Mise à jour de 'Setup'
parent
8514c54acf
commit
7b6dfe6bf8
132
Setup.md
132
Setup.md
@ -114,25 +114,34 @@ $ cp /media/phil/HD1To/apixpress/data/nginx/nginx.conf /etc/nginx/nginx.conf
|
|||||||
#change include /media/phil/HD1To/apixpress/data/nginx/conf.d by your location
|
#change include /media/phil/HD1To/apixpress/data/nginx/conf.d by your location
|
||||||
# in dev check all servername exist into /etc/hosts as 127.0.0.1 website.clientid
|
# in dev check all servername exist into /etc/hosts as 127.0.0.1 website.clientid
|
||||||
$ sudo systemctl restart nginx
|
$ sudo systemctl restart nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
### For dev
|
||||||
|
|
||||||
|
```
|
||||||
$ yarn dev # to test or dev<br>
|
$ yarn dev # to test or dev<br>
|
||||||
$ yarn unittest # to run unittesting
|
$ yarn unittest # to run unittesting
|
||||||
|
|
||||||
|
Open your browser in http://dns then you are in your unchain town's interface as dev
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
Install the documentation wiki to update it directly in your editor, dopn't forget to push it if you have access right
|
||||||
|
|
||||||
|
```bash
|
||||||
|
cd ~/workspace
|
||||||
|
git clone https://gitea.ndda.fr/apxtrib/apxtrib.wiki.git
|
||||||
```
|
```
|
||||||
|
|
||||||
### For production
|
### For production
|
||||||
|
|
||||||
Follow the same process than for dev. Main differences are:
|
As for dev, check your http://den answer correctly in your browser
|
||||||
* the dns must be register to a physical IP adress check in your browser http://dns answer the apx admin page
|
|
||||||
*
|
|
||||||
|
|
||||||
**install certbot of let's encrypt for https within nginx conf**
|
**install certbot of let's encrypt for https within nginx conf**
|
||||||
|
|
||||||
replace townName.nationName.mooo.com by your data
|
replace townName.nationName.mooo.com by your data
|
||||||
|
|
||||||
|
|
||||||
```
|
```
|
||||||
|
# To get a ssl certificat in PRODUCTION with your sudoer user
|
||||||
# in PRODUCTION with your root or sudoer
|
|
||||||
|
|
||||||
sudo snap install core
|
sudo snap install core
|
||||||
sudo snap refresh core
|
sudo snap refresh core
|
||||||
@ -141,17 +150,21 @@ sudo snap install --classic certbot
|
|||||||
sudo ln -s /snap/bin/certbot /usr/bin/certbot
|
sudo ln -s /snap/bin/certbot /usr/bin/certbot
|
||||||
|
|
||||||
# manual command this is done by the setup sudo certbot --nginx -d townName.nationName.mooo.com
|
# manual command this is done by the setup sudo certbot --nginx -d townName.nationName.mooo.com
|
||||||
|
# The last command line is for information this will be run from you admin interface.
|
||||||
|
$ yarn startpm2
|
||||||
|
|
||||||
```
|
```
|
||||||
|
Check https://dns answer correctly.<br>
|
||||||
The last command line is for information this will be run from you admin interface.
|
That's it for the command line!
|
||||||
|
|
||||||
|
|
||||||
Ussefull command
|
### Usefull command
|
||||||
|
|
||||||
```
|
```
|
||||||
To list all the nginx conf that run under nginx, type in apxtrib folder
|
To list all the nginx conf that run under nginx, type in apxtrib folder
|
||||||
find . -name nginx_*.conf
|
find . -name nginx_*.conf
|
||||||
|
|
||||||
|
|
||||||
yarn pm2 info apixpress
|
yarn pm2 info apixpress
|
||||||
yarn logpm2 = yarn pm2 logs apixpress --lines 400
|
yarn logpm2 = yarn pm2 logs apixpress --lines 400
|
||||||
yarn pm2 monit apixpress
|
yarn pm2 monit apixpress
|
||||||
@ -170,105 +183,42 @@ yarn pm2 unstartup ; in case of error follow the command line provide like)
|
|||||||
sudo env PATH=$PATH:/home/phil/.nvm/versions/node/v17.3.0/bin /home/phil/workspace/apixpress/node_modules/pm2/bin/pm2 unstartup systemd -u phil --hp /home/phil
|
sudo env PATH=$PATH:/home/phil/.nvm/versions/node/v17.3.0/bin /home/phil/workspace/apixpress/node_modules/pm2/bin/pm2 unstartup systemd -u phil --hp /home/phil
|
||||||
|
|
||||||
in case of upgrade node version this can change
|
in case of upgrade node version this can change
|
||||||
|
|
||||||
To check apixpress is running properly type into web browser https://dns/app<br>
|
|
||||||
To access apiXpress Manager graphical user interface type: https://apixpress.domain <br>
|
|
||||||
|
|
||||||
## To add a town for dev purpose
|
|
||||||
|
|
||||||
As dev you'll squeeze many steps, you can use this dev install to:
|
|
||||||
* understand how this works localy without to be connected to the blockchain (nationchains)
|
|
||||||
* add local tribe to dev plugin or website to allow your clients (tribe's druid) to show and validate with them what they request you to do.
|
|
||||||
* dev new features that you want to add to the apXtrib community and earn Xcoin if the tech comitee valide your code
|
|
||||||
* Audit the code to highlight security fail and gain some Xcoin in our bounty challenge for any fail discover
|
|
||||||
* You can also try to pentest other towns to improve security
|
|
||||||
|
|
||||||
|
|
||||||
**DEVELOPMENT PURPOSE**
|
|
||||||
|
|
||||||
Install the document to update it
|
|
||||||
```bash
|
|
||||||
cd ~/workspace
|
|
||||||
git clone https://gitea.ndda.fr/apxtrib/apxtrib.wiki.git
|
|
||||||
```
|
```
|
||||||
|
|
||||||
Then simply open visyal studio with menu File -> Open space from file and choose apxtrib/apxtrib.code-workspace.
|
|
||||||
|
|
||||||
Ready to dev
|
|
||||||
|
|
||||||
|
|
||||||
**PRODUCTION PURPOSE**
|
## Backup & Loadbalancing
|
||||||
**install certbot of let's encrypt for https within nginx conf**
|
|
||||||
|
|
||||||
replace townName.nationName.mooo.com by your data
|
To back up your data, this can be valorized for your professionnal tribe. You can Shared your apxtrib space in 2 towns that you own (if they are not located at the same place)
|
||||||
|
|
||||||
as root
|
### Loadbalance
|
||||||
```
|
|
||||||
snap install core
|
|
||||||
snap refresh core
|
|
||||||
apt remove certbot
|
|
||||||
snap install --classic certbot
|
|
||||||
ln -s /snap/bin/certbot /usr/bin/certbot
|
|
||||||
# manual command this is done by the setup sudo certbot --nginx -d apixpress.ndda.fr
|
|
||||||
```
|
|
||||||
|
|
||||||
The last command line can be done for each new client @todo integrate it in the process of adding a website for a client
|
@TODO a tuto to setup this load balancing betwwen 2 towns
|
||||||
|
|
||||||
dns/app/ => apixpress.js route (header set related to dns)
|
rsync IPA TownA tribe1 <-> IPB TownB tribe2 use the same dns and set a ssl for tribe1 & tribe2.
|
||||||
dns/spacedev/ => nginx serve static file /data/domain/clientid/spacedev/website/dist/
|
Access both in ssh to rsync it
|
||||||
dns/cdn/ => nginx serve from /data/domain/clientid/www/cdn/
|
|
||||||
dns/www/ => nginx serve from /data/domain/clientid/www/app/website/
|
Set your registar with 2 IP adress or use a loadbalancer (stream with nginx)
|
||||||
|
If TownA fail down => TownB will take it
|
||||||
|
|
||||||
|
|
||||||
|
### Backup
|
||||||
|
|
||||||
|
@TODO Backup a tribes space in a roll process on external HD
|
||||||
|
|
||||||
|
each day / each 1st montth / each year until 3 years
|
||||||
|
sh script in a crontab
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Backup & maintenance
|
|
||||||
|
|
||||||
To back up your client data, this can be valorized for your professionnal clientId. You can also exchange between 2 apixpress server the physical backup.
|
|
||||||
|
|
||||||
Add external hard drive (at least in size 12 x the apiXpress/data space) and a {backupFolder} like **/mnt/hdexterne2/backup**
|
|
||||||
Add cloud scp access like phil@192.168.1.6:/mnt/hdexterne/fullbackup user phil has to have the same GUID number to work without asking password.
|
|
||||||
|
|
||||||
Then login as phil (ssh phil@IP)
|
|
||||||
```
|
|
||||||
// Add interaction with a root shell
|
|
||||||
$root crontab -e
|
|
||||||
// each 10mn update IP and a freedns domain to access externaly to the server nd.mooo.com (in case no fix IP)
|
|
||||||
3,13,23,33,43,53 * * * * sleep 31 ; wget -O - http://freedns.afraid.org/dynamic/update.php?KEY
|
|
||||||
// each day at 3:00 run a backup data process
|
|
||||||
0 3 * * * /root/cron/databckup.sh > /home/phil/workspace/apixpress/data/domain/apixpress/logs/backup.log 2>&1
|
|
||||||
```
|
|
||||||
|
|
||||||
copy & paste to vim /root/cron/databackup.sh
|
|
||||||
```
|
|
||||||
#!/bin/bash
|
|
||||||
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
|
|
||||||
// Backup script
|
|
||||||
// apiXPress/data Tar encrypted with /root/.pass
|
|
||||||
// roll backup into external hd that can be send to the cloud
|
|
||||||
// Tar et encrypte databckup dans databckup4export incrementale tourne tous les jours (7 fichiers de 1 à 7, 1 = lundi)
|
|
||||||
echo "tar file";
|
|
||||||
tar czf - /home/phil/workspace/apiXpress/data | openssl enc -e -aes-256-cbc -out /mnt/hdexterne2/backup/databckup$(date +%u) -pass file:/root/.pass
|
|
||||||
// copy bckup encrypté sur 192.168.1.6:2206
|
|
||||||
scp -P 2206 /mnt/hdexterne2/backup/databckup$(date +%u) phil@192.168.1.6:/mnt/hdexterne/fullbckup
|
|
||||||
// test if 1st day of the month to copy monthbackup
|
|
||||||
if [ `date +%d` == "01" ]
|
|
||||||
then
|
|
||||||
cp /mnt/hdexterne2/backup/databckup$(date +%u) /mnt/hdexterne2/backup/databckupmonth$(date +%B);
|
|
||||||
scp -P 2206 /mnt/hdexterne2/backup/databckupmonth$(date +%B) phil@192.168.1.6:/mnt/hdexterne/fullbckup;
|
|
||||||
fi
|
|
||||||
```
|
|
||||||
|
|
||||||
## Add an email sender account
|
## Add an email sender account
|
||||||
|
|
||||||
If you have your own smtp system, you can add in data/apixpress/clientconf.json
|
If you have your own smtp system, you can add in data/apixpress/clientconf.json
|
||||||
Carrefull this email will be used to send messages with the Email, not to send massiv campain. Those email are not crypté fro point to point (this means that the smtp provider can read those emails).<br>
|
Carrefull this email will be used to send messages with the Email, not to send massiv campain. Those email are not cipher from point to point (this means that the smtp provider can read those emails).<br>
|
||||||
They are many ways to setup email account if you don't know how please ask community to set up for you.
|
They are many ways to setup email account if you don't know how please ask community to set up for you.
|
||||||
|
|
||||||
|
|
||||||
|
Simply add this in ./nationchains/tribes/conf.json
|
||||||
|
|
||||||
```
|
```
|
||||||
smtpgoogle:{
|
smtpgoogle:{
|
||||||
From:{Email:,Name:},
|
From:{Email:,Name:},
|
||||||
@ -279,7 +229,7 @@ smtpmailjet:{
|
|||||||
From:{Email,Name},
|
From:{Email,Name},
|
||||||
apikeypub:"",apikeypriv:""
|
apikeypub:"",apikeypriv:""
|
||||||
}
|
}
|
||||||
Those accounts will be use if they do not exist in clientId/clientconf.json or has reach maximum of sending.
|
Those accounts will be use if they do not exist in tribes/tribeId/conf.json or has reach maximum of sending.
|
||||||
|
|
||||||
|
|
||||||
```
|
```
|
||||||
|
Loading…
Reference in New Issue
Block a user