Table des matières

Etherpad

Présentation d'installation d'un serveur EtherPad sur debian 9.
Dans cette présentation, nous allons configurer un site https://pad.sleto.net.

Nous utiliserons les variables DBNAME, DBUSER et DBPASSWD respectivement pour le nom, l'utilisateur et le mot de passe de base de données.

Dépendances

Utilise un Serveur web sécurisé (Nginx / Let's Encrypt).
Nécessite également les outils :

sudo apt-get install -y postgresql postgresql-contrib supervisor git

Vous devrez également ajouter le domaine pad.sleto.net dans le Serveur DNS (bind9)

Base de données

Nous allons créé une base de donnée PostgreSQL:

sudo -u postgres psql -c "CREATE USER $DBUSER;"
sudo -u postgres psql -c "ALTER USER $DBUSER PASSWORD '$DBPASSWD';"
sudo -u postgres psql -c "CREATE DATABASE $DBNAME OWNER $DBUSER;"

Pré-configuration

Création d'un utilisateur etherpad:

adduser --system --home /opt/etherpad --shell /bin/bash --disabled-password --quiet etherpad
install -d -m 755 -o $DBUSER /opt/etherpad

Installation

Ecrire le fichier /tmp/settings.json (attention de bien remplacer $DBNAME, $DBUSER et $DBPASSWD):

{
  "title": "Éditeur text",

  "favicon": "favicon.ico",

  "ip": "0.0.0.0",
  "port" : 9001,

  "showSettingsInAdminPage" : true,

  "dbType" : "postgres",
  "dbSettings" : {
                   "user"    : "$DBUSER",
                   "host"    : "localhost",
                   "port"    : 5432,
                   "password": "$DBPASSWD",
                   "database": "$DBNAME",
                   "charset" : "utf8mb4"
                 },

  "defaultPadText" : "Bienvenu dans l'éditeur de text.",

  "padOptions": {
    "noColors": false,
    "showControls": true,
    "showChat": true,
    "showLineNumbers": true,
    "useMonospaceFont": false,
    "userName": false,
    "userColor": false,
    "rtl": false,
    "alwaysShowChat": false,
    "chatAndUsers": false,
    "lang": "fr-FR"
  },

  "padShortcutEnabled" : {
    "altF9"     : true, /* focus on the File Menu and/or editbar */
    "altC"      : true, /* focus on the Chat window */
    "cmdShift2" : true, /* shows a gritter popup showing a line author */
    "delete"    : true,
    "return"    : true,
    "esc"       : true, /* in mozilla versions 14-19 avoid reconnecting pad */
    "cmdS"      : true, /* save a revision */
    "tab"       : true, /* indent */
    "cmdZ"      : true, /* undo/redo */
    "cmdY"      : true, /* redo */
    "cmdI"      : true, /* italic */
    "cmdB"      : true, /* bold */
    "cmdU"      : true, /* underline */
    "cmd5"      : true, /* strike through */
    "cmdShiftL" : true, /* unordered list */
    "cmdShiftN" : true, /* ordered list */
    "cmdShift1" : true, /* ordered list */
    "cmdShiftC" : true, /* clear authorship */
    "cmdH"      : true, /* backspace */
    "ctrlHome"  : true, /* scroll to top of pad */
    "pageUp"    : true,
    "pageDown"  : true
  },

  "suppressErrorsInPadText" : false,

  "requireSession" : false,

  "editOnly" : true,

  "sessionNoPassword" : false,

  "minify" : true,

  "maxAge" : 21600, // 60 * 60 * 6 = 6 hours

  "abiword" : null,

  "soffice" : null,

  "tidyHtml" : null,

  "allowUnknownFileEnds" : true,

  "requireAuthentication" : false,

  "requireAuthorization" : false,

  "trustProxy" : true,

  "disableIPlogging" : false,

  "automaticReconnectionTimeout" : 0,

  "scrollWhenFocusLineIsOutOfViewport": {

    "percentage": {
      "editionAboveViewport": 0,
      "editionBelowViewport": 0
    },

    "duration": 0,

    "scrollWhenCaretIsInTheLastLineOfViewport": false,

    "percentageToScrollWhenUserPressesArrowUp": 0
  },

  "users": {
    "admin": {
      // "password" can be replaced with "hash" if you install ep_hash_auth
      "password": "$DBPASSWD",
      "is_admin": true
    },
  },

  "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],

  "loadTest": false,

  "loglevel": "INFO",

  "logconfig" :
    { "appenders": [
        { "type": "console"
        //, "category": "access"// only logs pad access
        }, 
        { "type": "file"
      , "filename": "/var/log/etherpad-lite/etherpad.log"
      , "maxLogSize": 1024
      , "backups": 3 // how many log files there're gonna be at max
      //, "category": "test" // only log a specific category
        }
      ]
    } // logconfig
}

Installation de l'outil:

date | base64 > /tmp/APIKEY.txt
su - etherpad <<EOF
node --version    
git clone git://github.com/ether/etherpad-lite.git ~/etherpad-lite
cp /tmp/settings.json ~/etherpad-lite/
cp /tmp/APIKEY.txt ~/etherpad-lite/
~/etherpad-lite/bin/installDeps.sh
EOF

Configuration

Créer le fichier de gestion de service /etc/systemd/system/etherpad.service:

[Unit]
Description=Etherpad-lite, the collaborative editor.
After=syslog.target

[Service]
Type=simple
User=etherpad
Group=nogroup
WorkingDirectory=/opt/etherpad/etherpad-lite
Environment=NODE_ENV=production

ExecStart=/usr/bin/node /opt/etherpad/etherpad-lite/src/node/server.js

Restart=always 

[Install]
WantedBy=multi-user.target

Et l'instruction:

systemctl daemon-reload
systemctl start etherpad.service
systemctl enable etherpad.service

Configuration web

Créer un fichier /opt/etherpad/nginx-pad:

server {
    listen 80;
    server_name pad.sleto.net;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name pad.sleto.net;
    access_log /var/log/nginx/pad.sleto.net.access.log;
    error_log  /var/log/nginx/pad.sleto.net.error.log;

    include /opt/ssl/pad.sleto.net.conf;
    
    location / {
        proxy_pass http://localhost:9001;
        rewrite /pad(/.*)$ $1 break;
        proxy_redirect off;
        proxy_set_header        Upgrade           $http_upgrade;
        proxy_set_header        Connection        "upgrade";
        proxy_set_header        Host              $host;
        proxy_set_header        X-Real-IP         $remote_addr;
        proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto https;
        proxy_http_version      1.1;
        proxy_connect_timeout   90;
        proxy_send_timeout      90;
        proxy_read_timeout      90;
        proxy_buffers           32 4k;
        proxy_intercept_errors  on;
    }
    
}    

Notons que /opt/ssl/pad.sleto.net.conf contiendra les informations relatives aux clefs privé et public HTTPS/SSL (voir Serveur web sécurisé (Nginx / Let's Encrypt)).

Activer la configuration web par:

ln -sf /opt/$DBUSER/nginx-pad /etc/nginx/sites-enabled

Rechargement

Pour rafraîchir les services nginx

service nginx restart