Compare commits
16 Commits
2549168063
...
master
Author | SHA1 | Date | |
---|---|---|---|
7fefa364a3 | |||
e54a3045dc | |||
e45e308e8e | |||
8ed9555262 | |||
52657a71af | |||
fa0cbc561b | |||
ea629fd5a1 | |||
56df88d4f5 | |||
f21dfa6edc | |||
7bf365d747 | |||
21dbbe20f1 | |||
1020168077 | |||
d665f126aa | |||
f238b5fbd7 | |||
9062d788ab | |||
7bb08995f9 |
34
README.OnlyOffice
Normal file
34
README.OnlyOffice
Normal file
@ -0,0 +1,34 @@
|
||||
# ---
|
||||
# OnlyOffice is now a separate module
|
||||
#
|
||||
# OnlyOffice applications (Sheets, Document, Presentation) are not bundled with CryptPad
|
||||
# anymore. You can install/update them by running the installation script we provide:
|
||||
# ---
|
||||
|
||||
cryptpad_user=cryptpad
|
||||
|
||||
|
||||
# - Stop cryptpad
|
||||
# -
|
||||
systemctl stop cryptpad
|
||||
|
||||
|
||||
# Stop iptables firewall
|
||||
#
|
||||
ipt-firewall-server flush
|
||||
ip6t-firewall-server flush
|
||||
|
||||
|
||||
# Login as CryptPad user
|
||||
#
|
||||
su - ${cryptpad_user}
|
||||
cd cryptpad
|
||||
|
||||
# Install OnlyOffice
|
||||
#
|
||||
# ./install-onlyoffice.sh
|
||||
# # press q to close the license screen
|
||||
# # and Y ⏎ to accept the OnlyOffice license
|
||||
#
|
||||
./install-onlyoffice.sh
|
||||
|
@ -2,8 +2,59 @@
|
||||
# Copy existing user data to new pad
|
||||
# =================
|
||||
|
||||
cryptpad_user=cryptpad
|
||||
|
||||
backup_date="2022-09-22-1001"
|
||||
# Stop cryptpad service
|
||||
#
|
||||
systemctl stop cryptpad.service
|
||||
|
||||
|
||||
cp -a /var/www/cryptpad.BAK.${backup_date}/{blob,blobstage,block,datastore} /var/www/cryptpad/
|
||||
# login as cryptpad user
|
||||
#
|
||||
su - ${cryptpad_user}
|
||||
|
||||
|
||||
|
||||
backup_date="2023-12-12-1442"
|
||||
|
||||
|
||||
# Backup current installation
|
||||
#
|
||||
cp -a cryptpad cryptpad.CURRENT
|
||||
|
||||
|
||||
# Copy configuration file
|
||||
#
|
||||
cp cryptpad.BAK.${backup_date}/config/config.js cryptpad/config/config.js
|
||||
|
||||
# Instanzkonfiguration
|
||||
#
|
||||
# Note:
|
||||
# some settings cannot be changed once user accounts have been created.
|
||||
#
|
||||
cp cryptpad.BAK.${backup_date}/customize/application_config.js cryptpad/customize/application_config.js
|
||||
|
||||
|
||||
# Copy user data
|
||||
#
|
||||
#for i in blob blobstage block datastore ; do
|
||||
for i in data datastore block blob ; do
|
||||
|
||||
echo""
|
||||
echo -e " Syncing directory '${i}'.."
|
||||
rsync -a --delete /var/www/cryptpad/cryptpad.BAK.${backup_date}/$i /var/www/cryptpad/cryptpad/
|
||||
chown cryptpad:cryptpad /var/www/cryptpad/cryptpad/$i
|
||||
|
||||
done
|
||||
|
||||
|
||||
# logoff from cryptpad user
|
||||
#
|
||||
exit
|
||||
|
||||
|
||||
|
||||
# Start cryptpad service
|
||||
#
|
||||
systemctl start cryptpad.service
|
||||
|
||||
|
517
README.install
517
README.install
@ -3,7 +3,7 @@
|
||||
# =================
|
||||
|
||||
# - See:
|
||||
# - https://blog.cavebeat.org/2017/07/cryptpad-installation-on-debian-stretch/
|
||||
# - https://docs.cryptpad.org/en/admin_guide/installation.html
|
||||
# -
|
||||
# - See also:
|
||||
# - git repository: https://github.com/xwiki-labs/cryptpad
|
||||
@ -12,180 +12,122 @@
|
||||
|
||||
cryptpad_url=cpad-01.oopen.de
|
||||
cryptpad_url=o13-pad.oopen.de
|
||||
cryptpad_url=o13-cryptpad.oopen.de
|
||||
cryptpad_url=pad.ra-kanzlei-kiel.de
|
||||
cryptpad_url=crpad.fluechtlingsrat-berlin.de
|
||||
|
||||
|
||||
# bei vorgeschalteter authentifizierung funktioniert
|
||||
# eine *extra* sandbox url nicht. in diesem falle die gleiche
|
||||
# adresse nehmen wie für die hautp seite
|
||||
#
|
||||
#cryptpad_sandbox_url=cpadsb-01.oopen.de
|
||||
#cryptpad_sandbox_url=o13-padsb.oopen.de
|
||||
cryptpad_sandbox_url="$cryptpad_url"
|
||||
|
||||
cryptpad_sandbox_url="cpadsb-01.oopen.de"
|
||||
cryptpad_sandbox_url="o13-padsb.oopen.de"
|
||||
cryptpad_sandbox_url="o13-cryptpadsb.oopen.de"
|
||||
cryptpad_sandbox_url="sandbox.pad.ra-kanzlei-kiel.de"
|
||||
cryptpad_sandbox_url="cpadsb.fluechtlingsrat-berlin.de"
|
||||
|
||||
vhost_config_file="${cryptpad_url}.conf"
|
||||
|
||||
cryptpad_user=cryptpad
|
||||
cryptpad_group=cryptpad
|
||||
cryptpad_gid=2010
|
||||
cryptpad_uid=2010
|
||||
|
||||
# ----------
|
||||
# - Pre-requisites
|
||||
# ----------
|
||||
|
||||
# - Install curl, git
|
||||
# -
|
||||
apt-get install curl git-core
|
||||
|
||||
# - Install Python
|
||||
# -
|
||||
apt-get install python-minimal python
|
||||
# debian bullseye:
|
||||
apt install python-is-python2 python2-minimal
|
||||
|
||||
# - Install compiler stuff
|
||||
# -
|
||||
# - apt-get install -y g++ g++-multilib gcc gcc-multilib cpp \
|
||||
# - make automake autoconf libtool flex bison \
|
||||
# - gettext pkg-config gnu-standards \
|
||||
# - libssl-dev libreadline-dev libncurses-dev
|
||||
# -
|
||||
apt-get install gcc g++ make
|
||||
cryptpad_base_dir=/var/www/cryptpad
|
||||
cryptpad_home_dir="${cryptpad_base_dir}"
|
||||
cryptpad_install_dir="${cryptpad_home_dir}/cryptpad"
|
||||
|
||||
|
||||
# ---
|
||||
# - Install Nginx webservice
|
||||
# ---
|
||||
|
||||
apt-get install nginx
|
||||
|
||||
# - Generate Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
|
||||
# -
|
||||
mkdir /etc/nginx/ssl
|
||||
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
|
||||
|
||||
|
||||
# ----------
|
||||
# - Create nginx configuration for CryptPad
|
||||
# -
|
||||
# - see: https://github.com/xwiki-labs/cryptpad/blob/main/docs/example.nginx.conf
|
||||
# -
|
||||
# ----------
|
||||
|
||||
|
||||
# ---
|
||||
# - Install NodeJS v6.x on Debian 9 Stretch
|
||||
# ---
|
||||
|
||||
# - Creates the apt sources list file '/etc/apt/sources.list.d/nodesource.list' for
|
||||
# - the NodeSource Node.js v6.x and also adds the NodeSource signing key to your keyring
|
||||
# -
|
||||
# - curl -sL https://deb.nodesource.com/setup_6.x | bash -
|
||||
# -
|
||||
# - Hope nodejs version 14.x will work
|
||||
# -
|
||||
# - nodejs 6.0 does not yet work for actuall etherpad, which ist also installed
|
||||
# - on this server.
|
||||
# -
|
||||
curl -sL https://deb.nodesource.com/setup_14.x | bash -
|
||||
apt-get update
|
||||
|
||||
# - Install nodejs version 6.x from repository 'deb.nodesource.com'
|
||||
# -
|
||||
|
||||
# - Tell the apt system to install nodejs from repository deb.nodesource.com
|
||||
# -
|
||||
# - You should pin the external source using the origin option to assign a high
|
||||
# - priority to "the external source" instead of using the release name.
|
||||
# -
|
||||
# - e,g: Add the following lines to your /etc/apt/preferences.d/preferences:
|
||||
# -
|
||||
# - Package: *
|
||||
# - Pin: origin deb.nodesource.com
|
||||
# - Pin-Priority: 1001
|
||||
# -
|
||||
if ! $(grep -E -q "^\s*Pin:\s+origin\s+deb.nodesource.com" /etc/apt/preferences.d/preferences) ; then
|
||||
cat <<EOF >> /etc/apt/preferences.d/preferences
|
||||
Package: *
|
||||
Pin: origin deb.nodesource.com
|
||||
Pin-Priority: 1001
|
||||
EOF
|
||||
fi
|
||||
|
||||
# - Verify with 'apt-cache policy nodejs'
|
||||
# -
|
||||
# - Output must conatin somethin liek that:
|
||||
# - Installationskandidat: 6.14.4-1nodesource1
|
||||
# -
|
||||
apt-cache policy nodejs
|
||||
|
||||
# - Install nodejs..
|
||||
# -
|
||||
apt-get install nodejs
|
||||
|
||||
# - An alternative possibility:
|
||||
# -
|
||||
# - 1. Show versions for nodejs
|
||||
# -
|
||||
# - # aptitude versions nodejs
|
||||
# -
|
||||
# - output may looks like:
|
||||
# -
|
||||
# - i 6.14.4-1nodesource1 <NULL> 500
|
||||
# - p 10.15.2~dfsg-2 stable 500
|
||||
# -
|
||||
# - 2. install nodejs 6.14.4-1nodesource1
|
||||
# -
|
||||
# - apt-get install nodejs=6.14.4-1nodesource1
|
||||
# - ^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
# -
|
||||
|
||||
# - Test if installation was successfully
|
||||
# -
|
||||
node -v
|
||||
npm -v
|
||||
|
||||
|
||||
|
||||
# ---
|
||||
# - Install bower
|
||||
# ---
|
||||
|
||||
# - Install bower (global)
|
||||
# -
|
||||
npm install -g bower
|
||||
|
||||
|
||||
# ---
|
||||
# ==========
|
||||
# - Create the user for the service:
|
||||
# ---
|
||||
|
||||
mkdir -p /var/www/{.cache,.config,.local,.node-gyp,.npm,.private}
|
||||
chown -R www-data:www-data /var/www/{.cache,.config,.local,.node-gyp,.npm,.private}
|
||||
# ==========
|
||||
|
||||
|
||||
addgroup --gid $cryptpad_gid $cryptpad_group
|
||||
adduser --gid $cryptpad_uid --uid $cryptpad_uid --home $cryptpad_home_dir $cryptpad_user
|
||||
|
||||
# ---
|
||||
|
||||
# ==========
|
||||
# - Install cryptpad
|
||||
# ---
|
||||
# ==========
|
||||
|
||||
cd /var/www/
|
||||
chown www-data:www-data /var/www
|
||||
su - ${cryptpad_user}
|
||||
|
||||
cryptpad_base_dir=/var/www/cryptpad
|
||||
cryptpad_home_dir="${cryptpad_base_dir}"
|
||||
cryptpad_install_dir="${cryptpad_home_dir}/cryptpad"
|
||||
|
||||
cryptpad_url=cpad-01.oopen.de
|
||||
cryptpad_url=o13-pad.oopen.de
|
||||
cryptpad_url=o13-cryptpad.oopen.de
|
||||
cryptpad_url=pad.ra-kanzlei-kiel.de
|
||||
cryptpad_url=crpad.fluechtlingsrat-berlin.de
|
||||
|
||||
|
||||
# - Get cryptpad
|
||||
cryptpad_sandbox_url="cpadsb-01.oopen.de"
|
||||
cryptpad_sandbox_url="o13-padsb.oopen.de"
|
||||
cryptpad_sandbox_url="o13-cryptpadsb.oopen.de"
|
||||
cryptpad_sandbox_url="sandbox.pad.ra-kanzlei-kiel.de"
|
||||
cryptpad_sandbox_url="cpadsb.fluechtlingsrat-berlin.de"
|
||||
|
||||
|
||||
cd ${cryptpad_home_dir}
|
||||
|
||||
|
||||
# - Get cryptpad - Clone the CryptPad repository
|
||||
# -
|
||||
su www-data -s /bin/bash -c "git clone https://github.com/xwiki-labs/cryptpad /var/www/cryptpad"
|
||||
git clone https://github.com/cryptpad/cryptpad.git ${cryptpad_install_dir}
|
||||
|
||||
# Switch to the latest published tag
|
||||
#
|
||||
# git checkout $(git tag -l | grep -v 'v1.*$' | sort -V | tail -n 1)
|
||||
|
||||
|
||||
cd ${cryptpad_install_dir}
|
||||
|
||||
|
||||
|
||||
# !!! NOTE
|
||||
#
|
||||
# Switch of IPv4 and IPv6 firewall
|
||||
# ================================
|
||||
#
|
||||
# You will run into connection limit if the setting is too sensitive
|
||||
#
|
||||
# !!! NOTE
|
||||
|
||||
|
||||
cd cryptpad
|
||||
|
||||
# - Complete Installation of cryptpad
|
||||
# -
|
||||
su www-data -s /bin/bash -c "npm install"
|
||||
npm ci
|
||||
|
||||
# - Maybe you haave to run
|
||||
# - Maybe you haave to run
|
||||
#
|
||||
# su www-data -s /bin/bash -c "npm fund"
|
||||
# su www-data -s /bin/bash -c "npm audit fix --force"
|
||||
# # packages looking for funding
|
||||
# #
|
||||
# npm fund
|
||||
#
|
||||
# # To address issues that do not require attention, run:
|
||||
# #
|
||||
# npm audit fix
|
||||
#
|
||||
#npm fund
|
||||
#npm audit fix
|
||||
|
||||
npm run install:components
|
||||
|
||||
|
||||
# Build static pages & Open Graph metadata
|
||||
#
|
||||
# To build some of CryptPad static pages & enable social media link previews,
|
||||
# run the following command:
|
||||
#
|
||||
npm run build
|
||||
|
||||
su www-data -s /bin/bash -c "bower install"
|
||||
|
||||
|
||||
# ---
|
||||
@ -210,29 +152,71 @@ cp -a config/config.example.js config/config.js
|
||||
# - myDomain: oopen.de,
|
||||
# -
|
||||
if $(grep -q -E "\s*/?/?\s*adminEmail" /var/www/cryptpad/config/config.js 2> /dev/null) ; then
|
||||
perl -i -n -p -e"s#(\s*)(adminEmail:.*)#\1// \2\n\1adminEmail: 'admin\@oopen.de',#" /var/www/cryptpad/config/config.js
|
||||
perl -i -n -p -e"s#(\s*)(adminEmail:.*)#\1// \2\n\1adminEmail: 'admin\@oopen.de',#" ${cryptpad_install_dir}/config/config.js
|
||||
else
|
||||
perl -i -n -p -e"s/(\s*})/ adminEmail: 'admin\@oopen.de',\n\1/" /var/www/cryptpad/config/config.js
|
||||
perl -i -n -p -e"s/(\s*})/ adminEmail: 'admin\@oopen.de',\n\1/" ${cryptpad_install_dir}/config/config.js
|
||||
fi
|
||||
|
||||
perl -i -n -p -e"s#(\s*)(httpUnsafeOrigin:.*)#\1// \2\n\1httpUnsafeOrigin: 'https://${cryptpad_url}',#" /var/www/cryptpad/config/config.js
|
||||
perl -i -n -p -e"s#(\s*)(httpUnsafeOrigin:.*)#\1// \2\n\1httpUnsafeOrigin: 'https://${cryptpad_url}',#" ${cryptpad_install_dir}/config/config.js
|
||||
|
||||
perl -i -n -p -e"s#(\s*)(/*\s*)(httpSafeOrigin:.*)#\1// \3\n\1httpSafeOrigin: 'https://${cryptpad_sandbox_url}',#" /var/www/cryptpad/config/config.js
|
||||
perl -i -n -p -e"s#(\s*)(/*\s*)(httpSafeOrigin:.*)#\1// \3\n\1httpSafeOrigin: 'https://${cryptpad_sandbox_url}',#" ${cryptpad_install_dir}/config/config.js
|
||||
|
||||
|
||||
perl -i -n -p -e"s#(\s*)(/*\s*)(httpAddress:.*)#\1// \3\n\1httpAddress: '::',#" /var/www/cryptpad/config/config.js
|
||||
perl -i -n -p -e"s#(\s*)(/*\s*)(httpAddress:.*)#\1// \3\n\1httpAddress: '::',#" ${cryptpad_install_dir}/config/config.js
|
||||
|
||||
# - deaktivate donate Button
|
||||
# -
|
||||
if $(grep -q -E "\s*/?/?\s*removeDonateButton" /var/www/cryptpad/config/config.js 2> /dev/null) ; then
|
||||
perl -i -n -p -e"s#(\s*)(/*\s*)(removeDonateButton:.*)#\1//\3\n\1removeDonateButton: true,#" /var/www/cryptpad/config/config.js
|
||||
perl -i -n -p -e"s#(\s*)(/*\s*)(removeDonateButton:.*)#\1//\3\n\1removeDonateButton: true,#" ${cryptpad_install_dir}/config/config.js
|
||||
else
|
||||
perl -i -n -p -e"s/(\s*})/ removeDonateButton: true,\n\1/" /var/www/cryptpad/config/config.js
|
||||
perl -i -n -p -e"s/(\s*})/ removeDonateButton: true,\n\1/" ${cryptpad_install_dir}/config/config.js
|
||||
fi
|
||||
|
||||
# - Set storage..
|
||||
# -
|
||||
perl -i -n -p -e"s#(\s*)(/*\s*)(defaultStorageLimit:.*)#\1//\3\n\1defaultStorageLimit: 250 * 1024 * 1024,#" /var/www/cryptpad/config/config.js
|
||||
perl -i -n -p -e"s#(\s*)(/*\s*)(defaultStorageLimit:.*)#\1//\3\n\1defaultStorageLimit: 250 * 1024 * 1024,#" ${cryptpad_install_dir}/config/config.js
|
||||
|
||||
|
||||
# - Instance customization
|
||||
# -
|
||||
# - The functionality as well as the look-and-feel of an instance can be customized
|
||||
# - by creating a customize folder and copying assets to be customized (images,
|
||||
# - stylesheets, page templates, etc) from customize.dist into it. If a file exists
|
||||
# -in customize, it will be served to users instead of its namesake in customize.dist.
|
||||
# -
|
||||
# - The purpose of the customize directory is to make it easier to upgrade CryptPad
|
||||
# - while maintaining customizations in place. Occasionally, a major new version may
|
||||
# - introduce breaking changes or require adjustments in the customizations.
|
||||
# - Administrators with customized instances are therefore encouraged to read
|
||||
# - instructions carefully before each upgrade.
|
||||
# -
|
||||
mkdir -p ${cryptpad_install_dir}/cryptpad/customize
|
||||
|
||||
# - Application config
|
||||
# -
|
||||
# - A wide range of settings are available in www/common/application_config_internal.js.
|
||||
# - To modify them:
|
||||
# -
|
||||
# - 1. Make a copy of customize.dist/application_config.js in the customize folder.
|
||||
# -
|
||||
# - 2. Copy the default value(s) to modify from www/common/application_config_internal.js
|
||||
# - into customize/application_config.js.
|
||||
# -
|
||||
cp ${cryptpad_install_dir}/customize.dist/application_config.js ${cryptpad_install_dir}/customize/
|
||||
|
||||
|
||||
# - Restricting guest access
|
||||
# -
|
||||
# - To disable unregistered use of CryptPad, add the following to
|
||||
# - customize/application_config.js:
|
||||
# -
|
||||
# - AppConfig.registeredOnlyTypes = AppConfig.availablePadTypes;
|
||||
|
||||
# ---
|
||||
# - for further configurations see:
|
||||
# - https://docs.cryptpad.org/en/admin_guide/customization.html#application-config
|
||||
# ---
|
||||
|
||||
|
||||
# - Customizing CryptPad
|
||||
# -
|
||||
@ -248,54 +232,93 @@ perl -i -n -p -e"s#(\s*)(/*\s*)(defaultStorageLimit:.*)#\1//\3\n\1defaultStorage
|
||||
# - '/customize.dist/' to '/customize' and then edit it there, this way you will
|
||||
# - still be able to pull from (and make pull requests to (!) the git repository.
|
||||
# -
|
||||
cp -a /var/www/cryptpad/customize.dist /var/www/cryptpad/customize
|
||||
#cp -a ${cryptpad_install_dir}/customize.dist ${cryptpad_install_dir}/cryptpad/customize
|
||||
|
||||
# - Copy 'favicon.ico' to '/var/www/cryptpad/customize/main-favicon.png'
|
||||
# -
|
||||
cp ~chris/favicon.ico /var/www/cryptpad/customize/main-favicon.png
|
||||
cp ~chris/favicon.ico /var/www/cryptpad/customize.dist/
|
||||
chown www-data:www-data /var/www/cryptpad/customize/main-favicon.png
|
||||
chown www-data:www-data /var/www/cryptpad/customize.dist/favicon.ico
|
||||
|
||||
# Install OnlyOffice - OnlyOffice is now a separate module
|
||||
#
|
||||
# OnlyOffice applications (Sheets, Document, Presentation) are not bundled with CryptPad
|
||||
# anymore. You can install/update them by running the installation script we provide:
|
||||
#
|
||||
# ./install-onlyoffice.sh
|
||||
# # press q to close the license screen
|
||||
# # and Y ⏎ to accept the OnlyOffice license
|
||||
#
|
||||
./install-onlyoffice.sh
|
||||
|
||||
|
||||
# Exit from cryptpad user
|
||||
#
|
||||
exit
|
||||
|
||||
|
||||
# ---
|
||||
# Systemd Unit
|
||||
# ---
|
||||
|
||||
# - Run as daemon using systemd
|
||||
# -
|
||||
cat << EOF > /etc/systemd/system/cryptpad.service
|
||||
cat <<EOF > /etc/systemd/system/cryptpad.service
|
||||
[Unit]
|
||||
Description=CryptPad Service
|
||||
After=syslog.target network.target
|
||||
Requires=nginx.service
|
||||
Description=CryptPad API server
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=www-data
|
||||
Group=www-data
|
||||
Environment='PWD="/var/www/cryptpad"'
|
||||
ExecStart=/usr/bin/node ${cryptpad_install_dir}/server.js
|
||||
# modify to match the location of your cryptpad repository
|
||||
WorkingDirectory=/var/www/cryptpad
|
||||
ExecStart=/usr/bin/node /var/www/cryptpad/server.js
|
||||
WorkingDirectory=${cryptpad_install_dir}
|
||||
|
||||
TimeoutSec=30
|
||||
Restart=always
|
||||
# Restart service after 10 seconds if node service crashes
|
||||
RestartSec=2
|
||||
Restart=always
|
||||
|
||||
# Output to syslog
|
||||
StandardOutput=syslog
|
||||
StandardError=syslog
|
||||
SyslogIdentifier=cryptpad
|
||||
# Proper logging to journald
|
||||
StandardOutput=journal
|
||||
StandardError=journal+console
|
||||
|
||||
## Modify these two values and uncomment them if you have lots of files and get an HTTP error 500 because of that
|
||||
LimitMEMLOCK=infinity
|
||||
LimitNOFILE=65535
|
||||
### If you want to bind CryptPad to a port below 1024 uncomment the two values below
|
||||
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||
#AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
User=${cryptpad_user}
|
||||
Group=${cryptpad_group}
|
||||
# modify to match your working directory
|
||||
Environment='PWD="${cryptpad_install_dir}"'
|
||||
|
||||
# systemd sets the open file limit to 4000 unless you override it
|
||||
# cryptpad stores its data with the filesystem, so you should increase this to match the value of `ulimit -n`
|
||||
# or risk EMFILE errors.
|
||||
LimitNOFILE=1000000
|
||||
|
||||
# hardening directives as per https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||
# check those with systemd-analyze security cryptpad.service for more information
|
||||
# Proc filesystem
|
||||
ProcSubset=all
|
||||
ProtectProc=invisible
|
||||
# Capabilities
|
||||
CapabilityBoundingSet=
|
||||
# Security
|
||||
NoNewPrivileges=true
|
||||
# Sandboxing
|
||||
ProtectSystem=strict
|
||||
PrivateTmp=true
|
||||
PrivateDevices=true
|
||||
ProtectHostname=true
|
||||
ProtectKernelLogs=true
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelTunables=true
|
||||
ProtectControlGroups=true
|
||||
RestrictAddressFamilies=AF_INET
|
||||
RestrictAddressFamilies=AF_INET6
|
||||
RestrictAddressFamilies=AF_NETLINK
|
||||
RestrictAddressFamilies=AF_UNIX
|
||||
RestrictNamespaces=true
|
||||
LockPersonality=true
|
||||
RestrictRealtime=true
|
||||
RestrictSUIDSGID=true
|
||||
RemoveIPC=true
|
||||
PrivateMounts=true
|
||||
ProtectClock=true
|
||||
# System Call Filtering
|
||||
SystemCallArchitectures=native
|
||||
SystemCallFilter=~@cpu-emulation @debug @keyring @ipc @mount @obsolete @privileged @setuid
|
||||
SystemCallFilter=@chown
|
||||
SystemCallFilter=pipe
|
||||
SystemCallFilter=pipe2
|
||||
ReadWritePaths=${cryptpad_install_dir}
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@ -309,6 +332,124 @@ systemctl enable cryptpad
|
||||
systemctl start cryptpad
|
||||
|
||||
|
||||
# ==========
|
||||
# nginx vhost configuration
|
||||
# ==========
|
||||
|
||||
cat <<EOF > /etc/nginx/sites-available/${vhost_config_file}
|
||||
# -- ${cryptpad_url}
|
||||
|
||||
# we want restrict authentication to cryptpad sandbox urls "${cryptpad_sandbox_url}"
|
||||
#
|
||||
map \$http_host \$auth_type {
|
||||
default "off"; #This will turn off auth-basic
|
||||
${cryptpad_sandbox_url} "Restricted"; #This or any other string will turn it back on
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name ${cryptpad_url};
|
||||
return 301 https://\$server_name\$request_uri;
|
||||
}
|
||||
|
||||
|
||||
# This file is included strictly as an example of how Nginx can be configured
|
||||
# to work with CryptPad. This example WILL NOT WORK AS IS. For best results,
|
||||
# compare the sections of this configuration file against a working CryptPad
|
||||
# installation (http server by the Nodejs process). If you are using CryptPad
|
||||
# in production and require professional support please contact sales@cryptpad.fr
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
# Let's Encrypt webroot
|
||||
#include letsencrypt-webroot;
|
||||
|
||||
# ----------
|
||||
# !! inserted by ckubu !!
|
||||
#
|
||||
# Needed for (automated) updating certificate
|
||||
#
|
||||
include snippets/letsencrypt-acme-challenge.conf;
|
||||
#
|
||||
# ----------
|
||||
|
||||
# CryptPad serves static assets over these two domains.
|
||||
# \`your-main-domain\` is what users will enter in their address bar.
|
||||
# Privileged computation such as key management is handled in this scope
|
||||
# UI content is loaded via the \`your-sandbox-domain\`.
|
||||
# "Content Security Policy" headers prevent content loaded via the sandbox
|
||||
# from accessing privileged information.
|
||||
# This setup allows to take advantage of CryptPad's sandboxing techniques.
|
||||
# In the event of an XSS vulnerability in CryptPad's front-end code
|
||||
# this will limit the amount of information accessible to attackers.
|
||||
server_name ${cryptpad_url} ${cryptpad_sandbox_url};
|
||||
|
||||
# You'll need to Set the path to your certificates and keys here
|
||||
# IMPORTANT: this config is intended to serve assets for at least two domains
|
||||
# (your main domain and your sandbox domain). As such, you'll need to generate a single SSL certificate
|
||||
# that includes both domains in order for things to work as expected.
|
||||
ssl_certificate /var/lib/dehydrated/certs/${cryptpad_url}/fullchain.pem;
|
||||
ssl_certificate_key /var/lib/dehydrated/certs/${cryptpad_url}/privkey.pem;
|
||||
|
||||
# diffie-hellman parameters are used to negotiate keys for your session
|
||||
# generate strong parameters using the following command
|
||||
ssl_dhparam /etc/nginx/ssl/dhparam.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096
|
||||
|
||||
# Speeds things up a little bit when resuming a session
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:MozSSL:10m;
|
||||
ssl_session_tickets off;
|
||||
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers off;
|
||||
|
||||
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
|
||||
|
||||
# OCSP stapling
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
||||
# verify chain of trust of OCSP response using Root CA and Intermediate certs
|
||||
ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
|
||||
|
||||
# replace with the IP address of your resolver
|
||||
resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 9.9.9.9 149.112.112.112 208.67.222.222 208.67.220.220;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:3000;
|
||||
proxy_set_header X-Real-IP \$remote_addr;
|
||||
proxy_set_header Host \$host;
|
||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||
client_max_body_size 150m;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade \$http_upgrade;
|
||||
proxy_set_header Connection upgrade;
|
||||
}
|
||||
|
||||
# ----------
|
||||
# !! included by ckubu !!
|
||||
#
|
||||
# Only authenticated users
|
||||
#
|
||||
auth_basic "\$auth_type";
|
||||
auth_basic_user_file /etc/nginx/.htpasswd-o13-pad;
|
||||
#
|
||||
# ----------
|
||||
}
|
||||
EOF
|
||||
|
||||
ln -s ../sites-available/${vhost_config_file} /etc/nginx/sites-enabled/${vhost_config_file}
|
||||
|
||||
nginx -t
|
||||
systemctl restart nginx
|
||||
|
||||
|
||||
# ---
|
||||
# Basic Check of your configuration:
|
||||
# ---
|
||||
@ -316,11 +457,3 @@ systemctl start cryptpad
|
||||
# In yout browser type:
|
||||
#
|
||||
# https://${cryptpad_url}/checkup/
|
||||
|
||||
# Maybe the the 'checkup' script recommends to run:
|
||||
#
|
||||
# npm run build
|
||||
#
|
||||
# we have to do this under the webservice user www-data
|
||||
#
|
||||
su www-data -s /bin/bash -c "npm run build"
|
||||
|
@ -1,28 +1,48 @@
|
||||
# ----------
|
||||
# - Install nodejs - (we use the official NodeJs LTS release)
|
||||
# ----------
|
||||
|
||||
|
||||
apt update && apt full-upgrade
|
||||
|
||||
# Install Prerequisites
|
||||
#
|
||||
apt install curl \
|
||||
gpg \
|
||||
gnupg2 \
|
||||
software-properties-common \
|
||||
ca-certificates \
|
||||
curl \
|
||||
gnupg \
|
||||
apt-transport-https \
|
||||
lsb-release ca-certificates
|
||||
lsb-release
|
||||
|
||||
|
||||
# Download and import the Nodesource GPG key
|
||||
#
|
||||
mkdir -p /etc/apt/keyrings
|
||||
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
|
||||
|
||||
|
||||
# NODE_MAJOR=16
|
||||
# NODE_MAJOR=18
|
||||
# NODE_MAJOR=20
|
||||
# Create debian repository
|
||||
#
|
||||
NODE_MAJOR=21
|
||||
NODE_MAJOR=20
|
||||
|
||||
echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | sudo tee /etc/apt/sources.list.d/nodesource.list
|
||||
|
||||
# Run update
|
||||
#
|
||||
apt update
|
||||
|
||||
# Install nodejs
|
||||
#
|
||||
apt install nodejs
|
||||
|
||||
node -v
|
||||
npm -v
|
||||
|
||||
|
||||
# ----------
|
||||
# Uninstall nodejs Ubuntu & Debian packages
|
||||
# ----------
|
||||
|
||||
# To completely remove Node.js installed from the deb.nodesource.com package methods above:
|
||||
#
|
||||
apt-get purge nodejs
|
||||
rm -r /etc/apt/sources.list.d/nodesource.list
|
||||
rm -r /etc/apt/keyrings/nodesource.gpg
|
||||
|
||||
apt update
|
||||
|
326
README.install.00
Normal file
326
README.install.00
Normal file
@ -0,0 +1,326 @@
|
||||
# =================
|
||||
# - Install Cryptad on Debian 9 (stretch)
|
||||
# =================
|
||||
|
||||
# - See:
|
||||
# - https://blog.cavebeat.org/2017/07/cryptpad-installation-on-debian-stretch/
|
||||
# -
|
||||
# - See also:
|
||||
# - git repository: https://github.com/xwiki-labs/cryptpad
|
||||
# - installation guide: https://github.com/xwiki-labs/cryptpad/wiki/Installation-guide
|
||||
# -
|
||||
|
||||
cryptpad_url=cpad-01.oopen.de
|
||||
cryptpad_url=o13-pad.oopen.de
|
||||
|
||||
# bei vorgeschalteter authentifizierung funktioniert
|
||||
# eine *extra* sandbox url nicht. in diesem falle die gleiche
|
||||
# adresse nehmen wie für die hautp seite
|
||||
#
|
||||
#cryptpad_sandbox_url=cpadsb-01.oopen.de
|
||||
#cryptpad_sandbox_url=o13-padsb.oopen.de
|
||||
cryptpad_sandbox_url="$cryptpad_url"
|
||||
cryptpad_sandbox_url="cpadsb-01.oopen.de"
|
||||
cryptpad_sandbox_url="o13-padsb.oopen.de"
|
||||
|
||||
vhost_config_file="${cryptpad_url}.conf"
|
||||
|
||||
|
||||
# ----------
|
||||
# - Pre-requisites
|
||||
# ----------
|
||||
|
||||
# - Install curl, git
|
||||
# -
|
||||
apt-get install curl git-core
|
||||
|
||||
# - Install Python
|
||||
# -
|
||||
apt-get install python-minimal python
|
||||
# debian bullseye:
|
||||
apt install python-is-python2 python2-minimal
|
||||
|
||||
# - Install compiler stuff
|
||||
# -
|
||||
# - apt-get install -y g++ g++-multilib gcc gcc-multilib cpp \
|
||||
# - make automake autoconf libtool flex bison \
|
||||
# - gettext pkg-config gnu-standards \
|
||||
# - libssl-dev libreadline-dev libncurses-dev
|
||||
# -
|
||||
apt-get install gcc g++ make
|
||||
|
||||
|
||||
# ---
|
||||
# - Install Nginx webservice
|
||||
# ---
|
||||
|
||||
apt-get install nginx
|
||||
|
||||
# - Generate Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
|
||||
# -
|
||||
mkdir /etc/nginx/ssl
|
||||
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
|
||||
|
||||
|
||||
# ----------
|
||||
# - Create nginx configuration for CryptPad
|
||||
# -
|
||||
# - see: https://github.com/xwiki-labs/cryptpad/blob/main/docs/example.nginx.conf
|
||||
# -
|
||||
# ----------
|
||||
|
||||
|
||||
# ---
|
||||
# - Install NodeJS v6.x on Debian 9 Stretch
|
||||
# ---
|
||||
|
||||
# - Creates the apt sources list file '/etc/apt/sources.list.d/nodesource.list' for
|
||||
# - the NodeSource Node.js v6.x and also adds the NodeSource signing key to your keyring
|
||||
# -
|
||||
# - curl -sL https://deb.nodesource.com/setup_6.x | bash -
|
||||
# -
|
||||
# - Hope nodejs version 14.x will work
|
||||
# -
|
||||
# - nodejs 6.0 does not yet work for actuall etherpad, which ist also installed
|
||||
# - on this server.
|
||||
# -
|
||||
curl -sL https://deb.nodesource.com/setup_14.x | bash -
|
||||
apt-get update
|
||||
|
||||
# - Install nodejs version 6.x from repository 'deb.nodesource.com'
|
||||
# -
|
||||
|
||||
# - Tell the apt system to install nodejs from repository deb.nodesource.com
|
||||
# -
|
||||
# - You should pin the external source using the origin option to assign a high
|
||||
# - priority to "the external source" instead of using the release name.
|
||||
# -
|
||||
# - e,g: Add the following lines to your /etc/apt/preferences.d/preferences:
|
||||
# -
|
||||
# - Package: *
|
||||
# - Pin: origin deb.nodesource.com
|
||||
# - Pin-Priority: 1001
|
||||
# -
|
||||
if ! $(grep -E -q "^\s*Pin:\s+origin\s+deb.nodesource.com" /etc/apt/preferences.d/preferences) ; then
|
||||
cat <<EOF >> /etc/apt/preferences.d/preferences
|
||||
Package: *
|
||||
Pin: origin deb.nodesource.com
|
||||
Pin-Priority: 1001
|
||||
EOF
|
||||
fi
|
||||
|
||||
# - Verify with 'apt-cache policy nodejs'
|
||||
# -
|
||||
# - Output must conatin somethin liek that:
|
||||
# - Installationskandidat: 6.14.4-1nodesource1
|
||||
# -
|
||||
apt-cache policy nodejs
|
||||
|
||||
# - Install nodejs..
|
||||
# -
|
||||
apt-get install nodejs
|
||||
|
||||
# - An alternative possibility:
|
||||
# -
|
||||
# - 1. Show versions for nodejs
|
||||
# -
|
||||
# - # aptitude versions nodejs
|
||||
# -
|
||||
# - output may looks like:
|
||||
# -
|
||||
# - i 6.14.4-1nodesource1 <NULL> 500
|
||||
# - p 10.15.2~dfsg-2 stable 500
|
||||
# -
|
||||
# - 2. install nodejs 6.14.4-1nodesource1
|
||||
# -
|
||||
# - apt-get install nodejs=6.14.4-1nodesource1
|
||||
# - ^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
# -
|
||||
|
||||
# - Test if installation was successfully
|
||||
# -
|
||||
node -v
|
||||
npm -v
|
||||
|
||||
|
||||
|
||||
# ---
|
||||
# - Install bower
|
||||
# ---
|
||||
|
||||
# - Install bower (global)
|
||||
# -
|
||||
npm install -g bower
|
||||
|
||||
|
||||
# ---
|
||||
# - Create the user for the service:
|
||||
# ---
|
||||
|
||||
mkdir -p /var/www/{.cache,.config,.local,.node-gyp,.npm,.private}
|
||||
chown -R www-data:www-data /var/www/{.cache,.config,.local,.node-gyp,.npm,.private}
|
||||
|
||||
|
||||
|
||||
# ---
|
||||
# - Install cryptpad
|
||||
# ---
|
||||
|
||||
cd /var/www/
|
||||
chown www-data:www-data /var/www
|
||||
|
||||
|
||||
# - Get cryptpad
|
||||
# -
|
||||
su www-data -s /bin/bash -c "git clone https://github.com/xwiki-labs/cryptpad /var/www/cryptpad"
|
||||
|
||||
cd cryptpad
|
||||
|
||||
# - Complete Installation of cryptpad
|
||||
# -
|
||||
su www-data -s /bin/bash -c "npm install"
|
||||
|
||||
# - Maybe you haave to run
|
||||
#
|
||||
# su www-data -s /bin/bash -c "npm fund"
|
||||
# su www-data -s /bin/bash -c "npm audit fix --force"
|
||||
|
||||
su www-data -s /bin/bash -c "bower install"
|
||||
|
||||
|
||||
# ---
|
||||
# - Configure CryptPad
|
||||
# ---
|
||||
|
||||
# - Create configuration file 'config.js'. (Copy the example file)
|
||||
# -
|
||||
# - The defaults should be good enough for most cases, but you may want to edit
|
||||
# - them. We recommend you read over the example file and change the values to
|
||||
# - fit your needs.
|
||||
cp -a config/config.example.js config/config.js
|
||||
|
||||
# - Some base configuration
|
||||
# -
|
||||
# - adminEmail: 'admin@oopen.de',
|
||||
# - ...
|
||||
# - httpUnsafeOrigin: http://localhost:3000
|
||||
# - httpSafeOrigin: ${cryptpad_sandbox_url}
|
||||
# - httpAddress: '::',
|
||||
# - ...
|
||||
# - myDomain: oopen.de,
|
||||
# -
|
||||
if $(grep -q -E "\s*/?/?\s*adminEmail" /var/www/cryptpad/config/config.js 2> /dev/null) ; then
|
||||
perl -i -n -p -e"s#(\s*)(adminEmail:.*)#\1// \2\n\1adminEmail: 'admin\@oopen.de',#" /var/www/cryptpad/config/config.js
|
||||
else
|
||||
perl -i -n -p -e"s/(\s*})/ adminEmail: 'admin\@oopen.de',\n\1/" /var/www/cryptpad/config/config.js
|
||||
fi
|
||||
|
||||
perl -i -n -p -e"s#(\s*)(httpUnsafeOrigin:.*)#\1// \2\n\1httpUnsafeOrigin: 'https://${cryptpad_url}',#" /var/www/cryptpad/config/config.js
|
||||
|
||||
perl -i -n -p -e"s#(\s*)(/*\s*)(httpSafeOrigin:.*)#\1// \3\n\1httpSafeOrigin: 'https://${cryptpad_sandbox_url}',#" /var/www/cryptpad/config/config.js
|
||||
|
||||
|
||||
perl -i -n -p -e"s#(\s*)(/*\s*)(httpAddress:.*)#\1// \3\n\1httpAddress: '::',#" /var/www/cryptpad/config/config.js
|
||||
|
||||
# - deaktivate donate Button
|
||||
# -
|
||||
if $(grep -q -E "\s*/?/?\s*removeDonateButton" /var/www/cryptpad/config/config.js 2> /dev/null) ; then
|
||||
perl -i -n -p -e"s#(\s*)(/*\s*)(removeDonateButton:.*)#\1//\3\n\1removeDonateButton: true,#" /var/www/cryptpad/config/config.js
|
||||
else
|
||||
perl -i -n -p -e"s/(\s*})/ removeDonateButton: true,\n\1/" /var/www/cryptpad/config/config.js
|
||||
fi
|
||||
|
||||
# - Set storage..
|
||||
# -
|
||||
perl -i -n -p -e"s#(\s*)(/*\s*)(defaultStorageLimit:.*)#\1//\3\n\1defaultStorageLimit: 250 * 1024 * 1024,#" /var/www/cryptpad/config/config.js
|
||||
|
||||
# - Customizing CryptPad
|
||||
# -
|
||||
# - In order allow a variety of features to be changed and to allow site-specific
|
||||
# - changes to CryptPad apps while still keeping the git repository pristine, this
|
||||
# - directory exists to allow a set of hooks to be run.
|
||||
# -
|
||||
# - The server is configured to load files from the '/customize/' path
|
||||
# - preferentially from 'cryptpad/customize/', and to fall back to
|
||||
# - 'cryptpad/customize.dist/' if they are not found.
|
||||
# -
|
||||
# - If you wish to customize cryptpad, please **copy**
|
||||
# - '/customize.dist/' to '/customize' and then edit it there, this way you will
|
||||
# - still be able to pull from (and make pull requests to (!) the git repository.
|
||||
# -
|
||||
cp -a /var/www/cryptpad/customize.dist /var/www/cryptpad/customize
|
||||
|
||||
# - Copy 'favicon.ico' to '/var/www/cryptpad/customize/main-favicon.png'
|
||||
# -
|
||||
cp ~chris/favicon.ico /var/www/cryptpad/customize/main-favicon.png
|
||||
cp ~chris/favicon.ico /var/www/cryptpad/customize.dist/
|
||||
chown www-data:www-data /var/www/cryptpad/customize/main-favicon.png
|
||||
chown www-data:www-data /var/www/cryptpad/customize.dist/favicon.ico
|
||||
|
||||
|
||||
|
||||
# ---
|
||||
# Systemd Unit
|
||||
# ---
|
||||
|
||||
# - Run as daemon using systemd
|
||||
# -
|
||||
cat << EOF > /etc/systemd/system/cryptpad.service
|
||||
[Unit]
|
||||
Description=CryptPad Service
|
||||
After=syslog.target network.target
|
||||
Requires=nginx.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=www-data
|
||||
Group=www-data
|
||||
Environment='PWD="/var/www/cryptpad"'
|
||||
# modify to match the location of your cryptpad repository
|
||||
WorkingDirectory=/var/www/cryptpad
|
||||
ExecStart=/usr/bin/node /var/www/cryptpad/server.js
|
||||
|
||||
TimeoutSec=30
|
||||
# Restart service after 10 seconds if node service crashes
|
||||
RestartSec=2
|
||||
Restart=always
|
||||
|
||||
# Output to syslog
|
||||
StandardOutput=syslog
|
||||
StandardError=syslog
|
||||
SyslogIdentifier=cryptpad
|
||||
|
||||
## Modify these two values and uncomment them if you have lots of files and get an HTTP error 500 because of that
|
||||
LimitMEMLOCK=infinity
|
||||
LimitNOFILE=65535
|
||||
### If you want to bind CryptPad to a port below 1024 uncomment the two values below
|
||||
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||
#AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
|
||||
systemctl daemon-reload
|
||||
systemctl enable cryptpad
|
||||
|
||||
# - Start cryptpad
|
||||
# -
|
||||
systemctl start cryptpad
|
||||
|
||||
|
||||
# ---
|
||||
# Basic Check of your configuration:
|
||||
# ---
|
||||
|
||||
# In yout browser type:
|
||||
#
|
||||
# https://${cryptpad_url}/checkup/
|
||||
|
||||
# Maybe the the 'checkup' script recommends to run:
|
||||
#
|
||||
# npm run build
|
||||
#
|
||||
# we have to do this under the webservice user www-data
|
||||
#
|
||||
su www-data -s /bin/bash -c "npm run build"
|
@ -3,44 +3,68 @@
|
||||
# - Upgrading CryptPad
|
||||
# ====================
|
||||
|
||||
# see: https://docs.cryptpad.org/en/admin_guide/maintenance.html#upgrading-cryptpad
|
||||
|
||||
# - Note!
|
||||
# -
|
||||
# - Always read the release notes before upgrading, as there may be changes
|
||||
# - that require special consideration.
|
||||
|
||||
|
||||
cryptpad_user=cryptpad
|
||||
|
||||
|
||||
# - Stop cryptpad
|
||||
# -
|
||||
systemctl stop cryptpad
|
||||
|
||||
|
||||
# Stop iptables firewall
|
||||
#
|
||||
ipt-firewall-server flush
|
||||
ip6t-firewall-server flush
|
||||
|
||||
|
||||
# Login as CryptPad user
|
||||
#
|
||||
su - ${cryptpad_user}
|
||||
|
||||
|
||||
# - Backup existing installation
|
||||
# -
|
||||
cp -a /var/www/cryptpad /var/www/cryptpad.BAK.$(date +%Y-%m-%d-%H%M)
|
||||
cp -a cryptpad cryptpad.BAK.$(date +%Y-%m-%d-%H%M)
|
||||
|
||||
|
||||
# - Change into installation directory
|
||||
# -
|
||||
cd /var/www/cryptpad
|
||||
cd cryptpad
|
||||
|
||||
# - Update Git repository
|
||||
# -
|
||||
su www-data -s /bin/bash -c "git pull"
|
||||
git pull
|
||||
npm update
|
||||
npm run install:components
|
||||
|
||||
# - Update 'npm'
|
||||
# -
|
||||
su www-data -s /bin/bash -c "npm update"
|
||||
|
||||
# - Update 'bower'
|
||||
# -
|
||||
su www-data -s /bin/bash -c "bower update"
|
||||
# OnlyOffice is now a separate module
|
||||
#
|
||||
# OnlyOffice applications (Sheets, Document, Presentation) are not bundled with CryptPad
|
||||
# anymore. You can install/update them by running the installation script we provide:
|
||||
#
|
||||
# ./install-onlyoffice.sh
|
||||
# # press q to close the license screen
|
||||
# # and Y ⏎ to accept the OnlyOffice license
|
||||
#
|
||||
./install-onlyoffice.sh
|
||||
|
||||
# - Maybe more updates
|
||||
# -
|
||||
╭─────────────────────────────────────╮
|
||||
│ │
|
||||
│ Update available 1.8.4 → 1.8.8 │
|
||||
│ Run npm i -g bower to update │
|
||||
│ │
|
||||
╰─────────────────────────────────────╯
|
||||
|
||||
exit
|
||||
|
||||
|
||||
# Restart firewll
|
||||
#
|
||||
ipt-firewall-server
|
||||
ip6t-firewall-server
|
||||
|
||||
|
||||
# - Start cryptpad
|
||||
|
49
README.upgrade.00
Normal file
49
README.upgrade.00
Normal file
@ -0,0 +1,49 @@
|
||||
|
||||
# ====================
|
||||
# - Upgrading CryptPad
|
||||
# ====================
|
||||
|
||||
# - Note!
|
||||
# -
|
||||
# - Always read the release notes before upgrading, as there may be changes
|
||||
# - that require special consideration.
|
||||
|
||||
# - Stop cryptpad
|
||||
# -
|
||||
systemctl stop cryptpad
|
||||
|
||||
|
||||
# - Backup existing installation
|
||||
# -
|
||||
cp -a /var/www/cryptpad /var/www/cryptpad.BAK.$(date +%Y-%m-%d-%H%M)
|
||||
|
||||
# - Change into installation directory
|
||||
# -
|
||||
cd /var/www/cryptpad
|
||||
|
||||
# - Update Git repository
|
||||
# -
|
||||
su www-data -s /bin/bash -c "git pull"
|
||||
|
||||
# - Update 'npm'
|
||||
# -
|
||||
su www-data -s /bin/bash -c "npm update"
|
||||
|
||||
# - Update 'bower'
|
||||
# -
|
||||
su www-data -s /bin/bash -c "bower update"
|
||||
|
||||
# - Maybe more updates
|
||||
# -
|
||||
╭─────────────────────────────────────╮
|
||||
│ │
|
||||
│ Update available 1.8.4 → 1.8.8 │
|
||||
│ Run npm i -g bower to update │
|
||||
│ │
|
||||
╰─────────────────────────────────────╯
|
||||
|
||||
|
||||
# - Start cryptpad
|
||||
# -
|
||||
systemctl start cryptpad
|
||||
|
Reference in New Issue
Block a user