install/etherpad-lite
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
etherpad-lite/README.install
Christoph 3b98bf82e9 Adjust README files.
2023-12-18 14:22:25 +01:00

311 lines
7.9 KiB
Plaintext
Raw Permalink Blame History

# -----
# Install Etherpad Lite
# -----
# ----------
# Install nodejs:
#
# see: README.install-node.js
# ----------
# ----------
# Install abiword
#
# Abiword is needed to get advanced import/export features of pads. Setting
# it to null disables Abiword and will only allow plain text and HTML
# import/exports.
#
apt-get install abiword
# ----------
# Create user/group etherpad
#
_etherpad_user="etherpad"
adduser --system --home=/var/www/etherpad/ --group $_etherpad_user
cp /root/{.bashrc,.profile,.vimrc} /var/www/etherpad/
chown -R etherpad:etherpad /var/www/etherpad/
# ---
# As user 'etherpad'
# ---
# Become user etherpad
#
# Note: its a system account, so you have to provide a shell
#
su - etherpad -s /bin/bash
# Get/Install etherpad-lite
#
git clone --branch master https://github.com/ether/etherpad-lite.git
# Initial run is needed here!
#
# Type CTRL + 'c' to leave
#
cd etherpad-lite
src/bin/run.sh
# Stop etherpad-lite now
#
<CTRL> + c
# Edit settings file 'vim /var/www/etherpad/etherpad-lite/settings.json'
#
# 1.) enable abiword
# change
# "abiword": null,
# to
# "abiword": "/usr/bin/abiword",
#
# 2.) Uncomment section '"users": {' and set password to make admin settings page
# available - https://${FQHN}/admin
#
# Passwords:
# admin: dbddhkpuka
# users: chnarzfoo5
#
#
# 3.) To suppress these warning messages change 'suppressErrorsInPadText' to true
#
vim /var/www/etherpad/etherpad-lite/settings.json
# Install plugins
#
# does NOT WORK this time (etherpad version 1.8.7)
# ep_delete_after_delay \
#
# - adminpads3 (ep_adminpads3)
#
# - align (ep_align)
#
# - delete_after_delay (oep_delete_after_delay)
#
# Install the plugin and put this in your settings.json:
#
# "ep_delete_after_delay": {
# "delay": 86400, // one day, in seconds
# "loop": true,
# "loopDelay": 3600, // one hour, in seconds
# "deleteAtStart": true,
# text": "The content of this pad has been deleted since it was older than the configured delay."
# },
#
# - delete_empty_pads (ep_delete_empty_pads)
#
# - font_color (ep_font_color)
#
# - font_size (ep_font_size)
#
# - headings2 (ep_headings2)
#
# - markdown (ep_markdown)
#
# - print (ep_print)
#
# - set_title_on_pad (ep_set_title_on_pad)
#
# - table_of_contents (ep_table_of_contents)
# installation via 'npm install ..' does not work yet. So you
# have to install the plugins manualy
#
#npm install \
# ep_adminpads3 \
# ep_align \
# ep_delete_after_delay \
# ep_delete_empty_pads \
# ep_font_color \
# ep_font_size \
# ep_headings2 \
# ep_markdown \
# ep_print \
# ep_set_title_on_pad \
# ep_table_of_contents \
# Plugin delete_after_delay
#
# Add foolowing code to settings.json
#
# maybe after
#
# "loglevel": "INFO",
#
# add:
#
# /*
# * Automatically deletes pads after a configured delay
# *
# * delay: (mandatory) delay in seconds with no edition of the pad before deletion. You can't put
# * 7*86400 for a week, you have to put 604800.
# *
# * loop: boolean, tells if you want to use deletion loops (true) or not (false) (if you use an
# * external script for example). Default is true.
# *
# * loopDelay delay: in seconds between deletion loops. Deletion loop will check all pads to see if
# * they have to be deleted. You can't put 60*60 for a hour, you have to put 3600.
# * Default is one hour.
# *
# * deleteAtStart: boolean, tells if you want to start a deletion loop at Etherpad startup. Default
# * is true.
# *
# * text: is the text that will replace the deleted pad's content. Default is what is in the example
# * above.
# */
# "ep_delete_after_delay": {
# "delay": 86400, // one day, in seconds
# "loop": true,
# "loopDelay": 3600, // one hour, in seconds
# "deleteAtStart": true,
# "text": "The content of this pad has been deleted since it was older than the configured delay."
# }, // ep_delete_after_delay
#
vim /var/www/etherpad/etherpad-lite/settings.json
# Exit from user etherpad
#
exit
# ---
# Continue as user 'root'
# ---
# Create systemd service file
#
cat <<EOF > /etc/systemd/system/etherpad.service
[Unit]
Description=Etherpad-lite, the collaborative editor.
After=syslog.target network.target
[Service]
Type=simple
User=etherpad
Group=etherpad
WorkingDirectory=/var/www/etherpad/etherpad-lite
Environment=NODE_ENV=production
ExecStart=/usr/bin/node /var/www/etherpad/etherpad-lite/node_modules/ep_etherpad-lite/node/server.js
Restart=always # use mysql plus a complete settings.json to avoid Service hold-off time over, scheduling restart.
[Install]
WantedBy=multi-user.target
EOF
# Start etherpad-lie at boot time
#
systemctl daemon-reload
systemctl enable etherpad.service
systemctl start etherpad.service
# NGINX as Proxy etherpad
#
FQHN="ep-6fwstq-ohv1zato8p.faire-mobilitaet.de"
FQHN="ep-ro-9357.reachoutberlin.de"
FQHN="meet-ep-pee7eiji-xein9aiy.oopen.de"
HOSTNAME="${FQHN%%.*}"
cat <<EOF > /etc/nginx/sites-available/${FQHN}.conf
# -- ${FQHN}
upstream etherpad-lite {
server 127.0.0.1:9001;
}
server {
listen 80;
listen [::]:80;
server_name ${FQHN};
rewrite ^(.*) https://\$server_name\$1 permanent;
}
# we're in the http context here
map \$http_upgrade \$connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${FQHN};
# - Needed for (automated) updating certificate
# -
include snippets/letsencrypt-acme-challenge.conf;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
#
# To generate a dhparam.pem file, run in a terminal
# openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
#
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Eable session resumption to improve https performance
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 10m;
ssl_session_tickets off;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # omit SSLv3 because of POODLE
# omit SSLv3 because of POODLE
# omit TLSv1 TLSv1.1
ssl_protocols TLSv1.2 TLSv1.3;
# ECDHE better than DHE (faster) ECDHE & DHE GCM better than CBC (attacks on AES)
# Everything better than SHA1 (deprecated)
#
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-ARIA256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-ARIA128-GCM-SHA256';
ssl_prefer_server_ciphers on;
ssl_certificate /var/lib/dehydrated/certs/${FQHN}/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/${FQHN}/privkey.pem;
location / {
#proxy_pass http://localhost:9001/;
proxy_pass http://etherpad-lite;
proxy_set_header Host \$host;
proxy_pass_header Server;
# be careful, this line doesn't override any proxy_buffering on set in a conf.d/file.conf
proxy_buffering off;
proxy_set_header X-Real-IP \$remote_addr; # http://wiki.nginx.org/HttpProxyModule
proxy_set_header X-Forwarded-For \$remote_addr; # EP logs to show the actual remote IP
proxy_set_header X-Forwarded-Proto \$scheme; # for EP to set secure cookie flag when https is used
proxy_set_header Host \$host; # pass the host header
proxy_http_version 1.1; # recommended with keepalive connections
# WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection \$connection_upgrade;
}
access_log /var/log/nginx/${HOSTNAME}.access.log;
error_log /var/log/nginx/${HOSTNAME}.error.log;
}
EOF
# Enable new etherpad site
#
ln -s ../sites-available/${FQHN}.conf /etc/nginx/sites-enabled/
# Restart NGINX servive
#
systemctl restart nginx
Reference in New Issue View Git Blame Copy Permalink