Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision |
evenements:log:20200606 [2020-06-06 10:46] – [Online Fuzturday #1] Lomanic | evenements:log:20200606 [2020-10-17 17:27] – +internal link to presence button project page Lomanic |
---|
====== Online Fuzturday #1 ====== | ====== Online Fuzturday #1 ====== |
| |
First proposal of a Telemake event, the theme for this one is to migrate https://presence-button.glitch.me to sonic (at https://presence.fuz.re). Event will take place 2020-06-06 15:00 (approx) Paris time, on Jitsi meet https://talk.fdn.fr/onlinefuzturday1 | First proposal of a [[https://matrix.to/#/#telemake:matrix.fuz.re|Telemake]] event, the theme for this one is to migrate [[projets:fuz:presence button]]'s API from https://presence-button.glitch.me to sonic (at https://presence.fuz.re). Event will take place 2020-06-06 15:00 (approx) Paris time, on Jitsi meet https://talk.fdn.fr/onlinefuzturday1 |
===== Proposed plan ===== | ===== Proposed plan ===== |
| |
* Ansible? | * Ansible? |
* get rid of clunky lighttpd (caddy is awesome) | * get rid of clunky lighttpd (caddy is awesome) |
| |
| ===== Log ===== |
| Nobody showed up on Jitsi, I (Lomanic) stopped all my shiny OBS setup and did this alone. |
| |
| * ''sudo adduser presence'' |
| * ''<nowiki>sudo -u presence -i; curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | bash; nvm install node --lts</nowiki>'' |
| * ''<nowiki>git clone https://git.interhacker.space/Lomanic/presence-button-web</nowiki>'', add .env file and append ''<nowiki>echo "PORT=3000" >> .env</nowiki>'', otherwise the listening port would be dynamic (useless for reverse proxy) |
| * following https://doc.ubuntu-fr.org/creer_un_service_avec_systemd#exemple_de_service_de_type_simple <code> |
| cat << EOF > /etc/systemd/system/presence-button-web.service |
| [Unit] |
| Description=Presence button web |
| After=network-online.target |
| |
| [Service] |
| Type=simple |
| |
| User=presence |
| Group=presence |
| WorkingDirectory=/home/presence/presence-button-web |
| ExecStart=bash -c "source /home/presence/.nvm/nvm.sh && set -a && source .env && set +a && /home/presence/.nvm/versions/node/v14.4.0/bin/npm start" |
| Restart=on-failure |
| TimeoutStopSec=300 |
| |
| [Install] |
| WantedBy=multi-user.target |
| EOF |
| systemctl enable presence-button-web.service |
| </code> |
| * add this to ''/etc/lighttpd/lighttpd.conf''<code> |
| $HTTP["host"] == "presence.fuz.re" { |
| $HTTP["scheme"] == "http" { |
| server.document-root = "/var/www/fuz.re/presence/site" |
| $HTTP["url"] !~ "^/.well-known/acme-challenge/" { |
| proxy.server = ( "" => (("host" => "127.0.0.1", "port" => 3000)) ) # the nodejs server handles the HTTPS redirect by itself as historically ESP couldn't talk SSL (and Glitch doesn't auto-redirect), so was not redirecting /api |
| } |
| } |
| |
| #$SERVER["socket"] == ":443" { |
| # ssl.engine = "enable" |
| # proxy.server = ( "" => (("host" => "127.0.0.1", "port" => 3000)) ) |
| # ssl.ca-file = "/etc/lighttpd/certs/authority.pem" |
| # ssl.pemfile = "/etc/lighttpd/certs/presence.fuz.re.pem" |
| #} |
| } |
| </code>''mkdir -p /var/www/fuz.re/presence/site'' |
| * oh letsencrypt, what a nice WTF moment. You have to edit some random ''/etc/letsencrypt/autorenew.sh'' to include your new domain (and of course, this script is only manually called right?) while everything can be done inside certbot already (you can call commands after a successful renewal). For the curious as it's not documented anywhere (found this script almost by mistake in fact):<code> |
| sudo letsencrypt certonly -n --agree-tos -d presence.fuz.re --webroot --webroot-path /var/www/fuz.re/presence/site/ |
| sudo cat /etc/letsencrypt/live/presence.fuz.re/{privkey,cert}.pem | sudo tee /etc/lighttpd/certs/presence.fuz.re.pem >/dev/null |
| </code> |
| * uncomment the SSL part in ''/etc/lighttpd/lighttpd.conf'' above |
| * http://presence.fuz.re -> https://presence.fuz.re everything looks OK (didn't test with an ESP but it would post a message in #toctoctoc), though there are many unsatisfactory things remaining (the lighttpd/frankenletsencrypt duo is maddening of course, but the presence-button-web code is bad in many ways), this will be for another day |
| |
| |