diff --git a/docs/docs/host-setup.md b/docs/docs/host-setup.md index 109df71..751f267 100644 --- a/docs/docs/host-setup.md +++ b/docs/docs/host-setup.md @@ -1,7 +1,154 @@ -# title +# Hosted server deployment -## section +## Create droplet -### detail +- LOCATION: user choice of US West, US East, Toronto Canada, Amsterdam Netherlands, Frankfurt Germany, Singapore, Bangalore India + TIME ZONE: user choice from `timedatectl list-timezones` + SSH KEY: "onayanova.com" + SIZE: 7 dollar AMD cpu second cheapest 1gb 25gb + NAME: domain name e.g. 1964.onayanova.com -blah blah blah \ No newline at end of file +## Standup script and steps + +```bash +#!/bin/bash + +# 1) create new droplet **DO NOT PICK IPV6 just the monitoring option** if trial use anytrial.onayanova.com SSH key if production use production key +# if *was* trial then need to change ssh key on that server to a production key +# 2) immediately set subdomain name in networking +# 3) Add droplet into raven-server-standard-firewall +# 4) check DNS available using https://letsdebug.net/ +# 5) Open putty, select X.onayanova.com, change ip to new droplet domain name and open it +# 6) nano ayinit.sh paste in this +# 7) CHANGE the values at the top of the script to the desired time zone and subdomain, Save and exit nano +# 8) Update the server apt-get update && apt-get upgrade +# 9) chmod a+x ayinit.sh +# 10) ./ayinit.sh +# 11) profit$ + +TIMEZONE='America/Vancouver' +DOMAINNAME='subdomain.onayanova.com' + + +############################# +echo STARTING... +timedatectl set-timezone $TIMEZONE +apt-get update +apt-get dist-upgrade -y +echo SET SWAP FILE +fallocate -l 1G /swapfile +chmod 600 /swapfile +mkswap /swapfile +swapon /swapfile +echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab +echo 'vm.swappiness=10' | sudo tee -a /etc/sysctl.conf +echo 'vm.vfs_cache_pressure=50' | sudo tee -a /etc/sysctl.conf +echo INSTALL .NET CORE +apt-get install -y aspnetcore-runtime-6.0 +echo INSTALL POSTGRESQL +sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list' +wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - +sudo apt-get update +sudo apt-get -y install postgresql +sudo -u postgres psql -U postgres -d postgres -c "alter user postgres with password 'YOUR_PASSWORD_HERE';" +echo INSTALL REPORTING LIBS +sudo apt-get install -yq gconf-service libasound2 libatk1.0-0 libc6 libcairo2 libcups2 libdbus-1-3 \ +libexpat1 libfontconfig1 libgcc1 libgconf-2-4 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 \ +libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcomposite1 \ +libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 libgbm1 \ +ca-certificates fonts-liberation libappindicator1 libnss3 lsb-release xdg-utils wget +echo INSTALL AYANOVA +apt install zip unzip -y +mkdir /var/ayanova +mkdir /var/ayanova/data +mkdir /var/ayanova/.local-chromium +cd /var/ayanova +curl -O https://www.ayanova.com/download/ayanova-subscription-linux-x64-server.zip && \ +unzip -o ayanova-subscription-linux-x64-server.zip +chown -vR :www-data /var/ayanova +chmod -R g+rw /var/ayanova/data +chmod -R g+rwx /var/ayanova/.local-chromium +echo '[Unit]' >> /etc/systemd/system/ayanova.service +echo 'Description=AyaNova server' >> /etc/systemd/system/ayanova.service +echo '' >> /etc/systemd/system/ayanova.service +echo '[Service]' >> /etc/systemd/system/ayanova.service +echo 'WorkingDirectory=/var/ayanova' >> /etc/systemd/system/ayanova.service +echo 'ExecStart=/usr/bin/dotnet /var/ayanova/AyaNova.dll' >> /etc/systemd/system/ayanova.service +echo 'Restart=always' >> /etc/systemd/system/ayanova.service +echo 'RestartSec=10' >> /etc/systemd/system/ayanova.service +echo 'KillSignal=SIGINT' >> /etc/systemd/system/ayanova.service +echo 'SyslogIdentifier=ayanova-server' >> /etc/systemd/system/ayanova.service +echo 'User=www-data' >> /etc/systemd/system/ayanova.service +echo 'Environment=ASPNETCORE_ENVIRONMENT=Production' >> /etc/systemd/system/ayanova.service +echo 'Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false' >> /etc/systemd/system/ayanova.service +echo '' >> /etc/systemd/system/ayanova.service +echo '[Install]' >> /etc/systemd/system/ayanova.service +echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ayanova.service +systemctl enable ayanova.service +echo START AYANOVA SERVICE +systemctl start ayanova.service +echo INSTALL NGINX +apt install nginx -y +echo 'server {' > /etc/nginx/sites-available/default +echo ' listen 80;' >> /etc/nginx/sites-available/default +echo " server_name $DOMAINNAME;" >> /etc/nginx/sites-available/default +echo ' location / {' >> /etc/nginx/sites-available/default +echo ' add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;' >> /etc/nginx/sites-available/default +echo ' add_header X-XSS-Protection "1; mode=block" always;' >> /etc/nginx/sites-available/default +echo ' add_header X-Content-Type-Options "nosniff" always;' >> /etc/nginx/sites-available/default +echo ' add_header X-Frame-Options "SAMEORIGIN" always;' >> /etc/nginx/sites-available/default +echo ' add_header Referrer-Policy "strict-origin" always;' >> /etc/nginx/sites-available/default +echo ' gzip on;' >> /etc/nginx/sites-available/default +echo ' gzip_vary on;' >> /etc/nginx/sites-available/default +echo ' gzip_min_length 10240;' >> /etc/nginx/sites-available/default +echo ' gzip_proxied expired no-cache no-store private auth;' >> /etc/nginx/sites-available/default +echo ' gzip_http_version 1.1;' >> /etc/nginx/sites-available/default +echo ' gzip_types application/javascript text/css application/json text/plain;' >> /etc/nginx/sites-available/default +echo '' >> /etc/nginx/sites-available/default +echo ' proxy_pass http://127.0.0.1:7575;' >> /etc/nginx/sites-available/default +echo ' proxy_http_version 1.1;' >> /etc/nginx/sites-available/default +echo ' proxy_set_header Upgrade $http_upgrade;' >> /etc/nginx/sites-available/default +echo ' proxy_set_header Connection keep-alive;' >> /etc/nginx/sites-available/default +echo ' proxy_set_header Host $host;' >> /etc/nginx/sites-available/default +echo ' proxy_cache_bypass $http_upgrade;' >> /etc/nginx/sites-available/default +echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/default +echo ' proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/default +echo ' proxy_connect_timeout 3600;' >> /etc/nginx/sites-available/default +echo ' proxy_send_timeout 3600;' >> /etc/nginx/sites-available/default +echo ' proxy_read_timeout 3600;' >> /etc/nginx/sites-available/default +echo ' send_timeout 3600; ' >> /etc/nginx/sites-available/default +echo ' client_max_body_size 25M;' >> /etc/nginx/sites-available/default +echo ' }' >> /etc/nginx/sites-available/default +echo '}' >> /etc/nginx/sites-available/default +systemctl restart nginx +echo INSTALL CERTBOT +apt install certbot python3-certbot-nginx -y +echo GET CERTIFICATE +certbot --nginx --noninteractive --agree-tos --email ops@onayanova.com --no-eff-email -d $DOMAINNAME +echo ...COMPLETED + +``` + +## How to point a subdomain from an external company's domain to one of our hosted ayanova instances + +e.g. ayanova.thecompany.com pointing to thecompany.ayanova.com + +Ok, I did this and it worked based on the below so when it comes time to do it again try this out and clean up this area of docs + +RESEARCH: how to enable a portion of a domain from an outside to point to their droplet, is that on them or on us? +how does discourse do it?? https://meta.discourse.org/t/configure-your-domain-name-for-hosted-discourse/21827 +SO, I would say it works just like we do with the test servers, they would need to edit their domain record to point a subdomain to us so we would tell them to do that, i.e. they would say +aya.fouralarm.ca points to \[ipaddressofdroplet\] or discourse does it by subdomain, they would say point to fouralarm.hosted-by-discourse.com so I wonder if we can do that too, +Maybe a way to test this out is like this: +make a droplet, make a domain record gztestco.helloayanova.com that points to that droplet +then make a cert on the droplet for the original gztestco.helloayanova.com and in nginx, request the cert so this is like the initial trial period or setup. +Test, confirm gztestco.helloayanova.com is working +then go to ayanova domain and make a CNAME (CNAME is different and is host pointing to host not to ip address) record aya.ayanova.com and point it to gztestco.helloayanova.com +Then change nginx config in droplet and ADD aya.ayanova.com and +then request a new cert with both aya.ayanova.com and gztestco.helloayanova.com and see if it works from both domains. +** To request a new cert need different command and need to know cert name which is the first domain requested but to confirm use certbot certificates to view the name +then use the command like this pattern: certbot --nginx --cert-name gztestco.helloayanova.com -d gztestco.helloayanova.com,aya.ayanova.com +(we would keep both domains in case they have dns issues with their own domain and need access or fuck up the redirect somehow later on) +THIS works, and this is the pattern for customers where aya.ayanova.com would be their equivalent to their ayanova subdomain +record they make with their domain registrar or whoever. +**TESTED, WORKS!: I do have a concern about the nginx cert autorenewal as expanding the domains didn't automatically edit the nginx config file and add the managed by certbot bit for the aya.ayanova.com domain