update setup md

philc 2023-02-09 17:32:02 +01:00
parent 99b44ec373
commit 976e2b08cc
2 changed files with 62 additions and 58 deletions

118
Setup.md

@ -8,61 +8,45 @@ In any doubt ask the community to set up a production server for small cost for
**Data pre-request:**
* identify a nation you want to belong to - see [nations list](https://apxtrib.crabdance.com/socialworld/objects/nations/searchindex/nationslist.json)
* a town name that does not exist [towns list](https://apxtrib.crabdance.com/socialworld/objects/nations/searchindex/townslist.json)
* a dns that redirect to your public IP server (for dev purpose set /etc/hosts with 127.0.0.1 town.localnation for prod register an townname.nationname A IP adsresss)
* identify a **nationName** you want to belong to - see [nations list](https://apxtrib.crabdance.com/socialworld/objects/nations/searchindex/nationslist.json)
* a **townName** that does not exist [towns list](https://apxtrib.crabdance.com/socialworld/objects/nations/searchindex/townslist.json)
* **sudoerUser** with root access right on your machine
* a dns that redirect to your public IP server
- For dev: set /etc/hosts with 127.0.0.1 townName.nationName.localnation
- For prod: register a townname.nationname A IP adresss (see the free DNS Solution)[https://gitea.ndda.fr/apxtrib/apxtrib/wiki/UsefullfreeDNS] to get your public IP [https://www.whatismyip.com/](https://www.whatismyip.com)
**Physical pre-request:**
For production:
* An ubuntu server > 20 (VPS or physical machine) accessible from ssh root@IP adresse
* An ubuntu server > 20 (VPS or physical machine) with snap (sudo apt install snap if not yet installed) accessible from ssh root@IP adress. (you can purchase an industrial fanless plug & play on your network)
For dev:
* Any linux, but all tuto are based on debian set up
* Any linux distro, but all tuto are based on ubuntu desktop set up with nginx visual studio, so just adapt to your tools.
This tuto will:
* use nginx to deal with ssl certificat (https)
* use nginx as reverse proxy based on dns abd url to the apXtrib routes
* use nginx to serve static file based on dns and file name
* use nginx to serve static file based on dns and file name
* use pm2 to manage apxtrib.js, see [pm2 doc](https://pm2.keymetrics.io/docs/usage/pm2-doc-single-page/)
* create your tribe space call townname with an admin user
* serve the apxtrib webapp graphical interface to manage your env (create new ClientId space, manage your server's ressource,... ) [Link to ]
**At the end** you will have a town live instance link to the nationchains or a local town dev to create plugin or add feature to apXtrib.
**At the end**
* **For production:** you will have a town live instance link to the nationchains. Graphical interface will be on https://townName.nationName.mooo.com with your data
* **For dev:** a local town with no link to the nationchains, to create/test plugins/new feature, that you can also use as pre-prod availble in http://townname.nationName.localnation
## To set up a machine
**Pre-request**:
An ubuntu server version > 20 (VPS, physical machine,....) accessible from ssh root@IP address.
This setup process was tested on LXC ubuntu/focal.
snapd (snap --version) is already installed by default, need to install it if not ($ sudo apt install snap).
For your physical machine (only way to decentralize the control) see https://ubuntu.com/tutorials/install-ubuntu-server#1-overview
You can use any other linux distro but you need to write your own setup.js .If you do please send us your setup (support@apixpress.org) and we'll share to the community. Also, share other way to set up (other static web engine, apache, haproxy, ...). Less standardization means more security. You'll find the process install in models/Setup.js. It collects necessary data then run a bunch of command. We kept command line install for software we use in case their install process evolve before we can update this tuto. In case of any issue please contact any admin of an apXtrib instance.
## To add a town to a nation
---
**Parameter to anticipate**:
- nationName: you want to join (check it's rules) ex: ants nation. ..
- townName: as futur mayor choose a uniq town name, check https://apxtrib.crabdance.com to check existing town as a dev type 'devtown'.
- sudoerUser: linux user you want to use (will be sudoer) ex:phil or name of your town
if for prod:
- townIP: as futur mayor your public IP where your instance
-
A domain name (like ndda.fr in this tuto) that you can buy anywhere (bookmyname, ovh, ....) that allow you to create a subdomain apixpress.ndda.fr to a A or AAAA record to the IP server you control.
Replace phil with your sudoerUser
As root:<br>
Create a safe user (with sudo access) in this example phil
```
sudo apt-get update
sudo apt-get upgrade
sudo apt update
sudo apt upgrade
useradd -s /bin/bash -m -d /home/phil -c "phil" phil
passwd phil
usermod -aG sudo phil
@ -70,7 +54,7 @@ Create a safe user (with sudo access) in this example phil
# add the next line in the file
phil ALL=(ALL) NOPASSWD: ALL
# exit and save
sudo apt-get install git vim libcap2-bin p7zip-full p7zip-rar
sudo apt install git vim libcap2-bin p7zip-full p7zip-rar
# Install last nvm** (check website to get latest v0.xx)
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash
nvm --version
@ -86,33 +70,12 @@ Create a safe user (with sudo access) in this example phil
```
**install nginx**
```
sudo apt-get install nginx
sudo apt install nginx
#usefull command, you do not need it all back stuff will be under apixpress.js control.
sudo systemctl (start|stop|reload|restart|status) nginx
```
A specific data/nginx/nginx.conf and data/nginx/conf.d/*.conf file will be generate after the 1st install apixpress to make it works as http.
**PRODUCTION PURPOSE**
**install certbot of let's encrypt for https**
as root
```
snap install core
snap refresh core
apt-get remove certbot
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
# manual command this is done by the setup sudo certbot --nginx -d apixpress.ndda.fr
```
The last command line can be done for each new client @todo integrate it in the process of adding a website for a client
dns/app/ => apixpress.js route (header set related to dns)
dns/spacedev/ => nginx serve static file /data/domain/clientid/spacedev/website/dist/
dns/cdn/ => nginx serve from /data/domain/clientid/www/cdn/
dns/www/ => nginx serve from /data/domain/clientid/www/app/website/
**install apixpress**
Install without ssl, dev will work without ssl, in production server nginx will manage ssl as a reverse proxy by using certbot let'sEncrypt certs.
@ -121,7 +84,7 @@ Install without ssl, dev will work without ssl, in production server nginx will
git config --global credential.helper store
mkdir ~/workspace
cd workspace
git clone http://gitlab.ndda.fr/philc/apixpress.git
git clone https://gitea.ndda.fr/apxtrib/apxtrib.git
cd apixpress
yarn install
```
@ -194,6 +157,47 @@ As dev you'll squeeze many steps, you can use this dev install to:
**DEVELOPMENT PURPOSE**
Install the document to update it
```bash
cd ~/workspace
git clone https://gitea.ndda.fr/apxtrib/apxtrib.wiki.git
```
Then simply open visyal studio with menu File -> Open space from file and choose apxtrib/apxtrib.code-workspace.
Ready to dev
**PRODUCTION PURPOSE**
**install certbot of let's encrypt for https within nginx conf**
replace townName.nationName.mooo.com by your data
as root
```
snap install core
snap refresh core
apt remove certbot
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
# manual command this is done by the setup sudo certbot --nginx -d apixpress.ndda.fr
```
The last command line can be done for each new client @todo integrate it in the process of adding a website for a client
dns/app/ => apixpress.js route (header set related to dns)
dns/spacedev/ => nginx serve static file /data/domain/clientid/spacedev/website/dist/
dns/cdn/ => nginx serve from /data/domain/clientid/www/cdn/
dns/www/ => nginx serve from /data/domain/clientid/www/app/website/
## Backup & maintenance

@ -34,7 +34,7 @@ Usualy acces to your local router in your browser with 192.168.1.1
Example with orange.fr operator in france:
All external trafic is send to a dmsz 192.168.1.17
![dmz orange}(img/orangeDMZ.png)
![dmz orange](img/orangeDMZ.png)
External IP (let tous) request on port X can be redirect to 192.168.1.17 to a new port
![nat orange](img/orangeNAT.png)