From 39da99f0914ba292b415c8c2fb6ccf1f52dae5e4 Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Sun, 9 Jan 2022 10:08:58 +0100
Subject: [PATCH] Some changes in documentation or README-files.

---
 README.copy-userdata-to-new-installation |  2 +-
 README.install                           | 79 ++++++++++++++----------
 2 files changed, 47 insertions(+), 34 deletions(-)

diff --git a/README.copy-userdata-to-new-installation b/README.copy-userdata-to-new-installation
index 3c9d510..bb157a5 100644
--- a/README.copy-userdata-to-new-installation
+++ b/README.copy-userdata-to-new-installation
@@ -6,4 +6,4 @@
 backup_date="2019-11-03-0036"
 
 
-cp -a  /var/www/cryptpad.BAK.${backup_date}/{blob,blobstage,block,datastore} /var/www/cryptpad/cryptpad/
+cp -a  /var/www/cryptpad.BAK.${backup_date}/{blob,blobstage,block,datastore} /var/www/cryptpad/
diff --git a/README.install b/README.install
index 1e58d94..e62cb86 100644
--- a/README.install
+++ b/README.install
@@ -11,12 +11,14 @@
 # - 
 
 cryptpad_url=cpad-01.oopen.de
+cryptpad_url=o13-pad.oopen.de
 
 # bei vorgeschalteter authentifizierung funktioniert 
 # eine *extra* sandbox url nicht. in diesem falle die gleiche
 # adresse nehmen wie für die hautp seite
 #
 #cryptpad_sandbox_url=cpadsb-01.oopen.de
+#cryptpad_sandbox_url=o13-padsb.oopen.de
 cryptpad_sandbox_url="$cryptpad_url"
 
 
@@ -56,7 +58,7 @@ openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
 # - Create nginx configuration for CryptPad
 # -
 
-cat <<EOF > /etc/nginx/sites-available/cpad-01.oopen.de.conf
+cat <<EOF > /etc/nginx/sites-available/${cryptpad_url}.conf
 # -- $cryptpad_url
 
 server {
@@ -160,7 +162,7 @@ server {
    add_header Cross-Origin-Embedder-Policy require-corp;
 
    # Insert the path to your CryptPad repository root here
-   root /var/www/cryptpad/cryptpad;
+   root /var/www/cryptpad;
    index index.html;
    error_page 404 /customize.dist/404.html;
 
@@ -285,23 +287,28 @@ server {
       try_files \$uri =404;
    }
 
-    # This block provides an alternative means of loading content
-    # otherwise only served via websocket. This is solely for debugging purposes,
-    # and is thus not allowed by default.
-    #location ^~ /datastore/ {
-        #add_header Cache-Control max-age=0;
-        #try_files \$uri =404;
-    #}
+   # This block provides an alternative means of loading content
+   # otherwise only served via websocket. This is solely for debugging purposes,
+   # and is thus not allowed by default.
+   #location ^~ /datastore/ {
+       #add_header Cache-Control max-age=0;
+       #try_files \$uri =404;
+   #}
 
-    # The nodejs server has some built-in forwarding rules to prevent
-    # URLs like /pad from resulting in a 404. This simply adds a trailing slash
-    # to a variety of applications.
-    location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams)\$ {
-        rewrite ^(.*)\$ \$1/ redirect;
-    }
+   # The nodejs server has some built-in forwarding rules to prevent
+   # URLs like /pad from resulting in a 404. This simply adds a trailing slash
+   # to a variety of applications.
+   location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams)\$ {
+       rewrite ^(.*)\$ \$1/ redirect;
+   }
 
-    # Finally, serve anything the above exceptions don't govern.
-    try_files /www/\$uri /www/\$uri/index.html /customize/\$uri;
+   # Finally, serve anything the above exceptions don't govern.
+   try_files /www/\$uri /www/\$uri/index.html /customize/\$uri;
+
+   # Only authenticated users
+   #
+   auth_basic "Restricted Content";
+   auth_basic_user_file /etc/nginx/.htpasswd-${cryptpad_url%%.*};
 }
 EOF
 
@@ -392,8 +399,9 @@ npm install -g bower
 # ---
 # - Create the user for the service:
 # ---
-mkdir /var/www/cryptpad
-chown www-data:www-data /var/www/cryptpad
+
+mkdir -p /var/www/{.cache,.config,.local,.node-gyp,.npm,.private}
+chown -R www-data:www-data /var/www/{.cache,.config,.local,.node-gyp,.npm,.private}
 
 
 
@@ -401,11 +409,13 @@ chown www-data:www-data /var/www/cryptpad
 # - Install cryptpad
 # ---
 
-cd /var/www/cryptpad
+cd /var/www/
+mkdir cryptpad
+chown www-data:www-data cryptpad
 
 # - Get cryptpad
 # -
-su www-data -s /bin/bash -c "git clone https://github.com/xwiki-labs/cryptpad"
+su www-data -s /bin/bash -c "git clone https://github.com/xwiki-labs/cryptpad /var/www/cryptpad"
 
 cd cryptpad
 
@@ -431,26 +441,28 @@ cp -a config/config.example.js config/config.js
 # -
 # -    adminEmail: 'admin@oopen.de',
 # -    ...
+# -    httpUnsafeOrigin: http://localhost:3000
+# -    httpSafeOrigin: ${cryptpad_sandbox_url}
 # -    httpAddress: '::',
 # -    ...
 # -    myDomain: oopen.de,
 # -
-perl -i -n -p -e"s#(\s*)(adminEmail:.*)#\1// \2\n\1adminEmail: 'admin\@oopen.de',#" /var/www/cryptpad/cryptpad/config/config.js
+perl -i -n -p -e"s#(\s*)(adminEmail:.*)#\1// \2\n\1adminEmail: 'admin\@oopen.de',#" /var/www/cryptpad/config/config.js
 
-perl -i -n -p -e"s#(\s*)(httpUnsafeOrigin:.*)#\1// \2\n\1httpUnsafeOrigin: 'https://${cryptpad_url}',#" /var/www/cryptpad/cryptpad/config/config.js
+perl -i -n -p -e"s#(\s*)(httpUnsafeOrigin:.*)#\1// \2\n\1httpUnsafeOrigin: 'http://localhost:3000',#" /var/www/cryptpad//config/config.js
 
-perl -i -n -p -e"s#(\s*)(/*\s*)(httpSafeOrigin:.*)#\1// \3\n\1httpSafeOrigin: 'https://${cryptpad_sandbox_url}',#" /var/www/cryptpad/cryptpad/config/config.js
+perl -i -n -p -e"s#(\s*)(/*\s*)(httpSafeOrigin:.*)#\1// \3\n\1httpSafeOrigin: 'https://${cryptpad_sandbox_url}',#" /var/www/cryptpad/config/config.js
 
 
-perl -i -n -p -e"s#(\s*)(/*\s*)(httpAddress:.*)#\1// \3\n\1httpAddress: '::',#" /var/www/cryptpad/cryptpad/config/config.js
+perl -i -n -p -e"s#(\s*)(/*\s*)(httpAddress:.*)#\1// \3\n\1httpAddress: '::',#" /var/www/cryptpad/config/config.js
 
 # - deaktivate donate Button
 # -
-perl -i -n -p -e"s#(\s*)(/*\s*)(removeDonateButton:.*)#\1//\3\n\1removeDonateButton: true,#" /var/www/cryptpad/cryptpad/config/config.js
+perl -i -n -p -e"s#(\s*)(/*\s*)(removeDonateButton:.*)#\1//\3\n\1removeDonateButton: true,#" /var/www/cryptpad/config/config.js
 
 # - Set storage..
 # -
-perl -i -n -p -e"s#(\s*)(/*\s*)(defaultStorageLimit:.*)#\1//\3\n\1defaultStorageLimit: 250 * 1024 * 1024,#" /var/www/cryptpad/cryptpad/config/config.js
+perl -i -n -p -e"s#(\s*)(/*\s*)(defaultStorageLimit:.*)#\1//\3\n\1defaultStorageLimit: 250 * 1024 * 1024,#" /var/www/cryptpad/config/config.js
 
 # - Customizing CryptPad
 # -
@@ -466,12 +478,13 @@ perl -i -n -p -e"s#(\s*)(/*\s*)(defaultStorageLimit:.*)#\1//\3\n\1defaultStorage
 # - '/customize.dist/' to '/customize' and then edit it there, this way you will
 # - still be able to pull from (and make pull requests to (!) the git repository.
 # -
-cp -a /var/www/cryptpad/cryptpad/customize.dist /var/www/cryptpad/cryptpad/customize
+cp -a /var/www/cryptpad/customize.dist /var/www/cryptpad/customize
 
 # - Copy 'favicon.ico' to '/var/www/cryptpad/customize/main-favicon.png'
 # -
-cp ~chris/favicon.ico /var/www/cryptpad/cryptpad/customize/main-favicon.png
-cp ~chris/favicon.ico /var/www/cryptpad/cryptpad/customize.dist
+#cp ~chris/favicon.ico /var/www/cryptpad/customize/main-favicon.png
+cp ~chris/favicon.ico /var/www/cryptpad/customize.dist/
+chown www-data:www-data /var/www/cryptpad/customize.dist/favicon.ico
 
 
 
@@ -491,10 +504,10 @@ Requires=nginx.service
 Type=simple
 User=www-data
 Group=www-data
-Environment='PWD="/var/www/cryptpad/cryptpad"'
+Environment='PWD="/var/www/cryptpad"'
 # modify to match the location of your cryptpad repository
-WorkingDirectory=/var/www/cryptpad/cryptpad
-ExecStart=/usr/bin/node /var/www/cryptpad/cryptpad/server.js
+WorkingDirectory=/var/www/cryptpad
+ExecStart=/usr/bin/node /var/www/cryptpad/server.js
 
 TimeoutSec=30
 # Restart service after 10 seconds if node service crashes