install/cryptpad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: install:254916806370e7e55b8b5523d65aedafb7dab0cf
Branches Tags
install:master
...
compare: install:master
Branches Tags
install:master

16 Commits
2549168063 ... master

Author SHA1 Message Date
Christoph
7fefa364a3 Merge branch 'master' of https://git.oopen.de/install/cryptpad 2024-09-30 01:03:15 +02:00
Christoph
e54a3045dc Add 'cp-flr.oopen.de': 2024-09-30 01:02:30 +02:00
Christoph
e45e308e8e OnlyOffice is now a separate module. 2024-09-30 00:59:44 +02:00
Christoph
8ed9555262 Update README.upgrade 2024-04-18 19:27:13 +02:00
Christoph
52657a71af Update documentation. 2024-01-06 14:21:36 +01:00
Christoph
fa0cbc561b README.install: add docu for 'pad.ra-kanzlei-kiel.de'. 2023-12-29 15:11:13 +01:00
Christoph
ea629fd5a1 Update README files.. 2023-12-18 00:12:50 +01:00
Christoph
56df88d4f5 README.install: add notice about switching off firewall. 2023-12-17 18:41:23 +01:00
Christoph
f21dfa6edc Update dokumentation. 2023-12-12 16:28:41 +01:00
Christoph
7bf365d747 file 'README.upgrade' is obsolete. 2023-12-11 19:42:59 +01:00
Christoph
21dbbe20f1 Adjust file 'README.copy-userdata-to-new-installation'. 2023-12-11 19:41:26 +01:00
Christoph
1020168077 README.install: chnages on 'look and feel' mybe later. 2023-12-11 18:34:04 +01:00
Christoph
d665f126aa Replaced file 'README.install' with chnanged new installation instructions. 2023-12-11 18:03:32 +01:00
Christoph
f238b5fbd7 save old file 'README.install' to 'README.install.00'. 2023-12-11 15:51:42 +01:00
Christoph
9062d788ab Add file 'README.install-node.js'. 2023-12-11 14:59:47 +01:00
Christoph
7bb08995f9 README.install: some minor changes.. 2023-12-11 14:59:12 +01:00
7 changed files with 860 additions and 223 deletions
Expand all files Collapse all files

34
README.OnlyOffice Normal file
View File

@ -0,0 +1,34 @@
# ---
# OnlyOffice is now a separate module
#
# OnlyOffice applications (Sheets, Document, Presentation) are not bundled with CryptPad
# anymore. You can install/update them by running the installation script we provide:
# ---
cryptpad_user=cryptpad
# - Stop cryptpad
# -
systemctl stop cryptpad
# Stop iptables firewall
#
ipt-firewall-server flush
ip6t-firewall-server flush
# Login as CryptPad user
#
su - ${cryptpad_user}
cd cryptpad
# Install OnlyOffice
#
# ./install-onlyoffice.sh
# # press q to close the license screen
# # and Y ⏎ to accept the OnlyOffice license
#
./install-onlyoffice.sh

55
README.copy-userdata-to-new-installation
View File

@ -2,8 +2,59 @@
# Copy existing user data to new pad
# =================
cryptpad_user=cryptpad
backup_date="2022-09-22-1001"
# Stop cryptpad service
#
systemctl stop cryptpad.service
cp -a /var/www/cryptpad.BAK.${backup_date}/{blob,blobstage,block,datastore} /var/www/cryptpad/
# login as cryptpad user
#
su - ${cryptpad_user}
backup_date="2023-12-12-1442"
# Backup current installation
#
cp -a cryptpad cryptpad.CURRENT
# Copy configuration file
#
cp cryptpad.BAK.${backup_date}/config/config.js cryptpad/config/config.js
# Instanzkonfiguration
#
# Note:
# some settings cannot be changed once user accounts have been created.
#
cp cryptpad.BAK.${backup_date}/customize/application_config.js cryptpad/customize/application_config.js
# Copy user data
#
#for i in blob blobstage block datastore ; do
for i in data datastore block blob ; do
echo""
echo -e " Syncing directory '${i}'.."
rsync -a --delete /var/www/cryptpad/cryptpad.BAK.${backup_date}/$i /var/www/cryptpad/cryptpad/
chown cryptpad:cryptpad /var/www/cryptpad/cryptpad/$i
done
# logoff from cryptpad user
#
exit
# Start cryptpad service
#
systemctl start cryptpad.service

517
README.install
View File

@ -3,7 +3,7 @@
# =================
# - See:
# - https://blog.cavebeat.org/2017/07/cryptpad-installation-on-debian-stretch/
# - https://docs.cryptpad.org/en/admin_guide/installation.html
# -
# - See also:
# - git repository: https://github.com/xwiki-labs/cryptpad
@ -12,180 +12,122 @@
cryptpad_url=cpad-01.oopen.de
cryptpad_url=o13-pad.oopen.de
cryptpad_url=o13-cryptpad.oopen.de
cryptpad_url=pad.ra-kanzlei-kiel.de
cryptpad_url=crpad.fluechtlingsrat-berlin.de
# bei vorgeschalteter authentifizierung funktioniert
# eine *extra* sandbox url nicht. in diesem falle die gleiche
# adresse nehmen wie für die hautp seite
#
#cryptpad_sandbox_url=cpadsb-01.oopen.de
#cryptpad_sandbox_url=o13-padsb.oopen.de
cryptpad_sandbox_url="$cryptpad_url"
cryptpad_sandbox_url="cpadsb-01.oopen.de"
cryptpad_sandbox_url="o13-padsb.oopen.de"
cryptpad_sandbox_url="o13-cryptpadsb.oopen.de"
cryptpad_sandbox_url="sandbox.pad.ra-kanzlei-kiel.de"
cryptpad_sandbox_url="cpadsb.fluechtlingsrat-berlin.de"
vhost_config_file="${cryptpad_url}.conf"
cryptpad_user=cryptpad
cryptpad_group=cryptpad
cryptpad_gid=2010
cryptpad_uid=2010
# ----------
# - Pre-requisites
# ----------
# - Install curl, git
# -
apt-get install curl git-core
# - Install Python
# -
apt-get install python-minimal python
# debian bullseye:
apt install python-is-python2 python2-minimal
# - Install compiler stuff
# -
# - apt-get install -y g++ g++-multilib gcc gcc-multilib cpp \
# - make automake autoconf libtool flex bison \
# - gettext pkg-config gnu-standards \
# - libssl-dev libreadline-dev libncurses-dev
# -
apt-get install gcc g++ make
cryptpad_base_dir=/var/www/cryptpad
cryptpad_home_dir="${cryptpad_base_dir}"
cryptpad_install_dir="${cryptpad_home_dir}/cryptpad"
# ---
# - Install Nginx webservice
# ---
apt-get install nginx
# - Generate Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
# -
mkdir /etc/nginx/ssl
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
# ----------
# - Create nginx configuration for CryptPad
# -
# - see: https://github.com/xwiki-labs/cryptpad/blob/main/docs/example.nginx.conf
# -
# ----------
# ---
# - Install NodeJS v6.x on Debian 9 Stretch
# ---
# - Creates the apt sources list file '/etc/apt/sources.list.d/nodesource.list' for
# - the NodeSource Node.js v6.x and also adds the NodeSource signing key to your keyring
# -
# - curl -sL https://deb.nodesource.com/setup_6.x | bash -
# -
# - Hope nodejs version 14.x will work
# -
# - nodejs 6.0 does not yet work for actuall etherpad, which ist also installed
# - on this server.
# -
curl -sL https://deb.nodesource.com/setup_14.x | bash -
apt-get update
# - Install nodejs version 6.x from repository 'deb.nodesource.com'
# -
# - Tell the apt system to install nodejs from repository deb.nodesource.com
# -
# - You should pin the external source using the origin option to assign a high
# - priority to "the external source" instead of using the release name.
# -
# - e,g: Add the following lines to your /etc/apt/preferences.d/preferences:
# -
# - Package: *
# - Pin: origin deb.nodesource.com
# - Pin-Priority: 1001
# -
if ! $(grep -E -q "^\s*Pin:\s+origin\s+deb.nodesource.com" /etc/apt/preferences.d/preferences) ; then
cat <<EOF >> /etc/apt/preferences.d/preferences
Package: *
Pin: origin deb.nodesource.com
Pin-Priority: 1001
EOF
fi
# - Verify with 'apt-cache policy nodejs'
# -
# - Output must conatin somethin liek that:
# - Installationskandidat: 6.14.4-1nodesource1
# -
apt-cache policy nodejs
# - Install nodejs..
# -
apt-get install nodejs
# - An alternative possibility:
# -
# - 1. Show versions for nodejs
# -
# - # aptitude versions nodejs
# -
# - output may looks like:
# -
# - i 6.14.4-1nodesource1 <NULL> 500
# - p 10.15.2~dfsg-2 stable 500
# -
# - 2. install nodejs 6.14.4-1nodesource1
# -
# - apt-get install nodejs=6.14.4-1nodesource1
# - ^^^^^^^^^^^^^^^^^^^^^^^^^^
# -
# - Test if installation was successfully
# -
node -v
npm -v
# ---
# - Install bower
# ---
# - Install bower (global)
# -
npm install -g bower
# ---
# ==========
# - Create the user for the service:
# ---
mkdir -p /var/www/{.cache,.config,.local,.node-gyp,.npm,.private}
chown -R www-data:www-data /var/www/{.cache,.config,.local,.node-gyp,.npm,.private}
# ==========
addgroup --gid $cryptpad_gid $cryptpad_group
adduser --gid $cryptpad_uid --uid $cryptpad_uid --home $cryptpad_home_dir $cryptpad_user
# ---
# ==========
# - Install cryptpad
# ---
# ==========
cd /var/www/
chown www-data:www-data /var/www
su - ${cryptpad_user}
cryptpad_base_dir=/var/www/cryptpad
cryptpad_home_dir="${cryptpad_base_dir}"
cryptpad_install_dir="${cryptpad_home_dir}/cryptpad"
cryptpad_url=cpad-01.oopen.de
cryptpad_url=o13-pad.oopen.de
cryptpad_url=o13-cryptpad.oopen.de
cryptpad_url=pad.ra-kanzlei-kiel.de
cryptpad_url=crpad.fluechtlingsrat-berlin.de
# - Get cryptpad
cryptpad_sandbox_url="cpadsb-01.oopen.de"
cryptpad_sandbox_url="o13-padsb.oopen.de"
cryptpad_sandbox_url="o13-cryptpadsb.oopen.de"
cryptpad_sandbox_url="sandbox.pad.ra-kanzlei-kiel.de"
cryptpad_sandbox_url="cpadsb.fluechtlingsrat-berlin.de"
cd ${cryptpad_home_dir}
# - Get cryptpad - Clone the CryptPad repository
# -
su www-data -s /bin/bash -c "git clone https://github.com/xwiki-labs/cryptpad /var/www/cryptpad"
git clone https://github.com/cryptpad/cryptpad.git ${cryptpad_install_dir}
# Switch to the latest published tag
#
# git checkout $(git tag -l | grep -v 'v1.*$' | sort -V | tail -n 1)
cd ${cryptpad_install_dir}
# !!! NOTE
#
# Switch of IPv4 and IPv6 firewall
# ================================
#
# You will run into connection limit if the setting is too sensitive
#
# !!! NOTE
cd cryptpad
# - Complete Installation of cryptpad
# -
su www-data -s /bin/bash -c "npm install"
npm ci
# - Maybe you haave to run
# - Maybe you haave to run
#
# su www-data -s /bin/bash -c "npm fund"
# su www-data -s /bin/bash -c "npm audit fix --force"
# # packages looking for funding
# #
# npm fund
#
# # To address issues that do not require attention, run:
# #
# npm audit fix
#
#npm fund
#npm audit fix
npm run install:components
# Build static pages & Open Graph metadata
#
# To build some of CryptPad static pages & enable social media link previews,
# run the following command:
#
npm run build
su www-data -s /bin/bash -c "bower install"
# ---
@ -210,29 +152,71 @@ cp -a config/config.example.js config/config.js
# - myDomain: oopen.de,
# -
if $(grep -q -E "\s*/?/?\s*adminEmail" /var/www/cryptpad/config/config.js 2> /dev/null) ; then
perl -i -n -p -e"s#(\s*)(adminEmail:.*)#\1// \2\n\1adminEmail: 'admin\@oopen.de',#" /var/www/cryptpad/config/config.js
perl -i -n -p -e"s#(\s*)(adminEmail:.*)#\1// \2\n\1adminEmail: 'admin\@oopen.de',#" ${cryptpad_install_dir}/config/config.js
else
perl -i -n -p -e"s/(\s*})/ adminEmail: 'admin\@oopen.de',\n\1/" /var/www/cryptpad/config/config.js
perl -i -n -p -e"s/(\s*})/ adminEmail: 'admin\@oopen.de',\n\1/" ${cryptpad_install_dir}/config/config.js
fi
perl -i -n -p -e"s#(\s*)(httpUnsafeOrigin:.*)#\1// \2\n\1httpUnsafeOrigin: 'https://${cryptpad_url}',#" /var/www/cryptpad/config/config.js
perl -i -n -p -e"s#(\s*)(httpUnsafeOrigin:.*)#\1// \2\n\1httpUnsafeOrigin: 'https://${cryptpad_url}',#" ${cryptpad_install_dir}/config/config.js
perl -i -n -p -e"s#(\s*)(/*\s*)(httpSafeOrigin:.*)#\1// \3\n\1httpSafeOrigin: 'https://${cryptpad_sandbox_url}',#" /var/www/cryptpad/config/config.js
perl -i -n -p -e"s#(\s*)(/*\s*)(httpSafeOrigin:.*)#\1// \3\n\1httpSafeOrigin: 'https://${cryptpad_sandbox_url}',#" ${cryptpad_install_dir}/config/config.js
perl -i -n -p -e"s#(\s*)(/*\s*)(httpAddress:.*)#\1// \3\n\1httpAddress: '::',#" /var/www/cryptpad/config/config.js
perl -i -n -p -e"s#(\s*)(/*\s*)(httpAddress:.*)#\1// \3\n\1httpAddress: '::',#" ${cryptpad_install_dir}/config/config.js
# - deaktivate donate Button
# -
if $(grep -q -E "\s*/?/?\s*removeDonateButton" /var/www/cryptpad/config/config.js 2> /dev/null) ; then
perl -i -n -p -e"s#(\s*)(/*\s*)(removeDonateButton:.*)#\1//\3\n\1removeDonateButton: true,#" /var/www/cryptpad/config/config.js
perl -i -n -p -e"s#(\s*)(/*\s*)(removeDonateButton:.*)#\1//\3\n\1removeDonateButton: true,#" ${cryptpad_install_dir}/config/config.js
else
perl -i -n -p -e"s/(\s*})/ removeDonateButton: true,\n\1/" /var/www/cryptpad/config/config.js
perl -i -n -p -e"s/(\s*})/ removeDonateButton: true,\n\1/" ${cryptpad_install_dir}/config/config.js
fi
# - Set storage..
# -
perl -i -n -p -e"s#(\s*)(/*\s*)(defaultStorageLimit:.*)#\1//\3\n\1defaultStorageLimit: 250 * 1024 * 1024,#" /var/www/cryptpad/config/config.js
perl -i -n -p -e"s#(\s*)(/*\s*)(defaultStorageLimit:.*)#\1//\3\n\1defaultStorageLimit: 250 * 1024 * 1024,#" ${cryptpad_install_dir}/config/config.js
# - Instance customization
# -
# - The functionality as well as the look-and-feel of an instance can be customized
# - by creating a customize folder and copying assets to be customized (images,
# - stylesheets, page templates, etc) from customize.dist into it. If a file exists
# -in customize, it will be served to users instead of its namesake in customize.dist.
# -
# - The purpose of the customize directory is to make it easier to upgrade CryptPad
# - while maintaining customizations in place. Occasionally, a major new version may
# - introduce breaking changes or require adjustments in the customizations.
# - Administrators with customized instances are therefore encouraged to read
# - instructions carefully before each upgrade.
# -
mkdir -p ${cryptpad_install_dir}/cryptpad/customize
# - Application config
# -
# - A wide range of settings are available in www/common/application_config_internal.js.
# - To modify them:
# -
# - 1. Make a copy of customize.dist/application_config.js in the customize folder.
# -
# - 2. Copy the default value(s) to modify from www/common/application_config_internal.js
# - into customize/application_config.js.
# -
cp ${cryptpad_install_dir}/customize.dist/application_config.js ${cryptpad_install_dir}/customize/
# - Restricting guest access
# -
# - To disable unregistered use of CryptPad, add the following to
# - customize/application_config.js:
# -
# - AppConfig.registeredOnlyTypes = AppConfig.availablePadTypes;
# ---
# - for further configurations see:
# - https://docs.cryptpad.org/en/admin_guide/customization.html#application-config
# ---
# - Customizing CryptPad
# -
@ -248,54 +232,93 @@ perl -i -n -p -e"s#(\s*)(/*\s*)(defaultStorageLimit:.*)#\1//\3\n\1defaultStorage
# - '/customize.dist/' to '/customize' and then edit it there, this way you will
# - still be able to pull from (and make pull requests to (!) the git repository.
# -
cp -a /var/www/cryptpad/customize.dist /var/www/cryptpad/customize
#cp -a ${cryptpad_install_dir}/customize.dist ${cryptpad_install_dir}/cryptpad/customize
# - Copy 'favicon.ico' to '/var/www/cryptpad/customize/main-favicon.png'
# -
cp ~chris/favicon.ico /var/www/cryptpad/customize/main-favicon.png
cp ~chris/favicon.ico /var/www/cryptpad/customize.dist/
chown www-data:www-data /var/www/cryptpad/customize/main-favicon.png
chown www-data:www-data /var/www/cryptpad/customize.dist/favicon.ico
# Install OnlyOffice - OnlyOffice is now a separate module
#
# OnlyOffice applications (Sheets, Document, Presentation) are not bundled with CryptPad
# anymore. You can install/update them by running the installation script we provide:
#
# ./install-onlyoffice.sh
# # press q to close the license screen
# # and Y ⏎ to accept the OnlyOffice license
#
./install-onlyoffice.sh
# Exit from cryptpad user
#
exit
# ---
# Systemd Unit
# ---
# - Run as daemon using systemd
# -
cat << EOF > /etc/systemd/system/cryptpad.service
cat <<EOF > /etc/systemd/system/cryptpad.service
[Unit]
Description=CryptPad Service
After=syslog.target network.target
Requires=nginx.service
Description=CryptPad API server
[Service]
Type=simple
User=www-data
Group=www-data
Environment='PWD="/var/www/cryptpad"'
ExecStart=/usr/bin/node ${cryptpad_install_dir}/server.js
# modify to match the location of your cryptpad repository
WorkingDirectory=/var/www/cryptpad
ExecStart=/usr/bin/node /var/www/cryptpad/server.js
WorkingDirectory=${cryptpad_install_dir}
TimeoutSec=30
Restart=always
# Restart service after 10 seconds if node service crashes
RestartSec=2
Restart=always
# Output to syslog
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=cryptpad
# Proper logging to journald
StandardOutput=journal
StandardError=journal+console
## Modify these two values and uncomment them if you have lots of files and get an HTTP error 500 because of that
LimitMEMLOCK=infinity
LimitNOFILE=65535
### If you want to bind CryptPad to a port below 1024 uncomment the two values below
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_BIND_SERVICE
User=${cryptpad_user}
Group=${cryptpad_group}
# modify to match your working directory
Environment='PWD="${cryptpad_install_dir}"'
# systemd sets the open file limit to 4000 unless you override it
# cryptpad stores its data with the filesystem, so you should increase this to match the value of `ulimit -n`
# or risk EMFILE errors.
LimitNOFILE=1000000
# hardening directives as per https://www.freedesktop.org/software/systemd/man/systemd.exec.html
# check those with systemd-analyze security cryptpad.service for more information
# Proc filesystem
ProcSubset=all
ProtectProc=invisible
# Capabilities
CapabilityBoundingSet=
# Security
NoNewPrivileges=true
# Sandboxing
ProtectSystem=strict
PrivateTmp=true
PrivateDevices=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectControlGroups=true
RestrictAddressFamilies=AF_INET
RestrictAddressFamilies=AF_INET6
RestrictAddressFamilies=AF_NETLINK
RestrictAddressFamilies=AF_UNIX
RestrictNamespaces=true
LockPersonality=true
RestrictRealtime=true
RestrictSUIDSGID=true
RemoveIPC=true
PrivateMounts=true
ProtectClock=true
# System Call Filtering
SystemCallArchitectures=native
SystemCallFilter=~@cpu-emulation @debug @keyring @ipc @mount @obsolete @privileged @setuid
SystemCallFilter=@chown
SystemCallFilter=pipe
SystemCallFilter=pipe2
ReadWritePaths=${cryptpad_install_dir}
[Install]
WantedBy=multi-user.target
@ -309,6 +332,124 @@ systemctl enable cryptpad
systemctl start cryptpad
# ==========
# nginx vhost configuration
# ==========
cat <<EOF > /etc/nginx/sites-available/${vhost_config_file}
# -- ${cryptpad_url}
# we want restrict authentication to cryptpad sandbox urls "${cryptpad_sandbox_url}"
#
map \$http_host \$auth_type {
default "off"; #This will turn off auth-basic
${cryptpad_sandbox_url} "Restricted"; #This or any other string will turn it back on
}
server {
listen 80;
listen [::]:80;
server_name ${cryptpad_url};
return 301 https://\$server_name\$request_uri;
}
# This file is included strictly as an example of how Nginx can be configured
# to work with CryptPad. This example WILL NOT WORK AS IS. For best results,
# compare the sections of this configuration file against a working CryptPad
# installation (http server by the Nodejs process). If you are using CryptPad
# in production and require professional support please contact sales@cryptpad.fr
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# Let's Encrypt webroot
#include letsencrypt-webroot;
# ----------
# !! inserted by ckubu !!
#
# Needed for (automated) updating certificate
#
include snippets/letsencrypt-acme-challenge.conf;
#
# ----------
# CryptPad serves static assets over these two domains.
# \`your-main-domain\` is what users will enter in their address bar.
# Privileged computation such as key management is handled in this scope
# UI content is loaded via the \`your-sandbox-domain\`.
# "Content Security Policy" headers prevent content loaded via the sandbox
# from accessing privileged information.
# This setup allows to take advantage of CryptPad's sandboxing techniques.
# In the event of an XSS vulnerability in CryptPad's front-end code
# this will limit the amount of information accessible to attackers.
server_name ${cryptpad_url} ${cryptpad_sandbox_url};
# You'll need to Set the path to your certificates and keys here
# IMPORTANT: this config is intended to serve assets for at least two domains
# (your main domain and your sandbox domain). As such, you'll need to generate a single SSL certificate
# that includes both domains in order for things to work as expected.
ssl_certificate /var/lib/dehydrated/certs/${cryptpad_url}/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/${cryptpad_url}/privkey.pem;
# diffie-hellman parameters are used to negotiate keys for your session
# generate strong parameters using the following command
ssl_dhparam /etc/nginx/ssl/dhparam.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096
# Speeds things up a little bit when resuming a session
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
# replace with the IP address of your resolver
resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 9.9.9.9 149.112.112.112 208.67.222.222 208.67.220.220;
location / {
proxy_pass http://localhost:3000;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
client_max_body_size 150m;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection upgrade;
}
# ----------
# !! included by ckubu !!
#
# Only authenticated users
#
auth_basic "\$auth_type";
auth_basic_user_file /etc/nginx/.htpasswd-o13-pad;
#
# ----------
}
EOF
ln -s ../sites-available/${vhost_config_file} /etc/nginx/sites-enabled/${vhost_config_file}
nginx -t
systemctl restart nginx
# ---
# Basic Check of your configuration:
# ---
@ -316,11 +457,3 @@ systemctl start cryptpad
# In yout browser type:
#
# https://${cryptpad_url}/checkup/
# Maybe the the 'checkup' script recommends to run:
#
# npm run build
#
# we have to do this under the webservice user www-data
#
su www-data -s /bin/bash -c "npm run build"

44
README.install-node.js
View File

@ -1,28 +1,48 @@
# ----------
# - Install nodejs - (we use the official NodeJs LTS release)
# ----------
apt update && apt full-upgrade
# Install Prerequisites
#
apt install curl \
gpg \
gnupg2 \
software-properties-common \
ca-certificates \
curl \
gnupg \
apt-transport-https \
lsb-release ca-certificates
lsb-release
# Download and import the Nodesource GPG key
#
mkdir -p /etc/apt/keyrings
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
# NODE_MAJOR=16
# NODE_MAJOR=18
# NODE_MAJOR=20
# Create debian repository
#
NODE_MAJOR=21
NODE_MAJOR=20
echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | sudo tee /etc/apt/sources.list.d/nodesource.list
# Run update
#
apt update
# Install nodejs
#
apt install nodejs
node -v
npm -v
# ----------
# Uninstall nodejs Ubuntu & Debian packages
# ----------
# To completely remove Node.js installed from the deb.nodesource.com package methods above:
#
apt-get purge nodejs
rm -r /etc/apt/sources.list.d/nodesource.list
rm -r /etc/apt/keyrings/nodesource.gpg
apt update

326
README.install.00 Normal file
View File

@ -0,0 +1,326 @@
# =================
# - Install Cryptad on Debian 9 (stretch)
# =================
# - See:
# - https://blog.cavebeat.org/2017/07/cryptpad-installation-on-debian-stretch/
# -
# - See also:
# - git repository: https://github.com/xwiki-labs/cryptpad
# - installation guide: https://github.com/xwiki-labs/cryptpad/wiki/Installation-guide
# -
cryptpad_url=cpad-01.oopen.de
cryptpad_url=o13-pad.oopen.de
# bei vorgeschalteter authentifizierung funktioniert
# eine *extra* sandbox url nicht. in diesem falle die gleiche
# adresse nehmen wie für die hautp seite
#
#cryptpad_sandbox_url=cpadsb-01.oopen.de
#cryptpad_sandbox_url=o13-padsb.oopen.de
cryptpad_sandbox_url="$cryptpad_url"
cryptpad_sandbox_url="cpadsb-01.oopen.de"
cryptpad_sandbox_url="o13-padsb.oopen.de"
vhost_config_file="${cryptpad_url}.conf"
# ----------
# - Pre-requisites
# ----------
# - Install curl, git
# -
apt-get install curl git-core
# - Install Python
# -
apt-get install python-minimal python
# debian bullseye:
apt install python-is-python2 python2-minimal
# - Install compiler stuff
# -
# - apt-get install -y g++ g++-multilib gcc gcc-multilib cpp \
# - make automake autoconf libtool flex bison \
# - gettext pkg-config gnu-standards \
# - libssl-dev libreadline-dev libncurses-dev
# -
apt-get install gcc g++ make
# ---
# - Install Nginx webservice
# ---
apt-get install nginx
# - Generate Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
# -
mkdir /etc/nginx/ssl
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
# ----------
# - Create nginx configuration for CryptPad
# -
# - see: https://github.com/xwiki-labs/cryptpad/blob/main/docs/example.nginx.conf
# -
# ----------
# ---
# - Install NodeJS v6.x on Debian 9 Stretch
# ---
# - Creates the apt sources list file '/etc/apt/sources.list.d/nodesource.list' for
# - the NodeSource Node.js v6.x and also adds the NodeSource signing key to your keyring
# -
# - curl -sL https://deb.nodesource.com/setup_6.x | bash -
# -
# - Hope nodejs version 14.x will work
# -
# - nodejs 6.0 does not yet work for actuall etherpad, which ist also installed
# - on this server.
# -
curl -sL https://deb.nodesource.com/setup_14.x | bash -
apt-get update
# - Install nodejs version 6.x from repository 'deb.nodesource.com'
# -
# - Tell the apt system to install nodejs from repository deb.nodesource.com
# -
# - You should pin the external source using the origin option to assign a high
# - priority to "the external source" instead of using the release name.
# -
# - e,g: Add the following lines to your /etc/apt/preferences.d/preferences:
# -
# - Package: *
# - Pin: origin deb.nodesource.com
# - Pin-Priority: 1001
# -
if ! $(grep -E -q "^\s*Pin:\s+origin\s+deb.nodesource.com" /etc/apt/preferences.d/preferences) ; then
cat <<EOF >> /etc/apt/preferences.d/preferences
Package: *
Pin: origin deb.nodesource.com
Pin-Priority: 1001
EOF
fi
# - Verify with 'apt-cache policy nodejs'
# -
# - Output must conatin somethin liek that:
# - Installationskandidat: 6.14.4-1nodesource1
# -
apt-cache policy nodejs
# - Install nodejs..
# -
apt-get install nodejs
# - An alternative possibility:
# -
# - 1. Show versions for nodejs
# -
# - # aptitude versions nodejs
# -
# - output may looks like:
# -
# - i 6.14.4-1nodesource1 <NULL> 500
# - p 10.15.2~dfsg-2 stable 500
# -
# - 2. install nodejs 6.14.4-1nodesource1
# -
# - apt-get install nodejs=6.14.4-1nodesource1
# - ^^^^^^^^^^^^^^^^^^^^^^^^^^
# -
# - Test if installation was successfully
# -
node -v
npm -v
# ---
# - Install bower
# ---
# - Install bower (global)
# -
npm install -g bower
# ---
# - Create the user for the service:
# ---
mkdir -p /var/www/{.cache,.config,.local,.node-gyp,.npm,.private}
chown -R www-data:www-data /var/www/{.cache,.config,.local,.node-gyp,.npm,.private}
# ---
# - Install cryptpad
# ---
cd /var/www/
chown www-data:www-data /var/www
# - Get cryptpad
# -
su www-data -s /bin/bash -c "git clone https://github.com/xwiki-labs/cryptpad /var/www/cryptpad"
cd cryptpad
# - Complete Installation of cryptpad
# -
su www-data -s /bin/bash -c "npm install"
# - Maybe you haave to run
#
# su www-data -s /bin/bash -c "npm fund"
# su www-data -s /bin/bash -c "npm audit fix --force"
su www-data -s /bin/bash -c "bower install"
# ---
# - Configure CryptPad
# ---
# - Create configuration file 'config.js'. (Copy the example file)
# -
# - The defaults should be good enough for most cases, but you may want to edit
# - them. We recommend you read over the example file and change the values to
# - fit your needs.
cp -a config/config.example.js config/config.js
# - Some base configuration
# -
# - adminEmail: 'admin@oopen.de',
# - ...
# - httpUnsafeOrigin: http://localhost:3000
# - httpSafeOrigin: ${cryptpad_sandbox_url}
# - httpAddress: '::',
# - ...
# - myDomain: oopen.de,
# -
if $(grep -q -E "\s*/?/?\s*adminEmail" /var/www/cryptpad/config/config.js 2> /dev/null) ; then
perl -i -n -p -e"s#(\s*)(adminEmail:.*)#\1// \2\n\1adminEmail: 'admin\@oopen.de',#" /var/www/cryptpad/config/config.js
else
perl -i -n -p -e"s/(\s*})/ adminEmail: 'admin\@oopen.de',\n\1/" /var/www/cryptpad/config/config.js
fi
perl -i -n -p -e"s#(\s*)(httpUnsafeOrigin:.*)#\1// \2\n\1httpUnsafeOrigin: 'https://${cryptpad_url}',#" /var/www/cryptpad/config/config.js
perl -i -n -p -e"s#(\s*)(/*\s*)(httpSafeOrigin:.*)#\1// \3\n\1httpSafeOrigin: 'https://${cryptpad_sandbox_url}',#" /var/www/cryptpad/config/config.js
perl -i -n -p -e"s#(\s*)(/*\s*)(httpAddress:.*)#\1// \3\n\1httpAddress: '::',#" /var/www/cryptpad/config/config.js
# - deaktivate donate Button
# -
if $(grep -q -E "\s*/?/?\s*removeDonateButton" /var/www/cryptpad/config/config.js 2> /dev/null) ; then
perl -i -n -p -e"s#(\s*)(/*\s*)(removeDonateButton:.*)#\1//\3\n\1removeDonateButton: true,#" /var/www/cryptpad/config/config.js
else
perl -i -n -p -e"s/(\s*})/ removeDonateButton: true,\n\1/" /var/www/cryptpad/config/config.js
fi
# - Set storage..
# -
perl -i -n -p -e"s#(\s*)(/*\s*)(defaultStorageLimit:.*)#\1//\3\n\1defaultStorageLimit: 250 * 1024 * 1024,#" /var/www/cryptpad/config/config.js
# - Customizing CryptPad
# -
# - In order allow a variety of features to be changed and to allow site-specific
# - changes to CryptPad apps while still keeping the git repository pristine, this
# - directory exists to allow a set of hooks to be run.
# -
# - The server is configured to load files from the '/customize/' path
# - preferentially from 'cryptpad/customize/', and to fall back to
# - 'cryptpad/customize.dist/' if they are not found.
# -
# - If you wish to customize cryptpad, please **copy**
# - '/customize.dist/' to '/customize' and then edit it there, this way you will
# - still be able to pull from (and make pull requests to (!) the git repository.
# -
cp -a /var/www/cryptpad/customize.dist /var/www/cryptpad/customize
# - Copy 'favicon.ico' to '/var/www/cryptpad/customize/main-favicon.png'
# -
cp ~chris/favicon.ico /var/www/cryptpad/customize/main-favicon.png
cp ~chris/favicon.ico /var/www/cryptpad/customize.dist/
chown www-data:www-data /var/www/cryptpad/customize/main-favicon.png
chown www-data:www-data /var/www/cryptpad/customize.dist/favicon.ico
# ---
# Systemd Unit
# ---
# - Run as daemon using systemd
# -
cat << EOF > /etc/systemd/system/cryptpad.service
[Unit]
Description=CryptPad Service
After=syslog.target network.target
Requires=nginx.service
[Service]
Type=simple
User=www-data
Group=www-data
Environment='PWD="/var/www/cryptpad"'
# modify to match the location of your cryptpad repository
WorkingDirectory=/var/www/cryptpad
ExecStart=/usr/bin/node /var/www/cryptpad/server.js
TimeoutSec=30
# Restart service after 10 seconds if node service crashes
RestartSec=2
Restart=always
# Output to syslog
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=cryptpad
## Modify these two values and uncomment them if you have lots of files and get an HTTP error 500 because of that
LimitMEMLOCK=infinity
LimitNOFILE=65535
### If you want to bind CryptPad to a port below 1024 uncomment the two values below
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable cryptpad
# - Start cryptpad
# -
systemctl start cryptpad
# ---
# Basic Check of your configuration:
# ---
# In yout browser type:
#
# https://${cryptpad_url}/checkup/
# Maybe the the 'checkup' script recommends to run:
#
# npm run build
#
# we have to do this under the webservice user www-data
#
su www-data -s /bin/bash -c "npm run build"

58
README.upgrade
View File

@ -3,44 +3,68 @@
# - Upgrading CryptPad
# ====================
# see: https://docs.cryptpad.org/en/admin_guide/maintenance.html#upgrading-cryptpad
# - Note!
# -
# - Always read the release notes before upgrading, as there may be changes
# - that require special consideration.
cryptpad_user=cryptpad
# - Stop cryptpad
# -
systemctl stop cryptpad
# Stop iptables firewall
#
ipt-firewall-server flush
ip6t-firewall-server flush
# Login as CryptPad user
#
su - ${cryptpad_user}
# - Backup existing installation
# -
cp -a /var/www/cryptpad /var/www/cryptpad.BAK.$(date +%Y-%m-%d-%H%M)
cp -a cryptpad cryptpad.BAK.$(date +%Y-%m-%d-%H%M)
# - Change into installation directory
# -
cd /var/www/cryptpad
cd cryptpad
# - Update Git repository
# -
su www-data -s /bin/bash -c "git pull"
git pull
npm update
npm run install:components
# - Update 'npm'
# -
su www-data -s /bin/bash -c "npm update"
# - Update 'bower'
# -
su www-data -s /bin/bash -c "bower update"
# OnlyOffice is now a separate module
#
# OnlyOffice applications (Sheets, Document, Presentation) are not bundled with CryptPad
# anymore. You can install/update them by running the installation script we provide:
#
# ./install-onlyoffice.sh
# # press q to close the license screen
# # and Y ⏎ to accept the OnlyOffice license
#
./install-onlyoffice.sh
# - Maybe more updates
# -
╭─────────────────────────────────────╮
│ │
│ Update available 1.8.4 → 1.8.8 │
│ Run npm i -g bower to update │
│ │
╰─────────────────────────────────────╯
exit
# Restart firewll
#
ipt-firewall-server
ip6t-firewall-server
# - Start cryptpad

49
README.upgrade.00 Normal file
View File

@ -0,0 +1,49 @@
# ====================
# - Upgrading CryptPad
# ====================
# - Note!
# -
# - Always read the release notes before upgrading, as there may be changes
# - that require special consideration.
# - Stop cryptpad
# -
systemctl stop cryptpad
# - Backup existing installation
# -
cp -a /var/www/cryptpad /var/www/cryptpad.BAK.$(date +%Y-%m-%d-%H%M)
# - Change into installation directory
# -
cd /var/www/cryptpad
# - Update Git repository
# -
su www-data -s /bin/bash -c "git pull"
# - Update 'npm'
# -
su www-data -s /bin/bash -c "npm update"
# - Update 'bower'
# -
su www-data -s /bin/bash -c "bower update"
# - Maybe more updates
# -
╭─────────────────────────────────────╮
│ │
│ Update available 1.8.4 → 1.8.8 │
│ Run npm i -g bower to update │
│ │
╰─────────────────────────────────────╯
# - Start cryptpad
# -
systemctl start cryptpad