User Tools

Site Tools


Online Fuzturday #1

First proposal of a Telemake event, the theme for this one is to migrate presence button's API from to sonic (at Event will take place 2020-06-06 15:00 (approx) Paris time, on Jitsi meet

Proposed plan

  • adduser presence
  • install nodejs
  • deploy code
  • systemd service
  • add vhost to lighttpd
  • letsencrypt
  • add ssl to vhost
  • test

If we have time:

  • continuous delivery
  • Ansible?
  • get rid of clunky lighttpd (caddy is awesome)


Nobody showed up on Jitsi, I (Lomanic) stopped all my shiny OBS setup and did this alone.

  • sudo adduser presence
  • sudo -u presence -i; curl -o- | bash; nvm install node --lts
  • git clone, add .env file and append echo "PORT=3000" >> .env, otherwise the listening port would be dynamic (useless for reverse proxy)
  • following
    cat << EOF | sudo tee /etc/systemd/system/presence-button-web.service >/dev/null
    Description=Presence button web
    ExecStart=bash -c "source /home/presence/.nvm/ && set -a && source .env && set +a && /home/presence/.nvm/versions/node/v14.4.0/bin/npm start"
    sudo systemctl enable presence-button-web.service
  • add this to /etc/lighttpd/lighttpd.conf
    $HTTP["host"] == "" {
        $HTTP["scheme"] == "http" {
            server.document-root = "/var/www/"
                    $HTTP["url"] !~ "^/.well-known/acme-challenge/" {
                            proxy.server = ( "" => (("host" => "", "port" => 3000)) ) # the nodejs server handles the HTTPS redirect by itself as historically ESP couldn't talk SSL (and Glitch doesn't auto-redirect), so was not redirecting /api
            #$SERVER["socket"] == ":443" {
            #       ssl.engine  = "enable"
            #       proxy.server = ( "" => (("host" => "", "port" => 3000)) )
            # = "/etc/lighttpd/certs/authority.pem"
            #       ssl.pemfile = "/etc/lighttpd/certs/"

    mkdir -p /var/www/

  • oh letsencrypt, what a nice WTF moment. You have to edit some random /etc/letsencrypt/ to include your new domain (and of course, this script is only manually called right?) while everything can be done inside certbot already (you can call commands after a successful renewal). For the curious as it's not documented anywhere (found this script almost by mistake in fact):
    sudo letsencrypt certonly -n --agree-tos -d --webroot --webroot-path /var/www/
    sudo cat /etc/letsencrypt/live/{privkey,cert}.pem | sudo tee /etc/lighttpd/certs/ >/dev/null
  • uncomment the SSL part in /etc/lighttpd/lighttpd.conf above
  • http://presence.fuz.re everything looks OK (didn't test with an ESP but it would post a message in #toctoctoc), though there are many unsatisfactory things remaining (the lighttpd/frankenletsencrypt duo is maddening of course, but the presence-button-web code is bad in many ways), this will be for another day
evenements/log/20200606.txt · Last modified: 2020/10/17 21:29 by lomanic