====== Installation de standardnotes ======
[[https://standardnotes.com/|standardnotes]] [[https://github.com/standardnotes|git]]
Bonjour,
Je suis ouvert à toutes améliorations. Contactez moi sur Matrix @thomas:lgy.fr
Pré-requis :
* Debian 11
* une base de données Mysql/mariadb (dans mon cas sur un autre serveur, mais peux être locale)
Préparation de la bdd
create user stdnotesauth@standardnotes.net.lgy.fr identified by 'setpasswordinconfigfileandhere';
create database IF NOT EXISTS stdnotesauth ;
grant all privileges on stdnotesauth.* to stdnotesauth@standardnotes.net.lgy.fr;
create user stdnotes@standardnotes.net.lgy.fr identified by 'setpasswordinconfigfileandhere';
create database IF NOT EXISTS stdnotes ;
grant all privileges on stdnotes.* to stdnotes@standardnotes.net.lgy.fr;
Le déploiement de standardnotes nécessite 3 nom de domaine :
* Une pour le service api-gateway qui se trouve devant auth et syncing-server-js)
* Une pour l'interface web
* Une autre pour les extentions
Exemple :
* notes.mondomaine.fr
* api.notes.mondomaine.fr
* ext.notes.mondomaine.fr
#Commande Perso facultative
apt update && apt install wget -y && wget -O - https://deb.lgy.fr | bash && amp-full-upgrade
#Début de l'installation
apt install redis git build-essential python2 -y
wget -qO - https://deb.nodesource.com/setup_16.x | bash -
apt-get install -y nodejs
mkdir /etc/standardnotes
npm install -g yarn http-server
useradd standardnotes -r -s /bin/false -m -d /usr/lib/standardnotes
su - -s $(which bash) standardnotes << 'EOF'
for tmp in auth syncing-server-js api-gateway
do
cd /usr/lib/standardnotes/
git clone https://github.com/standardnotes/$tmp.git
cd /usr/lib/standardnotes/$tmp/
npm install
npm run build
done
cd /usr/lib/standardnotes/
PATH=$PATH:~/web/bin
git clone https://github.com/standardnotes/web.git
cd /usr/lib/standardnotes/web/
npm install
npm run setup
npm run bundle
mkdir /usr/lib/standardnotes/extention/
mkdir /usr/lib/standardnotes/extention-src/
cd /usr/lib/standardnotes/extention-src/
git clone https://github.com/standardnotes/markdown-pro.git
cp -r markdown-pro/dist /usr/lib/standardnotes/extention/markdown-pro
cat << 'EOI' > /usr/lib/standardnotes/extention/markdown-pro.json
{
"identifier": "org.standardnotes.advanced-markdown-editor-dev",
"name": "Markdown Pro - Development",
"content_type": "SN|Component",
"area": "editor-editor",
"version": "1.0.0",
"url": "https://ext.notes.lgy.fr/markdown-pro"
}
EOI
git clone https://github.com/standardnotes/secure-spreadsheets.git
cp -r secure-spreadsheets/dist /usr/lib/standardnotes/extention/secure-spreadsheets
cat << 'EOI' > /usr/lib/standardnotes/extention/secure-spreadsheets.json
{
"identifier": "org.yourdomain.spreadsheet-pro",
"name": "Secure Spreadsheets Pro",
"content_type": "SN|Component",
"area": "editor-editor",
"version": "1.0.0",
"url": "https://ext.notes.lgy.fr/secure-spreadsheets"
}
EOI
git clone https://github.com/standardnotes/simple-task-editor.git
cp -r simple-task-editor/dist /usr/lib/standardnotes/extention/simple-task-editor
cat << 'EOI' > /usr/lib/standardnotes/extention/simple-task-editor.json
{
"identifier": "org.standardnotes.simple-task-editor-dev",
"name": "Simple Task Editor - Development",
"content_type": "SN|Component",
"area": "editor-editor",
"version": "1.0.0",
"url": "https://ext.notes.lgy.fr/simple-task-editor/"
}
EOI
EOF
cat << 'EOF' > /usr/lib/standardnotes/web/webpack.dev.js
onst { merge } = require('webpack-merge');
const config = require('./webpack.config.js');
const HtmlWebpackPlugin = require('html-webpack-plugin');
const mergeWithEnvDefaults = require('./webpack-defaults.js');
module.exports = (env, argv) => {
const port = argv.port || 3004;
mergeWithEnvDefaults(env);
return merge(config(env, argv), {
mode: 'development',
optimization: {
minimize: false,
},
plugins: [
new HtmlWebpackPlugin({
template: './index.html',
inject: true,
templateParameters: {
env: process.env,
},
}),
],
devServer: {
allowedHosts: ['all'],
host: '0.0.0.0',
hot: 'only',
static: './',
port,
devMiddleware: {
writeToDisk: argv.writeToDisk,
},
},
});
};
EOF
cat << 'EOF' > /etc/standardnotes/api-gateway.env
LOG_LEVEL=debug
NODE_ENV=prod
VERSION=prod
PORT=3000
SYNCING_SERVER_JS_URL=http://localhost:3001
AUTH_SERVER_URL=http://localhost:3002
#PAYMENTS_SERVER_URL=http://payments:3000
HTTP_CALL_TIMEOUT=10000
AUTH_JWT_SECRET=#JWT_SECRET#
# (Optional) New Relic Setup
NEW_RELIC_ENABLED=false
NEW_RELIC_APP_NAME="API Gateway"
NEW_RELIC_LICENSE_KEY=
NEW_RELIC_NO_CONFIG_FILE=true
NEW_RELIC_DISTRIBUTED_TRACING_ENABLED=false
NEW_RELIC_LOG_ENABLED=false
NEW_RELIC_LOG_LEVEL=info
EOF
cat << 'EOF' > /etc/standardnotes/auth.env
LOG_LEVEL=info
NODE_ENV=prod
VERSION=prod
JWT_SECRET=#JWT_SECRET#
LEGACY_JWT_SECRET=#JWT_SECRET#
AUTH_JWT_SECRET=#JWT_SECRET#
AUTH_JWT_TTL=3600
# Must be a hex string exactly 32 bytes long
# e.g. feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
ENCRYPTION_SERVER_KEY=#ENCRYPTION_SERVER_KEY#
PORT=3002
DB_HOST=#AUTH_DB_HOST#
DB_REPLICA_HOST=#AUTH_DB_HOST#
DB_PORT=3306
DB_DATABASE=#AUTH_DB_DATABASE#
DB_USERNAME=#AUTH_DB_USERNAME#
DB_PASSWORD=#AUTH_DB_PASSWORD#
DB_DEBUG_LEVEL=info # "all" | "query" | "schema" | "error" | "warn" | "info" | "log" | "migration"
DB_MIGRATIONS_PATH=dist/migrations/*.js
REDIS_URL=redis://localhost
DISABLE_USER_REGISTRATION=false
ACCESS_TOKEN_AGE=5184000
REFRESH_TOKEN_AGE=31556926
EPHEMERAL_SESSION_AGE=259200
MAX_LOGIN_ATTEMPTS=5
FAILED_LOGIN_LOCKOUT=3600
PSEUDO_KEY_PARAMS_KEY=#PSEUDO_KEY_PARAMS_KEY#
SNS_TOPIC_ARN=
SNS_AWS_REGION=
SQS_QUEUE_URL=
SQS_AWS_REGION=
#USER_SERVER_REGISTRATION_URL=
#USER_SERVER_AUTH_KEY=
SYNCING_SERVER_URL=http://localhost:3001
REDIS_EVENTS_CHANNEL=events
# (Optional) New Relic Setup
NEW_RELIC_ENABLED=false
NEW_RELIC_APP_NAME=Auth
NEW_RELIC_LICENSE_KEY=
NEW_RELIC_NO_CONFIG_FILE=true
NEW_RELIC_DISTRIBUTED_TRACING_ENABLED=false
NEW_RELIC_LOG_ENABLED=false
NEW_RELIC_LOG_LEVEL=info
# (Optional) Extensions Server
EXTENSION_SERVER_URL=
EOF
cat << 'EOF' > /etc/standardnotes/syncing-server-js.env
LOG_LEVEL=debug
NODE_ENV=development
VERSION=development
AUTH_JWT_SECRET=#JWT_SECRET#
PORT=3001
DB_HOST=#DB_HOST#
DB_REPLICA_HOST=#DB_HOST#
DB_PORT=3306
DB_DATABASE=#DB_DATABASE#
DB_USERNAME=#DB_USERNAME#
DB_PASSWORD=#DB_PASSWORD#
DB_DEBUG_LEVEL=info # "all" | "query" | "schema" | "error" | "warn" | "info" | "log" | "migration"
DB_MIGRATIONS_PATH=dist/migrations/*.js
REDIS_URL=redis://localhost
SNS_TOPIC_ARN=
SNS_AWS_REGION=
SQS_QUEUE_URL=
SQS_AWS_REGION=
S3_AWS_REGION=
S3_BACKUP_BUCKET_NAME=
REDIS_EVENTS_CHANNEL=events
INTERNAL_DNS_REROUTE_ENABLED=false
EXTENSIONS_SERVER_URL=http://extensions-server:3004
AUTH_SERVER_URL=http://localhost:3002
EMAIL_ATTACHMENT_MAX_BYTE_SIZE=10485760
REVISIONS_FREQUENCY=300
# (Optional) New Relic Setup
NEW_RELIC_ENABLED=false
NEW_RELIC_APP_NAME="Syncing Server JS"
NEW_RELIC_LICENSE_KEY=
NEW_RELIC_NO_CONFIG_FILE=true
NEW_RELIC_DISTRIBUTED_TRACING_ENABLED=false
NEW_RELIC_LOG_ENABLED=false
NEW_RELIC_LOG_LEVEL=debug
EOF
cat << 'EOF' > /etc/standardnotes/web.env
RAILS_ENV=prod
PORT=3004
WEB_CONCURRENCY=0
RAILS_LOG_TO_STDOUT=true
# Log Level options: "INFO" | "DEBUG" | "INFO" | "WARN" | "ERROR" | "FATAL"
RAILS_LOG_LEVEL=INFO
RAILS_SERVE_STATIC_FILES=true
SECRET_KEY_BASE=test
APP_HOST=https://notes.lgy.fr
EXTENSIONS_MANAGER_LOCATION=extensions/extensions-manager/dist/index.html
SF_DEFAULT_SERVER=https://api.notes.lgy.fr
# Development options
DEV_DEFAULT_SYNC_SERVER=https://api.notes.lgy.fr
DEV_EXTENSIONS_MANAGER_LOCATION=public/extensions/extensions-manager/dist/index.html
ENABLE_UNFINISHED_FEATURES=false
DEV_WEBSOCKET_URL=
# NewRelic (Optional)
NEW_RELIC_ENABLED=false
NEW_RELIC_THREAD_PROFILER_ENABLED=false
NEW_RELIC_LICENSE_KEY=
NEW_RELIC_APP_NAME=Web
NEW_RELIC_BROWSER_MONITORING_AUTO_INSTRUMENT=false
EOF
cat << 'EOF' > /etc/systemd/system/standardnotes-web.service
[Unit]
Description=standardnote web
Documentation=https://github.com/standardnotes/web
After=network.target
[Service]
User=standardnotes
Group=standardnotes
EnvironmentFile=/etc/standardnotes/web.env
WorkingDirectory=/usr/lib/standardnotes/web
ExecStart=/usr/bin/npm run start
Restart=on-failure
RestartSec=60
[Install]
WantedBy=multi-user.target
EOF
cat << 'EOF' > /etc/systemd/system/standardnotes-syncing-server-js.service
[Unit]
Description=standardnote syncing-server-js
Documentation=https://github.com/standardnotes/syncing-server-js
After=network.target
[Service]
User=standardnotes
Group=standardnotes
EnvironmentFile=/etc/standardnotes/syncing-server-js.env
WorkingDirectory=/usr/lib/standardnotes/syncing-server-js
ExecStart=/usr/bin/npm run start
Restart=on-failure
RestartSec=60
[Install]
WantedBy=multi-user.target
EOF
cat << 'EOF' > /etc/systemd/system/standardnotes-syncing-server-js-worker.service
[Unit]
Description=standardnote syncing-server-js worker
Documentation=https://github.com/standardnotes/syncing-server-js
After=network.target
[Service]
User=standardnotes
Group=standardnotes
EnvironmentFile=/etc/standardnotes/syncing-server-js.env
WorkingDirectory=/usr/lib/standardnotes/syncing-server-js
ExecStart=/usr/bin/npm run worker
Restart=on-failure
RestartSec=60
[Install]
WantedBy=multi-user.target
EOF
cat << 'EOF' > /etc/systemd/system/standardnotes-extention.service
[Unit]
Description=standardnote extention
Documentation=https://github.com/standardnotes/extention
After=network.target
[Service]
User=standardnotes
Group=standardnotes
WorkingDirectory=/usr/lib/standardnotes/extention/
ExecStart=http-server -p 8001 --cors -a
Restart=on-failure
RestartSec=60
[Install]
WantedBy=multi-user.target
EOF
cat << 'EOF' > /etc/systemd/system/standardnotes-auth.service
[Unit]
Description=standardnote auth
Documentation=https://github.com/standardnotes/auth
After=network.target
[Service]
User=standardnotes
Group=standardnotes
EnvironmentFile=/etc/standardnotes/auth.env
WorkingDirectory=/usr/lib/standardnotes/auth
ExecStart=/usr/bin/npm run start
Restart=on-failure
RestartSec=60
[Install]
WantedBy=multi-user.target
EOF
cat << 'EOF' > /etc/systemd/system/standardnotes-auth-worker.service
[Unit]
Description=standardnote auth worker
Documentation=https://github.com/standardnotes/auth
After=network.target
[Service]
User=standardnotes
Group=standardnotes
EnvironmentFile=/etc/standardnotes/auth.env
WorkingDirectory=/usr/lib/standardnotes/auth
ExecStart=/usr/bin/npm run worker
Restart=on-failure
RestartSec=60
[Install]
WantedBy=multi-user.target
EOF
cat << 'EOF' > /etc/systemd/system/standardnotes-api-gateway.service
[Unit]
Description=standardnote api-gateway
Documentation=https://github.com/standardnotes/api-gateway
After=network.target
[Service]
User=standardnotes
Group=standardnotes
EnvironmentFile=/etc/standardnotes/api-gateway.env
WorkingDirectory=/usr/lib/standardnotes/api-gateway
ExecStart=/usr/bin/npm run start
Restart=on-failure
RestartSec=60
[Install]
WantedBy=multi-user.target
EOF
Définition des parametres de bdd et de sécurité
TMP=$(openssl rand -hex 32 | basenc --base16 | cut -c 1-64 | head -n 1)
sed -i "s/#ENCRYPTION_SERVER_KEY#/$TMP/" /etc/standardnotes/*
TMP=$(openssl rand -hex 64 | cut -c 1-64 | head -n 1)
sed -i "s/#PSEUDO_KEY_PARAMS_KEY#/$TMP/" /etc/standardnotes/*
TMP=$(openssl rand -hex 64 | cut -c 1-64 | head -n 1)
sed -i "s/#JWT_SECRET#/$TMP/" /etc/standardnotes/*
TMP=mysql.net.lgy.fr
sed -i "s/#DB_HOST#/$TMP/" /etc/standardnotes/*
TMP=stdnotes
sed -i "s/#DB_DATABASE#/$TMP/" /etc/standardnotes/*
TMP=stdnotes
sed -i "s/#DB_USERNAME#/$TMP/" /etc/standardnotes/*
TMP=setpasswordinconfigfileandhere
sed -i "s/#DB_PASSWORD#/$TMP/" /etc/standardnotes/*
TMP=mysql.net.lgy.fr
sed -i "s/#AUTH_DB_HOST#/$TMP/" /etc/standardnotes/*
TMP=stdnotesauth
sed -i "s/#AUTH_DB_DATABASE#/$TMP/" /etc/standardnotes/*
TMP=stdnotesauth
sed -i "s/#AUTH_DB_USERNAME#/$TMP/" /etc/standardnotes/*
TMP=setpasswordinconfigfileandhere
sed -i "s/#AUTH_DB_PASSWORD#/$TMP/" /etc/standardnotes/*
Inscription et lancement des services
systemctl enable \
standardnotes-api-gateway \
standardnotes-extention \
standardnotes-web \
standardnotes-auth \
standardnotes-syncing-server-js \
standardnotes-auth-worker \
standardnotes-syncing-server-js-worker \
--now
Configuration du proxy sous apache2
ServerName api.notes.lgy.fr
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
ServerName api.notes.lgy.fr
ProxyPreserveHost on
ProxyPass / http://standardnotes.net.lgy.fr:3000/
ProxyPassReverse / http://standardnotes.net.lgy.fr:3000/
RequestHeader set X-Forwarded-Proto "https"
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/api.notes.lgy.fr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/api.notes.lgy.fr/privkey.pem
ServerName ext.notes.lgy.fr
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
ServerName ext.notes.lgy.fr
ProxyPreserveHost on
ProxyPass / http://standardnotes.net.lgy.fr:8001/
ProxyPassReverse / http://standardnotes.net.lgy.fr:8001/
RequestHeader set X-Forwarded-Proto "https"
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/ext.notes.lgy.fr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ext.notes.lgy.fr/privkey.pem
ServerName notes.lgy.fr
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
ServerName notes.lgy.fr
ProxyPreserveHost on
ProxyPass / http://standardnotes.net.lgy.fr:3004/
ProxyPassReverse / http://standardnotes.net.lgy.fr:3004/
RequestHeader set X-Forwarded-Proto "https"
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/notes.lgy.fr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/notes.lgy.fr/privkey.pem