333 lines
8.9 KiB
Plaintext
333 lines
8.9 KiB
Plaintext
# =================
|
|
# - Install Cryptad on Debian 9 (stretch)
|
|
# =================
|
|
|
|
# - See:
|
|
# - https://blog.cavebeat.org/2017/07/cryptpad-installation-on-debian-stretch/
|
|
# -
|
|
# - See also:
|
|
# - git repository: https://github.com/xwiki-labs/cryptpad
|
|
# - installation guide: https://github.com/xwiki-labs/cryptpad/wiki/Installation-guide
|
|
# -
|
|
|
|
cryptpad_url=cpad-01.oopen.de
|
|
cryptpad_url=o13-pad.oopen.de
|
|
|
|
# bei vorgeschalteter authentifizierung funktioniert
|
|
# eine *extra* sandbox url nicht. in diesem falle die gleiche
|
|
# adresse nehmen wie für die hautp seite
|
|
#
|
|
#cryptpad_sandbox_url=cpadsb-01.oopen.de
|
|
#cryptpad_sandbox_url=o13-padsb.oopen.de
|
|
cryptpad_sandbox_url="$cryptpad_url"
|
|
cryptpad_sandbox_url="cpadsb-01.oopen.de"
|
|
cryptpad_sandbox_url="o13-padsb.oopen.de"
|
|
|
|
vhost_config_file="${cryptpad_url}.conf"
|
|
|
|
|
|
# ----------
|
|
# - Pre-requisites
|
|
# ----------
|
|
|
|
# - Install curl, git
|
|
# -
|
|
apt-get install curl git-core
|
|
|
|
# - Install Python
|
|
# -
|
|
apt-get install python-minimal python
|
|
# debian bullseye:
|
|
apt install python-is-python2 python2-minimal
|
|
|
|
# - Install compiler stuff
|
|
# -
|
|
# - apt-get install -y g++ g++-multilib gcc gcc-multilib cpp \
|
|
# - make automake autoconf libtool flex bison \
|
|
# - gettext pkg-config gnu-standards \
|
|
# - libssl-dev libreadline-dev libncurses-dev
|
|
# -
|
|
apt-get install gcc g++ make
|
|
|
|
|
|
# ---
|
|
# - Install Nginx webservice
|
|
# ---
|
|
|
|
apt-get install nginx
|
|
|
|
# - Generate Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
|
|
# -
|
|
mkdir /etc/nginx/ssl
|
|
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
|
|
|
|
|
|
# ----------
|
|
# - Create nginx configuration for CryptPad
|
|
# -
|
|
# - see: https://github.com/xwiki-labs/cryptpad/blob/main/docs/example.nginx.conf
|
|
# -
|
|
# ----------
|
|
|
|
|
|
# ---
|
|
# - Install NodeJS v6.x on Debian 9 Stretch
|
|
# ---
|
|
|
|
# - Creates the apt sources list file '/etc/apt/sources.list.d/nodesource.list' for
|
|
# - the NodeSource Node.js v6.x and also adds the NodeSource signing key to your keyring
|
|
# -
|
|
# - curl -sL https://deb.nodesource.com/setup_6.x | bash -
|
|
# -
|
|
# - Hope nodejs version 14.x will work
|
|
# -
|
|
# - nodejs 6.0 does not yet work for actuall etherpad, which ist also installed
|
|
# - on this server.
|
|
# -
|
|
curl -sL https://deb.nodesource.com/setup_14.x | bash -
|
|
apt-get update
|
|
|
|
# - Install nodejs version 6.x from repository 'deb.nodesource.com'
|
|
# -
|
|
|
|
# - Tell the apt system to install nodejs from repository deb.nodesource.com
|
|
# -
|
|
# - You should pin the external source using the origin option to assign a high
|
|
# - priority to "the external source" instead of using the release name.
|
|
# -
|
|
# - e,g: Add the following lines to your /etc/apt/preferences.d/preferences:
|
|
# -
|
|
# - Package: *
|
|
# - Pin: origin deb.nodesource.com
|
|
# - Pin-Priority: 1001
|
|
# -
|
|
if ! $(grep -E -q "^\s*Pin:\s+origin\s+deb.nodesource.com" /etc/apt/preferences.d/preferences) ; then
|
|
cat <<EOF >> /etc/apt/preferences.d/preferences
|
|
Package: *
|
|
Pin: origin deb.nodesource.com
|
|
Pin-Priority: 1001
|
|
EOF
|
|
fi
|
|
|
|
# - Verify with 'apt-cache policy nodejs'
|
|
# -
|
|
# - Output must conatin somethin liek that:
|
|
# - Installationskandidat: 6.14.4-1nodesource1
|
|
# -
|
|
apt-cache policy nodejs
|
|
|
|
# - Install nodejs..
|
|
# -
|
|
apt-get install nodejs
|
|
|
|
# - An alternative possibility:
|
|
# -
|
|
# - 1. Show versions for nodejs
|
|
# -
|
|
# - # aptitude versions nodejs
|
|
# -
|
|
# - output may looks like:
|
|
# -
|
|
# - i 6.14.4-1nodesource1 <NULL> 500
|
|
# - p 10.15.2~dfsg-2 stable 500
|
|
# -
|
|
# - 2. install nodejs 6.14.4-1nodesource1
|
|
# -
|
|
# - apt-get install nodejs=6.14.4-1nodesource1
|
|
# - ^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
# -
|
|
|
|
# - Test if installation was successfully
|
|
# -
|
|
node -v
|
|
npm -v
|
|
|
|
|
|
|
|
# ---
|
|
# - Install bower
|
|
# ---
|
|
|
|
# - Install bower (global)
|
|
# -
|
|
npm install -g bower
|
|
|
|
|
|
# ---
|
|
# - Create the user for the service:
|
|
# ---
|
|
|
|
mkdir -p /var/www/{.cache,.config,.local,.node-gyp,.npm,.private}
|
|
chown -R www-data:www-data /var/www/{.cache,.config,.local,.node-gyp,.npm,.private}
|
|
|
|
|
|
|
|
# ---
|
|
# - Install cryptpad
|
|
# ---
|
|
|
|
cd /var/www/
|
|
chown www-data:www-data /var/www
|
|
|
|
|
|
# - Get cryptpad
|
|
# -
|
|
su www-data -s /bin/bash -c "git clone https://github.com/xwiki-labs/cryptpad /var/www/cryptpad"
|
|
su www-data -s /bin/bash -c "git clone https://github.com/cryptpad/cryptpad.git /var/www/cryptpad"
|
|
|
|
# Switch to the latest published tag
|
|
#
|
|
#su www-data -s /bin/bash -c "git checkout $(git tag -l | grep -v 'v1.*$' | sort -V | tail -n 1)"
|
|
|
|
|
|
cd cryptpad
|
|
|
|
# - Complete Installation of cryptpad
|
|
# -
|
|
su www-data -s /bin/bash -c "npm install"
|
|
|
|
# - Maybe you haave to run
|
|
#
|
|
# su www-data -s /bin/bash -c "npm fund"
|
|
# su www-data -s /bin/bash -c "npm audit fix --force"
|
|
|
|
su www-data -s /bin/bash -c "bower install"
|
|
|
|
|
|
# ---
|
|
# - Configure CryptPad
|
|
# ---
|
|
|
|
# - Create configuration file 'config.js'. (Copy the example file)
|
|
# -
|
|
# - The defaults should be good enough for most cases, but you may want to edit
|
|
# - them. We recommend you read over the example file and change the values to
|
|
# - fit your needs.
|
|
cp -a config/config.example.js config/config.js
|
|
|
|
# - Some base configuration
|
|
# -
|
|
# - adminEmail: 'admin@oopen.de',
|
|
# - ...
|
|
# - httpUnsafeOrigin: http://localhost:3000
|
|
# - httpSafeOrigin: ${cryptpad_sandbox_url}
|
|
# - httpAddress: '::',
|
|
# - ...
|
|
# - myDomain: oopen.de,
|
|
# -
|
|
if $(grep -q -E "\s*/?/?\s*adminEmail" /var/www/cryptpad/config/config.js 2> /dev/null) ; then
|
|
perl -i -n -p -e"s#(\s*)(adminEmail:.*)#\1// \2\n\1adminEmail: 'admin\@oopen.de',#" /var/www/cryptpad/config/config.js
|
|
else
|
|
perl -i -n -p -e"s/(\s*})/ adminEmail: 'admin\@oopen.de',\n\1/" /var/www/cryptpad/config/config.js
|
|
fi
|
|
|
|
perl -i -n -p -e"s#(\s*)(httpUnsafeOrigin:.*)#\1// \2\n\1httpUnsafeOrigin: 'https://${cryptpad_url}',#" /var/www/cryptpad/config/config.js
|
|
|
|
perl -i -n -p -e"s#(\s*)(/*\s*)(httpSafeOrigin:.*)#\1// \3\n\1httpSafeOrigin: 'https://${cryptpad_sandbox_url}',#" /var/www/cryptpad/config/config.js
|
|
|
|
|
|
perl -i -n -p -e"s#(\s*)(/*\s*)(httpAddress:.*)#\1// \3\n\1httpAddress: '::',#" /var/www/cryptpad/config/config.js
|
|
|
|
# - deaktivate donate Button
|
|
# -
|
|
if $(grep -q -E "\s*/?/?\s*removeDonateButton" /var/www/cryptpad/config/config.js 2> /dev/null) ; then
|
|
perl -i -n -p -e"s#(\s*)(/*\s*)(removeDonateButton:.*)#\1//\3\n\1removeDonateButton: true,#" /var/www/cryptpad/config/config.js
|
|
else
|
|
perl -i -n -p -e"s/(\s*})/ removeDonateButton: true,\n\1/" /var/www/cryptpad/config/config.js
|
|
fi
|
|
|
|
# - Set storage..
|
|
# -
|
|
perl -i -n -p -e"s#(\s*)(/*\s*)(defaultStorageLimit:.*)#\1//\3\n\1defaultStorageLimit: 250 * 1024 * 1024,#" /var/www/cryptpad/config/config.js
|
|
|
|
# - Customizing CryptPad
|
|
# -
|
|
# - In order allow a variety of features to be changed and to allow site-specific
|
|
# - changes to CryptPad apps while still keeping the git repository pristine, this
|
|
# - directory exists to allow a set of hooks to be run.
|
|
# -
|
|
# - The server is configured to load files from the '/customize/' path
|
|
# - preferentially from 'cryptpad/customize/', and to fall back to
|
|
# - 'cryptpad/customize.dist/' if they are not found.
|
|
# -
|
|
# - If you wish to customize cryptpad, please **copy**
|
|
# - '/customize.dist/' to '/customize' and then edit it there, this way you will
|
|
# - still be able to pull from (and make pull requests to (!) the git repository.
|
|
# -
|
|
cp -a /var/www/cryptpad/customize.dist /var/www/cryptpad/customize
|
|
|
|
# - Copy 'favicon.ico' to '/var/www/cryptpad/customize/main-favicon.png'
|
|
# -
|
|
cp ~chris/favicon.ico /var/www/cryptpad/customize/main-favicon.png
|
|
cp ~chris/favicon.ico /var/www/cryptpad/customize.dist/
|
|
chown www-data:www-data /var/www/cryptpad/customize/main-favicon.png
|
|
chown www-data:www-data /var/www/cryptpad/customize.dist/favicon.ico
|
|
|
|
|
|
|
|
# ---
|
|
# Systemd Unit
|
|
# ---
|
|
|
|
# - Run as daemon using systemd
|
|
# -
|
|
cat << EOF > /etc/systemd/system/cryptpad.service
|
|
[Unit]
|
|
Description=CryptPad Service
|
|
After=syslog.target network.target
|
|
Requires=nginx.service
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=www-data
|
|
Group=www-data
|
|
Environment='PWD="/var/www/cryptpad"'
|
|
# modify to match the location of your cryptpad repository
|
|
WorkingDirectory=/var/www/cryptpad
|
|
ExecStart=/usr/bin/node /var/www/cryptpad/server.js
|
|
|
|
TimeoutSec=30
|
|
# Restart service after 10 seconds if node service crashes
|
|
RestartSec=2
|
|
Restart=always
|
|
|
|
# Output to syslog
|
|
StandardOutput=syslog
|
|
StandardError=syslog
|
|
SyslogIdentifier=cryptpad
|
|
|
|
## Modify these two values and uncomment them if you have lots of files and get an HTTP error 500 because of that
|
|
LimitMEMLOCK=infinity
|
|
LimitNOFILE=65535
|
|
### If you want to bind CryptPad to a port below 1024 uncomment the two values below
|
|
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
|
#AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
systemctl daemon-reload
|
|
systemctl enable cryptpad
|
|
|
|
# - Start cryptpad
|
|
# -
|
|
systemctl start cryptpad
|
|
|
|
|
|
# ---
|
|
# Basic Check of your configuration:
|
|
# ---
|
|
|
|
# In yout browser type:
|
|
#
|
|
# https://${cryptpad_url}/checkup/
|
|
|
|
# Maybe the the 'checkup' script recommends to run:
|
|
#
|
|
# npm run build
|
|
#
|
|
# we have to do this under the webservice user www-data
|
|
#
|
|
su www-data -s /bin/bash -c "npm run build"
|