_header Server;
            proxy_buffering off;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Host $host;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
        }
}
 
# we're in the http context here
map $http_upgrade $connection_upgrade {
  default upgrade;
  ''     close;
}
 
server {
    listen      80;
    server_name pad.new.uugrn.org;
    rewrite    ^(.*)  https://$server_name$1 permanent;
}
</pre>
 
=== Letsencrypt einrichten ===
 
</pre>
$ apt-get install certbot python3-certbot-nginx
$ certbot
<run through wizard>
 
$ cat /etc/cron.weekly/certbot.sh
#!/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
certbot renew
service nginx reload
</pre>
</pre>

Version vom 24. Mai 2020, 11:50 Uhr

                     __
    ____  ____ _____/ / __  ____  ______ __________   ____  _________ _
   / __ \/ __ `/ __  / / / / / / / / __ `/ ___/ __ \ / __ \/ ___/ __ `/
  / /_/ / /_/ / /_/ /_/ /_/ / /_/ / /_/ / /  / / / // /_/ / /  / /_/ /
 / .___/\__,_/\__,_/(_)__,_/\__,_/\__, /_/  /_/ /_(_)____/_/   \__, /
/_/ Admin:sh+pad[at]uugrn.org    /____/                       /____/

 OS: Debian  Version: 10 (Buster)  Architecture: amd64
 CPU: 1x Intel Xeon Processor (Skylake, IBRS)
 SPEED: 2294Mhz  Memory: 1983MB

Welcome to pad.uugrn.org

ETHERPAD LITE SERVER

Produktivschaltung am 20.06.2020

Das neue Etherpad Lite mit WebRTC Support

ADMIN: sdk (sh+uugrn@codevoid.de)

INSTALL LOG

OS: Debian Buster (10)

Installierte Software

  • etherpad-lite
  • nginx (als reverse proxy)
  • posgresql

Etherpad Lite läuft unter dem User "etherpad". Das Home directory des users ist /data/etherpad-lite.


User anlegen

$ mkdir /data $ adduser etherpad --system --group --home /data/etherpad-lite $ chown -R etherpad:etherpad /data

Datenbank anlegen

$ apt-get install postgresql
$ pg_ctlcluster 11 main start
$ psql
CREATE USER etherpad;
ALTER USER etherpad WITH PASSWORD '******';
CREATE DATABASE etherpad OWNER etherpad;
^D

Etherpad installieren

$ cd /data
$ git clone --branch master git://github.com/ether/etherpad-lite.git
$ chown -R etherpad:etherpad etherpad-liste

Die Datei settings.json im ethernet-lite verzeichnis wurde folgendermaßen verändert:

$ diff settings.json.orig settings.json
171c171
>   /*
175a176,184
>   */
>   "dbType" : "postgres",
>   "dbSettings" : {
>       "user"    : "etherpad",
>       "host"    : "/var/run/postgresql",
>       "password": "*******",
>       "database": "etherpad",
>       "charset" : "utf8mb4"
>   },
407d415
<   /*
410,412c418
<       // 1) "password" can be replaced with "hash" if you install ep_hash_auth
<       // 2) please note that if password is null, the user will not be created
<       "password": "changeme1",
---
>       "password": "******",
414,419d419
<     },
<     "user": {
<       // 1) "password" can be replaced with "hash" if you install ep_hash_auth
<       // 2) please note that if password is null, the user will not be created
<       "password": "changeme1",
<       "is_admin": false
422d421
<   */

SystemD Service installieren

$ cat /etc/systemd/system/etherpad-lite.service
[Unit]
Description=etherpad-lite (real-time collaborative document editing)
After=syslog.target network.target

[Service]
Type=simple
User=etherpad
Group=etherpad
Environment=NODE_ENV=production
ExecStart=/bin/sh /data/etherpad-lite/bin/run.sh

[Install]
WantedBy=multi-user.target

$ systemctl enable etherpad
$ service etherpad start

NGINX Reverse Proxy installieren

$ apt-get install nginx ===
$ rm /etc/nginx/sites-enabled/default
$ cat /etc/nginx/sites-enabled/etherpad
server {

        listen       443 ssl;
        server_name  pad.new.uugrn.org;

        access_log  /var/log/nginx/pad.uugrn.org.access.log;
        error_log   /var/log/nginx/pad.uugrn.org.error.log;

        ssl_certificate /etc/letsencrypt/live/pad.new.uugrn.org/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/pad.new.uugrn.org/privkey.pem;

        include /etc/letsencrypt/options-ssl-nginx.conf;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

        location / {
            proxy_pass             http://localhost:9001/;
            proxy_set_header       Host $host;
            proxy_pass_header Server;
            proxy_buffering off;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Host $host;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
        }
}

# we're in the http context here
map $http_upgrade $connection_upgrade {
  default upgrade;
  ''      close;
}

server {
    listen      80;
    server_name pad.new.uugrn.org;
    rewrite     ^(.*)   https://$server_name$1 permanent;
}

Letsencrypt einrichten

$ apt-get install certbot python3-certbot-nginx $ certbot <run through wizard>

$ cat /etc/cron.weekly/certbot.sh

  1. !/bin/sh

PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin certbot renew service nginx reload