Présentation d'installation d'un serveur EtherPad sur debian 9.
Dans cette présentation, nous allons configurer un site https://pad.sleto.net.
Nous utiliserons les variables DBNAME, DBUSER et DBPASSWD respectivement pour le nom, l'utilisateur et le mot de passe de base de données.
Utilise un Serveur web sécurisé (Nginx / Let's Encrypt).
Nécessite également les outils :
sudo apt-get install -y postgresql postgresql-contrib supervisor git
Vous devrez également ajouter le domaine pad.sleto.net dans le Serveur DNS (bind9)
Nous allons créé une base de donnée PostgreSQL:
sudo -u postgres psql -c "CREATE USER $DBUSER;" sudo -u postgres psql -c "ALTER USER $DBUSER PASSWORD '$DBPASSWD';" sudo -u postgres psql -c "CREATE DATABASE $DBNAME OWNER $DBUSER;"
Création d'un utilisateur etherpad:
adduser --system --home /opt/etherpad --shell /bin/bash --disabled-password --quiet etherpad install -d -m 755 -o $DBUSER /opt/etherpad
Ecrire le fichier /tmp/settings.json (attention de bien remplacer $DBNAME, $DBUSER et $DBPASSWD):
{ "title": "Éditeur text", "favicon": "favicon.ico", "ip": "0.0.0.0", "port" : 9001, "showSettingsInAdminPage" : true, "dbType" : "postgres", "dbSettings" : { "user" : "$DBUSER", "host" : "localhost", "port" : 5432, "password": "$DBPASSWD", "database": "$DBNAME", "charset" : "utf8mb4" }, "defaultPadText" : "Bienvenu dans l'éditeur de text.", "padOptions": { "noColors": false, "showControls": true, "showChat": true, "showLineNumbers": true, "useMonospaceFont": false, "userName": false, "userColor": false, "rtl": false, "alwaysShowChat": false, "chatAndUsers": false, "lang": "fr-FR" }, "padShortcutEnabled" : { "altF9" : true, /* focus on the File Menu and/or editbar */ "altC" : true, /* focus on the Chat window */ "cmdShift2" : true, /* shows a gritter popup showing a line author */ "delete" : true, "return" : true, "esc" : true, /* in mozilla versions 14-19 avoid reconnecting pad */ "cmdS" : true, /* save a revision */ "tab" : true, /* indent */ "cmdZ" : true, /* undo/redo */ "cmdY" : true, /* redo */ "cmdI" : true, /* italic */ "cmdB" : true, /* bold */ "cmdU" : true, /* underline */ "cmd5" : true, /* strike through */ "cmdShiftL" : true, /* unordered list */ "cmdShiftN" : true, /* ordered list */ "cmdShift1" : true, /* ordered list */ "cmdShiftC" : true, /* clear authorship */ "cmdH" : true, /* backspace */ "ctrlHome" : true, /* scroll to top of pad */ "pageUp" : true, "pageDown" : true }, "suppressErrorsInPadText" : false, "requireSession" : false, "editOnly" : true, "sessionNoPassword" : false, "minify" : true, "maxAge" : 21600, // 60 * 60 * 6 = 6 hours "abiword" : null, "soffice" : null, "tidyHtml" : null, "allowUnknownFileEnds" : true, "requireAuthentication" : false, "requireAuthorization" : false, "trustProxy" : true, "disableIPlogging" : false, "automaticReconnectionTimeout" : 0, "scrollWhenFocusLineIsOutOfViewport": { "percentage": { "editionAboveViewport": 0, "editionBelowViewport": 0 }, "duration": 0, "scrollWhenCaretIsInTheLastLineOfViewport": false, "percentageToScrollWhenUserPressesArrowUp": 0 }, "users": { "admin": { // "password" can be replaced with "hash" if you install ep_hash_auth "password": "$DBPASSWD", "is_admin": true }, }, "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"], "loadTest": false, "loglevel": "INFO", "logconfig" : { "appenders": [ { "type": "console" //, "category": "access"// only logs pad access }, { "type": "file" , "filename": "/var/log/etherpad-lite/etherpad.log" , "maxLogSize": 1024 , "backups": 3 // how many log files there're gonna be at max //, "category": "test" // only log a specific category } ] } // logconfig }
Installation de l'outil:
date | base64 > /tmp/APIKEY.txt su - etherpad <<EOF node --version git clone git://github.com/ether/etherpad-lite.git ~/etherpad-lite cp /tmp/settings.json ~/etherpad-lite/ cp /tmp/APIKEY.txt ~/etherpad-lite/ ~/etherpad-lite/bin/installDeps.sh EOF
Créer le fichier de gestion de service /etc/systemd/system/etherpad.service:
[Unit] Description=Etherpad-lite, the collaborative editor. After=syslog.target [Service] Type=simple User=etherpad Group=nogroup WorkingDirectory=/opt/etherpad/etherpad-lite Environment=NODE_ENV=production ExecStart=/usr/bin/node /opt/etherpad/etherpad-lite/src/node/server.js Restart=always [Install] WantedBy=multi-user.target
Et l'instruction:
systemctl daemon-reload systemctl start etherpad.service systemctl enable etherpad.service
Créer un fichier /opt/etherpad/nginx-pad:
server { listen 80; server_name pad.sleto.net; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name pad.sleto.net; access_log /var/log/nginx/pad.sleto.net.access.log; error_log /var/log/nginx/pad.sleto.net.error.log; include /opt/ssl/pad.sleto.net.conf; location / { proxy_pass http://localhost:9001; rewrite /pad(/.*)$ $1 break; proxy_redirect off; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_http_version 1.1; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffers 32 4k; proxy_intercept_errors on; } }
Notons que /opt/ssl/pad.sleto.net.conf contiendra les informations relatives aux clefs privé et public HTTPS/SSL (voir Serveur web sécurisé (Nginx / Let's Encrypt)).
Activer la configuration web par:
ln -sf /opt/$DBUSER/nginx-pad /etc/nginx/sites-enabled
Pour rafraîchir les services nginx
service nginx restart