# ----- # Install Etherpad Lite # ----- # ---------- # Install nodejs: # # see: README.install-node.js # ---------- # ---------- # Install abiword # # Abiword is needed to get advanced import/export features of pads. Setting # it to null disables Abiword and will only allow plain text and HTML # import/exports. # apt-get install abiword # ---------- # Create user/group etherpad # _etherpad_user="etherpad" adduser --system --home=/var/www/etherpad/ --group $_etherpad_user cp /root/{.bashrc,.profile,.vimrc} /var/www/etherpad/ chown -R etherpad:etherpad /var/www/etherpad/ # --- # As user 'etherpad' # --- # Become user etherpad # # Note: its a system account, so you have to provide a shell # su - etherpad -s /bin/bash # Get/Install etherpad-lite # git clone --branch master https://github.com/ether/etherpad-lite.git # Initial run is needed here! # # Type CTRL + 'c' to leave # cd etherpad-lite src/bin/run.sh # Stop etherpad-lite now # + c # Edit settings file 'vim /var/www/etherpad/etherpad-lite/settings.json' # # 1.) enable abiword # change # "abiword": null, # to # "abiword": "/usr/bin/abiword", # # 2.) Uncomment section '"users": {' and set password to make admin settings page # available - https://${FQHN}/admin # # Passwords: # admin: dbddhkpuka # users: chnarzfoo5 # # # 3.) To suppress these warning messages change 'suppressErrorsInPadText' to true # vim /var/www/etherpad/etherpad-lite/settings.json # Install plugins # # does NOT WORK this time (etherpad version 1.8.7) # ep_delete_after_delay \ # # - adminpads3 (ep_adminpads3) # # - align (ep_align) # # - delete_after_delay (oep_delete_after_delay) # # Install the plugin and put this in your settings.json: # # "ep_delete_after_delay": { # "delay": 86400, // one day, in seconds # "loop": true, # "loopDelay": 3600, // one hour, in seconds # "deleteAtStart": true, # text": "The content of this pad has been deleted since it was older than the configured delay." # }, # # - delete_empty_pads (ep_delete_empty_pads) # # - font_color (ep_font_color) # # - font_size (ep_font_size) # # - headings2 (ep_headings2) # # - markdown (ep_markdown) # # - print (ep_print) # # - set_title_on_pad (ep_set_title_on_pad) # # - table_of_contents (ep_table_of_contents) # installation via 'npm install ..' does not work yet. So you # have to install the plugins manualy # #npm install \ # ep_adminpads3 \ # ep_align \ # ep_delete_after_delay \ # ep_delete_empty_pads \ # ep_font_color \ # ep_font_size \ # ep_headings2 \ # ep_markdown \ # ep_print \ # ep_set_title_on_pad \ # ep_table_of_contents \ # Plugin delete_after_delay # # Add foolowing code to settings.json # # maybe after # # "loglevel": "INFO", # # add: # # /* # * Automatically deletes pads after a configured delay # * # * delay: (mandatory) delay in seconds with no edition of the pad before deletion. You can't put # * 7*86400 for a week, you have to put 604800. # * # * loop: boolean, tells if you want to use deletion loops (true) or not (false) (if you use an # * external script for example). Default is true. # * # * loopDelay delay: in seconds between deletion loops. Deletion loop will check all pads to see if # * they have to be deleted. You can't put 60*60 for a hour, you have to put 3600. # * Default is one hour. # * # * deleteAtStart: boolean, tells if you want to start a deletion loop at Etherpad startup. Default # * is true. # * # * text: is the text that will replace the deleted pad's content. Default is what is in the example # * above. # */ # "ep_delete_after_delay": { # "delay": 86400, // one day, in seconds # "loop": true, # "loopDelay": 3600, // one hour, in seconds # "deleteAtStart": true, # "text": "The content of this pad has been deleted since it was older than the configured delay." # }, // ep_delete_after_delay # vim /var/www/etherpad/etherpad-lite/settings.json # Exit from user etherpad # exit # --- # Continue as user 'root' # --- # Create systemd service file # cat < /etc/systemd/system/etherpad.service [Unit] Description=Etherpad-lite, the collaborative editor. After=syslog.target network.target [Service] Type=simple User=etherpad Group=etherpad WorkingDirectory=/var/www/etherpad/etherpad-lite Environment=NODE_ENV=production ExecStart=/usr/bin/node /var/www/etherpad/etherpad-lite/node_modules/ep_etherpad-lite/node/server.js Restart=always # use mysql plus a complete settings.json to avoid Service hold-off time over, scheduling restart. [Install] WantedBy=multi-user.target EOF # Start etherpad-lie at boot time # systemctl daemon-reload systemctl enable etherpad.service systemctl start etherpad.service # NGINX as Proxy etherpad # FQHN="ep-6fwstq-ohv1zato8p.faire-mobilitaet.de" FQHN="ep-ro-9357.reachoutberlin.de" FQHN="meet-ep-pee7eiji-xein9aiy.oopen.de" HOSTNAME="${FQHN%%.*}" cat < /etc/nginx/sites-available/${FQHN}.conf # -- ${FQHN} upstream etherpad-lite { server 127.0.0.1:9001; } server { listen 80; listen [::]:80; server_name ${FQHN}; rewrite ^(.*) https://\$server_name\$1 permanent; } # we're in the http context here map \$http_upgrade \$connection_upgrade { default upgrade; '' close; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name ${FQHN}; # - Needed for (automated) updating certificate # - include snippets/letsencrypt-acme-challenge.conf; # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits # # To generate a dhparam.pem file, run in a terminal # openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 # ssl_dhparam /etc/nginx/ssl/dhparam.pem; # Eable session resumption to improve https performance ssl_session_cache shared:SSL:50m; ssl_session_timeout 10m; ssl_session_tickets off; #ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # omit SSLv3 because of POODLE # omit SSLv3 because of POODLE # omit TLSv1 TLSv1.1 ssl_protocols TLSv1.2 TLSv1.3; # ECDHE better than DHE (faster) ECDHE & DHE GCM better than CBC (attacks on AES) # Everything better than SHA1 (deprecated) # ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-ARIA256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-ARIA128-GCM-SHA256'; ssl_prefer_server_ciphers on; ssl_certificate /var/lib/dehydrated/certs/${FQHN}/fullchain.pem; ssl_certificate_key /var/lib/dehydrated/certs/${FQHN}/privkey.pem; location / { #proxy_pass http://localhost:9001/; proxy_pass http://etherpad-lite; proxy_set_header Host \$host; proxy_pass_header Server; # be careful, this line doesn't override any proxy_buffering on set in a conf.d/file.conf proxy_buffering off; proxy_set_header X-Real-IP \$remote_addr; # http://wiki.nginx.org/HttpProxyModule proxy_set_header X-Forwarded-For \$remote_addr; # EP logs to show the actual remote IP proxy_set_header X-Forwarded-Proto \$scheme; # for EP to set secure cookie flag when https is used proxy_set_header Host \$host; # pass the host header proxy_http_version 1.1; # recommended with keepalive connections # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection \$connection_upgrade; } access_log /var/log/nginx/${HOSTNAME}.access.log; error_log /var/log/nginx/${HOSTNAME}.error.log; } EOF # Enable new etherpad site # ln -s ../sites-available/${FQHN}.conf /etc/nginx/sites-enabled/ # Restart NGINX servive # systemctl restart nginx