install/etherpad-lite
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
c4d7ccef3b
etherpad-lite/README.install
Christoph c4d7ccef3b Initial commit
2020-05-24 22:57:59 +02:00

216 lines
5.6 KiB
Plaintext
Raw Blame History

# -----
# Install Etherpad Lite
# -----
# Add repository for node.js 10.x
#
curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
# Install nodejs
#
apt install -y nodejs
# Create user/group etherpad
#
_etherpad_user="etherpad"
adduser --system --home=/var/www/etherpad/ --group $_etherpad_user
# Become user etherpad
#
# Note: its a system account, so you have to provide a shell
#
su - etherpad -s /bin/bash
# Get/Install etherpad-lite
#
git clone --branch master https://github.com/ether/etherpad-lite.git
# Exit from user etherpad
#
exit
# Create systemd service file
#
cat <<EOF > /etc/systemd/system/etherpad.service
[Unit]
Description=Etherpad-lite, the collaborative editor.
After=syslog.target network.target
[Service]
Type=simple
User=etherpad
Group=etherpad
WorkingDirectory=/var/www/etherpad/etherpad-lite
Environment=NODE_ENV=production
ExecStart=/usr/bin/nodejs /var/www/etherpad/etherpad-lite/node_modules/ep_etherpad-lite/node/server.js
Restart=always # use mysql plus a complete settings.json to avoid Service hold-off time over, scheduling restart.
[Install]
WantedBy=multi-user.target
EOF
# Start etherpad-lie at boot time
#
systemctl daemon-reload
systemctl enable etherpad.service
systemctl start etherpad.service
# NGINX as Proxy etherpad
#
FQHN="ep-6fwstq-ohv1zato8p.faire-mobilitaet.de"
HOSTNAME="${FQHN%%.*}"
cat <<EOF > /etc/nginx/sites-available/${FQHN}.conf
# -- ${FQHN}
upstream etherpad-lite {
server 127.0.0.1:9001;
}
server {
listen 80;
listen [::]:80;
server_name ${FQHN};
rewrite ^(.*) https://\$server_name\$1 permanent;
}
# we're in the http context here
map \$http_upgrade \$connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${FQHN};
# - Needed for (automated) updating certificate
# -
include snippets/letsencrypt-acme-challenge.conf;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
#
# To generate a dhparam.pem file, run in a terminal
# openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
#
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Eable session resumption to improve https performance
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 10m;
ssl_session_tickets off;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # omit SSLv3 because of POODLE
# omit SSLv3 because of POODLE
# omit TLSv1 TLSv1.1
ssl_protocols TLSv1.2 TLSv1.3;
# ECDHE better than DHE (faster) ECDHE & DHE GCM better than CBC (attacks on AES)
# Everything better than SHA1 (deprecated)
#
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA';
ssl_prefer_server_ciphers on;
ssl_certificate /var/lib/dehydrated/certs/${FQHN}/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/${FQHN}/privkey.pem;
location / {
#proxy_pass http://localhost:9001/;
proxy_pass http://etherpad-lite;
proxy_set_header Host \$host;
proxy_pass_header Server;
# be careful, this line doesn't override any proxy_buffering on set in a conf.d/file.conf
proxy_buffering off;
proxy_set_header X-Real-IP \$remote_addr; # http://wiki.nginx.org/HttpProxyModule
proxy_set_header X-Forwarded-For \$remote_addr; # EP logs to show the actual remote IP
proxy_set_header X-Forwarded-Proto \$scheme; # for EP to set secure cookie flag when https is used
proxy_set_header Host \$host; # pass the host header
proxy_http_version 1.1; # recommended with keepalive connections
# WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection \$connection_upgrade;
}
access_log /var/log/nginx/${HOSTNAME}.access.log;
error_log /var/log/nginx/${HOSTNAME}.error.log;
}
EOF
# Enable new etherpad site
#
ln -s ../sites-available/${FQHN}.conf /etc/nginx/sites-enabled/
# Restart NGINX servive
#
systemctl restart nginx
# -----
# Configure etherpad
# ----
# Install abiword
#
# Abiword is needed to get advanced import/export features of pads. Setting
# it to null disables Abiword and will only allow plain text and HTML
# import/exports.
#
apt-get install abiword
cp -a /var/www/etherpad/etherpad-lite/settings.json /var/www/etherpad/etherpad-lite/settings.json.ORIG
# Edit settings file 'vim /var/www/etherpad/etherpad-lite/settings.json'
#
# 1.) enable abiword
# change
# "abiword": null,
# to
# "abiword": /usr/bin/abiword,
#
# 2.) Uncomment section '"users": {' and set password to make admin settings page
# available - https://${FQHN}/admin
#
# 3.) To suppress these warning messages change 'suppressErrorsInPadText' to true
#
vim /var/www/etherpad/etherpad-lite/settings.json
# Install the foollowing plugins via admin page
#
# - adminpads2
# - delete_after_delay
# - delete_empty_pads
# - fileupload
# - font_color
# - font_family
# - font_size
# - headings2
# - pad_title
# - printer
# - et_title_on_pad
# - subscript_and_superscript
# Plugin delete_after_delay
#
# Add foolowing code to settings.json
#
# "ep_delete_after_delay": {
# "delay": 86400, // one day, in seconds
# "loop": true,
# "loopDelay": 3600, // one hour, in seconds
# "deleteAtStart": true,
# "text": "The content of this pad has been deleted since it was older than the configured delay."
# },
#
vim /var/www/etherpad/etherpad-lite/settings.json
Reference in New Issue View Git Blame Copy Permalink