1
0
Fork 0
mirror of https://codeberg.org/Mo8it/AdvLabDB.git synced 2024-11-12 21:40:41 +00:00
AdvLabDB/docs/user_docs/server_setup.adoc

144 lines
2.3 KiB
Text

= Server setup
== Setup scripts
`ssh` as `root`:
[source,bash]
----
ssh root@SERVER_NAME
----
Run the following (as root):
[source,bash]
----
# Install needed packages
apt update
apt install sudo python3 git -y
# Add a sudo user with the name 'admin'
sudo useradd admin
sudo usermod -aG sudo admin
sudo mkhomedir_helper admin
# Enter a new password for 'admin'
sudo passwd admin
# Break the SSH connection
exit
----
`ssh` again with the new user `admin` and password:
[source,bash]
----
ssh admin@SERVER_NAME
----
Clone the repository with `git clone` into `/home/admin/advlabdb`. Then `cd` into the new cloned repository:
[source,bash]
----
cd ~/advlabdb
----
[source,bash]
----
cp advlabdb/scripts/setup/advlabdb.conf.template advlabdb/scripts/setup/advlabdb.conf
----
Change `server_name` in `advlabdb/scripts/setup/advlabdb.conf` to your SERVER_NAME.
[source,bash]
----
cp .env.template .env
----
Generate secrets for `.env`:
[source,bash]
----
python3 advlabdb/scripts/setup/generate_secrets.py
----
Fill the secrets generated using the last script into `.env`.
Enter your SERVER_NAME in `.env`.
List all available timezones:
[source,bash]
----
sudo timedatectl list-timezones
----
Choose your timezone and enter it as showed while listing as your timezone using this command (with Europe/Berlin as example):
[source,bash]
----
sudo timedatectl set-timezone Europe/Berlin
----
Edit the file `/etc/hostname` with `sudo` such that its content is only your SERVER_NAME.
Edit the file `/etc/hosts` with `sudo` such that the first two lines are:
[source,bash]
----
127.0.0.1 localhost
127.0.1.1 SERVER_NAME SERVER_NAME_WITHOUT_DOMAIN
----
Run server setup script:
[source,bash]
----
python3 advlabdb/scripts/setup/server_setup.py
----
After reboot:
[source,bash]
----
cd ~/advlabdb
poetry run python3 -m advlabdb.scripts.setup.init_database
sudo systemctl restart gunicorn
----
Now go to your SERVER_NAME from the browser.
== Stop ssh to root
// TODO: Add blocking password access
IMPORTANT: This step is important for security!
Change
----
PermitRootLogin yes
----
to
----
PermitRootLogin no
----
----
#PasswordAuthentication yes
----
to
----
PasswordAuthentication no
----
----
X11Forwarding yes
----
to
----
X11Forwarding no
----
in the config file `/etc/ssh/sshd_config`