Projet

Général

Profil

HedgeDoc » Historique » Version 5

Version 4 (Matthieu Herrb, 07/02/2021 21:26) → Version 5/7 (Matthieu Herrb, 08/02/2021 09:18)

h1. HedgeDoc

Cette page décrit l'installation de HedeDoc (éditeur collaboratif Markdown) : https://hedgedoc.org/ sur https://md.tetaneutral.net

la VM a Debian 10 / 2 Go RAM / 20 Go disque

h2. Paquets prérequis

<pre>
apt install git
apt install nodejs
apt install postgresql
apt install nginx
apt install certbot
apt install python3-certbot-nginx
apt install npm
npm install --global yarn
</pre>

h2. Création utilisateur + base de données PostgreSQL

<pre>
adduser hedgedoc (long random password)
</pre>

<pre>
su - postgres
createuser --pwprompt hedgedoc (meme mot de passe)
createdb -O hedgedoc hedgedoc
exit
</pre>



h2. Installation du logiiciel lui-même:

<pre>
sudo -u hedgedoc bash
git clone -b 1.7.2 https://github.com/hedgedoc/hedgedoc.git
cd hedgedoc
./bin/setup
yarn run build
</pre>

Créer @env.sh@
<pre>
# Environment pour HedgeDoc
# https://docs.hedgedoc.org/configuration/

CMD_DOMAIN=md.tetaneutral.net
CMD_HOST=127.0.0.1
CMD_PORT=3000
CMD_PROTOCOL_USESSL=true

CMD_DB_URL=postgres://hedgedoc:<mot de passe>@localhost:5432/hedgedoc

CMD_ALLOW_ANONYMOUS=false
CMD_ALLOW_ANONYMOUS_EDITS=true CMD_ALLOW_ANONYMOUS_EDIT=true
CMD_ALLOW_ANONYMOUS_VIEWS=true
CMD_DEFAULT_PERMISSION=limited
CMD_DEFAULT_USE_HARD_BREAK=false

CMD_SESSION_SECRET=<secret generé par pwgen 32 1>

CMD_IMAGE_UPLOAD_TYPE=filesystem

CMD_EMAIL=false
CMD_ALLOW_EMAIL_REGISTER=false

CMD_ALLOW_FREEURL=true
CMD_REQUIRE_FREEURL_AUTHENTICATION=true

CMD_LDAP_URL=ldaps://ldap.tetaneutral.net/
CMD_LDAP_BINDDN='cn=directory manager'
CMD_LDAP_BINDCREDENTIALS=<mdp root ldap>
CMD_LDAP_SEARCHBASE=ou=people,dc=tetaneutral,dc=net
CMD_LDAP_SEARCHFILTER='(cn={{username}})'
CMD_LDAP_SEARCHATTRIBUTES='cn,nsUniqueId'
CMD_LDAP_USERIDFIELD=nsUniqueId
CMD_LDAP_USERNAMEFIELD=cn
CMD_LDAP_PROVIDERNAME=Tetaneutral.net

CMD_USECDN=false
CMD_ALLOW_GRAVATAR=true
CMD_ALLOW_ORIGIN=md.tetaneutral.net

DEBUG=false
NODE_ENV=production
</pre>

et @.sequelizerc@ :
<pre>
var path = require('path');

module.exports = {
'config': path.resolve('config.json'),
'migrations-path': path.resolve('lib', 'migrations'),
'models-path': path.resolve('lib', 'models'),
'url': 'postgres://hedgedoc:<mot de passe>@localhost:5432/hedgedoc'
}
</pre>

h3. Lancement manuel pour débug

<pre>
su - hedgedoc
cd ~/hedgedoc
source env.sh
export $(grep -v ^# env.sh | cut -d= -f1)
node app.js
</pre>

Permet d'avoir les messages d'erreur eventuels en direct sur la console.
Ctrl+C pour terminer l'appli.



h2. Service systemd

Créer @/etc/systemd/system/hedgedoc.service@ :

<pre>
[Unit]
Description=HedgeDoc
After=network.target

[Service]
Type=simple
User=hedgedoc
EnvironmentFile=/home/hedgedoc/hedgedoc/env.sh
WorkingDirectory=/home/hedgedoc/hedgedoc
ExecStart=/usr/local/bin/yarn start
TimeoutSec=15
Restart=always

[Install]
WantedBy=multi-user.target
</pre>

Ensuite exécuter @systemctl daemon-reload@ pour lire le nouveau service et

<pre>
systemctl enable hedgedoc
systemctl start hedgedoc
</pre>

pour lancer le service et le rendre permanent.

h2. Reverse Proxy

Configuration du reverser proxy nginx + certbot pour certificat let's encrypt :

# @/etc/nginx/sites-available/md.tetaneutral.net.conf@ :
<pre>
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}

server {
listen 80 ;
listen [::]:80 ;
if ($host = md.tetaneutral.net) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name md.tetaneutral.net;
return 404; # managed by Certbot
}

server {
server_name md.tetaneutral.net;

location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}

location /socket.io/ {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}

listen [::]:443 ssl http2;
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/md.tetaneutral.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/md.tetaneutral.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
</pre>