update setup md

philc 2023-02-09 17:32:02 +01:00
parent 99b44ec373
commit 976e2b08cc
2 changed files with 62 additions and 58 deletions

118
Setup.md

@ -8,61 +8,45 @@ In any doubt ask the community to set up a production server for small cost for
**Data pre-request:** **Data pre-request:**
* identify a nation you want to belong to - see [nations list](https://apxtrib.crabdance.com/socialworld/objects/nations/searchindex/nationslist.json) * identify a **nationName** you want to belong to - see [nations list](https://apxtrib.crabdance.com/socialworld/objects/nations/searchindex/nationslist.json)
* a town name that does not exist [towns list](https://apxtrib.crabdance.com/socialworld/objects/nations/searchindex/townslist.json) * a **townName** that does not exist [towns list](https://apxtrib.crabdance.com/socialworld/objects/nations/searchindex/townslist.json)
* a dns that redirect to your public IP server (for dev purpose set /etc/hosts with 127.0.0.1 town.localnation for prod register an townname.nationname A IP adsresss) * **sudoerUser** with root access right on your machine
* a dns that redirect to your public IP server
- For dev: set /etc/hosts with 127.0.0.1 townName.nationName.localnation
- For prod: register a townname.nationname A IP adresss (see the free DNS Solution)[https://gitea.ndda.fr/apxtrib/apxtrib/wiki/UsefullfreeDNS] to get your public IP [https://www.whatismyip.com/](https://www.whatismyip.com)
**Physical pre-request:** **Physical pre-request:**
For production: For production:
* An ubuntu server > 20 (VPS or physical machine) accessible from ssh root@IP adresse * An ubuntu server > 20 (VPS or physical machine) with snap (sudo apt install snap if not yet installed) accessible from ssh root@IP adress. (you can purchase an industrial fanless plug & play on your network)
For dev: For dev:
* Any linux, but all tuto are based on debian set up * Any linux distro, but all tuto are based on ubuntu desktop set up with nginx visual studio, so just adapt to your tools.
This tuto will: This tuto will:
* use nginx to deal with ssl certificat (https) * use nginx to deal with ssl certificat (https)
* use nginx as reverse proxy based on dns abd url to the apXtrib routes * use nginx as reverse proxy based on dns abd url to the apXtrib routes
* use nginx to serve static file based on dns and file name * use nginx to serve static file based on dns and file name
* use pm2 to manage apxtrib.js, see [pm2 doc](https://pm2.keymetrics.io/docs/usage/pm2-doc-single-page/) * use pm2 to manage apxtrib.js, see [pm2 doc](https://pm2.keymetrics.io/docs/usage/pm2-doc-single-page/)
* create your tribe space call townname with an admin user * create your tribe space call townname with an admin user
* serve the apxtrib webapp graphical interface to manage your env (create new ClientId space, manage your server's ressource,... ) [Link to ] * serve the apxtrib webapp graphical interface to manage your env (create new ClientId space, manage your server's ressource,... ) [Link to ]
**At the end** you will have a town live instance link to the nationchains or a local town dev to create plugin or add feature to apXtrib. **At the end**
* **For production:** you will have a town live instance link to the nationchains. Graphical interface will be on https://townName.nationName.mooo.com with your data
* **For dev:** a local town with no link to the nationchains, to create/test plugins/new feature, that you can also use as pre-prod availble in http://townname.nationName.localnation
## To set up a machine
**Pre-request**: Replace phil with your sudoerUser
An ubuntu server version > 20 (VPS, physical machine,....) accessible from ssh root@IP address.
This setup process was tested on LXC ubuntu/focal.
snapd (snap --version) is already installed by default, need to install it if not ($ sudo apt install snap).
For your physical machine (only way to decentralize the control) see https://ubuntu.com/tutorials/install-ubuntu-server#1-overview
You can use any other linux distro but you need to write your own setup.js .If you do please send us your setup (support@apixpress.org) and we'll share to the community. Also, share other way to set up (other static web engine, apache, haproxy, ...). Less standardization means more security. You'll find the process install in models/Setup.js. It collects necessary data then run a bunch of command. We kept command line install for software we use in case their install process evolve before we can update this tuto. In case of any issue please contact any admin of an apXtrib instance.
## To add a town to a nation
---
**Parameter to anticipate**:
- nationName: you want to join (check it's rules) ex: ants nation. ..
- townName: as futur mayor choose a uniq town name, check https://apxtrib.crabdance.com to check existing town as a dev type 'devtown'.
- sudoerUser: linux user you want to use (will be sudoer) ex:phil or name of your town
if for prod:
- townIP: as futur mayor your public IP where your instance
-
A domain name (like ndda.fr in this tuto) that you can buy anywhere (bookmyname, ovh, ....) that allow you to create a subdomain apixpress.ndda.fr to a A or AAAA record to the IP server you control.
As root:<br> As root:<br>
Create a safe user (with sudo access) in this example phil Create a safe user (with sudo access) in this example phil
``` ```
sudo apt-get update sudo apt update
sudo apt-get upgrade sudo apt upgrade
useradd -s /bin/bash -m -d /home/phil -c "phil" phil useradd -s /bin/bash -m -d /home/phil -c "phil" phil
passwd phil passwd phil
usermod -aG sudo phil usermod -aG sudo phil
@ -70,7 +54,7 @@ Create a safe user (with sudo access) in this example phil
# add the next line in the file # add the next line in the file
phil ALL=(ALL) NOPASSWD: ALL phil ALL=(ALL) NOPASSWD: ALL
# exit and save # exit and save
sudo apt-get install git vim libcap2-bin p7zip-full p7zip-rar sudo apt install git vim libcap2-bin p7zip-full p7zip-rar
# Install last nvm** (check website to get latest v0.xx) # Install last nvm** (check website to get latest v0.xx)
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash
nvm --version nvm --version
@ -86,33 +70,12 @@ Create a safe user (with sudo access) in this example phil
``` ```
**install nginx** **install nginx**
``` ```
sudo apt-get install nginx sudo apt install nginx
#usefull command, you do not need it all back stuff will be under apixpress.js control. #usefull command, you do not need it all back stuff will be under apixpress.js control.
sudo systemctl (start|stop|reload|restart|status) nginx sudo systemctl (start|stop|reload|restart|status) nginx
``` ```
A specific data/nginx/nginx.conf and data/nginx/conf.d/*.conf file will be generate after the 1st install apixpress to make it works as http. A specific data/nginx/nginx.conf and data/nginx/conf.d/*.conf file will be generate after the 1st install apixpress to make it works as http.
**PRODUCTION PURPOSE**
**install certbot of let's encrypt for https**
as root
```
snap install core
snap refresh core
apt-get remove certbot
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
# manual command this is done by the setup sudo certbot --nginx -d apixpress.ndda.fr
```
The last command line can be done for each new client @todo integrate it in the process of adding a website for a client
dns/app/ => apixpress.js route (header set related to dns)
dns/spacedev/ => nginx serve static file /data/domain/clientid/spacedev/website/dist/
dns/cdn/ => nginx serve from /data/domain/clientid/www/cdn/
dns/www/ => nginx serve from /data/domain/clientid/www/app/website/
**install apixpress** **install apixpress**
Install without ssl, dev will work without ssl, in production server nginx will manage ssl as a reverse proxy by using certbot let'sEncrypt certs. Install without ssl, dev will work without ssl, in production server nginx will manage ssl as a reverse proxy by using certbot let'sEncrypt certs.
@ -121,7 +84,7 @@ Install without ssl, dev will work without ssl, in production server nginx will
git config --global credential.helper store git config --global credential.helper store
mkdir ~/workspace mkdir ~/workspace
cd workspace cd workspace
git clone http://gitlab.ndda.fr/philc/apixpress.git git clone https://gitea.ndda.fr/apxtrib/apxtrib.git
cd apixpress cd apixpress
yarn install yarn install
``` ```
@ -194,6 +157,47 @@ As dev you'll squeeze many steps, you can use this dev install to:
**DEVELOPMENT PURPOSE**
Install the document to update it
```bash
cd ~/workspace
git clone https://gitea.ndda.fr/apxtrib/apxtrib.wiki.git
```
Then simply open visyal studio with menu File -> Open space from file and choose apxtrib/apxtrib.code-workspace.
Ready to dev
**PRODUCTION PURPOSE**
**install certbot of let's encrypt for https within nginx conf**
replace townName.nationName.mooo.com by your data
as root
```
snap install core
snap refresh core
apt remove certbot
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
# manual command this is done by the setup sudo certbot --nginx -d apixpress.ndda.fr
```
The last command line can be done for each new client @todo integrate it in the process of adding a website for a client
dns/app/ => apixpress.js route (header set related to dns)
dns/spacedev/ => nginx serve static file /data/domain/clientid/spacedev/website/dist/
dns/cdn/ => nginx serve from /data/domain/clientid/www/cdn/
dns/www/ => nginx serve from /data/domain/clientid/www/app/website/
## Backup & maintenance ## Backup & maintenance

@ -34,7 +34,7 @@ Usualy acces to your local router in your browser with 192.168.1.1
Example with orange.fr operator in france: Example with orange.fr operator in france:
All external trafic is send to a dmsz 192.168.1.17 All external trafic is send to a dmsz 192.168.1.17
![dmz orange}(img/orangeDMZ.png) ![dmz orange](img/orangeDMZ.png)
External IP (let tous) request on port X can be redirect to 192.168.1.17 to a new port External IP (let tous) request on port X can be redirect to 192.168.1.17 to a new port
![nat orange](img/orangeNAT.png) ![nat orange](img/orangeNAT.png)