search

cblgh / cerca

lean forum software
Other
127 stars 18 forks source link

Server install documentation? #71

Closed decentral1se closed 2 months ago

decentral1se commented 2 months ago

Deps

We just did a fresh build on the PMC server (🎉) and ran into build errors.

We could not install with standard go 1.15 due to the use of io/fs in util/util.go which is >= 1.16 apparently and this tracks with what is in the go.mod.

We used backports to install go 1.19. Building go-sqlite3 required us to run apt install libc6-dev gcc. Went through fine after.

A docs patch somewhere perhaps?

Systemd

To run cerca in the background on a Debian machine, we wrote a /etc/systemd/system/cerca.service:

[Unit]
Description=cerca
After=syslog.target network.target

[Service]
User=cerca
ExecStart=/usr/local/bin/cerca -config /var/www/foo.com/cerca.toml -authkey "..." -allowlist /var/www/foo.com/allowlist.txt -data /var/www/foo.com/data
RemainAfterExit=no
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target

Proxy

We wired up an Nginx proxy with the following config:

server {
    listen 80;
    server_name foo.com;
    location / {
        proxy_pass http://localhost:8272;
            proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
    }
    location /assets/ {
        root /var/www/foo.com/;
    }
}

Note, this required us to have a assets/... folder with favicon.png and theme.css next to the cerca.toml which are not generated by default?

Proxy bonus: problem 🙈

We're running into an issue where we cannot login successfully for the first time. Failed login attempts report an error but successful ones, report no error on the login page or in the cerca or Nginx logs. It seem likely that the proxy is somehow not letting something through which is required for the login? To debug 🙏

cblgh commented 2 months ago

we are out of wonderland and entering reality—thanks for taking the first steps of stress-testing cerca in a constrained env @decentral1se! we'll work through these issues one by one and make sure it's all silky smooth in the end. many of the edges you have run into are simple historical artefacts and can be cleaned up now that they are being encountered as obstacles

We could not install with standard go 1.15 due to the use of io/fs in util/util.go which is >= 1.16 apparently and this tracks with what is in the go.mod.

looking at the use of io/fs in util.go i think we can replace that import with go1.15's os.IsNotExist() : ]

decentral1se commented 2 months ago

Great, thanks!

I think the most burning one now is the broken (somewhere, somehow, still unsure?) proxying setup that we have wired up. Do you have a Nginx config to share? I'm pretty sure it has something to do with the session cookie handling but I can't seem to figure it out. The people can start trying it out while other things get fixed.

If you have a docs portion of the README or elsewhere you fancy, I can get the service file documented there. That is working nicely.

cblgh commented 2 months ago

@decentral1se I think the most burning one now is the broken (somewhere, somehow, still unsure?) proxying setup that we have wired up. Do you have a Nginx config to share?

sent over signal :)

If you have a docs portion of the README or elsewhere you fancy, I can get the service file documented there. That is working nicely.

let's create a new folder docs/ and put documentation in there. maybe create "hosting.md" and put the service file documentation there?

fwiw main inspo for this pattern is how i do it in lieu https://github.com/cblgh/lieu/tree/main/docs

decentral1se commented 2 months ago

Holy cow, adding listen 443 ssl seems to have done it in the Nginx config! I think it might certainly be related to that whirlpool of cookie session stuff you pointed to elsewhere! For now, burning issue solved, thanks 🎉

cblgh commented 2 months ago

for future reference here are the parts i pointed to where a combination of serving both http and https from the same running instance of cerca may be causing wonks:

make sure you are running over https for the logins while debugging this. you may be running into a config issue wrt mixed connections

https://github.com/cblgh/cerca/blob/main/server/session/session.go#L49

could be that this compounds, as developing is set to false, and the error isn't output

https://github.com/cblgh/cerca/blob/main/server/server.go#L105 https://github.com/cblgh/cerca/blob/main/server/server.go#L152-L157

cblgh commented 2 months ago

closing for now, can reopen if needed!