Projet

Général

Profil

HedgeDoc » Historique » Version 7

Matthieu Herrb, 09/10/2022 09:11

1 1 Matthieu Herrb
h1. HedgeDoc
2 1 Matthieu Herrb
3 1 Matthieu Herrb
Cette page décrit l'installation de HedeDoc (éditeur collaboratif Markdown) : https://hedgedoc.org/ sur https://md.tetaneutral.net
4 1 Matthieu Herrb
5 1 Matthieu Herrb
la VM a Debian 10 / 2 Go RAM / 20 Go disque
6 1 Matthieu Herrb
7 1 Matthieu Herrb
h2. Paquets prérequis
8 1 Matthieu Herrb
9 1 Matthieu Herrb
<pre>
10 1 Matthieu Herrb
apt install git
11 1 Matthieu Herrb
apt install nodejs
12 1 Matthieu Herrb
apt install postgresql
13 1 Matthieu Herrb
apt install nginx
14 1 Matthieu Herrb
apt install certbot
15 1 Matthieu Herrb
apt install python3-certbot-nginx
16 1 Matthieu Herrb
apt install npm
17 1 Matthieu Herrb
npm install --global yarn
18 1 Matthieu Herrb
</pre>
19 1 Matthieu Herrb
20 1 Matthieu Herrb
h2. Création utilisateur + base de données PostgreSQL
21 1 Matthieu Herrb
22 1 Matthieu Herrb
<pre>
23 1 Matthieu Herrb
adduser hedgedoc (long random password)
24 1 Matthieu Herrb
</pre>
25 1 Matthieu Herrb
26 1 Matthieu Herrb
<pre>
27 1 Matthieu Herrb
su - postgres
28 1 Matthieu Herrb
createuser --pwprompt hedgedoc (meme mot de passe)
29 1 Matthieu Herrb
createdb -O hedgedoc hedgedoc
30 1 Matthieu Herrb
exit
31 1 Matthieu Herrb
</pre>
32 1 Matthieu Herrb
33 1 Matthieu Herrb
h2. Installation du logiiciel lui-même:
34 1 Matthieu Herrb
35 1 Matthieu Herrb
<pre>
36 1 Matthieu Herrb
sudo -u hedgedoc bash
37 1 Matthieu Herrb
git clone -b 1.7.2 https://github.com/hedgedoc/hedgedoc.git
38 1 Matthieu Herrb
cd hedgedoc
39 1 Matthieu Herrb
./bin/setup
40 1 Matthieu Herrb
yarn run build
41 1 Matthieu Herrb
</pre>
42 1 Matthieu Herrb
43 1 Matthieu Herrb
Créer @env.sh@
44 1 Matthieu Herrb
<pre>
45 1 Matthieu Herrb
# Environment pour HedgeDoc
46 1 Matthieu Herrb
# https://docs.hedgedoc.org/configuration/
47 1 Matthieu Herrb
48 1 Matthieu Herrb
CMD_DOMAIN=md.tetaneutral.net
49 1 Matthieu Herrb
CMD_HOST=127.0.0.1
50 1 Matthieu Herrb
CMD_PORT=3000
51 1 Matthieu Herrb
CMD_PROTOCOL_USESSL=true
52 1 Matthieu Herrb
53 1 Matthieu Herrb
CMD_DB_URL=postgres://hedgedoc:<mot de passe>@localhost:5432/hedgedoc
54 1 Matthieu Herrb
55 1 Matthieu Herrb
CMD_ALLOW_ANONYMOUS=false
56 5 Matthieu Herrb
CMD_ALLOW_ANONYMOUS_EDITS=true
57 1 Matthieu Herrb
CMD_ALLOW_ANONYMOUS_VIEWS=true
58 1 Matthieu Herrb
CMD_DEFAULT_PERMISSION=limited
59 1 Matthieu Herrb
CMD_DEFAULT_USE_HARD_BREAK=false
60 1 Matthieu Herrb
61 1 Matthieu Herrb
CMD_SESSION_SECRET=<secret generé par pwgen 32 1>
62 1 Matthieu Herrb
63 1 Matthieu Herrb
CMD_IMAGE_UPLOAD_TYPE=filesystem
64 1 Matthieu Herrb
65 1 Matthieu Herrb
CMD_EMAIL=false
66 1 Matthieu Herrb
CMD_ALLOW_EMAIL_REGISTER=false
67 1 Matthieu Herrb
68 1 Matthieu Herrb
CMD_ALLOW_FREEURL=true
69 1 Matthieu Herrb
CMD_REQUIRE_FREEURL_AUTHENTICATION=true
70 1 Matthieu Herrb
71 1 Matthieu Herrb
CMD_LDAP_URL=ldaps://ldap.tetaneutral.net/
72 1 Matthieu Herrb
CMD_LDAP_BINDDN='cn=directory manager'
73 1 Matthieu Herrb
CMD_LDAP_BINDCREDENTIALS=<mdp root ldap>
74 1 Matthieu Herrb
CMD_LDAP_SEARCHBASE=ou=people,dc=tetaneutral,dc=net
75 1 Matthieu Herrb
CMD_LDAP_SEARCHFILTER='(cn={{username}})'
76 1 Matthieu Herrb
CMD_LDAP_SEARCHATTRIBUTES='cn,nsUniqueId'
77 1 Matthieu Herrb
CMD_LDAP_USERIDFIELD=nsUniqueId
78 1 Matthieu Herrb
CMD_LDAP_USERNAMEFIELD=cn
79 1 Matthieu Herrb
CMD_LDAP_PROVIDERNAME=Tetaneutral.net
80 1 Matthieu Herrb
81 1 Matthieu Herrb
CMD_USECDN=false
82 1 Matthieu Herrb
CMD_ALLOW_GRAVATAR=true
83 1 Matthieu Herrb
CMD_ALLOW_ORIGIN=md.tetaneutral.net
84 1 Matthieu Herrb
85 1 Matthieu Herrb
DEBUG=false
86 1 Matthieu Herrb
NODE_ENV=production
87 1 Matthieu Herrb
</pre>
88 1 Matthieu Herrb
89 1 Matthieu Herrb
et @.sequelizerc@ :
90 1 Matthieu Herrb
<pre>
91 1 Matthieu Herrb
var path = require('path');
92 1 Matthieu Herrb
93 1 Matthieu Herrb
module.exports = {
94 1 Matthieu Herrb
    'config':          path.resolve('config.json'),
95 1 Matthieu Herrb
    'migrations-path': path.resolve('lib', 'migrations'),
96 1 Matthieu Herrb
    'models-path':     path.resolve('lib', 'models'),
97 1 Matthieu Herrb
    'url':             'postgres://hedgedoc:<mot de passe>@localhost:5432/hedgedoc'
98 1 Matthieu Herrb
}
99 1 Matthieu Herrb
</pre>
100 1 Matthieu Herrb
101 4 Matthieu Herrb
h3. Lancement manuel pour débug
102 4 Matthieu Herrb
103 4 Matthieu Herrb
<pre>
104 4 Matthieu Herrb
su - hedgedoc
105 4 Matthieu Herrb
cd ~/hedgedoc
106 4 Matthieu Herrb
source env.sh
107 4 Matthieu Herrb
export $(grep -v ^# env.sh | cut -d= -f1)
108 4 Matthieu Herrb
node app.js
109 4 Matthieu Herrb
</pre>
110 4 Matthieu Herrb
111 4 Matthieu Herrb
Permet d'avoir les messages d'erreur eventuels en direct sur la console. 
112 4 Matthieu Herrb
Ctrl+C pour terminer l'appli.
113 4 Matthieu Herrb
114 4 Matthieu Herrb
115 1 Matthieu Herrb
h2. Service systemd
116 1 Matthieu Herrb
117 1 Matthieu Herrb
Créer @/etc/systemd/system/hedgedoc.service@ :
118 1 Matthieu Herrb
119 1 Matthieu Herrb
<pre>
120 1 Matthieu Herrb
[Unit]
121 1 Matthieu Herrb
Description=HedgeDoc
122 1 Matthieu Herrb
After=network.target
123 1 Matthieu Herrb
124 1 Matthieu Herrb
[Service]
125 1 Matthieu Herrb
Type=simple
126 1 Matthieu Herrb
User=hedgedoc
127 1 Matthieu Herrb
EnvironmentFile=/home/hedgedoc/hedgedoc/env.sh
128 1 Matthieu Herrb
WorkingDirectory=/home/hedgedoc/hedgedoc
129 1 Matthieu Herrb
ExecStart=/usr/local/bin/yarn start
130 1 Matthieu Herrb
TimeoutSec=15
131 1 Matthieu Herrb
Restart=always
132 1 Matthieu Herrb
133 1 Matthieu Herrb
[Install]
134 1 Matthieu Herrb
WantedBy=multi-user.target
135 1 Matthieu Herrb
</pre>
136 2 Matthieu Herrb
137 2 Matthieu Herrb
Ensuite exécuter @systemctl daemon-reload@ pour lire le nouveau service et 
138 2 Matthieu Herrb
139 2 Matthieu Herrb
<pre>
140 2 Matthieu Herrb
systemctl enable hedgedoc
141 2 Matthieu Herrb
systemctl start hedgedoc
142 2 Matthieu Herrb
</pre>
143 2 Matthieu Herrb
144 2 Matthieu Herrb
pour lancer le service et le rendre permanent.
145 3 Matthieu Herrb
146 3 Matthieu Herrb
h2. Reverse Proxy
147 3 Matthieu Herrb
148 3 Matthieu Herrb
Configuration du reverser proxy  nginx + certbot pour certificat let's encrypt :
149 3 Matthieu Herrb
150 3 Matthieu Herrb
# @/etc/nginx/sites-available/md.tetaneutral.net.conf@ :
151 3 Matthieu Herrb
<pre>
152 3 Matthieu Herrb
map $http_upgrade $connection_upgrade {
153 3 Matthieu Herrb
        default upgrade;
154 3 Matthieu Herrb
        ''      close;
155 3 Matthieu Herrb
}
156 3 Matthieu Herrb
157 3 Matthieu Herrb
server {
158 3 Matthieu Herrb
    listen 80 ;
159 3 Matthieu Herrb
    listen [::]:80 ;
160 3 Matthieu Herrb
    if ($host = md.tetaneutral.net) {
161 3 Matthieu Herrb
        return 301 https://$host$request_uri;
162 3 Matthieu Herrb
    } # managed by Certbot
163 3 Matthieu Herrb
    server_name md.tetaneutral.net;
164 3 Matthieu Herrb
    return 404; # managed by Certbot
165 3 Matthieu Herrb
}
166 3 Matthieu Herrb
167 3 Matthieu Herrb
server {
168 3 Matthieu Herrb
        server_name md.tetaneutral.net;
169 3 Matthieu Herrb
170 3 Matthieu Herrb
        location / {
171 3 Matthieu Herrb
                proxy_pass http://127.0.0.1:3000;
172 3 Matthieu Herrb
                proxy_set_header Host $host; 
173 3 Matthieu Herrb
                proxy_set_header X-Real-IP $remote_addr; 
174 3 Matthieu Herrb
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
175 3 Matthieu Herrb
                proxy_set_header X-Forwarded-Proto $scheme;
176 3 Matthieu Herrb
        }
177 3 Matthieu Herrb
178 3 Matthieu Herrb
        location /socket.io/ {
179 3 Matthieu Herrb
                proxy_pass http://127.0.0.1:3000;
180 3 Matthieu Herrb
                proxy_set_header Host $host; 
181 3 Matthieu Herrb
                proxy_set_header X-Real-IP $remote_addr; 
182 3 Matthieu Herrb
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
183 3 Matthieu Herrb
                proxy_set_header X-Forwarded-Proto $scheme;
184 3 Matthieu Herrb
                proxy_set_header Upgrade $http_upgrade;
185 3 Matthieu Herrb
                proxy_set_header Connection $connection_upgrade;
186 3 Matthieu Herrb
        }
187 3 Matthieu Herrb
188 3 Matthieu Herrb
    listen [::]:443 ssl http2;
189 3 Matthieu Herrb
    listen 443 ssl http2;
190 3 Matthieu Herrb
    ssl_certificate /etc/letsencrypt/live/md.tetaneutral.net/fullchain.pem; # managed by Certbot
191 3 Matthieu Herrb
    ssl_certificate_key /etc/letsencrypt/live/md.tetaneutral.net/privkey.pem; # managed by Certbot
192 3 Matthieu Herrb
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
193 3 Matthieu Herrb
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
194 3 Matthieu Herrb
}
195 3 Matthieu Herrb
</pre>
196 6 Matthieu Herrb
197 6 Matthieu Herrb
h2. Mise à jour en 1.9.4
198 6 Matthieu Herrb
199 6 Matthieu Herrb
Le 2022/10/02
200 6 Matthieu Herrb
201 6 Matthieu Herrb
Pb d'auth LDAP. Corrigé par le patch :
202 6 Matthieu Herrb
<pre>
203 6 Matthieu Herrb
--- node_modules/ldapauth-fork/lib/ldapauth.js~ 2022-10-01 10:02:38.154999000 +0000
204 6 Matthieu Herrb
+++ node_modules/ldapauth-fork/lib/ldapauth.js  2022-10-07 08:40:07.150568701 +0000
205 6 Matthieu Herrb
@@ -321,13 +321,13 @@
206 6 Matthieu Herrb
 
207 6 Matthieu Herrb
   // groupDnProperty will be accessed in the user returned by the search, and
208 6 Matthieu Herrb
   // so needs to be requested from the LDAP server.
209 6 Matthieu Herrb
-  if (
210 6 Matthieu Herrb
-    opts.attributes &&
211 6 Matthieu Herrb
-    self.opts.groupDnProperty &&
212 6 Matthieu Herrb
-    !opts.attributes.includes(self.opts.groupDnProperty)
213 6 Matthieu Herrb
-  ) {
214 6 Matthieu Herrb
-    opts.attributes.push(self.opts.groupDnProperty);
215 6 Matthieu Herrb
-  }
216 6 Matthieu Herrb
+  //if (
217 6 Matthieu Herrb
+  //  opts.attributes &&
218 6 Matthieu Herrb
+  //  self.opts.groupDnProperty &&
219 6 Matthieu Herrb
+  //  !opts.attributes.includes(self.opts.groupDnProperty)
220 6 Matthieu Herrb
+  //) {
221 6 Matthieu Herrb
+  //  opts.attributes.push(self.opts.groupDnProperty);
222 6 Matthieu Herrb
+  //}
223 6 Matthieu Herrb
 
224 6 Matthieu Herrb
   self._search(self.opts.searchBase, opts, function (err, result) {
225 6 Matthieu Herrb
     if (err) {
226 6 Matthieu Herrb
</pre.
227 7 Matthieu Herrb
228 7 Matthieu Herrb
Fix upstream : https://github.com/hedgedoc/hedgedoc/pull/2583