mirror of
https://codeberg.org/Mo8it/AdvLabDB.git
synced 2024-11-08 21:21:06 +00:00
Update server setup documentation
This commit is contained in:
parent
b1ed16179c
commit
c67e15c367
1 changed files with 93 additions and 29 deletions
|
@ -1,16 +1,24 @@
|
||||||
= Server setup
|
= Server setup
|
||||||
|
|
||||||
== Setup scripts
|
== Server specifications
|
||||||
|
The setup was tested on Debian 11.3. The setup should work on other Debian based Linux distributions. For distributions not based on Debian, some modifications might be necessary in the setup script `server_setup.py`.
|
||||||
|
|
||||||
`ssh` as `root`:
|
Two CPU cores should be more than enough.
|
||||||
|
|
||||||
|
The needed disk space depends on the database size after long usage.
|
||||||
|
|
||||||
|
== Setup
|
||||||
|
. Root setup
|
||||||
|
|
||||||
|
.. `ssh` as `root`:
|
||||||
|
+
|
||||||
[source,bash]
|
[source,bash]
|
||||||
----
|
----
|
||||||
ssh root@SERVER_NAME
|
ssh root@SERVER_NAME
|
||||||
----
|
----
|
||||||
|
|
||||||
Run the following (as root):
|
.. Run the following (as root):
|
||||||
|
+
|
||||||
[source,bash]
|
[source,bash]
|
||||||
----
|
----
|
||||||
# Install needed packages
|
# Install needed packages
|
||||||
|
@ -29,116 +37,172 @@ sudo passwd admin
|
||||||
exit
|
exit
|
||||||
----
|
----
|
||||||
|
|
||||||
`ssh` again with the new user `admin` and password:
|
. Admin setup
|
||||||
|
|
||||||
|
.. `ssh` again with the new user `admin` and password:
|
||||||
|
+
|
||||||
[source,bash]
|
[source,bash]
|
||||||
----
|
----
|
||||||
ssh admin@SERVER_NAME
|
ssh admin@SERVER_NAME
|
||||||
----
|
----
|
||||||
|
|
||||||
Clone the repository with `git clone` into `/home/admin/advlabdb`. Then `cd` into the new cloned repository:
|
.. Clone the repository with `git clone` into `/home/admin/advlabdb`.
|
||||||
|
|
||||||
|
.. `cd` into the new cloned repository:
|
||||||
|
+
|
||||||
[source,bash]
|
[source,bash]
|
||||||
----
|
----
|
||||||
cd ~/advlabdb
|
cd ~/advlabdb
|
||||||
----
|
----
|
||||||
|
|
||||||
|
.. Nginx configuration
|
||||||
|
|
||||||
|
... Copy the template for the Nginx configuration:
|
||||||
|
+
|
||||||
[source,bash]
|
[source,bash]
|
||||||
----
|
----
|
||||||
cp advlabdb/scripts/setup/advlabdb.conf.template advlabdb/scripts/setup/advlabdb.conf
|
cp advlabdb/scripts/setup/advlabdb.conf.template advlabdb/scripts/setup/advlabdb.conf
|
||||||
----
|
----
|
||||||
|
|
||||||
Change `server_name` in `advlabdb/scripts/setup/advlabdb.conf` to your SERVER_NAME.
|
... Change `server_name` in `advlabdb/scripts/setup/advlabdb.conf` to your SERVER_NAME.
|
||||||
|
|
||||||
|
.. Environment variables
|
||||||
|
|
||||||
|
... Copy the template for the environment variables:
|
||||||
|
+
|
||||||
[source,bash]
|
[source,bash]
|
||||||
----
|
----
|
||||||
cp .env.template .env
|
cp .env.template .env
|
||||||
----
|
----
|
||||||
|
|
||||||
Generate secrets for `.env`:
|
... Generate secrets for `.env`:
|
||||||
|
+
|
||||||
[source,bash]
|
[source,bash]
|
||||||
----
|
----
|
||||||
python3 advlabdb/scripts/setup/generate_secrets.py
|
python3 advlabdb/scripts/setup/generate_secrets.py
|
||||||
----
|
----
|
||||||
|
|
||||||
Fill the secrets generated using the last script into `.env`.
|
... Fill the secrets generated using the last script into `.env`.
|
||||||
|
|
||||||
Enter your SERVER_NAME in `.env`.
|
... Enter your SERVER_NAME in `.env`.
|
||||||
|
|
||||||
|
.. Timezone
|
||||||
|
|
||||||
List all available timezones:
|
... List all available timezones:
|
||||||
|
+
|
||||||
[source,bash]
|
[source,bash]
|
||||||
----
|
----
|
||||||
sudo timedatectl list-timezones
|
sudo timedatectl list-timezones
|
||||||
----
|
----
|
||||||
|
|
||||||
Choose your timezone and enter it as showed while listing as your timezone using this command (with Europe/Berlin as example):
|
... Choose your timezone and enter it as showed while listing as your timezone using this command (with Europe/Berlin as example):
|
||||||
|
+
|
||||||
[source,bash]
|
[source,bash]
|
||||||
----
|
----
|
||||||
sudo timedatectl set-timezone Europe/Berlin
|
sudo timedatectl set-timezone Europe/Berlin
|
||||||
----
|
----
|
||||||
|
|
||||||
Edit the file `/etc/hostname` with `sudo` such that its content is only your SERVER_NAME.
|
.. Edit the file `/etc/hostname` with `sudo` such that its content is only your SERVER_NAME.
|
||||||
|
|
||||||
Edit the file `/etc/hosts` with `sudo` such that the first two lines are:
|
.. Edit the file `/etc/hosts` with `sudo` such that the first two lines are:
|
||||||
|
+
|
||||||
[source,bash]
|
[source,bash]
|
||||||
----
|
----
|
||||||
127.0.0.1 localhost
|
127.0.0.1 localhost
|
||||||
127.0.1.1 SERVER_NAME SERVER_NAME_WITHOUT_DOMAIN
|
127.0.1.1 SERVER_NAME SERVER_NAME_WITHOUT_DOMAIN
|
||||||
----
|
----
|
||||||
|
|
||||||
Run server setup script:
|
.. Run the server setup script:
|
||||||
|
+
|
||||||
[source,bash]
|
[source,bash]
|
||||||
----
|
----
|
||||||
python3 advlabdb/scripts/setup/server_setup.py
|
python3 advlabdb/scripts/setup/server_setup.py
|
||||||
----
|
----
|
||||||
|
|
||||||
After reboot:
|
.. The setup script will cause the server to reboot at the end. After the reboot ssh again:
|
||||||
|
+
|
||||||
|
[source,bash]
|
||||||
|
----
|
||||||
|
ssh admin@SERVER_NAME
|
||||||
|
----
|
||||||
|
|
||||||
|
.. Change working directory to the repository:
|
||||||
|
+
|
||||||
[source,bash]
|
[source,bash]
|
||||||
----
|
----
|
||||||
cd ~/advlabdb
|
cd ~/advlabdb
|
||||||
|
----
|
||||||
|
|
||||||
|
.. Run database initialization script:
|
||||||
|
+
|
||||||
|
[source,bash]
|
||||||
|
----
|
||||||
poetry run python3 -m advlabdb.scripts.setup.init_database
|
poetry run python3 -m advlabdb.scripts.setup.init_database
|
||||||
|
----
|
||||||
|
|
||||||
|
.. Restart the gunicorn service:
|
||||||
|
+
|
||||||
|
[source,bash]
|
||||||
|
----
|
||||||
sudo systemctl restart gunicorn
|
sudo systemctl restart gunicorn
|
||||||
----
|
----
|
||||||
|
|
||||||
Now go to your SERVER_NAME from the browser.
|
.. *Done!* Now go to your SERVER_NAME using a browser to verify that everything is working.
|
||||||
|
|
||||||
== Stop ssh to root
|
== SSH configuration
|
||||||
// TODO: Add blocking password access
|
IMPORTANT: This section is important for security!
|
||||||
|
|
||||||
IMPORTANT: This step is important for security!
|
=== SSH key
|
||||||
|
For the authentication using SSH, generate a SSH key pair on your _own machine_ (not on the server) and upload the public key to the server using the command `ssh-copy-id`:
|
||||||
|
|
||||||
|
[source,bash]
|
||||||
|
----
|
||||||
|
ssh-copy-id -i KEY.pub admin@SERVER_NAME
|
||||||
|
----
|
||||||
|
|
||||||
|
=== SSH configuration file
|
||||||
|
On the server, open the file `/etc/ssh/sshd_config` with in an editor like `nano` or `vim` with `sudo`, then do the following:
|
||||||
|
|
||||||
|
. Disable login to root
|
||||||
|
+
|
||||||
Change
|
Change
|
||||||
|
+
|
||||||
----
|
----
|
||||||
PermitRootLogin yes
|
PermitRootLogin yes
|
||||||
----
|
----
|
||||||
|
+
|
||||||
to
|
to
|
||||||
|
+
|
||||||
----
|
----
|
||||||
PermitRootLogin no
|
PermitRootLogin no
|
||||||
----
|
----
|
||||||
|
|
||||||
|
. Disable login with password
|
||||||
|
+
|
||||||
|
WARNING: Make sure that you did upload your public key to the server for the SSH authentication! Otherwise, you will not be able to login to the server after this change.
|
||||||
|
+
|
||||||
|
Change
|
||||||
|
+
|
||||||
----
|
----
|
||||||
#PasswordAuthentication yes
|
#PasswordAuthentication yes
|
||||||
----
|
----
|
||||||
|
+
|
||||||
to
|
to
|
||||||
|
+
|
||||||
----
|
----
|
||||||
PasswordAuthentication no
|
PasswordAuthentication no
|
||||||
----
|
----
|
||||||
|
|
||||||
|
. Disable X11Forwarding
|
||||||
|
+
|
||||||
|
Change
|
||||||
|
+
|
||||||
----
|
----
|
||||||
X11Forwarding yes
|
X11Forwarding yes
|
||||||
----
|
----
|
||||||
|
+
|
||||||
to
|
to
|
||||||
|
+
|
||||||
----
|
----
|
||||||
X11Forwarding no
|
X11Forwarding no
|
||||||
----
|
----
|
||||||
|
|
||||||
in the config file `/etc/ssh/sshd_config`
|
|
||||||
|
|
Loading…
Reference in a new issue