search

sismics / docs

Lightweight document management system packed with all the features you can expect from big expensive solutions
https://teedy.io
GNU General Public License v2.0
1.98k stars 489 forks source link

Just for notice: setup steps for Teedy 1.12dev at Fedora 37 on a Raspberry Pi 4 #679

Closed vmario89 closed 1 year ago

vmario89 commented 1 year ago

Some steup steps i did to install recent Teedy on a Fedora 37 system using an Pi 4. might be incomplete, but very helpful for others for sure

Install Teedy 1.12dev from source

cd /opt/
git clone https://github.com/sismics/docs.git teedy
cd /opt/teedy
dnf install maven npm
npm install -g grunt-cli
mvn clean -DskipTests install
mvn -Pprod -DskipTests clean install

Install Jetty 11.04.14 from source

cd /opt/
wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-home/11.0.14/jetty-home-11.0.14.tar.gz
tar -xvzf jetty-home-11.0.14.tar.gz
adduser jetty
chown -R jetty:jetty /opt/jetty-home-11.0.14/
mkdir -p /opt/jetty-home-11.0.14/jetty-base/
cd /opt/jetty-home-11.0.14/jetty-base/
java -jar ../start.jar --add-modules=deploy,http
chown -R jetty:jetty /opt/jetty-home-11.0.14/
cp /opt/teedy/docs-web/target/docs-web-1.*.war /opt/jetty-home-11.0.14/jetty-base/webapps/dms.war
vim /opt/jetty-home-11.0.14/jetty-base/webapps/dms.xml
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "https://www.eclipse.org/jetty/configure_10_0.dtd">
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
  <Set name="contextPath">/dms</Set>
  <Set name="war"><SystemProperty name="jetty.data" default="."/>/webapps/dms.war</Set>

  <Call class="java.lang.System" name="setProperty">
    <Arg>docs.home</Arg>
    <Arg>/opt/teedy_dmsdata/</Arg>
  </Call>
</Configure>
chown jetty:adm dms.war dms.xml 
mkdir -p /opt/teedy_dmsdata/
chmod -R 770 /opt/teedy_dmsdata/
chown -R jetty:jetty /opt/teedy_dmsdata/

Setup PostgreSQL

sudo dnf install postgresql-server postgresql-contrib
sudo systemctl enable postgresql
sudo postgresql-setup --initdb --unit postgresql
sudo systemctl start postgresql
su - postgres
psql
CREATE USER teedy WITH PASSWORD 'pw';
CREATE DATABASE teedy_db WITH ENCODING 'UNICODE' LC_COLLATE 'C' LC_CTYPE 'C' TEMPLATE template0;
GRANT ALL PRIVILEGES ON DATABASE teedy_db TO teedy ;
vim /var/lib/pgsql/data/postgresql.conf
listen_addresses = '*'
service postgresql restart
vim /var/lib/pgsql/data/pg_hba.conf
host    teedy_db        teedy           127.0.0.1/32            md5

nginx Setup

adduser www-data
sudo usermod -a -G www-data nginx
mkdir -p /var/www/vhosts/
sudo setsebool -P httpd_can_network_connect on
getenforce
chcon -Rt httpd_sys_content_t /var/www/
setsebool httpd_can_network_connect on -P
mkdir -p /etc/nginx/sites-available
mkdir -p /etc/nginx/sites-enabled
vim /etc/nginx/nginx.conf
user nginx;
#user www-data;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
    worker_connections 1024;
}
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;
    server_tokens off;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    include /etc/nginx/sites-enabled/*.conf;
    server {
        server_name  _;
        root         /var/www/html;
        include /etc/nginx/default.d/*.conf;
        error_page 404 /404.html;
        location = /404.html {
        }
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    listen [::]:443 ssl ipv6only=on;
    listen 443 ssl;
    ssl_certificate /etc/ssl/certs/selfsigned.crt;
    ssl_certificate_key /etc/ssl/selfsigned.key;
    }
}
semanage port -a -t http_port_t  -p tcp 443
sudo iptables -A OUTPUT -p tcp --sport 443 -m conntrack --ctstate ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 443 -m conntrack --ctstate ESTABLISHED -j ACCEPT
firewall-cmd --permanent --add-port=443/tcp
systemctl enable nginx
systemctl start nginx
vim /etc/nginx/sites-available/dms.samplesite.com.conf
server {
        server_name dms.samplesite.com;
        listen 443 ssl;
        listen [::]:443 ssl;

        include /etc/nginx/ssl-config.conf;

        add_header X-Frame-Options SAMEORIGIN always;
        add_header X-Xss-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header Referrer-Policy same-origin always;
        #we need to allow unsafe-inline at the moment
        add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: www.gravatar.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com" always;
        add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
        add_header Permissions-Policy "geolocation 'none'; camera 'none'; speaker 'none';";
        #add_header Content-Security-Policy upgrade-insecure-requests;

        client_max_body_size 100M;

    access_log /var/log/nginx/dms.samplesite.com.access.log;
    error_log /var/log/nginx/dms.samplesite.com.error.log;

        location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:8080/dms/;
            }

        add_header Content-Security-Policy upgrade-insecure-requests;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}

server {
    listen 80;
    listen [::]:80;
    server_name dms.samplesite.com;
    location / {
        return 301 https://dms.samplesite.com$request_uri;
        }
}
ln -sf /etc/nginx/sites-available/dms.samplesite.com.conf /etc/nginx/sites-enabled/

Setup Jetty as service and start the instance

vim /usr/lib/systemd/system/jetty.service
[Unit]
Description = Jetty Web Server for Teedy DMS
After = syslog.target network.target

[Service]
User = jetty
ExecStart = /opt/jetty-home-11.0.14/bin/jetty.sh start
ExecStop = /opt/jetty-home-11.0.14/bin/jetty.sh stop
ExecReload = /opt/jetty-home-11.0.14/bin/jetty.sh restart
Type = forking
Environment="DATABASE_URL=jdbc:postgresql://127.0.0.1:5432/teedy_db"
Environment="DATABASE_USER=teedy"
Environment="DATABASE_PASSWORD=pw"
Environment="JETTY_HOME=/opt/jetty-home-11.0.14"
Environment="JETTY_BASE=/opt/jetty-home-11.0.14/jetty-base"
Environment="JETTY_USER=jetty"
Environment="JETTY_HOST=0.0.0.0"
Environment="JETTY_ARGS=jetty.port=8080"

[Install]
WantedBy = multi-user.target
systemctl enable jetty.service
systemctl start jetty.service && journalctl -f -u jetty.service
jendib commented 1 year ago

I'm closing this but keeping it for reference if anybody need it.