HedgeDoc » Historique » Version 6
Version 5 (Matthieu Herrb, 08/02/2021 09:18) → Version 6/7 (Matthieu Herrb, 09/10/2022 09:08)
h1. HedgeDoc
Cette page décrit l'installation de HedeDoc (éditeur collaboratif Markdown) : https://hedgedoc.org/ sur https://md.tetaneutral.net
la VM a Debian 10 / 2 Go RAM / 20 Go disque
h2. Paquets prérequis
<pre>
apt install git
apt install nodejs
apt install postgresql
apt install nginx
apt install certbot
apt install python3-certbot-nginx
apt install npm
npm install --global yarn
</pre>
h2. Création utilisateur + base de données PostgreSQL
<pre>
adduser hedgedoc (long random password)
</pre>
<pre>
su - postgres
createuser --pwprompt hedgedoc (meme mot de passe)
createdb -O hedgedoc hedgedoc
exit
</pre>
h2. Installation du logiiciel lui-même:
<pre>
sudo -u hedgedoc bash
git clone -b 1.7.2 https://github.com/hedgedoc/hedgedoc.git
cd hedgedoc
./bin/setup
yarn run build
</pre>
Créer @env.sh@
<pre>
# Environment pour HedgeDoc
# https://docs.hedgedoc.org/configuration/
CMD_DOMAIN=md.tetaneutral.net
CMD_HOST=127.0.0.1
CMD_PORT=3000
CMD_PROTOCOL_USESSL=true
CMD_DB_URL=postgres://hedgedoc:<mot de passe>@localhost:5432/hedgedoc
CMD_ALLOW_ANONYMOUS=false
CMD_ALLOW_ANONYMOUS_EDITS=true
CMD_ALLOW_ANONYMOUS_VIEWS=true
CMD_DEFAULT_PERMISSION=limited
CMD_DEFAULT_USE_HARD_BREAK=false
CMD_SESSION_SECRET=<secret generé par pwgen 32 1>
CMD_IMAGE_UPLOAD_TYPE=filesystem
CMD_EMAIL=false
CMD_ALLOW_EMAIL_REGISTER=false
CMD_ALLOW_FREEURL=true
CMD_REQUIRE_FREEURL_AUTHENTICATION=true
CMD_LDAP_URL=ldaps://ldap.tetaneutral.net/
CMD_LDAP_BINDDN='cn=directory manager'
CMD_LDAP_BINDCREDENTIALS=<mdp root ldap>
CMD_LDAP_SEARCHBASE=ou=people,dc=tetaneutral,dc=net
CMD_LDAP_SEARCHFILTER='(cn={{username}})'
CMD_LDAP_SEARCHATTRIBUTES='cn,nsUniqueId'
CMD_LDAP_USERIDFIELD=nsUniqueId
CMD_LDAP_USERNAMEFIELD=cn
CMD_LDAP_PROVIDERNAME=Tetaneutral.net
CMD_USECDN=false
CMD_ALLOW_GRAVATAR=true
CMD_ALLOW_ORIGIN=md.tetaneutral.net
DEBUG=false
NODE_ENV=production
</pre>
et @.sequelizerc@ :
<pre>
var path = require('path');
module.exports = {
'config': path.resolve('config.json'),
'migrations-path': path.resolve('lib', 'migrations'),
'models-path': path.resolve('lib', 'models'),
'url': 'postgres://hedgedoc:<mot de passe>@localhost:5432/hedgedoc'
}
</pre>
h3. Lancement manuel pour débug
<pre>
su - hedgedoc
cd ~/hedgedoc
source env.sh
export $(grep -v ^# env.sh | cut -d= -f1)
node app.js
</pre>
Permet d'avoir les messages d'erreur eventuels en direct sur la console.
Ctrl+C pour terminer l'appli.
h2. Service systemd
Créer @/etc/systemd/system/hedgedoc.service@ :
<pre>
[Unit]
Description=HedgeDoc
After=network.target
[Service]
Type=simple
User=hedgedoc
EnvironmentFile=/home/hedgedoc/hedgedoc/env.sh
WorkingDirectory=/home/hedgedoc/hedgedoc
ExecStart=/usr/local/bin/yarn start
TimeoutSec=15
Restart=always
[Install]
WantedBy=multi-user.target
</pre>
Ensuite exécuter @systemctl daemon-reload@ pour lire le nouveau service et
<pre>
systemctl enable hedgedoc
systemctl start hedgedoc
</pre>
pour lancer le service et le rendre permanent.
h2. Reverse Proxy
Configuration du reverser proxy nginx + certbot pour certificat let's encrypt :
# @/etc/nginx/sites-available/md.tetaneutral.net.conf@ :
<pre>
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80 ;
listen [::]:80 ;
if ($host = md.tetaneutral.net) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name md.tetaneutral.net;
return 404; # managed by Certbot
}
server {
server_name md.tetaneutral.net;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /socket.io/ {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
listen [::]:443 ssl http2;
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/md.tetaneutral.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/md.tetaneutral.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
</pre>
h2. Mise à jour en 1.9.4
Le 2022/10/02
Pb d'auth LDAP. Corrigé par le patch :
<pre>
--- node_modules/ldapauth-fork/lib/ldapauth.js~ 2022-10-01 10:02:38.154999000 +0000
+++ node_modules/ldapauth-fork/lib/ldapauth.js 2022-10-07 08:40:07.150568701 +0000
@@ -321,13 +321,13 @@
// groupDnProperty will be accessed in the user returned by the search, and
// so needs to be requested from the LDAP server.
- if (
- opts.attributes &&
- self.opts.groupDnProperty &&
- !opts.attributes.includes(self.opts.groupDnProperty)
- ) {
- opts.attributes.push(self.opts.groupDnProperty);
- }
+ //if (
+ // opts.attributes &&
+ // self.opts.groupDnProperty &&
+ // !opts.attributes.includes(self.opts.groupDnProperty)
+ //) {
+ // opts.attributes.push(self.opts.groupDnProperty);
+ //}
self._search(self.opts.searchBase, opts, function (err, result) {
if (err) {
</pre.
Cette page décrit l'installation de HedeDoc (éditeur collaboratif Markdown) : https://hedgedoc.org/ sur https://md.tetaneutral.net
la VM a Debian 10 / 2 Go RAM / 20 Go disque
h2. Paquets prérequis
<pre>
apt install git
apt install nodejs
apt install postgresql
apt install nginx
apt install certbot
apt install python3-certbot-nginx
apt install npm
npm install --global yarn
</pre>
h2. Création utilisateur + base de données PostgreSQL
<pre>
adduser hedgedoc (long random password)
</pre>
<pre>
su - postgres
createuser --pwprompt hedgedoc (meme mot de passe)
createdb -O hedgedoc hedgedoc
exit
</pre>
h2. Installation du logiiciel lui-même:
<pre>
sudo -u hedgedoc bash
git clone -b 1.7.2 https://github.com/hedgedoc/hedgedoc.git
cd hedgedoc
./bin/setup
yarn run build
</pre>
Créer @env.sh@
<pre>
# Environment pour HedgeDoc
# https://docs.hedgedoc.org/configuration/
CMD_DOMAIN=md.tetaneutral.net
CMD_HOST=127.0.0.1
CMD_PORT=3000
CMD_PROTOCOL_USESSL=true
CMD_DB_URL=postgres://hedgedoc:<mot de passe>@localhost:5432/hedgedoc
CMD_ALLOW_ANONYMOUS=false
CMD_ALLOW_ANONYMOUS_EDITS=true
CMD_ALLOW_ANONYMOUS_VIEWS=true
CMD_DEFAULT_PERMISSION=limited
CMD_DEFAULT_USE_HARD_BREAK=false
CMD_SESSION_SECRET=<secret generé par pwgen 32 1>
CMD_IMAGE_UPLOAD_TYPE=filesystem
CMD_EMAIL=false
CMD_ALLOW_EMAIL_REGISTER=false
CMD_ALLOW_FREEURL=true
CMD_REQUIRE_FREEURL_AUTHENTICATION=true
CMD_LDAP_URL=ldaps://ldap.tetaneutral.net/
CMD_LDAP_BINDDN='cn=directory manager'
CMD_LDAP_BINDCREDENTIALS=<mdp root ldap>
CMD_LDAP_SEARCHBASE=ou=people,dc=tetaneutral,dc=net
CMD_LDAP_SEARCHFILTER='(cn={{username}})'
CMD_LDAP_SEARCHATTRIBUTES='cn,nsUniqueId'
CMD_LDAP_USERIDFIELD=nsUniqueId
CMD_LDAP_USERNAMEFIELD=cn
CMD_LDAP_PROVIDERNAME=Tetaneutral.net
CMD_USECDN=false
CMD_ALLOW_GRAVATAR=true
CMD_ALLOW_ORIGIN=md.tetaneutral.net
DEBUG=false
NODE_ENV=production
</pre>
et @.sequelizerc@ :
<pre>
var path = require('path');
module.exports = {
'config': path.resolve('config.json'),
'migrations-path': path.resolve('lib', 'migrations'),
'models-path': path.resolve('lib', 'models'),
'url': 'postgres://hedgedoc:<mot de passe>@localhost:5432/hedgedoc'
}
</pre>
h3. Lancement manuel pour débug
<pre>
su - hedgedoc
cd ~/hedgedoc
source env.sh
export $(grep -v ^# env.sh | cut -d= -f1)
node app.js
</pre>
Permet d'avoir les messages d'erreur eventuels en direct sur la console.
Ctrl+C pour terminer l'appli.
h2. Service systemd
Créer @/etc/systemd/system/hedgedoc.service@ :
<pre>
[Unit]
Description=HedgeDoc
After=network.target
[Service]
Type=simple
User=hedgedoc
EnvironmentFile=/home/hedgedoc/hedgedoc/env.sh
WorkingDirectory=/home/hedgedoc/hedgedoc
ExecStart=/usr/local/bin/yarn start
TimeoutSec=15
Restart=always
[Install]
WantedBy=multi-user.target
</pre>
Ensuite exécuter @systemctl daemon-reload@ pour lire le nouveau service et
<pre>
systemctl enable hedgedoc
systemctl start hedgedoc
</pre>
pour lancer le service et le rendre permanent.
h2. Reverse Proxy
Configuration du reverser proxy nginx + certbot pour certificat let's encrypt :
# @/etc/nginx/sites-available/md.tetaneutral.net.conf@ :
<pre>
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80 ;
listen [::]:80 ;
if ($host = md.tetaneutral.net) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name md.tetaneutral.net;
return 404; # managed by Certbot
}
server {
server_name md.tetaneutral.net;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /socket.io/ {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
listen [::]:443 ssl http2;
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/md.tetaneutral.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/md.tetaneutral.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
</pre>
h2. Mise à jour en 1.9.4
Le 2022/10/02
Pb d'auth LDAP. Corrigé par le patch :
<pre>
--- node_modules/ldapauth-fork/lib/ldapauth.js~ 2022-10-01 10:02:38.154999000 +0000
+++ node_modules/ldapauth-fork/lib/ldapauth.js 2022-10-07 08:40:07.150568701 +0000
@@ -321,13 +321,13 @@
// groupDnProperty will be accessed in the user returned by the search, and
// so needs to be requested from the LDAP server.
- if (
- opts.attributes &&
- self.opts.groupDnProperty &&
- !opts.attributes.includes(self.opts.groupDnProperty)
- ) {
- opts.attributes.push(self.opts.groupDnProperty);
- }
+ //if (
+ // opts.attributes &&
+ // self.opts.groupDnProperty &&
+ // !opts.attributes.includes(self.opts.groupDnProperty)
+ //) {
+ // opts.attributes.push(self.opts.groupDnProperty);
+ //}
self._search(self.opts.searchBase, opts, function (err, result) {
if (err) {
</pre.