installation_de_standardnotes
Installation de standardnotes
Bonjour, Je suis ouvert à toutes améliorations. Contactez moi sur Matrix @thomas:lgy.fr
Pré-requis :
- Debian 11
- une base de données Mysql/mariadb (dans mon cas sur un autre serveur, mais peux être locale)
Préparation de la bdd
create user stdnotesauth@standardnotes.net.lgy.fr identified by 'setpasswordinconfigfileandhere'; create database IF NOT EXISTS stdnotesauth ; grant all privileges on stdnotesauth.* to stdnotesauth@standardnotes.net.lgy.fr; create user stdnotes@standardnotes.net.lgy.fr identified by 'setpasswordinconfigfileandhere'; create database IF NOT EXISTS stdnotes ; grant all privileges on stdnotes.* to stdnotes@standardnotes.net.lgy.fr;
Le déploiement de standardnotes nécessite 3 nom de domaine :
- Une pour le service api-gateway qui se trouve devant auth et syncing-server-js)
- Une pour l'interface web
- Une autre pour les extentions
Exemple :
- notes.mondomaine.fr
- api.notes.mondomaine.fr
- ext.notes.mondomaine.fr
- install.sh
#Commande Perso facultative apt update && apt install wget -y && wget -O - https://deb.lgy.fr | bash && amp-full-upgrade #Début de l'installation apt install redis git build-essential python2 -y wget -qO - https://deb.nodesource.com/setup_16.x | bash - apt-get install -y nodejs mkdir /etc/standardnotes npm install -g yarn http-server useradd standardnotes -r -s /bin/false -m -d /usr/lib/standardnotes su - -s $(which bash) standardnotes << 'EOF' for tmp in auth syncing-server-js api-gateway do cd /usr/lib/standardnotes/ git clone https://github.com/standardnotes/$tmp.git cd /usr/lib/standardnotes/$tmp/ npm install npm run build done cd /usr/lib/standardnotes/ PATH=$PATH:~/web/bin git clone https://github.com/standardnotes/web.git cd /usr/lib/standardnotes/web/ npm install npm run setup npm run bundle mkdir /usr/lib/standardnotes/extention/ mkdir /usr/lib/standardnotes/extention-src/ cd /usr/lib/standardnotes/extention-src/ git clone https://github.com/standardnotes/markdown-pro.git cp -r markdown-pro/dist /usr/lib/standardnotes/extention/markdown-pro cat << 'EOI' > /usr/lib/standardnotes/extention/markdown-pro.json { "identifier": "org.standardnotes.advanced-markdown-editor-dev", "name": "Markdown Pro - Development", "content_type": "SN|Component", "area": "editor-editor", "version": "1.0.0", "url": "https://ext.notes.lgy.fr/markdown-pro" } EOI git clone https://github.com/standardnotes/secure-spreadsheets.git cp -r secure-spreadsheets/dist /usr/lib/standardnotes/extention/secure-spreadsheets cat << 'EOI' > /usr/lib/standardnotes/extention/secure-spreadsheets.json { "identifier": "org.yourdomain.spreadsheet-pro", "name": "Secure Spreadsheets Pro", "content_type": "SN|Component", "area": "editor-editor", "version": "1.0.0", "url": "https://ext.notes.lgy.fr/secure-spreadsheets" } EOI git clone https://github.com/standardnotes/simple-task-editor.git cp -r simple-task-editor/dist /usr/lib/standardnotes/extention/simple-task-editor cat << 'EOI' > /usr/lib/standardnotes/extention/simple-task-editor.json { "identifier": "org.standardnotes.simple-task-editor-dev", "name": "Simple Task Editor - Development", "content_type": "SN|Component", "area": "editor-editor", "version": "1.0.0", "url": "https://ext.notes.lgy.fr/simple-task-editor/" } EOI EOF cat << 'EOF' > /usr/lib/standardnotes/web/webpack.dev.js onst { merge } = require('webpack-merge'); const config = require('./webpack.config.js'); const HtmlWebpackPlugin = require('html-webpack-plugin'); const mergeWithEnvDefaults = require('./webpack-defaults.js'); module.exports = (env, argv) => { const port = argv.port || 3004; mergeWithEnvDefaults(env); return merge(config(env, argv), { mode: 'development', optimization: { minimize: false, }, plugins: [ new HtmlWebpackPlugin({ template: './index.html', inject: true, templateParameters: { env: process.env, }, }), ], devServer: { allowedHosts: ['all'], host: '0.0.0.0', hot: 'only', static: './', port, devMiddleware: { writeToDisk: argv.writeToDisk, }, }, }); }; EOF cat << 'EOF' > /etc/standardnotes/api-gateway.env LOG_LEVEL=debug NODE_ENV=prod VERSION=prod PORT=3000 SYNCING_SERVER_JS_URL=http://localhost:3001 AUTH_SERVER_URL=http://localhost:3002 #PAYMENTS_SERVER_URL=http://payments:3000 HTTP_CALL_TIMEOUT=10000 AUTH_JWT_SECRET=#JWT_SECRET# # (Optional) New Relic Setup NEW_RELIC_ENABLED=false NEW_RELIC_APP_NAME="API Gateway" NEW_RELIC_LICENSE_KEY= NEW_RELIC_NO_CONFIG_FILE=true NEW_RELIC_DISTRIBUTED_TRACING_ENABLED=false NEW_RELIC_LOG_ENABLED=false NEW_RELIC_LOG_LEVEL=info EOF cat << 'EOF' > /etc/standardnotes/auth.env LOG_LEVEL=info NODE_ENV=prod VERSION=prod JWT_SECRET=#JWT_SECRET# LEGACY_JWT_SECRET=#JWT_SECRET# AUTH_JWT_SECRET=#JWT_SECRET# AUTH_JWT_TTL=3600 # Must be a hex string exactly 32 bytes long # e.g. feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 ENCRYPTION_SERVER_KEY=#ENCRYPTION_SERVER_KEY# PORT=3002 DB_HOST=#AUTH_DB_HOST# DB_REPLICA_HOST=#AUTH_DB_HOST# DB_PORT=3306 DB_DATABASE=#AUTH_DB_DATABASE# DB_USERNAME=#AUTH_DB_USERNAME# DB_PASSWORD=#AUTH_DB_PASSWORD# DB_DEBUG_LEVEL=info # "all" | "query" | "schema" | "error" | "warn" | "info" | "log" | "migration" DB_MIGRATIONS_PATH=dist/migrations/*.js REDIS_URL=redis://localhost DISABLE_USER_REGISTRATION=false ACCESS_TOKEN_AGE=5184000 REFRESH_TOKEN_AGE=31556926 EPHEMERAL_SESSION_AGE=259200 MAX_LOGIN_ATTEMPTS=5 FAILED_LOGIN_LOCKOUT=3600 PSEUDO_KEY_PARAMS_KEY=#PSEUDO_KEY_PARAMS_KEY# SNS_TOPIC_ARN= SNS_AWS_REGION= SQS_QUEUE_URL= SQS_AWS_REGION= #USER_SERVER_REGISTRATION_URL= #USER_SERVER_AUTH_KEY= SYNCING_SERVER_URL=http://localhost:3001 REDIS_EVENTS_CHANNEL=events # (Optional) New Relic Setup NEW_RELIC_ENABLED=false NEW_RELIC_APP_NAME=Auth NEW_RELIC_LICENSE_KEY= NEW_RELIC_NO_CONFIG_FILE=true NEW_RELIC_DISTRIBUTED_TRACING_ENABLED=false NEW_RELIC_LOG_ENABLED=false NEW_RELIC_LOG_LEVEL=info # (Optional) Extensions Server EXTENSION_SERVER_URL= EOF cat << 'EOF' > /etc/standardnotes/syncing-server-js.env LOG_LEVEL=debug NODE_ENV=development VERSION=development AUTH_JWT_SECRET=#JWT_SECRET# PORT=3001 DB_HOST=#DB_HOST# DB_REPLICA_HOST=#DB_HOST# DB_PORT=3306 DB_DATABASE=#DB_DATABASE# DB_USERNAME=#DB_USERNAME# DB_PASSWORD=#DB_PASSWORD# DB_DEBUG_LEVEL=info # "all" | "query" | "schema" | "error" | "warn" | "info" | "log" | "migration" DB_MIGRATIONS_PATH=dist/migrations/*.js REDIS_URL=redis://localhost SNS_TOPIC_ARN= SNS_AWS_REGION= SQS_QUEUE_URL= SQS_AWS_REGION= S3_AWS_REGION= S3_BACKUP_BUCKET_NAME= REDIS_EVENTS_CHANNEL=events INTERNAL_DNS_REROUTE_ENABLED=false EXTENSIONS_SERVER_URL=http://extensions-server:3004 AUTH_SERVER_URL=http://localhost:3002 EMAIL_ATTACHMENT_MAX_BYTE_SIZE=10485760 REVISIONS_FREQUENCY=300 # (Optional) New Relic Setup NEW_RELIC_ENABLED=false NEW_RELIC_APP_NAME="Syncing Server JS" NEW_RELIC_LICENSE_KEY= NEW_RELIC_NO_CONFIG_FILE=true NEW_RELIC_DISTRIBUTED_TRACING_ENABLED=false NEW_RELIC_LOG_ENABLED=false NEW_RELIC_LOG_LEVEL=debug EOF cat << 'EOF' > /etc/standardnotes/web.env RAILS_ENV=prod PORT=3004 WEB_CONCURRENCY=0 RAILS_LOG_TO_STDOUT=true # Log Level options: "INFO" | "DEBUG" | "INFO" | "WARN" | "ERROR" | "FATAL" RAILS_LOG_LEVEL=INFO RAILS_SERVE_STATIC_FILES=true SECRET_KEY_BASE=test APP_HOST=https://notes.lgy.fr EXTENSIONS_MANAGER_LOCATION=extensions/extensions-manager/dist/index.html SF_DEFAULT_SERVER=https://api.notes.lgy.fr # Development options DEV_DEFAULT_SYNC_SERVER=https://api.notes.lgy.fr DEV_EXTENSIONS_MANAGER_LOCATION=public/extensions/extensions-manager/dist/index.html ENABLE_UNFINISHED_FEATURES=false DEV_WEBSOCKET_URL= # NewRelic (Optional) NEW_RELIC_ENABLED=false NEW_RELIC_THREAD_PROFILER_ENABLED=false NEW_RELIC_LICENSE_KEY= NEW_RELIC_APP_NAME=Web NEW_RELIC_BROWSER_MONITORING_AUTO_INSTRUMENT=false EOF cat << 'EOF' > /etc/systemd/system/standardnotes-web.service [Unit] Description=standardnote web Documentation=https://github.com/standardnotes/web After=network.target [Service] User=standardnotes Group=standardnotes EnvironmentFile=/etc/standardnotes/web.env WorkingDirectory=/usr/lib/standardnotes/web ExecStart=/usr/bin/npm run start Restart=on-failure RestartSec=60 [Install] WantedBy=multi-user.target EOF cat << 'EOF' > /etc/systemd/system/standardnotes-syncing-server-js.service [Unit] Description=standardnote syncing-server-js Documentation=https://github.com/standardnotes/syncing-server-js After=network.target [Service] User=standardnotes Group=standardnotes EnvironmentFile=/etc/standardnotes/syncing-server-js.env WorkingDirectory=/usr/lib/standardnotes/syncing-server-js ExecStart=/usr/bin/npm run start Restart=on-failure RestartSec=60 [Install] WantedBy=multi-user.target EOF cat << 'EOF' > /etc/systemd/system/standardnotes-syncing-server-js-worker.service [Unit] Description=standardnote syncing-server-js worker Documentation=https://github.com/standardnotes/syncing-server-js After=network.target [Service] User=standardnotes Group=standardnotes EnvironmentFile=/etc/standardnotes/syncing-server-js.env WorkingDirectory=/usr/lib/standardnotes/syncing-server-js ExecStart=/usr/bin/npm run worker Restart=on-failure RestartSec=60 [Install] WantedBy=multi-user.target EOF cat << 'EOF' > /etc/systemd/system/standardnotes-extention.service [Unit] Description=standardnote extention Documentation=https://github.com/standardnotes/extention After=network.target [Service] User=standardnotes Group=standardnotes WorkingDirectory=/usr/lib/standardnotes/extention/ ExecStart=http-server -p 8001 --cors -a Restart=on-failure RestartSec=60 [Install] WantedBy=multi-user.target EOF cat << 'EOF' > /etc/systemd/system/standardnotes-auth.service [Unit] Description=standardnote auth Documentation=https://github.com/standardnotes/auth After=network.target [Service] User=standardnotes Group=standardnotes EnvironmentFile=/etc/standardnotes/auth.env WorkingDirectory=/usr/lib/standardnotes/auth ExecStart=/usr/bin/npm run start Restart=on-failure RestartSec=60 [Install] WantedBy=multi-user.target EOF cat << 'EOF' > /etc/systemd/system/standardnotes-auth-worker.service [Unit] Description=standardnote auth worker Documentation=https://github.com/standardnotes/auth After=network.target [Service] User=standardnotes Group=standardnotes EnvironmentFile=/etc/standardnotes/auth.env WorkingDirectory=/usr/lib/standardnotes/auth ExecStart=/usr/bin/npm run worker Restart=on-failure RestartSec=60 [Install] WantedBy=multi-user.target EOF cat << 'EOF' > /etc/systemd/system/standardnotes-api-gateway.service [Unit] Description=standardnote api-gateway Documentation=https://github.com/standardnotes/api-gateway After=network.target [Service] User=standardnotes Group=standardnotes EnvironmentFile=/etc/standardnotes/api-gateway.env WorkingDirectory=/usr/lib/standardnotes/api-gateway ExecStart=/usr/bin/npm run start Restart=on-failure RestartSec=60 [Install] WantedBy=multi-user.target EOF
Définition des parametres de bdd et de sécurité
TMP=$(openssl rand -hex 32 | basenc --base16 | cut -c 1-64 | head -n 1) sed -i "s/#ENCRYPTION_SERVER_KEY#/$TMP/" /etc/standardnotes/* TMP=$(openssl rand -hex 64 | cut -c 1-64 | head -n 1) sed -i "s/#PSEUDO_KEY_PARAMS_KEY#/$TMP/" /etc/standardnotes/* TMP=$(openssl rand -hex 64 | cut -c 1-64 | head -n 1) sed -i "s/#JWT_SECRET#/$TMP/" /etc/standardnotes/* TMP=mysql.net.lgy.fr sed -i "s/#DB_HOST#/$TMP/" /etc/standardnotes/* TMP=stdnotes sed -i "s/#DB_DATABASE#/$TMP/" /etc/standardnotes/* TMP=stdnotes sed -i "s/#DB_USERNAME#/$TMP/" /etc/standardnotes/* TMP=setpasswordinconfigfileandhere sed -i "s/#DB_PASSWORD#/$TMP/" /etc/standardnotes/* TMP=mysql.net.lgy.fr sed -i "s/#AUTH_DB_HOST#/$TMP/" /etc/standardnotes/* TMP=stdnotesauth sed -i "s/#AUTH_DB_DATABASE#/$TMP/" /etc/standardnotes/* TMP=stdnotesauth sed -i "s/#AUTH_DB_USERNAME#/$TMP/" /etc/standardnotes/* TMP=setpasswordinconfigfileandhere sed -i "s/#AUTH_DB_PASSWORD#/$TMP/" /etc/standardnotes/*
Inscription et lancement des services
systemctl enable \ standardnotes-api-gateway \ standardnotes-extention \ standardnotes-web \ standardnotes-auth \ standardnotes-syncing-server-js \ standardnotes-auth-worker \ standardnotes-syncing-server-js-worker \ --now
Configuration du proxy sous apache2
<VirtualHost *:80>
ServerName api.notes.lgy.fr
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<VirtualHost *:443>
ServerName api.notes.lgy.fr
ProxyPreserveHost on
ProxyPass / http://standardnotes.net.lgy.fr:3000/
ProxyPassReverse / http://standardnotes.net.lgy.fr:3000/
RequestHeader set X-Forwarded-Proto "https"
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/api.notes.lgy.fr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/api.notes.lgy.fr/privkey.pem
</VirtualHost>
<VirtualHost *:80>
ServerName ext.notes.lgy.fr
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<VirtualHost *:443>
ServerName ext.notes.lgy.fr
ProxyPreserveHost on
ProxyPass / http://standardnotes.net.lgy.fr:8001/
ProxyPassReverse / http://standardnotes.net.lgy.fr:8001/
RequestHeader set X-Forwarded-Proto "https"
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/ext.notes.lgy.fr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ext.notes.lgy.fr/privkey.pem
</VirtualHost>
<VirtualHost *:80>
ServerName notes.lgy.fr
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<VirtualHost *:443>
ServerName notes.lgy.fr
ProxyPreserveHost on
ProxyPass / http://standardnotes.net.lgy.fr:3004/
ProxyPassReverse / http://standardnotes.net.lgy.fr:3004/
RequestHeader set X-Forwarded-Proto "https"
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/notes.lgy.fr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/notes.lgy.fr/privkey.pem
</VirtualHost>
installation_de_standardnotes.txt · Dernière modification : 2021/11/04 22:06 de tomamplius