HedgeDoc » Historique » Version 6
Matthieu Herrb, 09/10/2022 09:08
patch ldapauth pour 1.9.4
1 | 1 | Matthieu Herrb | h1. HedgeDoc |
---|---|---|---|
2 | 1 | Matthieu Herrb | |
3 | 1 | Matthieu Herrb | Cette page décrit l'installation de HedeDoc (éditeur collaboratif Markdown) : https://hedgedoc.org/ sur https://md.tetaneutral.net |
4 | 1 | Matthieu Herrb | |
5 | 1 | Matthieu Herrb | la VM a Debian 10 / 2 Go RAM / 20 Go disque |
6 | 1 | Matthieu Herrb | |
7 | 1 | Matthieu Herrb | h2. Paquets prérequis |
8 | 1 | Matthieu Herrb | |
9 | 1 | Matthieu Herrb | <pre> |
10 | 1 | Matthieu Herrb | apt install git |
11 | 1 | Matthieu Herrb | apt install nodejs |
12 | 1 | Matthieu Herrb | apt install postgresql |
13 | 1 | Matthieu Herrb | apt install nginx |
14 | 1 | Matthieu Herrb | apt install certbot |
15 | 1 | Matthieu Herrb | apt install python3-certbot-nginx |
16 | 1 | Matthieu Herrb | apt install npm |
17 | 1 | Matthieu Herrb | npm install --global yarn |
18 | 1 | Matthieu Herrb | </pre> |
19 | 1 | Matthieu Herrb | |
20 | 1 | Matthieu Herrb | h2. Création utilisateur + base de données PostgreSQL |
21 | 1 | Matthieu Herrb | |
22 | 1 | Matthieu Herrb | <pre> |
23 | 1 | Matthieu Herrb | adduser hedgedoc (long random password) |
24 | 1 | Matthieu Herrb | </pre> |
25 | 1 | Matthieu Herrb | |
26 | 1 | Matthieu Herrb | <pre> |
27 | 1 | Matthieu Herrb | su - postgres |
28 | 1 | Matthieu Herrb | createuser --pwprompt hedgedoc (meme mot de passe) |
29 | 1 | Matthieu Herrb | createdb -O hedgedoc hedgedoc |
30 | 1 | Matthieu Herrb | exit |
31 | 1 | Matthieu Herrb | </pre> |
32 | 1 | Matthieu Herrb | |
33 | 1 | Matthieu Herrb | h2. Installation du logiiciel lui-même: |
34 | 1 | Matthieu Herrb | |
35 | 1 | Matthieu Herrb | <pre> |
36 | 1 | Matthieu Herrb | sudo -u hedgedoc bash |
37 | 1 | Matthieu Herrb | git clone -b 1.7.2 https://github.com/hedgedoc/hedgedoc.git |
38 | 1 | Matthieu Herrb | cd hedgedoc |
39 | 1 | Matthieu Herrb | ./bin/setup |
40 | 1 | Matthieu Herrb | yarn run build |
41 | 1 | Matthieu Herrb | </pre> |
42 | 1 | Matthieu Herrb | |
43 | 1 | Matthieu Herrb | Créer @env.sh@ |
44 | 1 | Matthieu Herrb | <pre> |
45 | 1 | Matthieu Herrb | # Environment pour HedgeDoc |
46 | 1 | Matthieu Herrb | # https://docs.hedgedoc.org/configuration/ |
47 | 1 | Matthieu Herrb | |
48 | 1 | Matthieu Herrb | CMD_DOMAIN=md.tetaneutral.net |
49 | 1 | Matthieu Herrb | CMD_HOST=127.0.0.1 |
50 | 1 | Matthieu Herrb | CMD_PORT=3000 |
51 | 1 | Matthieu Herrb | CMD_PROTOCOL_USESSL=true |
52 | 1 | Matthieu Herrb | |
53 | 1 | Matthieu Herrb | CMD_DB_URL=postgres://hedgedoc:<mot de passe>@localhost:5432/hedgedoc |
54 | 1 | Matthieu Herrb | |
55 | 1 | Matthieu Herrb | CMD_ALLOW_ANONYMOUS=false |
56 | 5 | Matthieu Herrb | CMD_ALLOW_ANONYMOUS_EDITS=true |
57 | 1 | Matthieu Herrb | CMD_ALLOW_ANONYMOUS_VIEWS=true |
58 | 1 | Matthieu Herrb | CMD_DEFAULT_PERMISSION=limited |
59 | 1 | Matthieu Herrb | CMD_DEFAULT_USE_HARD_BREAK=false |
60 | 1 | Matthieu Herrb | |
61 | 1 | Matthieu Herrb | CMD_SESSION_SECRET=<secret generé par pwgen 32 1> |
62 | 1 | Matthieu Herrb | |
63 | 1 | Matthieu Herrb | CMD_IMAGE_UPLOAD_TYPE=filesystem |
64 | 1 | Matthieu Herrb | |
65 | 1 | Matthieu Herrb | CMD_EMAIL=false |
66 | 1 | Matthieu Herrb | CMD_ALLOW_EMAIL_REGISTER=false |
67 | 1 | Matthieu Herrb | |
68 | 1 | Matthieu Herrb | CMD_ALLOW_FREEURL=true |
69 | 1 | Matthieu Herrb | CMD_REQUIRE_FREEURL_AUTHENTICATION=true |
70 | 1 | Matthieu Herrb | |
71 | 1 | Matthieu Herrb | CMD_LDAP_URL=ldaps://ldap.tetaneutral.net/ |
72 | 1 | Matthieu Herrb | CMD_LDAP_BINDDN='cn=directory manager' |
73 | 1 | Matthieu Herrb | CMD_LDAP_BINDCREDENTIALS=<mdp root ldap> |
74 | 1 | Matthieu Herrb | CMD_LDAP_SEARCHBASE=ou=people,dc=tetaneutral,dc=net |
75 | 1 | Matthieu Herrb | CMD_LDAP_SEARCHFILTER='(cn={{username}})' |
76 | 1 | Matthieu Herrb | CMD_LDAP_SEARCHATTRIBUTES='cn,nsUniqueId' |
77 | 1 | Matthieu Herrb | CMD_LDAP_USERIDFIELD=nsUniqueId |
78 | 1 | Matthieu Herrb | CMD_LDAP_USERNAMEFIELD=cn |
79 | 1 | Matthieu Herrb | CMD_LDAP_PROVIDERNAME=Tetaneutral.net |
80 | 1 | Matthieu Herrb | |
81 | 1 | Matthieu Herrb | CMD_USECDN=false |
82 | 1 | Matthieu Herrb | CMD_ALLOW_GRAVATAR=true |
83 | 1 | Matthieu Herrb | CMD_ALLOW_ORIGIN=md.tetaneutral.net |
84 | 1 | Matthieu Herrb | |
85 | 1 | Matthieu Herrb | DEBUG=false |
86 | 1 | Matthieu Herrb | NODE_ENV=production |
87 | 1 | Matthieu Herrb | </pre> |
88 | 1 | Matthieu Herrb | |
89 | 1 | Matthieu Herrb | et @.sequelizerc@ : |
90 | 1 | Matthieu Herrb | <pre> |
91 | 1 | Matthieu Herrb | var path = require('path'); |
92 | 1 | Matthieu Herrb | |
93 | 1 | Matthieu Herrb | module.exports = { |
94 | 1 | Matthieu Herrb | 'config': path.resolve('config.json'), |
95 | 1 | Matthieu Herrb | 'migrations-path': path.resolve('lib', 'migrations'), |
96 | 1 | Matthieu Herrb | 'models-path': path.resolve('lib', 'models'), |
97 | 1 | Matthieu Herrb | 'url': 'postgres://hedgedoc:<mot de passe>@localhost:5432/hedgedoc' |
98 | 1 | Matthieu Herrb | } |
99 | 1 | Matthieu Herrb | </pre> |
100 | 1 | Matthieu Herrb | |
101 | 4 | Matthieu Herrb | h3. Lancement manuel pour débug |
102 | 4 | Matthieu Herrb | |
103 | 4 | Matthieu Herrb | <pre> |
104 | 4 | Matthieu Herrb | su - hedgedoc |
105 | 4 | Matthieu Herrb | cd ~/hedgedoc |
106 | 4 | Matthieu Herrb | source env.sh |
107 | 4 | Matthieu Herrb | export $(grep -v ^# env.sh | cut -d= -f1) |
108 | 4 | Matthieu Herrb | node app.js |
109 | 4 | Matthieu Herrb | </pre> |
110 | 4 | Matthieu Herrb | |
111 | 4 | Matthieu Herrb | Permet d'avoir les messages d'erreur eventuels en direct sur la console. |
112 | 4 | Matthieu Herrb | Ctrl+C pour terminer l'appli. |
113 | 4 | Matthieu Herrb | |
114 | 4 | Matthieu Herrb | |
115 | 1 | Matthieu Herrb | h2. Service systemd |
116 | 1 | Matthieu Herrb | |
117 | 1 | Matthieu Herrb | Créer @/etc/systemd/system/hedgedoc.service@ : |
118 | 1 | Matthieu Herrb | |
119 | 1 | Matthieu Herrb | <pre> |
120 | 1 | Matthieu Herrb | [Unit] |
121 | 1 | Matthieu Herrb | Description=HedgeDoc |
122 | 1 | Matthieu Herrb | After=network.target |
123 | 1 | Matthieu Herrb | |
124 | 1 | Matthieu Herrb | [Service] |
125 | 1 | Matthieu Herrb | Type=simple |
126 | 1 | Matthieu Herrb | User=hedgedoc |
127 | 1 | Matthieu Herrb | EnvironmentFile=/home/hedgedoc/hedgedoc/env.sh |
128 | 1 | Matthieu Herrb | WorkingDirectory=/home/hedgedoc/hedgedoc |
129 | 1 | Matthieu Herrb | ExecStart=/usr/local/bin/yarn start |
130 | 1 | Matthieu Herrb | TimeoutSec=15 |
131 | 1 | Matthieu Herrb | Restart=always |
132 | 1 | Matthieu Herrb | |
133 | 1 | Matthieu Herrb | [Install] |
134 | 1 | Matthieu Herrb | WantedBy=multi-user.target |
135 | 1 | Matthieu Herrb | </pre> |
136 | 2 | Matthieu Herrb | |
137 | 2 | Matthieu Herrb | Ensuite exécuter @systemctl daemon-reload@ pour lire le nouveau service et |
138 | 2 | Matthieu Herrb | |
139 | 2 | Matthieu Herrb | <pre> |
140 | 2 | Matthieu Herrb | systemctl enable hedgedoc |
141 | 2 | Matthieu Herrb | systemctl start hedgedoc |
142 | 2 | Matthieu Herrb | </pre> |
143 | 2 | Matthieu Herrb | |
144 | 2 | Matthieu Herrb | pour lancer le service et le rendre permanent. |
145 | 3 | Matthieu Herrb | |
146 | 3 | Matthieu Herrb | h2. Reverse Proxy |
147 | 3 | Matthieu Herrb | |
148 | 3 | Matthieu Herrb | Configuration du reverser proxy nginx + certbot pour certificat let's encrypt : |
149 | 3 | Matthieu Herrb | |
150 | 3 | Matthieu Herrb | # @/etc/nginx/sites-available/md.tetaneutral.net.conf@ : |
151 | 3 | Matthieu Herrb | <pre> |
152 | 3 | Matthieu Herrb | map $http_upgrade $connection_upgrade { |
153 | 3 | Matthieu Herrb | default upgrade; |
154 | 3 | Matthieu Herrb | '' close; |
155 | 3 | Matthieu Herrb | } |
156 | 3 | Matthieu Herrb | |
157 | 3 | Matthieu Herrb | server { |
158 | 3 | Matthieu Herrb | listen 80 ; |
159 | 3 | Matthieu Herrb | listen [::]:80 ; |
160 | 3 | Matthieu Herrb | if ($host = md.tetaneutral.net) { |
161 | 3 | Matthieu Herrb | return 301 https://$host$request_uri; |
162 | 3 | Matthieu Herrb | } # managed by Certbot |
163 | 3 | Matthieu Herrb | server_name md.tetaneutral.net; |
164 | 3 | Matthieu Herrb | return 404; # managed by Certbot |
165 | 3 | Matthieu Herrb | } |
166 | 3 | Matthieu Herrb | |
167 | 3 | Matthieu Herrb | server { |
168 | 3 | Matthieu Herrb | server_name md.tetaneutral.net; |
169 | 3 | Matthieu Herrb | |
170 | 3 | Matthieu Herrb | location / { |
171 | 3 | Matthieu Herrb | proxy_pass http://127.0.0.1:3000; |
172 | 3 | Matthieu Herrb | proxy_set_header Host $host; |
173 | 3 | Matthieu Herrb | proxy_set_header X-Real-IP $remote_addr; |
174 | 3 | Matthieu Herrb | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
175 | 3 | Matthieu Herrb | proxy_set_header X-Forwarded-Proto $scheme; |
176 | 3 | Matthieu Herrb | } |
177 | 3 | Matthieu Herrb | |
178 | 3 | Matthieu Herrb | location /socket.io/ { |
179 | 3 | Matthieu Herrb | proxy_pass http://127.0.0.1:3000; |
180 | 3 | Matthieu Herrb | proxy_set_header Host $host; |
181 | 3 | Matthieu Herrb | proxy_set_header X-Real-IP $remote_addr; |
182 | 3 | Matthieu Herrb | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
183 | 3 | Matthieu Herrb | proxy_set_header X-Forwarded-Proto $scheme; |
184 | 3 | Matthieu Herrb | proxy_set_header Upgrade $http_upgrade; |
185 | 3 | Matthieu Herrb | proxy_set_header Connection $connection_upgrade; |
186 | 3 | Matthieu Herrb | } |
187 | 3 | Matthieu Herrb | |
188 | 3 | Matthieu Herrb | listen [::]:443 ssl http2; |
189 | 3 | Matthieu Herrb | listen 443 ssl http2; |
190 | 3 | Matthieu Herrb | ssl_certificate /etc/letsencrypt/live/md.tetaneutral.net/fullchain.pem; # managed by Certbot |
191 | 3 | Matthieu Herrb | ssl_certificate_key /etc/letsencrypt/live/md.tetaneutral.net/privkey.pem; # managed by Certbot |
192 | 3 | Matthieu Herrb | include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot |
193 | 3 | Matthieu Herrb | ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot |
194 | 3 | Matthieu Herrb | } |
195 | 3 | Matthieu Herrb | </pre> |
196 | 6 | Matthieu Herrb | |
197 | 6 | Matthieu Herrb | h2. Mise à jour en 1.9.4 |
198 | 6 | Matthieu Herrb | |
199 | 6 | Matthieu Herrb | Le 2022/10/02 |
200 | 6 | Matthieu Herrb | |
201 | 6 | Matthieu Herrb | Pb d'auth LDAP. Corrigé par le patch : |
202 | 6 | Matthieu Herrb | <pre> |
203 | 6 | Matthieu Herrb | --- node_modules/ldapauth-fork/lib/ldapauth.js~ 2022-10-01 10:02:38.154999000 +0000 |
204 | 6 | Matthieu Herrb | +++ node_modules/ldapauth-fork/lib/ldapauth.js 2022-10-07 08:40:07.150568701 +0000 |
205 | 6 | Matthieu Herrb | @@ -321,13 +321,13 @@ |
206 | 6 | Matthieu Herrb | |
207 | 6 | Matthieu Herrb | // groupDnProperty will be accessed in the user returned by the search, and |
208 | 6 | Matthieu Herrb | // so needs to be requested from the LDAP server. |
209 | 6 | Matthieu Herrb | - if ( |
210 | 6 | Matthieu Herrb | - opts.attributes && |
211 | 6 | Matthieu Herrb | - self.opts.groupDnProperty && |
212 | 6 | Matthieu Herrb | - !opts.attributes.includes(self.opts.groupDnProperty) |
213 | 6 | Matthieu Herrb | - ) { |
214 | 6 | Matthieu Herrb | - opts.attributes.push(self.opts.groupDnProperty); |
215 | 6 | Matthieu Herrb | - } |
216 | 6 | Matthieu Herrb | + //if ( |
217 | 6 | Matthieu Herrb | + // opts.attributes && |
218 | 6 | Matthieu Herrb | + // self.opts.groupDnProperty && |
219 | 6 | Matthieu Herrb | + // !opts.attributes.includes(self.opts.groupDnProperty) |
220 | 6 | Matthieu Herrb | + //) { |
221 | 6 | Matthieu Herrb | + // opts.attributes.push(self.opts.groupDnProperty); |
222 | 6 | Matthieu Herrb | + //} |
223 | 6 | Matthieu Herrb | |
224 | 6 | Matthieu Herrb | self._search(self.opts.searchBase, opts, function (err, result) { |
225 | 6 | Matthieu Herrb | if (err) { |
226 | 6 | Matthieu Herrb | </pre. |