admin/rockfish
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2022-12-06 23:13:37 +00:00
parent 41c5574a5f
commit 7f09d7481f
1 changed files with 151 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

155
docs/docs/host-setup.md
View File

@@ -1,7 +1,154 @@
# title # Hosted server deployment
## section ## Create droplet
### detail - LOCATION: user choice of US West, US East, Toronto Canada, Amsterdam Netherlands, Frankfurt Germany, Singapore, Bangalore India
TIME ZONE: user choice from `timedatectl list-timezones`
SSH KEY: "onayanova.com"
SIZE: 7 dollar AMD cpu second cheapest 1gb 25gb
NAME: domain name e.g. 1964.onayanova.com
blah blah blah ## Standup script and steps
```bash
#!/bin/bash
# 1) create new droplet **DO NOT PICK IPV6 just the monitoring option** if trial use anytrial.onayanova.com SSH key if production use production key
# if *was* trial then need to change ssh key on that server to a production key
# 2) immediately set subdomain name in networking
# 3) Add droplet into raven-server-standard-firewall
# 4) check DNS available using https://letsdebug.net/
# 5) Open putty, select X.onayanova.com, change ip to new droplet domain name and open it
# 6) nano ayinit.sh paste in this
# 7) CHANGE the values at the top of the script to the desired time zone and subdomain, Save and exit nano
# 8) Update the server apt-get update && apt-get upgrade
# 9) chmod a+x ayinit.sh
# 10) ./ayinit.sh
# 11) profit$
TIMEZONE='America/Vancouver'
DOMAINNAME='subdomain.onayanova.com'
#############################
echo STARTING...
timedatectl set-timezone $TIMEZONE
apt-get update
apt-get dist-upgrade -y
echo SET SWAP FILE
fallocate -l 1G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
echo 'vm.swappiness=10' | sudo tee -a /etc/sysctl.conf
echo 'vm.vfs_cache_pressure=50' | sudo tee -a /etc/sysctl.conf
echo INSTALL .NET CORE
apt-get install -y aspnetcore-runtime-6.0
echo INSTALL POSTGRESQL
sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sudo apt-get update
sudo apt-get -y install postgresql
sudo -u postgres psql -U postgres -d postgres -c "alter user postgres with password 'YOUR_PASSWORD_HERE';"
echo INSTALL REPORTING LIBS
sudo apt-get install -yq gconf-service libasound2 libatk1.0-0 libc6 libcairo2 libcups2 libdbus-1-3 \
libexpat1 libfontconfig1 libgcc1 libgconf-2-4 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 \
libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcomposite1 \
libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 libgbm1 \
ca-certificates fonts-liberation libappindicator1 libnss3 lsb-release xdg-utils wget
echo INSTALL AYANOVA
apt install zip unzip -y
mkdir /var/ayanova
mkdir /var/ayanova/data
mkdir /var/ayanova/.local-chromium
cd /var/ayanova
curl -O https://www.ayanova.com/download/ayanova-subscription-linux-x64-server.zip && \
unzip -o ayanova-subscription-linux-x64-server.zip
chown -vR :www-data /var/ayanova
chmod -R g+rw /var/ayanova/data
chmod -R g+rwx /var/ayanova/.local-chromium
echo '[Unit]' >> /etc/systemd/system/ayanova.service
echo 'Description=AyaNova server' >> /etc/systemd/system/ayanova.service
echo '' >> /etc/systemd/system/ayanova.service
echo '[Service]' >> /etc/systemd/system/ayanova.service
echo 'WorkingDirectory=/var/ayanova' >> /etc/systemd/system/ayanova.service
echo 'ExecStart=/usr/bin/dotnet /var/ayanova/AyaNova.dll' >> /etc/systemd/system/ayanova.service
echo 'Restart=always' >> /etc/systemd/system/ayanova.service
echo 'RestartSec=10' >> /etc/systemd/system/ayanova.service
echo 'KillSignal=SIGINT' >> /etc/systemd/system/ayanova.service
echo 'SyslogIdentifier=ayanova-server' >> /etc/systemd/system/ayanova.service
echo 'User=www-data' >> /etc/systemd/system/ayanova.service
echo 'Environment=ASPNETCORE_ENVIRONMENT=Production' >> /etc/systemd/system/ayanova.service
echo 'Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false' >> /etc/systemd/system/ayanova.service
echo '' >> /etc/systemd/system/ayanova.service
echo '[Install]' >> /etc/systemd/system/ayanova.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ayanova.service
systemctl enable ayanova.service
echo START AYANOVA SERVICE
systemctl start ayanova.service
echo INSTALL NGINX
apt install nginx -y
echo 'server {' > /etc/nginx/sites-available/default
echo ' listen 80;' >> /etc/nginx/sites-available/default
echo " server_name $DOMAINNAME;" >> /etc/nginx/sites-available/default
echo ' location / {' >> /etc/nginx/sites-available/default
echo ' add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;' >> /etc/nginx/sites-available/default
echo ' add_header X-XSS-Protection "1; mode=block" always;' >> /etc/nginx/sites-available/default
echo ' add_header X-Content-Type-Options "nosniff" always;' >> /etc/nginx/sites-available/default
echo ' add_header X-Frame-Options "SAMEORIGIN" always;' >> /etc/nginx/sites-available/default
echo ' add_header Referrer-Policy "strict-origin" always;' >> /etc/nginx/sites-available/default
echo ' gzip on;' >> /etc/nginx/sites-available/default
echo ' gzip_vary on;' >> /etc/nginx/sites-available/default
echo ' gzip_min_length 10240;' >> /etc/nginx/sites-available/default
echo ' gzip_proxied expired no-cache no-store private auth;' >> /etc/nginx/sites-available/default
echo ' gzip_http_version 1.1;' >> /etc/nginx/sites-available/default
echo ' gzip_types application/javascript text/css application/json text/plain;' >> /etc/nginx/sites-available/default
echo '' >> /etc/nginx/sites-available/default
echo ' proxy_pass http://127.0.0.1:7575;' >> /etc/nginx/sites-available/default
echo ' proxy_http_version 1.1;' >> /etc/nginx/sites-available/default
echo ' proxy_set_header Upgrade $http_upgrade;' >> /etc/nginx/sites-available/default
echo ' proxy_set_header Connection keep-alive;' >> /etc/nginx/sites-available/default
echo ' proxy_set_header Host $host;' >> /etc/nginx/sites-available/default
echo ' proxy_cache_bypass $http_upgrade;' >> /etc/nginx/sites-available/default
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/default
echo ' proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/default
echo ' proxy_connect_timeout 3600;' >> /etc/nginx/sites-available/default
echo ' proxy_send_timeout 3600;' >> /etc/nginx/sites-available/default
echo ' proxy_read_timeout 3600;' >> /etc/nginx/sites-available/default
echo ' send_timeout 3600; ' >> /etc/nginx/sites-available/default
echo ' client_max_body_size 25M;' >> /etc/nginx/sites-available/default
echo ' }' >> /etc/nginx/sites-available/default
echo '}' >> /etc/nginx/sites-available/default
systemctl restart nginx
echo INSTALL CERTBOT
apt install certbot python3-certbot-nginx -y
echo GET CERTIFICATE
certbot --nginx --noninteractive --agree-tos --email ops@onayanova.com --no-eff-email -d $DOMAINNAME
echo ...COMPLETED
```
## How to point a subdomain from an external company's domain to one of our hosted ayanova instances
e.g. ayanova.thecompany.com pointing to thecompany.ayanova.com
Ok, I did this and it worked based on the below so when it comes time to do it again try this out and clean up this area of docs
RESEARCH: how to enable a portion of a domain from an outside to point to their droplet, is that on them or on us?
how does discourse do it?? https://meta.discourse.org/t/configure-your-domain-name-for-hosted-discourse/21827
SO, I would say it works just like we do with the test servers, they would need to edit their domain record to point a subdomain to us so we would tell them to do that, i.e. they would say
aya.fouralarm.ca points to \[ipaddressofdroplet\] or discourse does it by subdomain, they would say point to fouralarm.hosted-by-discourse.com so I wonder if we can do that too,
Maybe a way to test this out is like this:
make a droplet, make a domain record gztestco.helloayanova.com that points to that droplet
then make a cert on the droplet for the original gztestco.helloayanova.com and in nginx, request the cert so this is like the initial trial period or setup.
Test, confirm gztestco.helloayanova.com is working
then go to ayanova domain and make a CNAME (CNAME is different and is host pointing to host not to ip address) record aya.ayanova.com and point it to gztestco.helloayanova.com
Then change nginx config in droplet and ADD aya.ayanova.com and
then request a new cert with both aya.ayanova.com and gztestco.helloayanova.com and see if it works from both domains.
** To request a new cert need different command and need to know cert name which is the first domain requested but to confirm use certbot certificates to view the name
then use the command like this pattern: certbot --nginx --cert-name gztestco.helloayanova.com -d gztestco.helloayanova.com,aya.ayanova.com
(we would keep both domains in case they have dns issues with their own domain and need access or fuck up the redirect somehow later on)
THIS works, and this is the pattern for customers where aya.ayanova.com would be their equivalent to their ayanova subdomain
record they make with their domain registrar or whoever.
**TESTED, WORKS!: I do have a concern about the nginx cert autorenewal as expanding the domains didn't automatically edit the nginx config file and add the managed by certbot bit for the aya.ayanova.com domain