apxtri/apxtri
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

manage reverse proxy ip for Caddy.js

Browse Source
This commit is contained in:
philc
2026-05-14 12:40:37 +02:00
parent ad443f2760
commit d53ea27f4b
3 changed files with 246 additions and 218 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documents/01-SETUP.md
+40 -34
View File
@@ -481,7 +481,7 @@ Town mytown is now running at https://mytown-ants.example.com
**What post-setup.sh does:**
1. **Updates `/etc/systemd/system/apxtri.service`:**
1. **Updates `/etc/systemd/system/apxtri@.service`:**
```ini
[Unit]
Description=apXtri production service - mytown-ants
@@ -493,10 +493,11 @@ Town mytown is now running at https://mytown-ants.example.com
Group=apxtri
WorkingDirectory=/opt/apxtowns/mytown-ants/apxtri
EnvironmentFile=/opt/apxtowns/mytown-ants/apxtri/.env
ExecStart=/bin/bash -lc "source /opt/apxtowns/mytown-ants/apxtri/.nvm/nvm.sh && npm run prod"
ExecStop=/bin/bash -lc "source /opt/apxtowns/mytown-ants/apxtri/.nvm/nvm.sh && pkill -u apxtri -f 'node.*prod'"
ExecStart=/bin/bash -lc "source /opt/apxtowns/mytown-ants/apxtri/.nvm/nvm.sh && node apxtri.js"
Restart=on-failure
RestartSec=5s
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target
@@ -505,18 +506,18 @@ Town mytown is now running at https://mytown-ants.example.com
2. **Runs systemd commands:**
```bash
systemctl daemon-reload
systemctl enable apxtri
systemctl start apxtri
systemctl enable apxtri@mytown-ants
systemctl start apxtri@mytown-ants
```
#### 11. Verify Service is Running
```bash
# Check service status
sudo systemctl status apxtri
sudo systemctl status apxtri@town.nation
# View real-time logs
sudo journalctl -f -u apxtri.service
sudo journalctl -fu apxtri@town.nation
# Check if port 3000 is listening
sudo netstat -tlnp | grep 3000
@@ -627,7 +628,7 @@ ls -ld /var/lib/apxtowns/
# drwxrwxr-x apxtri apxtri
# Service file
ls -l /etc/systemd/system/apxtri.service
ls -l /etc/systemd/system/apxtri@.service
# -rw-r--r-- root root
```
@@ -635,12 +636,11 @@ ls -l /etc/systemd/system/apxtri.service
```bash
# Check listening ports
sudo netstat -tlnp | grep -E '(3000|3001|80|443)'
sudo netstat -tlnp | grep -E '(3000|3001|80)'
# 3000: API (localhost only)
# 3001: WebSocket (localhost only)
# 80: HTTP (Caddy, redirects to 443)
# 443: HTTPS (Caddy)
# 80: HTTP (Caddy) — all modes
```
---
@@ -690,26 +690,29 @@ crontab -e
### Daily Operations
**Start/Stop/Restart:**
**Service management (all modes):**
```bash
sudo systemctl start apxtri
sudo systemctl stop apxtri
sudo systemctl restart apxtri
sudo systemctl start apxtri@town.nation
sudo systemctl stop apxtri@town.nation
sudo systemctl restart apxtri@town.nation
sudo systemctl status apxtri@town.nation
```
**View logs:**
| Mode | Command |
|------|---------|
| **Dev** | `apxdev town.nation logs` |
| **Prod** | `sudo journalctl -fu apxtri@town.nation` |
**Backup logs:**
```bash
# Real-time system logs
sudo journalctl -f -u apxtri.service
tail -f /var/lib/apxtowns/town.nation/town/logs/backup.log
```
# Application logs
tail -f /var/lib/apxtowns/data/apxtri/logs/apxtri.log
# Backup logs
tail -f /var/lib/apxtowns/data/apxtri/logs/backup.log
# Update logs
tail -f /var/lib/apxtowns/data/apxtri/logs/update.log
**Update logs:**
```bash
tail -f /var/lib/apxtowns/town.nation/town/logs/update.log
```
**Check blockchain status:**
@@ -766,7 +769,7 @@ sudo netstat -an | grep 3000
**Check logs:**
```bash
sudo journalctl -u apxtri.service -n 50
sudo journalctl -u apxtri@town.nation -n 50
```
**Common issues:**
@@ -781,24 +784,27 @@ sudo chown -R apxtri:apxtri /opt/apxtowns/mytown-ants/
sudo chown -R apxtri:apxtri /var/lib/apxtowns/
```
### SSL Certificate Issues
### HTTPS / TLS Issues
SSL/HTTPS is not enabled by default. If you encounter issues:
**Check Caddy logs:**
```bash
sudo journalctl -u caddy -n 50
```
**Common issues:**
**Common HTTP issues:**
- Domain not pointing to server IP
- Ports 80/443 blocked by firewall
- Let's Encrypt rate limit hit
- Port 80 blocked by firewall
- PROXY protocol misconfigured (see `01a-LXC.md` for HAProxy setup)
- Caddy not running: `sudo systemctl status caddy`
**Test manually:**
**Test HTTP access:**
```bash
# Check DNS resolution
dig mytown-ants.example.com
# Check port accessibility
# Check HTTP accessibility
curl -I http://mytown-ants.example.com
```
@@ -934,7 +940,7 @@ cat /etc/os-release
sudo systemctl status apxtri
# Recent logs
sudo journalctl -u apxtri.service -n 100
sudo journalctl -u apxtri@town.nation -n 100
# Configuration (redact PRIVKMAYOR!)
cat /opt/apxtowns/mytown-ants/apxtri/.env | grep -v PRIVKMAYOR
@@ -996,7 +1002,7 @@ cat /opt/apxtowns/mytown-ants/apxtri/.env | grep -v PRIVKMAYOR
└── wwws/ # Static websites
/etc/systemd/system/
└── apxtri.service # SystemD service file
└── apxtri@.service # SystemD service file (template)
/etc/caddy/
└── Caddyfile # Caddy configuration
documents/02-EXAMPLE_INSTALL.md
+174 -163
View File
@@ -1,230 +1,233 @@
# Example Installation with init.sh
## DEV Mode Installation (Interactive)
## DEV Mode Installation
```bash
$ ./init.sh
$ sudo ./init.sh --town mydev --nation test
============================================
apXtri Installation Configuration
============================================
Mode: dev
Town: mydev
Nation: test
Domain: admin.mydev.test
API Port: 3000
Data Path: /var/lib/apxtowns/mydev.test
Node Path: /opt/apxtowns/mydev.test
Project Dir: /opt/apxtowns/mydev.test/apxtri
Tribe Data: /var/lib/apxtowns/mydev.test/mydev
============================================
Enter town name [farm]: mydev
Enter nation name (use 'test' for dev mode) [ants]: test
[INFO] Detected DEV mode (nation=test)
[INFO] Using local domain: admin.apxtri.mydev.test
[INFO] Using API port: 3000
Continue? [Y/n]: y
---
Final configuration:
Mode: dev
Town: mydev
Nation: test
Domain: admin.apxtri.mydev.test
API Port: 3000
Data Path: /var/lib/apxtowns/mydev.test
Node Path: /opt/apxtowns/mydev.test
---
Continue with this configuration? [Y/n]: y
[STEP 1/10] Installing system dependencies...
[STEP 2/10] Installing Caddy...
[STEP 3/10] Configuring /etc/hosts...
[INFO] Added admin.apxtri.mydev.test to /etc/hosts
[STEP 4/10] Creating system user...
[STEP 5/10] Configuring Caddy service...
[STEP 6/10] Creating directories...
[STEP 7/10] Cloning repositories...
[STEP 8/10] Creating environment configuration...
[STEP 9/10] Installing Node.js via NVM...
[STEP 10/10] Creating systemd service...
Configuring Caddy reverse proxy...
Configuring crontab for automated tasks...
[INFO] Added update.sh cron job (daily at 03:00)
[INFO] Added backup.sh cron job (daily at 01:00)
[INFO] Crontab configured successfully
[STEP 1/11] Installing system dependencies...
[STEP 2/11] Installing Caddy...
[STEP 3/11] Configuring /etc/hosts...
[INFO] Added admin.mydev.test to /etc/hosts
[STEP 4/11] Creating system user...
[STEP 5/11] Creating directories...
[STEP 6/11] Cloning apxtri repository...
[STEP 7/11] Setting up tribe skeleton...
[STEP 8/11] Creating environment configuration...
[STEP 9/11] Installing Node.js...
[STEP 10/11] Creating systemd service...
[STEP 11] Installing helper scripts to /usr/local/bin...
[INFO] Installed: apxdev
[INFO] Cron file created: /etc/cron.d/apxtri-mydev.test
[INFO] Backup cron entry added to /etc/cron.d/apxtri-mydev.test
============================================
INSTALLATION COMPLETE
============================================
Configuration Summary:
Mode: dev
Town: mydev
Nation: test
Domain: admin.apxtri.mydev.test
API Port: 3000
Data Path: /var/lib/apxtowns/mydev.test
Node Path: /opt/apxtowns/mydev.test
Configuration:
Instance: mydev.test
Mode: dev
API Port: 3000
Network Information:
LAN IP: 192.168.1.100
Public IP: 203.0.113.42
Directories:
Code: /opt/apxtowns/mydev.test/apxtri
Data: /var/lib/apxtowns/mydev.test
Tribe Data: /var/lib/apxtowns/mydev.test/mydev
Tribe Code: /opt/apxtowns/mydev.test/mydev
Service Management:
Start: sudo systemctl start apxtri
Stop: sudo systemctl stop apxtri
Restart: sudo systemctl restart apxtri
Status: sudo systemctl status apxtri
Start: sudo systemctl start apxtri@mydev.test
Stop: sudo systemctl stop apxtri@mydev.test
Status: sudo systemctl status apxtri@mydev.test
Logs: apxdev mydev.test logs
Log Access:
File: tail -f /var/lib/apxtowns/mydev.test/dev/logs/apxtri.log
Journal: sudo journalctl -u apxtri -f
Helper:
apxdev - Manage apxtri instances (run, logs, restart)
Helper Commands:
apxdev - Quick restart and log viewing
Access: http://admin.mydev.test
Development URL: http://admin.apxtri.mydev.test
⚠️ User username was added to group apxtri
Run 'newgrp apxtri' or log out/in for permissions to take effect
Next Steps:
1. Start development server: apxdev
2. Access admin interface: http://admin.apxtri.mydev.test
3. Check logs for any issues
For help or feedback: https://discord.gg/89Ucsnej
============================================
```
## PROD Mode Installation (Interactive)
### Post-Installation in Dev Mode
```bash
$ ./init.sh
# Start the server in foreground
apxdev mydev.test
# View logs
apxdev mydev.test logs
# Open admin interface
# http://admin.mydev.test
```
---
## PROD Mode Installation (Direct)
```bash
$ sudo ./init.sh --town production --nation ants --domain prod-ants.example.com
============================================
apXtri Installation Configuration
============================================
Mode: prod
Town: production
Nation: ants
Domain: prod-ants.example.com
API Port: 3000
Data Path: /var/lib/apxtowns/production.ants
Node Path: /opt/apxtowns/production.ants
Project Dir: /opt/apxtowns/production.ants/apxtri
Tribe Data: /var/lib/apxtowns/production.ants/production
============================================
Enter town name [farm]: production
Enter nation name (use 'test' for dev mode) [ants]: ants
[INFO] Detected PROD mode (nation=ants)
Enter domain name (e.g., mytown.example.com): mytown.example.com
[INFO] Using API port: 3000
Continue? [Y/n]: y
---
Final configuration:
Mode: prod
Town: production
Nation: ants
Domain: mytown.example.com
API Port: 3000
Data Path: /var/lib/apxtowns/production.ants
Node Path: /opt/apxtowns/production.ants
---
Continue with this configuration? [Y/n]: y
[STEP 1/10] Installing system dependencies...
[STEP 2/10] Installing Caddy...
[STEP 3/10] Creating system user...
[STEP 4/10] Configuring Caddy service...
[STEP 5/10] Creating directories...
[STEP 6/10] Cloning repositories...
[STEP 7/10] Creating environment configuration...
[STEP 8/10] Installing Node.js via NVM...
[STEP 9/10] Creating systemd service...
[STEP 10/10] Configuring crontab...
Configuring Caddy reverse proxy...
[STEP 1/11] Installing system dependencies...
[STEP 2/11] Installing Caddy...
[STEP 3/11] Creating system user...
[STEP 4/11] Creating directories...
[STEP 5/11] Cloning apxtri repository...
[STEP 6/11] Setting up tribe skeleton...
[STEP 7/11] Creating environment configuration...
[STEP 8/11] Installing Node.js...
[STEP 9/11] Creating systemd service...
[STEP 10] Configuring automatic updates (cron)...
[STEP 11] Configuring automatic backups (cron)...
============================================
INSTALLATION COMPLETE
============================================
Configuration Summary:
Mode: prod
Town: production
Nation: ants
Domain: mytown.example.com
API Port: 3000
Data Path: /var/lib/apxtowns/production.ants
Node Path: /opt/apxtowns/production.ants
Configuration:
Instance: production.ants
Mode: prod
API Port: 3000
Network Information:
LAN IP: 192.168.1.100
Public IP: 203.0.113.42
Directories:
Code: /opt/apxtowns/production.ants/apxtri
Data: /var/lib/apxtowns/production.ants
Tribe Data: /var/lib/apxtowns/production.ants/production
Tribe Code: /opt/apxtowns/production.ants/production
Service Management:
Start: sudo systemctl start apxtri
Stop: sudo systemctl stop apxtri
Restart: sudo systemctl restart apxtri
Status: sudo systemctl status apxtri
Start: sudo systemctl start apxtri@production.ants
Stop: sudo systemctl stop apxtri@production.ants
Status: sudo systemctl status apxtri@production.ants
Logs: sudo journalctl -fu apxtri@production.ants
Log Access:
File: tail -f /var/lib/apxtowns/production.ants/production/logs/apxtri.log
Journal: sudo journalctl -u apxtri -f
⚠️ IMPORTANT SECURITY STEPS:
1. Change the password for user apxtri: sudo passwd apxtri
2. Configure firewall rules if needed
3. Review and secure /opt/apxtowns/production.ants/apxtri/.env
Next Steps:
1. Complete the town setup by accessing the admin interface
2. Monitor automated backups in /var/lib/apxtowns/production.ants/production/backups/
3. Check logs for any issues
For help or feedback: https://discord.gg/89Ucsnej
============================================
```
### Post-Installation in Prod Mode
```bash
# Check service status
sudo systemctl status apxtri@production.ants
# View logs
sudo journalctl -fu apxtri@production.ants
```
---
## PROD Mode Installation (behind HAProxy)
```bash
sudo ./init.sh \
--town nova \
--nation libera \
--domain nova.libera.maildigit.fr \
--trusted-proxy-ips 192.168.1.3
```
See `documents/01a-LXC.md` for HAProxy configuration details.
---
## Non-Interactive Installation
```bash
# Dev mode
./init.sh --town mydev --nation test
sudo ./init.sh --town mydev --nation test
# Prod mode with all parameters
./init.sh --town production --nation ants --domain mytown.example.com --apiport 3000
# Prod mode with domain
sudo ./init.sh --town production --nation ants --domain mytown.example.com
# Prod mode behind HAProxy
./init.sh --town nova --nation libera --domain nova.libera.maildigit.fr --trusted-proxy-ips 192.168.1.3
sudo ./init.sh --town nova --nation libera --domain nova.libera.maildigit.fr --trusted-proxy-ips 192.168.1.3
# Clean install (removes existing installation)
./init.sh --clean --town mydev --nation test
# Clean reinstall
sudo ./init.sh --clean --town mydev --nation test
```
---
## Post-Installation Verification
### 1. Check Service
```bash
sudo systemctl status apxtri
sudo systemctl status apxtri@town.nation
```
### 2. Check Crontabs
```bash
sudo -u apxtri crontab -l
cat /etc/cron.d/apxtri-town.nation
```
Expected output:
```
0 3 * * * /opt/apxtowns/mydev.test/apxtri/setup/update.sh >> /var/lib/apxtowns/mydev.test/dev/logs/update.log 2>&1
0 1 * * * /opt/apxtowns/mydev.test/apxtri/setup/backup.sh mydev dayname nations,towns,pagans >> /var/lib/apxtowns/mydev.test/dev/logs/backup.log 2>&1
# apxtri town.nation - automatic updates
SHELL=/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# Update check daily at 3:00 AM
0 3 * * * root /opt/apxtowns/town.nation/apxtri/setup/update.sh >> /var/lib/apxtowns/town.nation/town/logs/update.log 2>&1
# Backup: daily at 4:00 AM
0 4 * * * root /opt/apxtowns/town.nation/apxtri/setup/backup.sh dayname >> /var/lib/apxtowns/town.nation/town/logs/backup.log 2>&1
```
### 3. Check Logs
```bash
# Service logs
tail -f /var/lib/apxtowns/mydev.test/dev/logs/apxtri.log
# Dev mode
apxdev town.nation logs
# Or via journalctl
sudo journalctl -u apxtri -f
# Prod mode
sudo journalctl -fu apxtri@town.nation
```
### 4. Test Scripts Manually
```bash
# Test backup
sudo -u apxtri /opt/apxtowns/mydev.test/apxtri/setup/backup.sh mydev dayname nations,towns,pagans
sudo -u apxtri /opt/apxtowns/town.nation/apxtri/setup/backup.sh town dayname nations,towns,pagans
# Test update
sudo -u apxtri /opt/apxtowns/mydev.test/apxtri/setup/update.sh
sudo -u apxtri /opt/apxtowns/town.nation/apxtri/setup/update.sh
```
### 5. Check Backups
```bash
ls -lh /var/lib/apxtowns/mydev.test/dev/backups/
ls -lh /var/lib/apxtowns/town.nation/town/backups/
```
Expected output (after a few days):
@@ -233,30 +236,38 @@ Expected output (after a few days):
-rw-r--r-- 1 apxtri apxtri 1.3M Tue.apxtri.objects.tar.gz
```
---
## Daily Usage
### Quick Start in Dev
### Dev Mode
```bash
apxdev
# Restarts the service and shows logs
# Quick start
apxdev town.nation
# View logs
apxdev town.nation logs
# Restart
apxdev town.nation restart
# Stop
apxdev town.nation stop
# Status
apxdev town.nation status
```
### View Logs in Real-Time
```bash
apxdev logs
```
### Prod Mode
### Restart Service
```bash
apxdev restart
```
# View logs
sudo journalctl -fu apxtri@town.nation
### Stop Service
```bash
apxdev stop
```
### Check Status
```bash
apxdev status
# Service management
sudo systemctl start apxtri@town.nation
sudo systemctl stop apxtri@town.nation
sudo systemctl restart apxtri@town.nation
sudo systemctl status apxtri@town.nation
```
setup/init.sh
+32 -21
View File
@@ -8,8 +8,12 @@
# Usage:
# sudo ./init.sh --town <name> --nation <name> [--clean] [--help]
#
# Example:
# sudo ./init.sh --town farm --nation test
# Examples:
# sudo ./init.sh --town farm --nation test # Dev mode
# sudo ./init.sh --town nova --nation libera --domain nova.libera.maildigit.fr # Prod mode
# sudo ./init.sh --town nova --nation libera --domain x.fr --trusted-proxy-ips 1.2.3.4 # Prod behind proxy
#
# Note: Install is always HTTP only. HTTPS activation is done later via web UI.
set -eEuo pipefail
trap 'err_handler $LINENO $?' ERR
@@ -576,19 +580,22 @@ CRONEOF
echo "[INFO] Backup cron entry added to $CRON_FILE"
echo "[STEP 11] Installing helper scripts to /usr/local/bin..."
USRLOCALBIN_DIR="${PROJECT_DIR}/setup/usrlocalbin"
if [[ -d "$USRLOCALBIN_DIR" ]]; then
for script in "$USRLOCALBIN_DIR"/*; do
if [[ -f "$script" && -x "$script" ]]; then
script_name=$(basename "$script")
sudo cp "$script" "/usr/local/bin/$script_name"
sudo chmod +x "/usr/local/bin/$script_name"
echo "[INFO] Installed: $script_name"
fi
done
else
echo "[INFO] No scripts in $USRLOCALBIN_DIR"
# Only install helper scripts in dev mode
if [[ "$MODE" == "dev" ]]; then
echo "[STEP 11] Installing helper scripts to /usr/local/bin..."
USRLOCALBIN_DIR="${PROJECT_DIR}/setup/usrlocalbin"
if [[ -d "$USRLOCALBIN_DIR" ]]; then
for script in "$USRLOCALBIN_DIR"/*; do
if [[ -f "$script" && -x "$script" ]]; then
script_name=$(basename "$script")
sudo cp "$script" "/usr/local/bin/$script_name"
sudo chmod +x "/usr/local/bin/$script_name"
echo "[INFO] Installed: $script_name"
fi
done
else
echo "[INFO] No scripts in $USRLOCALBIN_DIR"
fi
fi
# ==== FINAL MESSAGE ====
@@ -608,17 +615,21 @@ echo " Data: $DATAPATH"
echo " Tribe Data: $TRIBE_DATA_DIR"
echo " Tribe Code: $TRIBE_CODE_DIR"
echo ""
echo "Service:"
echo "Service Management:"
echo " Start: sudo systemctl start apxtri@$TOWN.$NATION"
echo " Stop: sudo systemctl stop apxtri@$TOWN.$NATION"
echo " Status: sudo systemctl status apxtri@$TOWN.$NATION"
echo " Logs: apxdev $TOWN.$NATION logs"
echo ""
echo "Helper:"
echo " apxdev - Manage apxtri instances"
if [[ "$MODE" == "dev" ]]; then
echo " Logs: apxdev $TOWN.$NATION logs"
else
echo " Logs: sudo journalctl -fu apxtri@$TOWN.$NATION"
fi
echo ""
if [[ "$MODE" == "dev" ]]; then
echo "Access: http://$DOMAIN:$APIPORT"
echo "Helper:"
echo " apxdev - Manage apxtri instances (run, logs, restart)"
echo ""
echo "Access: http://$DOMAIN"
fi
echo ""
echo "============================================"