apxtri/apxtrib
apxtri/apxtrib
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects 2 Releases Wiki Activity

Mise à jour de 'Setup'

philc 2023-04-29 05:15:10 +00:00
parent 8514c54acf
commit 7b6dfe6bf8
1 changed files with 41 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

132
Setup.md

@ -114,25 +114,34 @@ $ cp /media/phil/HD1To/apixpress/data/nginx/nginx.conf /etc/nginx/nginx.conf
#change include /media/phil/HD1To/apixpress/data/nginx/conf.d by your location
# in dev check all servername exist into /etc/hosts as 127.0.0.1 website.clientid
$ sudo systemctl restart nginx
```
### For dev
```
$ yarn dev # to test or dev<br>
$ yarn unittest # to run unittesting
Open your browser in http://dns then you are in your unchain town's interface as dev
```
Install the documentation wiki to update it directly in your editor, dopn't forget to push it if you have access right
```bash
cd ~/workspace
git clone https://gitea.ndda.fr/apxtrib/apxtrib.wiki.git
```
### For production
Follow the same process than for dev. Main differences are:
* the dns must be register to a physical IP adress check in your browser http://dns answer the apx admin page
*
As for dev, check your http://den answer correctly in your browser
**install certbot of let's encrypt for https within nginx conf**
replace townName.nationName.mooo.com by your data
```
# in PRODUCTION with your root or sudoer
# To get a ssl certificat in PRODUCTION with your sudoer user
sudo snap install core
sudo snap refresh core
@ -141,17 +150,21 @@ sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
# manual command this is done by the setup sudo certbot --nginx -d townName.nationName.mooo.com
# The last command line is for information this will be run from you admin interface.
$ yarn startpm2
```
The last command line is for information this will be run from you admin interface.
Check https://dns answer correctly.<br>
That's it for the command line!
Ussefull command
### Usefull command
```
To list all the nginx conf that run under nginx, type in apxtrib folder
find . -name nginx_*.conf
yarn pm2 info apixpress
yarn logpm2 = yarn pm2 logs apixpress --lines 400
yarn pm2 monit apixpress
@ -170,105 +183,42 @@ yarn pm2 unstartup ; in case of error follow the command line provide like)
sudo env PATH=$PATH:/home/phil/.nvm/versions/node/v17.3.0/bin /home/phil/workspace/apixpress/node_modules/pm2/bin/pm2 unstartup systemd -u phil --hp /home/phil
in case of upgrade node version this can change
To check apixpress is running properly type into web browser https://dns/app<br>
To access apiXpress Manager graphical user interface type: https://apixpress.domain <br>
## To add a town for dev purpose
As dev you'll squeeze many steps, you can use this dev install to:
* understand how this works localy without to be connected to the blockchain (nationchains)
* add local tribe to dev plugin or website to allow your clients (tribe's druid) to show and validate with them what they request you to do.
* dev new features that you want to add to the apXtrib community and earn Xcoin if the tech comitee valide your code
* Audit the code to highlight security fail and gain some Xcoin in our bounty challenge for any fail discover
* You can also try to pentest other towns to improve security
**DEVELOPMENT PURPOSE**
Install the document to update it
```bash
cd ~/workspace
git clone https://gitea.ndda.fr/apxtrib/apxtrib.wiki.git
```
Then simply open visyal studio with menu File -> Open space from file and choose apxtrib/apxtrib.code-workspace.
Ready to dev
**PRODUCTION PURPOSE**
**install certbot of let's encrypt for https within nginx conf**
## Backup & Loadbalancing
replace townName.nationName.mooo.com by your data
To back up your data, this can be valorized for your professionnal tribe. You can Shared your apxtrib space in 2 towns that you own (if they are not located at the same place)
as root
```
snap install core
snap refresh core
apt remove certbot
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
# manual command this is done by the setup sudo certbot --nginx -d apixpress.ndda.fr
```
### Loadbalance
The last command line can be done for each new client @todo integrate it in the process of adding a website for a client
@TODO a tuto to setup this load balancing betwwen 2 towns
dns/app/ => apixpress.js route (header set related to dns)
dns/spacedev/ => nginx serve static file /data/domain/clientid/spacedev/website/dist/
dns/cdn/ => nginx serve from /data/domain/clientid/www/cdn/
dns/www/ => nginx serve from /data/domain/clientid/www/app/website/
rsync IPA TownA tribe1 <-> IPB TownB tribe2 use the same dns and set a ssl for tribe1 & tribe2.
Access both in ssh to rsync it
Set your registar with 2 IP adress or use a loadbalancer (stream with nginx)
If TownA fail down => TownB will take it
### Backup
@TODO Backup a tribes space in a roll process on external HD
each day / each 1st montth / each year until 3 years
sh script in a crontab
## Backup & maintenance
To back up your client data, this can be valorized for your professionnal clientId. You can also exchange between 2 apixpress server the physical backup.
Add external hard drive (at least in size 12 x the apiXpress/data space) and a {backupFolder} like **/mnt/hdexterne2/backup**
Add cloud scp access like phil@192.168.1.6:/mnt/hdexterne/fullbackup user phil has to have the same GUID number to work without asking password.
Then login as phil (ssh phil@IP)
```
// Add interaction with a root shell
$root crontab -e
// each 10mn update IP and a freedns domain to access externaly to the server nd.mooo.com (in case no fix IP)
3,13,23,33,43,53 * * * * sleep 31 ; wget -O - http://freedns.afraid.org/dynamic/update.php?KEY
// each day at 3:00 run a backup data process
0 3 * * * /root/cron/databckup.sh > /home/phil/workspace/apixpress/data/domain/apixpress/logs/backup.log 2>&1
```
copy & paste to vim /root/cron/databackup.sh
```
#!/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
// Backup script
// apiXPress/data Tar encrypted with /root/.pass
// roll backup into external hd that can be send to the cloud
// Tar et encrypte databckup dans databckup4export incrementale tourne tous les jours (7 fichiers de 1 à 7, 1 = lundi)
echo "tar file";
tar czf - /home/phil/workspace/apiXpress/data | openssl enc -e -aes-256-cbc -out /mnt/hdexterne2/backup/databckup$(date +%u) -pass file:/root/.pass
// copy bckup encrypté sur 192.168.1.6:2206
scp -P 2206 /mnt/hdexterne2/backup/databckup$(date +%u) phil@192.168.1.6:/mnt/hdexterne/fullbckup
// test if 1st day of the month to copy monthbackup
if [ `date +%d` == "01" ]
then
cp /mnt/hdexterne2/backup/databckup$(date +%u) /mnt/hdexterne2/backup/databckupmonth$(date +%B);
scp -P 2206 /mnt/hdexterne2/backup/databckupmonth$(date +%B) phil@192.168.1.6:/mnt/hdexterne/fullbckup;
fi
```
## Add an email sender account
If you have your own smtp system, you can add in data/apixpress/clientconf.json
Carrefull this email will be used to send messages with the Email, not to send massiv campain. Those email are not crypté fro point to point (this means that the smtp provider can read those emails).<br>
Carrefull this email will be used to send messages with the Email, not to send massiv campain. Those email are not cipher from point to point (this means that the smtp provider can read those emails).<br>
They are many ways to setup email account if you don't know how please ask community to set up for you.
Simply add this in ./nationchains/tribes/conf.json
```
smtpgoogle:{
From:{Email:,Name:},
@ -279,7 +229,7 @@ smtpmailjet:{
From:{Email,Name},
apikeypub:"",apikeypriv:""
}
Those accounts will be use if they do not exist in clientId/clientconf.json or has reach maximum of sending.
Those accounts will be use if they do not exist in tribes/tribeId/conf.json or has reach maximum of sending.
```