Différences

Ci-dessous, les différences entre deux révisions de la page.

--- installation_de_standardnotes [2021/09/10 12:21] – tomamplius
+++ installation_de_standardnotes [2021/11/04 22:06] (Version actuelle) – tomamplius
@@ Ligne 1: / Ligne 1: @@
+====== Installation de standardnotes ======
+[[https://standardnotes.com/|standardnotes]] [[https://github.com/standardnotes|git]]
+Bonjour,
+Je suis ouvert à toutes améliorations. Contactez moi sur Matrix @thomas:lgy.fr
 Pré-requis :
   * Debian 11
@@ Ligne 5: / Ligne 11: @@
 Préparation de la bdd
 <code>
-create user stdnotesauth@standardnotes.net.lgy.fr identified by 'OilOnotodfeOsyuItFijghorwodruefKojliNemVekekVogMamWiavOsfolyiej5';
+create user stdnotesauth@standardnotes.net.lgy.fr identified by 'setpasswordinconfigfileandhere';
 create database IF NOT EXISTS stdnotesauth ;
 grant all privileges on stdnotesauth.* to stdnotesauth@standardnotes.net.lgy.fr;
-create user stdnotes@standardnotes.net.lgy.fr identified by 'OilOnotodfeOsyuItFijghorwodruefKojliNemVekekVogMamWiavOsfolyiej5';
+create user stdnotes@standardnotes.net.lgy.fr identified by 'setpasswordinconfigfileandhere';
 create database IF NOT EXISTS stdnotes ;
 grant all privileges on stdnotes.* to stdnotes@standardnotes.net.lgy.fr;
@@ Ligne 23: / Ligne 29: @@
   * api.notes.mondomaine.fr
   * ext.notes.mondomaine.fr
-apg -m 64
-openssl rand -base64 32 | basenc --base16 | cut -c 1-64 | head -n 1
 <code bash install.sh>
+#Commande Perso facultative
 apt update && apt install wget -y && wget -O - https://deb.lgy.fr | bash && amp-full-upgrade
+#Début de l'installation
 apt install redis git build-essential python2 -y
-wget -qO - https://deb.nodesource.com/setup_15.x | bash -
+wget -qO - https://deb.nodesource.com/setup_16.x | bash -
 apt-get install -y nodejs
 mkdir /etc/standardnotes
-npm install -g yarn
+npm install -g yarn http-server
 useradd standardnotes -r -s /bin/false -m -d /usr/lib/standardnotes
-cd /usr/lib/standardnotes
 su - -s $(which bash) standardnotes << 'EOF'
@@ Ligne 62: / Ligne 63: @@
 npm run setup
 npm run bundle
+mkdir /usr/lib/standardnotes/extention/
+mkdir /usr/lib/standardnotes/extention-src/
+cd /usr/lib/standardnotes/extention-src/
+git clone https://github.com/standardnotes/markdown-pro.git
+cp -r markdown-pro/dist /usr/lib/standardnotes/extention/markdown-pro
+cat << 'EOI' > /usr/lib/standardnotes/extention/markdown-pro.json
+{
+  "identifier": "org.standardnotes.advanced-markdown-editor-dev",
+  "name": "Markdown Pro - Development",
+  "content_type": "SN|Component",
+  "area": "editor-editor",
+  "version": "1.0.0",
+  "url": "https://ext.notes.lgy.fr/markdown-pro"
+}
+EOI
+git clone https://github.com/standardnotes/secure-spreadsheets.git
+cp -r secure-spreadsheets/dist /usr/lib/standardnotes/extention/secure-spreadsheets
+cat << 'EOI' > /usr/lib/standardnotes/extention/secure-spreadsheets.json
+{
+    "identifier": "org.yourdomain.spreadsheet-pro",
+    "name": "Secure Spreadsheets Pro",
+    "content_type": "SN|Component",
+    "area": "editor-editor",
+    "version": "1.0.0",
+    "url": "https://ext.notes.lgy.fr/secure-spreadsheets"
+}
+EOI
+git clone https://github.com/standardnotes/simple-task-editor.git
+cp -r simple-task-editor/dist /usr/lib/standardnotes/extention/simple-task-editor
+cat << 'EOI' > /usr/lib/standardnotes/extention/simple-task-editor.json
+{
+  "identifier": "org.standardnotes.simple-task-editor-dev",
+  "name": "Simple Task Editor - Development",
+  "content_type": "SN|Component",
+  "area": "editor-editor",
+  "version": "1.0.0",
+  "url": "https://ext.notes.lgy.fr/simple-task-editor/"
+}
+EOI
 EOF
 cat << 'EOF' > /usr/lib/standardnotes/web/webpack.dev.js
-const { merge } = require('webpack-merge');
+onst { merge } = require('webpack-merge');
 const config = require('./webpack.config.js');
 const HtmlWebpackPlugin = require('html-webpack-plugin');
+const mergeWithEnvDefaults = require('./webpack-defaults.js');
 module.exports = (env, argv) => {
   const port = argv.port || 3004;
+  mergeWithEnvDefaults(env);
   return merge(config(env, argv), {
     mode: 'development',
-    /** Only create an html file for the dev-server */
+    optimization: {
-    plugins: argv.liveReload ? [
+      minimize: false,
+    },
+    plugins: [
       new HtmlWebpackPlugin({
         template: './index.html',
+        inject: true,
         templateParameters: {
-          env: process.env
+          env: process.env,
         },
       }),
-    ] : [],
+    ],
     devServer: {
-       disableHostCheck: true,
+      allowedHosts: ['all'],
-       host: '0.0.0.0',
+      host: '0.0.0.0',
-      proxy: {
+      hot: 'only',
-        '/extensions': {
+      static: './',
-          target: `http://standardnotes.net.lgy.fr:${port}`,
-          pathRewrite: { '^/extensions': '/public/extensions' }
-        },
-        '/assets': {
-          target: `http://standardnotes.net.lgy.fr:${port}`,
-          pathRewrite: { '^/assets': '/public/assets' }
-        },
-      },
       port,
-      writeToDisk: argv.writeToDisk,
+      devMiddleware: {
-    }
+        writeToDisk: argv.writeToDisk,
+      },
+    },
   });
 };
 EOF
 cat << 'EOF' > /etc/standardnotes/api-gateway.env
@@ Ligne 116: / Ligne 157: @@
 HTTP_CALL_TIMEOUT=10000
-AUTH_JWT_SECRET=BubohadtatyuhevGotsitvaijDikonoalyeldEerrEeHinyabEgyodridOudcecs
+AUTH_JWT_SECRET=#JWT_SECRET#
 # (Optional) New Relic Setup
@@ Ligne 133: / Ligne 174: @@
 VERSION=prod
-JWT_SECRET=BubohadtatyuhevGotsitvaijDikonoalyeldEerrEeHinyabEgyodridOudcecs
+JWT_SECRET=#JWT_SECRET#
-LEGACY_JWT_SECRET=BubohadtatyuhevGotsitvaijDikonoalyeldEerrEeHinyabEgyodridOudcecs
+LEGACY_JWT_SECRET=#JWT_SECRET#
-AUTH_JWT_SECRET=BubohadtatyuhevGotsitvaijDikonoalyeldEerrEeHinyabEgyodridOudcecs
+AUTH_JWT_SECRET=#JWT_SECRET#
-AUTH_JWT_TTL=60000
+AUTH_JWT_TTL=3600
 # Must be a hex string exactly 32 bytes long
 # e.g. feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
-ENCRYPTION_SERVER_KEY=6D447858586552317569573679393757696B4D3841736D686437774B4D6C5847
+ENCRYPTION_SERVER_KEY=#ENCRYPTION_SERVER_KEY#
 PORT=3002
-DB_HOST=mysql.net.lgy.fr
+DB_HOST=#AUTH_DB_HOST#
-DB_REPLICA_HOST=mysql.net.lgy.fr
+DB_REPLICA_HOST=#AUTH_DB_HOST#
 DB_PORT=3306
-DB_DATABASE=stdnotesauth
+DB_DATABASE=#AUTH_DB_DATABASE#
-DB_USERNAME=stdnotesauth
+DB_USERNAME=#AUTH_DB_USERNAME#
-DB_PASSWORD=OilOnotodfeOsyuItFijghorwodruefKojliNemVekekVogMamWiavOsfolyiej5
+DB_PASSWORD=#AUTH_DB_PASSWORD#
 DB_DEBUG_LEVEL=info # "all" | "query" | "schema" | "error" | "warn" | "info" | "log" | "migration"
@@ Ligne 166: / Ligne 207: @@
 FAILED_LOGIN_LOCKOUT=3600
-PSEUDO_KEY_PARAMS_KEY=gawquergabVatnumJorWeOgMyphevDaywitGhecAcyachHaykgeigJerreubNam
+PSEUDO_KEY_PARAMS_KEY=#PSEUDO_KEY_PARAMS_KEY#
 SNS_TOPIC_ARN=
@@ Ligne 192: / Ligne 233: @@
 EXTENSION_SERVER_URL=
 EOF
 cat << 'EOF' > /etc/standardnotes/syncing-server-js.env
@@ Ligne 199: / Ligne 239: @@
 VERSION=development
-AUTH_JWT_SECRET=BubohadtatyuhevGotsitvaijDikonoalyeldEerrEeHinyabEgyodridOudcecs
+AUTH_JWT_SECRET=#JWT_SECRET#
 PORT=3001
-DB_HOST=mysql.net.lgy.fr
+DB_HOST=#DB_HOST#
-DB_REPLICA_HOST=mysql.net.lgy.fr
+DB_REPLICA_HOST=#DB_HOST#
 DB_PORT=3306
-DB_DATABASE=stdnotes
+DB_DATABASE=#DB_DATABASE#
-DB_USERNAME=stdnotes
+DB_USERNAME=#DB_USERNAME#
-DB_PASSWORD=OilOnotodfeOsyuItFijghorwodruefKojliNemVekekVogMamWiavOsfolyiej5
+DB_PASSWORD=#DB_PASSWORD#
 DB_DEBUG_LEVEL=info # "all" | "query" | "schema" | "error" | "warn" | "info" | "log" | "migration"
@@ Ligne 241: / Ligne 281: @@
 NEW_RELIC_LOG_ENABLED=false
 NEW_RELIC_LOG_LEVEL=debug
 EOF
 cat << 'EOF' > /etc/standardnotes/web.env
@@ Ligne 271: / Ligne 309: @@
 NEW_RELIC_APP_NAME=Web
 NEW_RELIC_BROWSER_MONITORING_AUTO_INSTRUMENT=false
 EOF
@@ Ligne 314: / Ligne 351: @@
 cat << 'EOF' > /etc/systemd/system/standardnotes-syncing-server-js-worker.service
 [Unit]
-Description=standardnote syncing-server-js
+Description=standardnote syncing-server-js worker
 Documentation=https://github.com/standardnotes/syncing-server-js
 After=network.target
@@ Ligne 370: / Ligne 407: @@
 cat << 'EOF' > /etc/systemd/system/standardnotes-auth-worker.service
 [Unit]
-Description=standardnote auth
+Description=standardnote auth worker
 Documentation=https://github.com/standardnotes/auth
 After=network.target
@@ Ligne 405: / Ligne 442: @@
 WantedBy=multi-user.target
 EOF
+</code>
+Définition des parametres de bdd et de sécurité
+<code bash>
+TMP=$(openssl rand -hex 32 | basenc --base16 | cut -c 1-64 | head -n 1)
+sed -i "s/#ENCRYPTION_SERVER_KEY#/$TMP/" /etc/standardnotes/*
-systemctl enable standardnotes-api-gateway standardnotes-extention standardnotes-web standardnotes-auth standardnotes-syncing-server-js standardnotes-auth-worker standardnotes-syncing-server-js-worker --now
+TMP=$(openssl rand -hex 64  | cut -c 1-64 | head -n 1)
+sed -i "s/#PSEUDO_KEY_PARAMS_KEY#/$TMP/" /etc/standardnotes/*
+TMP=$(openssl rand -hex 64  | cut -c 1-64 | head -n 1)
+sed -i "s/#JWT_SECRET#/$TMP/" /etc/standardnotes/*
+TMP=mysql.net.lgy.fr
+sed -i "s/#DB_HOST#/$TMP/" /etc/standardnotes/*
+TMP=stdnotes
+sed -i "s/#DB_DATABASE#/$TMP/" /etc/standardnotes/*
+TMP=stdnotes
+sed -i "s/#DB_USERNAME#/$TMP/" /etc/standardnotes/*
+TMP=setpasswordinconfigfileandhere
+sed -i "s/#DB_PASSWORD#/$TMP/" /etc/standardnotes/*
+TMP=mysql.net.lgy.fr
+sed -i "s/#AUTH_DB_HOST#/$TMP/" /etc/standardnotes/*
+TMP=stdnotesauth
+sed -i "s/#AUTH_DB_DATABASE#/$TMP/" /etc/standardnotes/*
+TMP=stdnotesauth
+sed -i "s/#AUTH_DB_USERNAME#/$TMP/" /etc/standardnotes/*
+TMP=setpasswordinconfigfileandhere
+sed -i "s/#AUTH_DB_PASSWORD#/$TMP/" /etc/standardnotes/*
 </code>
+Inscription et lancement des services
+<code bash>
+systemctl enable \
+	standardnotes-api-gateway \
+	standardnotes-extention \
+	standardnotes-web \
+	standardnotes-auth \
+	standardnotes-syncing-server-js \
+	standardnotes-auth-worker \
+	standardnotes-syncing-server-js-worker \
+	--now
+</code>
+Configuration du proxy sous apache2
+<code>
+<VirtualHost *:80>
+	ServerName api.notes.lgy.fr
+        RewriteEngine On
+        RewriteCond %{HTTPS} off
+        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+</VirtualHost>
+<VirtualHost *:443>
+	ServerName api.notes.lgy.fr
+	ProxyPreserveHost on
+        ProxyPass / http://standardnotes.net.lgy.fr:3000/
+        ProxyPassReverse / http://standardnotes.net.lgy.fr:3000/
+	RequestHeader set X-Forwarded-Proto "https"
+	SSLEngine On
+	SSLCertificateFile /etc/letsencrypt/live/api.notes.lgy.fr/fullchain.pem
+	SSLCertificateKeyFile /etc/letsencrypt/live/api.notes.lgy.fr/privkey.pem
+</VirtualHost>
+<VirtualHost *:80>
+	ServerName ext.notes.lgy.fr
+        RewriteEngine On
+        RewriteCond %{HTTPS} off
+        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+</VirtualHost>
+<VirtualHost *:443>
+	ServerName ext.notes.lgy.fr
+	ProxyPreserveHost on
+        ProxyPass / http://standardnotes.net.lgy.fr:8001/
+        ProxyPassReverse / http://standardnotes.net.lgy.fr:8001/
+	RequestHeader set X-Forwarded-Proto "https"
+	SSLEngine On
+	SSLCertificateFile /etc/letsencrypt/live/ext.notes.lgy.fr/fullchain.pem
+	SSLCertificateKeyFile /etc/letsencrypt/live/ext.notes.lgy.fr/privkey.pem
+</VirtualHost>
+<VirtualHost *:80>
+	ServerName notes.lgy.fr
+        RewriteEngine On
+        RewriteCond %{HTTPS} off
+        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+</VirtualHost>
+<VirtualHost *:443>
+	ServerName notes.lgy.fr
+	ProxyPreserveHost on
+        ProxyPass / http://standardnotes.net.lgy.fr:3004/
+        ProxyPassReverse / http://standardnotes.net.lgy.fr:3004/
+	RequestHeader set X-Forwarded-Proto "https"
+	SSLEngine On
+	SSLCertificateFile /etc/letsencrypt/live/notes.lgy.fr/fullchain.pem
+	SSLCertificateKeyFile /etc/letsencrypt/live/notes.lgy.fr/privkey.pem
+</VirtualHost>
+</code>