This commit is contained in:
@@ -254,35 +254,121 @@ If you need to stop the AyaNova service:
|
||||
sudo systemctl stop ayanova.service
|
||||
```
|
||||
|
||||
### Local network access only
|
||||
### Local network access
|
||||
|
||||
If users are accessing AyaNova only on a private local area network no more installation steps are required and it should be ready for use.
|
||||
Assuming the default port of 7575 is in use then the URL would be http://YOUR_LOCAL_NETWORK_AYANOVA_SERVER_IP_ADDRESS:7575
|
||||
Assuming the default port of 7575 is in use then the URL would be similar to:
|
||||
|
||||
`http://YOUR_LOCAL_NETWORK_AYANOVA_SERVER_IP_ADDRESS:7575`
|
||||
|
||||
If users will need to access AyaNova from the internet continue to the next step "Internet access" otherwise you can skip it and move on to "Getting started and using AyaNova" below.
|
||||
|
||||
## Internet access
|
||||
### Internet access
|
||||
|
||||
If users will be accessing AyaNova from the internet a few extra requirements are necessary to ensure security.
|
||||
The following items will be required to configure AyaNova on a linux server for internet access:
|
||||
|
||||
- Static IP address
|
||||
- Registered domain name
|
||||
- SSL certificate
|
||||
- Reverse proxy server such as NGINX or Apache
|
||||
|
||||
For these instructions we will be using NGINX as the reverse proxy server.
|
||||
|
||||
### Static IP address
|
||||
##### Static IP address
|
||||
|
||||
A static IP address is **required** to host AyaNova on the internet. If you have a virtual or physical server through a server hosting provider such as Digitalocean or Linode then you will already have a static IP address. If you are hosting your own server on premise on a private office network connecting to the internet via an Internet Service Provider you will need to ensure your ISP has provided you with a static IP address and if they haven't you will need to request a static IP address and have that address on hand before proceeding.
|
||||
|
||||
### Registered domain name
|
||||
##### Registered domain name
|
||||
|
||||
An internet domain name is required to get an SSL certificate for secure encrypted communications between the AyaNova server and the end user across the internet. An entry will need to be made in your DNS record for your domain to provide a name to access the AyaNova server and it must point to the static IP address of your router or server. If the only service on your domain will be AyaNova then you can use the root domain name i.e. `example.com` or `www.example.com` but it's more common to use a subdomain specifically for AyaNova, i.e. `ayanova.example.com`. This DNS record needs to be in place and active **before** proceeding and can take minutes to hours to propagate so be sure to do this as soon as possible.
|
||||
|
||||
##### SSL certificate
|
||||
|
||||
These instructions will assume use of a free SSL certificate from [LetsEncrypt](https://letsencrypt.org/). If you already have an SSL certificate adapt these instructions to match your situation.
|
||||
|
||||
##### Reverse proxy server
|
||||
|
||||
We will provide instructions for using the free and open source [NGINX](https://nginx.org/) as a reverse proxy server, if you already have another server capable of being a reverse proxy Apache you will need to adapt these instructions to match your situation.
|
||||
|
||||
#### Install NGINX
|
||||
|
||||
Install NGINX to be the reverse proxy server:
|
||||
|
||||
```bash
|
||||
sudo apt install nginx
|
||||
```
|
||||
|
||||
The server's firewall may need to be adjusted. Firewall configuration is beyond the scope of this installation guide, be sure you have a firewall in place and set correct, we will outline the requirements as they relate to AyaNova itself.
|
||||
|
||||
Ports 80 http will need to be open for requesting SSL certificates from LetsEncrypt and port 443 https will need to be open for ongoing access.
|
||||
|
||||
AyaNova itself does not require any port other than HTTPS port 443 to be open to the internet for the reverse proxy server.
|
||||
|
||||
If this is a new server installation be sure you have a firewall set up in place. For hosted linux through Digitalocean the firewall may be set in the droplet networking control panel and there then would be no firewall required at the server itself and you can skip this step, otherwise ufw is commonly used.
|
||||
|
||||
NGINX registers itself as a service with ufw on installation so if ufw is active on your server it can be adjusted to work with NGINX as follows:
|
||||
|
||||
First confirm ufw is active:
|
||||
|
||||
```bash
|
||||
sudo ufw status
|
||||
```
|
||||
|
||||
If the response is `status: inactive` then there is no need to configure ufw further however be sure you have a firewall of some kind in place.
|
||||
|
||||
If ufw is active confirm it knows about NGINX:
|
||||
|
||||
```bash
|
||||
sudo ufw app list
|
||||
```
|
||||
|
||||
You should see NGINX listed in the available applications list.
|
||||
|
||||
Enable NGINX under ufw:
|
||||
|
||||
```bash
|
||||
sudo ufw allow 'Nginx Full'
|
||||
```
|
||||
|
||||
#### Configure NGINX site for AyaNova
|
||||
|
||||
NGINX needs to be configured to reverse proxy to AyaNova server.
|
||||
|
||||
If you are already using NGINX for other services then a site configuration file entry will need to be made to reverse proxy AyaNova with appropriate settings for your site. We cannot provide details for that as it must work with your existing NGINX configuration, however here is an example of the AyaNova specific parts only taken from a working site that uses Lets Encrypt certificates to give an idea of what is required:
|
||||
|
||||
```
|
||||
server {
|
||||
server_name ayanova.example.com www.ayanova.example.com;
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:7575;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection keep-alive;
|
||||
proxy_set_header Host $host;
|
||||
proxy_cache_bypass $http_upgrade;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
listen 443 ssl;
|
||||
ssl_certificate /etc/letsencrypt/live/ayanova.example.com/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/ayanova.example.com/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}
|
||||
```
|
||||
|
||||
If this is a **new install dedicated to AyaNova only** and no existing NGINX services or websites will be impacted then replace the `default` NGINX configuration file as follows:
|
||||
|
||||
Switch to the NGINX configuration folder:
|
||||
|
||||
```bash
|
||||
cd /etc/nginx/sites-enabled
|
||||
```
|
||||
|
||||
Make a backup copy of the existing `default` config file to your HOME folder just in case (note: you cannot backup to the same folder or NGINX will attempt to load it):
|
||||
|
||||
```bash
|
||||
cp /etc/nginx/sites-enabled/default ~/nginx-default-backup
|
||||
```
|
||||
|
||||
An internet domain name is required to get an SSL certificate for secure encrypted communications between the AyaNova server and the end user across the internet.
|
||||
|
||||
An entry will need to be made in your DNS record for your domain to provide a name to access the AyaNova server and it must point to the static IP address of your router or server. If the only service on your domain will be AyaNova then you can use the root domain name i.e. `example.com` or `www.example.com` but it's more common to use a subdomain specifically for AyaNova, i.e. `ayanova.example.com`.
|
||||
|
||||
This DNS record needs to be in place and active **before** proceeding and can take minutes to hours to propagate so be sure to do this as soon as possible.
|
||||
|
||||
### Login to AyaNova web app
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@ This type of install is appropriate for using AyaNova locally on a single person
|
||||
|
||||
## Shared multiple user server installation
|
||||
|
||||
When more than one user will be accessing AyaNova it can be set up on a Linux server either on-premise or with a Linux hosting provider such as DigitalOcean or Linode that provides full shell access to a virtual or physical server.
|
||||
When more than one user will be accessing AyaNova it can be set up on a Linux server either on-premise or with a Linux hosting provider such as [Digitalocean](https://www.digitalocean.com/) or [Linode](https://www.linode.com/) that provides full shell access to a virtual or physical server.
|
||||
|
||||
[Server install guide](ops-install-linux.server.md)
|
||||
[Server install guide](ops-install-linux-server.md)
|
||||
|
||||
|
||||
@@ -131,7 +131,7 @@ nav:
|
||||
- 'Windows IIS': 'ops-install-windows-iis.md'
|
||||
- 'Linux': 'ops-install-linux.md'
|
||||
- 'Linux desktop': 'ops-install-linux-desktop.md'
|
||||
- 'Linux server': 'ops-install-linux.server.md'
|
||||
- 'Linux server': 'ops-install-linux-server.md'
|
||||
- Forms:
|
||||
- 'Introduction': 'ops-intro.md'
|
||||
- 'Server state': 'ops-server-state.md'
|
||||
|
||||
Reference in New Issue
Block a user