# ================= # - Install Cryptad on Debian 9 (stretch) # ================= # - See: # - https://blog.cavebeat.org/2017/07/cryptpad-installation-on-debian-stretch/ # - # - See also: # - git repository: https://github.com/xwiki-labs/cryptpad # - installation guide: https://github.com/xwiki-labs/cryptpad/wiki/Installation-guide # - cryptpad_url=cpad-01.oopen.de cryptpad_url=o13-pad.oopen.de # bei vorgeschalteter authentifizierung funktioniert # eine *extra* sandbox url nicht. in diesem falle die gleiche # adresse nehmen wie für die hautp seite # #cryptpad_sandbox_url=cpadsb-01.oopen.de #cryptpad_sandbox_url=o13-padsb.oopen.de cryptpad_sandbox_url="$cryptpad_url" cryptpad_sandbox_url="cpadsb-01.oopen.de" cryptpad_sandbox_url="o13-padsb.oopen.de" vhost_config_file="${cryptpad_url}.conf" # ---------- # - Pre-requisites # ---------- # - Install curl, git # - apt-get install curl git-core # - Install Python # - apt-get install python-minimal python # debian bullseye: apt install python-is-python2 python2-minimal # - Install compiler stuff # - # - apt-get install -y g++ g++-multilib gcc gcc-multilib cpp \ # - make automake autoconf libtool flex bison \ # - gettext pkg-config gnu-standards \ # - libssl-dev libreadline-dev libncurses-dev # - apt-get install gcc g++ make # --- # - Install Nginx webservice # --- apt-get install nginx # - Generate Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits # - mkdir /etc/nginx/ssl openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 # ---------- # - Create nginx configuration for CryptPad # - # - see: https://github.com/xwiki-labs/cryptpad/blob/main/docs/example.nginx.conf # - # ---------- # --- # - Install NodeJS v6.x on Debian 9 Stretch # --- # - Creates the apt sources list file '/etc/apt/sources.list.d/nodesource.list' for # - the NodeSource Node.js v6.x and also adds the NodeSource signing key to your keyring # - # - curl -sL https://deb.nodesource.com/setup_6.x | bash - # - # - Hope nodejs version 14.x will work # - # - nodejs 6.0 does not yet work for actuall etherpad, which ist also installed # - on this server. # - curl -sL https://deb.nodesource.com/setup_14.x | bash - apt-get update # - Install nodejs version 6.x from repository 'deb.nodesource.com' # - # - Tell the apt system to install nodejs from repository deb.nodesource.com # - # - You should pin the external source using the origin option to assign a high # - priority to "the external source" instead of using the release name. # - # - e,g: Add the following lines to your /etc/apt/preferences.d/preferences: # - # - Package: * # - Pin: origin deb.nodesource.com # - Pin-Priority: 1001 # - if ! $(grep -E -q "^\s*Pin:\s+origin\s+deb.nodesource.com" /etc/apt/preferences.d/preferences) ; then cat <> /etc/apt/preferences.d/preferences Package: * Pin: origin deb.nodesource.com Pin-Priority: 1001 EOF fi # - Verify with 'apt-cache policy nodejs' # - # - Output must conatin somethin liek that: # - Installationskandidat: 6.14.4-1nodesource1 # - apt-cache policy nodejs # - Install nodejs.. # - apt-get install nodejs # - An alternative possibility: # - # - 1. Show versions for nodejs # - # - # aptitude versions nodejs # - # - output may looks like: # - # - i 6.14.4-1nodesource1 500 # - p 10.15.2~dfsg-2 stable 500 # - # - 2. install nodejs 6.14.4-1nodesource1 # - # - apt-get install nodejs=6.14.4-1nodesource1 # - ^^^^^^^^^^^^^^^^^^^^^^^^^^ # - # - Test if installation was successfully # - node -v npm -v # --- # - Install bower # --- # - Install bower (global) # - npm install -g bower # --- # - Create the user for the service: # --- mkdir -p /var/www/{.cache,.config,.local,.node-gyp,.npm,.private} chown -R www-data:www-data /var/www/{.cache,.config,.local,.node-gyp,.npm,.private} # --- # - Install cryptpad # --- cd /var/www/ chown www-data:www-data /var/www # - Get cryptpad # - su www-data -s /bin/bash -c "git clone https://github.com/xwiki-labs/cryptpad /var/www/cryptpad" cd cryptpad # - Complete Installation of cryptpad # - su www-data -s /bin/bash -c "npm install" su www-data -s /bin/bash -c "bower install" # --- # - Configure CryptPad # --- # - Create configuration file 'config.js'. (Copy the example file) # - # - The defaults should be good enough for most cases, but you may want to edit # - them. We recommend you read over the example file and change the values to # - fit your needs. cp -a config/config.example.js config/config.js # - Some base configuration # - # - adminEmail: 'admin@oopen.de', # - ... # - httpUnsafeOrigin: http://localhost:3000 # - httpSafeOrigin: ${cryptpad_sandbox_url} # - httpAddress: '::', # - ... # - myDomain: oopen.de, # - if $(grep -q -E "\s*/?/?\s*adminEmail" /var/www/cryptpad/config/config.js 2> /dev/null) ; then perl -i -n -p -e"s#(\s*)(adminEmail:.*)#\1// \2\n\1adminEmail: 'admin\@oopen.de',#" /var/www/cryptpad/config/config.js else perl -i -n -p -e"s/(\s*})/ adminEmail: 'admin\@oopen.de',\n\1/" /var/www/cryptpad/config/config.js fi perl -i -n -p -e"s#(\s*)(httpUnsafeOrigin:.*)#\1// \2\n\1httpUnsafeOrigin: 'https://${cryptpad_url}',#" /var/www/cryptpad/config/config.js perl -i -n -p -e"s#(\s*)(/*\s*)(httpSafeOrigin:.*)#\1// \3\n\1httpSafeOrigin: 'https://${cryptpad_sandbox_url}',#" /var/www/cryptpad/config/config.js perl -i -n -p -e"s#(\s*)(/*\s*)(httpAddress:.*)#\1// \3\n\1httpAddress: '::',#" /var/www/cryptpad/config/config.js # - deaktivate donate Button # - if $(grep -q -E "\s*/?/?\s*removeDonateButton" /var/www/cryptpad/config/config.js 2> /dev/null) ; then perl -i -n -p -e"s#(\s*)(/*\s*)(removeDonateButton:.*)#\1//\3\n\1removeDonateButton: true,#" /var/www/cryptpad/config/config.js else perl -i -n -p -e"s/(\s*})/ removeDonateButton: true,\n\1/" /var/www/cryptpad/config/config.js fi # - Set storage.. # - perl -i -n -p -e"s#(\s*)(/*\s*)(defaultStorageLimit:.*)#\1//\3\n\1defaultStorageLimit: 250 * 1024 * 1024,#" /var/www/cryptpad/config/config.js # - Customizing CryptPad # - # - In order allow a variety of features to be changed and to allow site-specific # - changes to CryptPad apps while still keeping the git repository pristine, this # - directory exists to allow a set of hooks to be run. # - # - The server is configured to load files from the '/customize/' path # - preferentially from 'cryptpad/customize/', and to fall back to # - 'cryptpad/customize.dist/' if they are not found. # - # - If you wish to customize cryptpad, please **copy** # - '/customize.dist/' to '/customize' and then edit it there, this way you will # - still be able to pull from (and make pull requests to (!) the git repository. # - cp -a /var/www/cryptpad/customize.dist /var/www/cryptpad/customize # - Copy 'favicon.ico' to '/var/www/cryptpad/customize/main-favicon.png' # - cp ~chris/favicon.ico /var/www/cryptpad/customize/main-favicon.png cp ~chris/favicon.ico /var/www/cryptpad/customize.dist/ chown www-data:www-data /var/www/cryptpad/customize/main-favicon.png chown www-data:www-data /var/www/cryptpad/customize.dist/favicon.ico # --- # Systemd Unit # --- # - Run as daemon using systemd # - cat << EOF > /etc/systemd/system/cryptpad.service [Unit] Description=CryptPad Service After=syslog.target network.target Requires=nginx.service [Service] Type=simple User=www-data Group=www-data Environment='PWD="/var/www/cryptpad"' # modify to match the location of your cryptpad repository WorkingDirectory=/var/www/cryptpad ExecStart=/usr/bin/node /var/www/cryptpad/server.js TimeoutSec=30 # Restart service after 10 seconds if node service crashes RestartSec=2 Restart=always # Output to syslog StandardOutput=syslog StandardError=syslog SyslogIdentifier=cryptpad ## Modify these two values and uncomment them if you have lots of files and get an HTTP error 500 because of that LimitMEMLOCK=infinity LimitNOFILE=65535 ### If you want to bind CryptPad to a port below 1024 uncomment the two values below #CapabilityBoundingSet=CAP_NET_BIND_SERVICE #AmbientCapabilities=CAP_NET_BIND_SERVICE [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable cryptpad # - Start cryptpad # - systemctl start cryptpad # --- # Basic Check of your configuration: # --- # In yout browser type: # # https://${cryptpad_url}/checkup/ # Maybe the the 'checkup' script recommends to run: # # npm run build # # we have to do this under the webservice user www-data # su www-data -s /bin/bash -c "npm run build"