mo8it/AdvLabDB
1
0
Fork 0
mirror of https://codeberg.org/Mo8it/AdvLabDB.git synced 2024-09-19 18:31:16 +00:00
Code Releases Activity

Update server setup documentation

Browse source
This commit is contained in:
Mo 2022-05-29 21:13:25 +02:00
parent b1ed16179c
commit c67e15c367
1 changed files with 93 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

122
docs/user_docs/server_setup.adoc
View file

@ -1,16 +1,24 @@
= Server setup
== Setup scripts
== Server specifications
The setup was tested on Debian 11.3. The setup should work on other Debian based Linux distributions. For distributions not based on Debian, some modifications might be necessary in the setup script `server_setup.py`.
`ssh` as `root`:
Two CPU cores should be more than enough.
The needed disk space depends on the database size after long usage.
== Setup
. Root setup
.. `ssh` as `root`:
+
[source,bash]
----
ssh root@SERVER_NAME
----
Run the following (as root):
.. Run the following (as root):
+
[source,bash]
----
# Install needed packages
@ -29,116 +37,172 @@ sudo passwd admin
exit
----
`ssh` again with the new user `admin` and password:
. Admin setup
.. `ssh` again with the new user `admin` and password:
+
[source,bash]
----
ssh admin@SERVER_NAME
----
Clone the repository with `git clone` into `/home/admin/advlabdb`. Then `cd` into the new cloned repository:
.. Clone the repository with `git clone` into `/home/admin/advlabdb`.
.. `cd` into the new cloned repository:
+
[source,bash]
----
cd ~/advlabdb
----
.. Nginx configuration
... Copy the template for the Nginx configuration:
+
[source,bash]
----
cp advlabdb/scripts/setup/advlabdb.conf.template advlabdb/scripts/setup/advlabdb.conf
----
Change `server_name` in `advlabdb/scripts/setup/advlabdb.conf` to your SERVER_NAME.
... Change `server_name` in `advlabdb/scripts/setup/advlabdb.conf` to your SERVER_NAME.
.. Environment variables
... Copy the template for the environment variables:
+
[source,bash]
----
cp .env.template .env
----
Generate secrets for `.env`:
... Generate secrets for `.env`:
+
[source,bash]
----
python3 advlabdb/scripts/setup/generate_secrets.py
----
Fill the secrets generated using the last script into `.env`.
... Fill the secrets generated using the last script into `.env`.
Enter your SERVER_NAME in `.env`.
... Enter your SERVER_NAME in `.env`.
.. Timezone
List all available timezones:
... List all available timezones:
+
[source,bash]
----
sudo timedatectl list-timezones
----
Choose your timezone and enter it as showed while listing as your timezone using this command (with Europe/Berlin as example):
... Choose your timezone and enter it as showed while listing as your timezone using this command (with Europe/Berlin as example):
+
[source,bash]
----
sudo timedatectl set-timezone Europe/Berlin
----
Edit the file `/etc/hostname` with `sudo` such that its content is only your SERVER_NAME.
.. Edit the file `/etc/hostname` with `sudo` such that its content is only your SERVER_NAME.
Edit the file `/etc/hosts` with `sudo` such that the first two lines are:
.. Edit the file `/etc/hosts` with `sudo` such that the first two lines are:
+
[source,bash]
----
127.0.0.1 localhost
127.0.1.1 SERVER_NAME SERVER_NAME_WITHOUT_DOMAIN
----
Run server setup script:
.. Run the server setup script:
+
[source,bash]
----
python3 advlabdb/scripts/setup/server_setup.py
----
After reboot:
.. The setup script will cause the server to reboot at the end. After the reboot ssh again:
+
[source,bash]
----
ssh admin@SERVER_NAME
----
.. Change working directory to the repository:
+
[source,bash]
----
cd ~/advlabdb
----
.. Run database initialization script:
+
[source,bash]
----
poetry run python3 -m advlabdb.scripts.setup.init_database
----
.. Restart the gunicorn service:
+
[source,bash]
----
sudo systemctl restart gunicorn
----
Now go to your SERVER_NAME from the browser.
.. *Done!* Now go to your SERVER_NAME using a browser to verify that everything is working.
== Stop ssh to root
// TODO: Add blocking password access
== SSH configuration
IMPORTANT: This section is important for security!
IMPORTANT: This step is important for security!
=== SSH key
For the authentication using SSH, generate a SSH key pair on your _own machine_ (not on the server) and upload the public key to the server using the command `ssh-copy-id`:
[source,bash]
----
ssh-copy-id -i KEY.pub admin@SERVER_NAME
----
=== SSH configuration file
On the server, open the file `/etc/ssh/sshd_config` with in an editor like `nano` or `vim` with `sudo`, then do the following:
. Disable login to root
+
Change
+
----
PermitRootLogin yes
----
+
to
+
----
PermitRootLogin no
----
. Disable login with password
+
WARNING: Make sure that you did upload your public key to the server for the SSH authentication! Otherwise, you will not be able to login to the server after this change.
+
Change
+
----
#PasswordAuthentication yes
----
+
to
+
----
PasswordAuthentication no
----
. Disable X11Forwarding
+
Change
+
----
X11Forwarding yes
----
+
to
+
----
X11Forwarding no
----
in the config file `/etc/ssh/sshd_config`