271 lines
6.9 KiB
Plaintext
271 lines
6.9 KiB
Plaintext
# -----
|
|
# Install Etherpad Lite
|
|
# -----
|
|
|
|
# Add repository for node.js 10.x
|
|
#
|
|
curl -sL https://deb.nodesource.com/setup_14.x | sudo -E bash -
|
|
|
|
|
|
# Install nodejs
|
|
#
|
|
apt install -y nodejs
|
|
|
|
|
|
# Install abiword
|
|
#
|
|
# Abiword is needed to get advanced import/export features of pads. Setting
|
|
# it to null disables Abiword and will only allow plain text and HTML
|
|
# import/exports.
|
|
#
|
|
apt-get install abiword
|
|
|
|
# Create user/group etherpad
|
|
#
|
|
_etherpad_user="etherpad"
|
|
adduser --system --home=/var/www/etherpad/ --group $_etherpad_user
|
|
|
|
cp /root/{.bashrc,.profile,.vimrc} /var/www/etherpad/
|
|
chown -R etherpad:etherpad /var/www/etherpad/
|
|
|
|
# ---
|
|
# As user 'etherpad'
|
|
# ---
|
|
|
|
# Become user etherpad
|
|
#
|
|
# Note: its a system account, so you have to provide a shell
|
|
#
|
|
su - etherpad -s /bin/bash
|
|
|
|
# Get/Install etherpad-lite
|
|
#
|
|
git clone --branch master https://github.com/ether/etherpad-lite.git
|
|
|
|
|
|
# Initial run is needed here!
|
|
#
|
|
# Type CTRL + 'c' to leave
|
|
#
|
|
cd etherpad-lite
|
|
bin/run.sh
|
|
|
|
# <CTRL> + c
|
|
|
|
|
|
# Install plugins
|
|
#
|
|
# does NOT WORK this time (etherpad version 1.8.7)
|
|
# ep_delete_after_delay \
|
|
#
|
|
npm install \
|
|
ep_adminpads2 \
|
|
ep_headings2 \
|
|
ep_delete_empty_pads \
|
|
ep_fileupload \
|
|
ep_markdown \
|
|
ep_comments_page \
|
|
ep_align \
|
|
ep_font_color \
|
|
ep_font_size \
|
|
ep_print \
|
|
ep_set_title_on_pad \
|
|
ep_table_of_contents \
|
|
ep_embedded_hyperlinks2
|
|
|
|
npm audit fix
|
|
|
|
# Edit settings file 'vim /var/www/etherpad/etherpad-lite/settings.json'
|
|
#
|
|
# 1.) enable abiword
|
|
# change
|
|
# "abiword": null,
|
|
# to
|
|
# "abiword": "/usr/bin/abiword",
|
|
#
|
|
# 2.) Uncomment section '"users": {' and set password to make admin settings page
|
|
# available - https://${FQHN}/admin
|
|
#
|
|
# 3.) To suppress these warning messages change 'suppressErrorsInPadText' to true
|
|
#
|
|
vim /var/www/etherpad/etherpad-lite/settings.json
|
|
|
|
|
|
|
|
# Plugin delete_after_delay
|
|
#
|
|
# Add foolowing code to settings.json
|
|
#
|
|
# maybe after
|
|
#
|
|
# "loglevel": "INFO",
|
|
#
|
|
# add:
|
|
#
|
|
# /*
|
|
# * Automatically deletes pads after a configured delay
|
|
# *
|
|
# * delay: (mandatory) delay in seconds with no edition of the pad before deletion. You can't put
|
|
# * 7*86400 for a week, you have to put 604800.
|
|
# *
|
|
# * loop: boolean, tells if you want to use deletion loops (true) or not (false) (if you use an
|
|
# * external script for example). Default is true.
|
|
# *
|
|
# * loopDelay delay: in seconds between deletion loops. Deletion loop will check all pads to see if
|
|
# * they have to be deleted. You can't put 60*60 for a hour, you have to put 3600.
|
|
# * Default is one hour.
|
|
# *
|
|
# * deleteAtStart: boolean, tells if you want to start a deletion loop at Etherpad startup. Default
|
|
# * is true.
|
|
# *
|
|
# * text: is the text that will replace the deleted pad's content. Default is what is in the example
|
|
# * above.
|
|
# */
|
|
# "ep_delete_after_delay": {
|
|
# "delay": 86400, // one day, in seconds
|
|
# "loop": true,
|
|
# "loopDelay": 3600, // one hour, in seconds
|
|
# "deleteAtStart": true,
|
|
# "text": "The content of this pad has been deleted since it was older than the configured delay."
|
|
# }, // ep_delete_after_delay
|
|
#
|
|
vim /var/www/etherpad/etherpad-lite/settings.json
|
|
|
|
|
|
|
|
# Exit from user etherpad
|
|
#
|
|
exit
|
|
|
|
|
|
# ---
|
|
# Continue as user 'root'
|
|
# ---
|
|
|
|
# Create systemd service file
|
|
#
|
|
cat <<EOF > /etc/systemd/system/etherpad.service
|
|
[Unit]
|
|
Description=Etherpad-lite, the collaborative editor.
|
|
After=syslog.target network.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=etherpad
|
|
Group=etherpad
|
|
WorkingDirectory=/var/www/etherpad/etherpad-lite
|
|
Environment=NODE_ENV=production
|
|
ExecStart=/usr/bin/nodejs /var/www/etherpad/etherpad-lite/node_modules/ep_etherpad-lite/node/server.js
|
|
Restart=always # use mysql plus a complete settings.json to avoid Service hold-off time over, scheduling restart.
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
|
|
# Start etherpad-lie at boot time
|
|
#
|
|
systemctl daemon-reload
|
|
systemctl enable etherpad.service
|
|
systemctl start etherpad.service
|
|
|
|
|
|
# NGINX as Proxy etherpad
|
|
#
|
|
FQHN="ep-6fwstq-ohv1zato8p.faire-mobilitaet.de"
|
|
FQHN="ep-ro-9357.reachoutberlin.de"
|
|
|
|
HOSTNAME="${FQHN%%.*}"
|
|
|
|
cat <<EOF > /etc/nginx/sites-available/${FQHN}.conf
|
|
# -- ${FQHN}
|
|
|
|
|
|
upstream etherpad-lite {
|
|
server 127.0.0.1:9001;
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
server_name ${FQHN};
|
|
rewrite ^(.*) https://\$server_name\$1 permanent;
|
|
}
|
|
|
|
# we're in the http context here
|
|
map \$http_upgrade \$connection_upgrade {
|
|
default upgrade;
|
|
'' close;
|
|
}
|
|
|
|
server {
|
|
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
|
|
server_name ${FQHN};
|
|
|
|
# - Needed for (automated) updating certificate
|
|
# -
|
|
include snippets/letsencrypt-acme-challenge.conf;
|
|
|
|
|
|
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
|
|
#
|
|
# To generate a dhparam.pem file, run in a terminal
|
|
# openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
|
|
#
|
|
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
|
|
|
|
|
|
# Eable session resumption to improve https performance
|
|
ssl_session_cache shared:SSL:50m;
|
|
ssl_session_timeout 10m;
|
|
ssl_session_tickets off;
|
|
|
|
|
|
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # omit SSLv3 because of POODLE
|
|
# omit SSLv3 because of POODLE
|
|
# omit TLSv1 TLSv1.1
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
|
|
# ECDHE better than DHE (faster) ECDHE & DHE GCM better than CBC (attacks on AES)
|
|
# Everything better than SHA1 (deprecated)
|
|
#
|
|
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA';
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
ssl_certificate /var/lib/dehydrated/certs/${FQHN}/fullchain.pem;
|
|
ssl_certificate_key /var/lib/dehydrated/certs/${FQHN}/privkey.pem;
|
|
|
|
location / {
|
|
#proxy_pass http://localhost:9001/;
|
|
proxy_pass http://etherpad-lite;
|
|
proxy_set_header Host \$host;
|
|
proxy_pass_header Server;
|
|
# be careful, this line doesn't override any proxy_buffering on set in a conf.d/file.conf
|
|
proxy_buffering off;
|
|
proxy_set_header X-Real-IP \$remote_addr; # http://wiki.nginx.org/HttpProxyModule
|
|
proxy_set_header X-Forwarded-For \$remote_addr; # EP logs to show the actual remote IP
|
|
proxy_set_header X-Forwarded-Proto \$scheme; # for EP to set secure cookie flag when https is used
|
|
proxy_set_header Host \$host; # pass the host header
|
|
proxy_http_version 1.1; # recommended with keepalive connections
|
|
# WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html
|
|
proxy_set_header Upgrade \$http_upgrade;
|
|
proxy_set_header Connection \$connection_upgrade;
|
|
|
|
}
|
|
|
|
access_log /var/log/nginx/${HOSTNAME}.access.log;
|
|
error_log /var/log/nginx/${HOSTNAME}.error.log;
|
|
}
|
|
EOF
|
|
|
|
# Enable new etherpad site
|
|
#
|
|
ln -s ../sites-available/${FQHN}.conf /etc/nginx/sites-enabled/
|
|
|
|
# Restart NGINX servive
|
|
#
|
|
systemctl restart nginx
|