diff --git a/README.install.00 b/README.install.00 new file mode 100644 index 0000000..b098192 --- /dev/null +++ b/README.install.00 @@ -0,0 +1,326 @@ +# ================= +# - Install Cryptad on Debian 9 (stretch) +# ================= + +# - See: +# - https://blog.cavebeat.org/2017/07/cryptpad-installation-on-debian-stretch/ +# - +# - See also: +# - git repository: https://github.com/xwiki-labs/cryptpad +# - installation guide: https://github.com/xwiki-labs/cryptpad/wiki/Installation-guide +# - + +cryptpad_url=cpad-01.oopen.de +cryptpad_url=o13-pad.oopen.de + +# bei vorgeschalteter authentifizierung funktioniert +# eine *extra* sandbox url nicht. in diesem falle die gleiche +# adresse nehmen wie für die hautp seite +# +#cryptpad_sandbox_url=cpadsb-01.oopen.de +#cryptpad_sandbox_url=o13-padsb.oopen.de +cryptpad_sandbox_url="$cryptpad_url" +cryptpad_sandbox_url="cpadsb-01.oopen.de" +cryptpad_sandbox_url="o13-padsb.oopen.de" + +vhost_config_file="${cryptpad_url}.conf" + + +# ---------- +# - Pre-requisites +# ---------- + +# - Install curl, git +# - +apt-get install curl git-core + +# - Install Python +# - +apt-get install python-minimal python +# debian bullseye: +apt install python-is-python2 python2-minimal + +# - Install compiler stuff +# - +# - apt-get install -y g++ g++-multilib gcc gcc-multilib cpp \ +# - make automake autoconf libtool flex bison \ +# - gettext pkg-config gnu-standards \ +# - libssl-dev libreadline-dev libncurses-dev +# - +apt-get install gcc g++ make + + +# --- +# - Install Nginx webservice +# --- + +apt-get install nginx + +# - Generate Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits +# - +mkdir /etc/nginx/ssl +openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 + + +# ---------- +# - Create nginx configuration for CryptPad +# - +# - see: https://github.com/xwiki-labs/cryptpad/blob/main/docs/example.nginx.conf +# - +# ---------- + + +# --- +# - Install NodeJS v6.x on Debian 9 Stretch +# --- + +# - Creates the apt sources list file '/etc/apt/sources.list.d/nodesource.list' for +# - the NodeSource Node.js v6.x and also adds the NodeSource signing key to your keyring +# - +# - curl -sL https://deb.nodesource.com/setup_6.x | bash - +# - +# - Hope nodejs version 14.x will work +# - +# - nodejs 6.0 does not yet work for actuall etherpad, which ist also installed +# - on this server. +# - +curl -sL https://deb.nodesource.com/setup_14.x | bash - +apt-get update + +# - Install nodejs version 6.x from repository 'deb.nodesource.com' +# - + +# - Tell the apt system to install nodejs from repository deb.nodesource.com +# - +# - You should pin the external source using the origin option to assign a high +# - priority to "the external source" instead of using the release name. +# - +# - e,g: Add the following lines to your /etc/apt/preferences.d/preferences: +# - +# - Package: * +# - Pin: origin deb.nodesource.com +# - Pin-Priority: 1001 +# - +if ! $(grep -E -q "^\s*Pin:\s+origin\s+deb.nodesource.com" /etc/apt/preferences.d/preferences) ; then + cat <> /etc/apt/preferences.d/preferences +Package: * +Pin: origin deb.nodesource.com +Pin-Priority: 1001 +EOF +fi + +# - Verify with 'apt-cache policy nodejs' +# - +# - Output must conatin somethin liek that: +# - Installationskandidat: 6.14.4-1nodesource1 +# - +apt-cache policy nodejs + +# - Install nodejs.. +# - +apt-get install nodejs + +# - An alternative possibility: +# - +# - 1. Show versions for nodejs +# - +# - # aptitude versions nodejs +# - +# - output may looks like: +# - +# - i 6.14.4-1nodesource1 500 +# - p 10.15.2~dfsg-2 stable 500 +# - +# - 2. install nodejs 6.14.4-1nodesource1 +# - +# - apt-get install nodejs=6.14.4-1nodesource1 +# - ^^^^^^^^^^^^^^^^^^^^^^^^^^ +# - + +# - Test if installation was successfully +# - +node -v +npm -v + + + +# --- +# - Install bower +# --- + +# - Install bower (global) +# - +npm install -g bower + + +# --- +# - Create the user for the service: +# --- + +mkdir -p /var/www/{.cache,.config,.local,.node-gyp,.npm,.private} +chown -R www-data:www-data /var/www/{.cache,.config,.local,.node-gyp,.npm,.private} + + + +# --- +# - Install cryptpad +# --- + +cd /var/www/ +chown www-data:www-data /var/www + + +# - Get cryptpad +# - +su www-data -s /bin/bash -c "git clone https://github.com/xwiki-labs/cryptpad /var/www/cryptpad" + +cd cryptpad + +# - Complete Installation of cryptpad +# - +su www-data -s /bin/bash -c "npm install" + +# - Maybe you haave to run +# +# su www-data -s /bin/bash -c "npm fund" +# su www-data -s /bin/bash -c "npm audit fix --force" + +su www-data -s /bin/bash -c "bower install" + + +# --- +# - Configure CryptPad +# --- + +# - Create configuration file 'config.js'. (Copy the example file) +# - +# - The defaults should be good enough for most cases, but you may want to edit +# - them. We recommend you read over the example file and change the values to +# - fit your needs. +cp -a config/config.example.js config/config.js + +# - Some base configuration +# - +# - adminEmail: 'admin@oopen.de', +# - ... +# - httpUnsafeOrigin: http://localhost:3000 +# - httpSafeOrigin: ${cryptpad_sandbox_url} +# - httpAddress: '::', +# - ... +# - myDomain: oopen.de, +# - +if $(grep -q -E "\s*/?/?\s*adminEmail" /var/www/cryptpad/config/config.js 2> /dev/null) ; then + perl -i -n -p -e"s#(\s*)(adminEmail:.*)#\1// \2\n\1adminEmail: 'admin\@oopen.de',#" /var/www/cryptpad/config/config.js +else + perl -i -n -p -e"s/(\s*})/ adminEmail: 'admin\@oopen.de',\n\1/" /var/www/cryptpad/config/config.js +fi + +perl -i -n -p -e"s#(\s*)(httpUnsafeOrigin:.*)#\1// \2\n\1httpUnsafeOrigin: 'https://${cryptpad_url}',#" /var/www/cryptpad/config/config.js + +perl -i -n -p -e"s#(\s*)(/*\s*)(httpSafeOrigin:.*)#\1// \3\n\1httpSafeOrigin: 'https://${cryptpad_sandbox_url}',#" /var/www/cryptpad/config/config.js + + +perl -i -n -p -e"s#(\s*)(/*\s*)(httpAddress:.*)#\1// \3\n\1httpAddress: '::',#" /var/www/cryptpad/config/config.js + +# - deaktivate donate Button +# - +if $(grep -q -E "\s*/?/?\s*removeDonateButton" /var/www/cryptpad/config/config.js 2> /dev/null) ; then + perl -i -n -p -e"s#(\s*)(/*\s*)(removeDonateButton:.*)#\1//\3\n\1removeDonateButton: true,#" /var/www/cryptpad/config/config.js +else + perl -i -n -p -e"s/(\s*})/ removeDonateButton: true,\n\1/" /var/www/cryptpad/config/config.js +fi + +# - Set storage.. +# - +perl -i -n -p -e"s#(\s*)(/*\s*)(defaultStorageLimit:.*)#\1//\3\n\1defaultStorageLimit: 250 * 1024 * 1024,#" /var/www/cryptpad/config/config.js + +# - Customizing CryptPad +# - +# - In order allow a variety of features to be changed and to allow site-specific +# - changes to CryptPad apps while still keeping the git repository pristine, this +# - directory exists to allow a set of hooks to be run. +# - +# - The server is configured to load files from the '/customize/' path +# - preferentially from 'cryptpad/customize/', and to fall back to +# - 'cryptpad/customize.dist/' if they are not found. +# - +# - If you wish to customize cryptpad, please **copy** +# - '/customize.dist/' to '/customize' and then edit it there, this way you will +# - still be able to pull from (and make pull requests to (!) the git repository. +# - +cp -a /var/www/cryptpad/customize.dist /var/www/cryptpad/customize + +# - Copy 'favicon.ico' to '/var/www/cryptpad/customize/main-favicon.png' +# - +cp ~chris/favicon.ico /var/www/cryptpad/customize/main-favicon.png +cp ~chris/favicon.ico /var/www/cryptpad/customize.dist/ +chown www-data:www-data /var/www/cryptpad/customize/main-favicon.png +chown www-data:www-data /var/www/cryptpad/customize.dist/favicon.ico + + + +# --- +# Systemd Unit +# --- + +# - Run as daemon using systemd +# - +cat << EOF > /etc/systemd/system/cryptpad.service +[Unit] +Description=CryptPad Service +After=syslog.target network.target +Requires=nginx.service + +[Service] +Type=simple +User=www-data +Group=www-data +Environment='PWD="/var/www/cryptpad"' +# modify to match the location of your cryptpad repository +WorkingDirectory=/var/www/cryptpad +ExecStart=/usr/bin/node /var/www/cryptpad/server.js + +TimeoutSec=30 +# Restart service after 10 seconds if node service crashes +RestartSec=2 +Restart=always + +# Output to syslog +StandardOutput=syslog +StandardError=syslog +SyslogIdentifier=cryptpad + +## Modify these two values and uncomment them if you have lots of files and get an HTTP error 500 because of that +LimitMEMLOCK=infinity +LimitNOFILE=65535 +### If you want to bind CryptPad to a port below 1024 uncomment the two values below +#CapabilityBoundingSet=CAP_NET_BIND_SERVICE +#AmbientCapabilities=CAP_NET_BIND_SERVICE + +[Install] +WantedBy=multi-user.target +EOF + +systemctl daemon-reload +systemctl enable cryptpad + +# - Start cryptpad +# - +systemctl start cryptpad + + +# --- +# Basic Check of your configuration: +# --- + +# In yout browser type: +# +# https://${cryptpad_url}/checkup/ + +# Maybe the the 'checkup' script recommends to run: +# +# npm run build +# +# we have to do this under the webservice user www-data +# +su www-data -s /bin/bash -c "npm run build"