adds docs folder

2018-11-09 16:36:34 -05:00 · 2018-11-09 16:36:34 -05:00 · 6d5fed56ca
commit 6d5fed56ca
parent b4ed8f7699
9 changed files with 383 additions and 0 deletions
--- a/docs/setup/conf/caddy/Caddyfile.speechsample
+++ b/docs/setup/conf/caddy/Caddyfile.speechsample
@ -0,0 +1,9 @@
+# Replace {{EXAMPLE.COM}} with 'yourdomain.com', omitting quotes
+
+www.{{EXAMPLE.COM}} {
+  redir https://{{EXAMPLE.COM}}
+}
+
+{{EXAMPLE.COM}} {
+  proxy / localhost:3000
+}
--- a/docs/setup/conf/caddy/caddy.service
+++ b/docs/setup/conf/caddy/caddy.service
@ -0,0 +1,14 @@
+[Unit]
+Description=Caddy HTTP/2 web server
+
+[Service]
+User=www-data
+Group=www-data
+Environment=CADDYPATH=/opt/caddy/store
+ExecStart=/usr/local/bin/caddy -agree=true -log=/opt/caddy/logs/caddy.log -conf=/opt/caddy/Caddyfile -root=/dev/null
+ExecReload=/bin/kill -USR1 $MAINPID
+LimitNOFILE=1048576
+LimitNPROC=64
+
+[Install]
+WantedBy=multi-user.target
--- a/docs/setup/conf/nginx/letsencrypt.conf
+++ b/docs/setup/conf/nginx/letsencrypt.conf
@ -0,0 +1,8 @@
+#/etc/nginx/snippets/letsencrypt.conf
+
+location ^~ /.well-known/acme-challenge/ {
+  allow all;
+  root /var/lib/letsencrypt/;
+  default_type "text/plain";
+  try_files $uri =404;
+}
--- a/docs/setup/conf/nginx/myspeech
+++ b/docs/setup/conf/nginx/myspeech
@ -0,0 +1,51 @@
+#/etc/nginx/sites-available/myspeech
+
+server {
+  listen 80;
+  listen [::]:80;
+
+  server_name {{DOMAIN_NAME}} {{WWW_DOMAIN_NAME}}
+  include snippets/letsencrypt.conf;
+  return 301 https://$host$request_uri;
+}
+
+server {
+  listen 443 ssl http2;
+  server_name {{WWW_DOMAIN_NAME}};
+  ssl_certificate /etc/letsencrypt/live/{{DOMAIN_NAME}}/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/{{DOMAIN_NAME}}/privkey.pem;
+  ssl_trusted_certificate /etc/letsencrypt/live/{{DOMAIN_NAME}}/chain.pem;
+  include snippets/ssl.conf;
+  include snippets/letsencrypt.conf;
+
+  access_log /var/log/nginx/www-myspeech.access.log;
+  error_log /var/log/nginx/www-myspeech.error.log;
+
+  return 301 https://{{DOMAIN_NAME}}$request_uri;
+}
+
+server {
+  #YOUR SITE HERE
+  listen 443 ssl http2;
+  server_name {{DOMAIN_NAME}};
+
+  ssl_certificate /etc/letsencrypt/live/{{DOMAIN_NAME}}/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/{{DOMAIN_NAME}}/privkey.pem;
+  ssl_trusted_certificate /etc/letsencrypt/live/{{DOMAIN_NAME}}/chain.pem;
+  include snippets/ssl.conf;
+  include snippets/letsencrypt.conf;
+
+  access_log /var/log/nginx/myspeech.access.log;
+  error_log /var/log/nginx/myspeech.error.log;
+
+  location / {
+    proxy_read_timeout 5m;
+    proxy_pass http://localhost:3000;
+    proxy_set_header X-Real-IP  $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-Port $server_port;
+    proxy_set_header Host $host;
+    proxy_pass_header Server;
+  }
+}
--- a/docs/setup/conf/nginx/ssl.conf
+++ b/docs/setup/conf/nginx/ssl.conf
@ -0,0 +1,20 @@
+#/etc/nginx/snippets/ssl.conf
+
+ssl_dhparam /etc/ssl/certs/dhparam.pem;
+
+ssl_session_timeout 1d;
+ssl_session_cache shared:SSL:50m;
+ssl_session_tickets off;
+
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
+ssl_prefer_server_ciphers on;
+
+ssl_stapling on;
+ssl_stapling_verify on;
+resolver 8.8.8.8 8.8.4.4 valid=300s;
+resolver_timeout 30s;
+
+add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
+add_header X-Frame-Options SAMEORIGIN;
+add_header X-Content-Type-Options nosniff;
--- a/docs/setup/conf/speech/chainqueryConfig.json
+++ b/docs/setup/conf/speech/chainqueryConfig.json
@ -0,0 +1,8 @@
+{
+  "host": "public.chainquery.lbry.io",
+  "port": "3306",
+  "timeout": 30,
+  "database": "chainquery",
+  "username": "speechpublic",
+  "password": "7uITJLwZRvHBZYS3JZDykD1-7hLVkVA1jDWfcgqi6QnC"
+}
--- a/docs/setup/scripts/firewall.sh
+++ b/docs/setup/scripts/firewall.sh
@ -0,0 +1,12 @@
+#!/bin/bash
+sudo ufw status
+sudo ufw allow 80
+sudo ufw allow 443
+sudo ufw allow 22
+sudo ufw allow 3333
+sudo ufw allow 4444
+sudo ufw default allow outgoing
+sudo ufw default deny incoming
+sudo ufw show added
+sudo ufw enable
+sudo ufw status
--- a/docs/setup/scripts/newuser.sh
+++ b/docs/setup/scripts/newuser.sh
--- a/docs/ubuntu16vpspersonal.md
+++ b/docs/ubuntu16vpspersonal.md
@ -0,0 +1,261 @@
+# Create Your Own Spee.ch on Ubuntu 16.x 18.x VPS
+
+# Overview
+
+## Prerequisites
+  * UBUNTU 16+ VPS with root access
+    * Your login info ready
+  * Domain name with @ and www pointed at your VPS IP
+  * Email Address
+  * Ability to send 5+ LBRY credits to an address
+  * Noncommercial use
+  * We recommend that you fork Spee.ch so that you can customize the site.
+
+## You'll be installing:
+  * MYSQL DB
+    * Default Port
+  * NODE v8+
+  * HTTPS PROXY SERVER
+    * Caddy for personal use
+    * Exposed ports: 22, 80, 443, 3333, 4444
+    * Reverse proxies to App on 3000
+  * SPEE.CH
+  * LBRYNET DAEMON
+
+
+# 1. Update OS and install packages
+## OS
+  `sudo apt-get update -y`
+
+  `ulimit -n 8192`
+
+## Git
+
+  `sudo apt-get install git -y`
+
+## NODE v8
+
+  `wget -qO- https://deb.nodesource.com/setup_8.x | sudo -E bash -`
+
+  `sudo apt-get install -y nodejs`
+
+## Curl, Tmux, Unzip, ffmpeg
+
+  `sudo apt-get install curl tmux unzip ffmpeg -y`
+
+## Grab config files
+
+  `git clone https://github.com/jessopb/speechconfigs.git`
+
+  `chmod 640 -R ~/speechconfigs`
+
+# 2 Secure the UFW firewall
+## UFW
+
+  `sudo ufw status`
+
+  `sudo ufw allow 80`
+
+  `sudo ufw allow 443`
+
+  `sudo ufw allow 22`
+
+  `sudo ufw allow 3333`
+
+  `sudo ufw allow 4444`
+
+  `sudo ufw default allow outgoing`
+
+  `sudo ufw default deny incoming`
+
+  `sudo ufw show added`
+
+  `sudo ufw enable` (yes, you've allowed ssh 22)
+
+  `sudo ufw status`
+
+# 3 Install Caddy to handle https and reverse proxy
+##  Get Caddy
+
+  `curl https://getcaddy.com | bash -s personal`
+
+## Set up Caddy
+
+  `mkdir -p /opt/caddy/logs/`
+
+  `mkdir -p /opt/caddy/store/`
+
+  `cp ~/speechconfigs/caddy/Caddyfile.speechsample ~/speechconfigs/caddy/Caddyfile`
+
+  `nano ~/speechconfigs/caddy/Caddyfile`
+   ( Change {{EXAMPLE.COM}} to YOURDOMAIN.COM )
+
+  `cp ~/speechconfigs/caddy/Caddyfile /opt/caddy/`
+
+## Set up Caddy to run as systemd service
+
+  `cp ~/speechconfigs/caddy/caddy.service /etc/systemd/system/caddy.service`
+
+  `chmod 644 /etc/systemd/system/caddy.service`
+
+  `chown -R www-data:www-data /opt/caddy/`
+
+  `setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy`
+
+  `systemctl daemon-reload`
+
+  `systemctl start caddy`
+
+  `systemctl status caddy`
+
+  At this point, navigating to yourdomain.com should give you a 502 bad gateway error. That's good!
+
+# 4 Set up MySql
+
+## Install MySql
+
+  `sudo apt-get install mysql-server -y`
+  ( enter blank password each time )
+  `sudo systemctl status mysql` (q to exit)
+
+## Secure Setup
+
+  `sudo mysql_secure_installation`
+  * No to password validation
+  * Y to all other options
+  * password abcd1234
+
+## Login to mysql from root to complete setup:
+
+  `mysql` to enter mysql> console
+
+  mysql> `ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'abcd1234';`
+
+  mysql> `FLUSH PRIVILEGES;`
+
+  Control+D to exit
+
+  Verify:
+
+  `mysql -u root -p` and then entering your password abcd1234 should give you the mysql> shell
+
+# 5 Get Lbrynet Daemon
+
+### TODO: Enable something like sudo systemctl start lbrynet so it runs as www-data
+
+## Enter tmux
+
+  `tmux`
+  * Ctrl+b, d detaches leaving session running.
+  * ~# `tmux`, Ctrl+b, ( goes back to that session.
+
+## Get the daemon
+  `wget -O ~/latest_daemon.zip https://lbry.io/get/lbrynet.linux.zip`
+
+  `unzip -o -u ~/latest_daemon.zip`
+
+## Start the daemon
+   ~# `./lbrynet start`
+## Detatch tmux session
+  `Control+b, then d` to leave lbrynet daemon running and exit the session
+
+  `tmux` if you want to get back into tmux
+
+  `Control+b, then ) in tmux` to cycle back to your lbrynet session to see output
+
+## Display wallet address to which to send 5+ LBC.
+### These commands work when `lbrynet start` is already running in another tmux
+
+  `./lbrynet commands` to check out the current commands
+
+  `./lbrynet address_list` to get your wallet address
+
+  `Ctrl + Shift + C` after highlighting an address to copy.
+
+  Use a LBRY app or daemon to send LBC to the address. Sending LBC may take a few seconds or longer.
+
+  `./lbrynet account_balance` to check your balance after you've sent LBC.
+
+# 6 Set up spee.ch
+## Clone speech either from your own fork, or from the lbryio/spee.ch repo.
+
+### Developers
+
+  SSH?
+
+  `git clone git@github.com:{{youraccount}}/spee.ch`
+
+  HTTPS?
+
+  `git clone https://github.com/{{youraccount}}/spee.ch.git`
+
+### Publishers
+
+  `git clone -b release https://github.com/lbryio/spee.ch`
+
+## Build it
+   `cd spee.ch`
+
+   ~/spee.ch# `npm install`
+
+  `cp ~/speechconfigs/speech/chainqueryConfig.json ~/spee.ch/site/config/chainqueryConfig.json`
+
+  ~/spee.ch# `npm run configure` (once your wallet balance has cleared)
+    * DATABASE: lbry
+    * USER NAME: root
+    * PASSWORD: abcd1234
+    * PORT: 3000
+    * Site Title: Your Site Name
+    * Enter your site's domain name: https://freezepeach.fun (this must include https://)
+    * Enter a directory where uploads should be stored: (/home/lbry/Uploads)
+
+  ~/spee.ch/# `npm run start`
+
+## Try it
+
+  Navigate to yourdomain.fun!
+
+
+### 7 Maintenance Proceedures
+* Change wallet
+  * TODO
+* Change daemon
+  * wget daemon from https://github.com/lbryio/lbry/releases
+  * wget --quiet -O ~/your_name_daemon.zip https://your_copied_file_path.zip
+  * rm ./lbrynet
+  * unzip -o -u ~/your_name_daemon.zip
+
+### 7 TODO
+* Don't run as root
+* Use Dockerized Spee.ch and Lbrynet
+  * https://github.com/lbryio/lbry-docker/tree/master/www.spee.ch
+  * https://github.com/lbryio/lbry-docker/tree/master/lbrynet-daemon
+  * https://blog.hasura.io/an-exhaustive-guide-to-writing-dockerfiles-for-node-js-web-apps-bbee6bd2f3c4
+  * https://docs.traefik.io/user-guide/docker-and-lets-encrypt/
+  * https://docs.traefik.io/configuration/acme/
+* Systemd unit files
+  * https://nodesource.com/blog/running-your-node-js-app-with-systemd-part-1/
+  * Spee.ch
+    * sudo nano /lib/systemd/system/speech.service
+  * Lbrynet
+    * sudo nano /lib/systemd/system/lbrynet.service
+    ```
+    [Unit]
+    Description=hello_env.js - making your environment variables read
+    Documentation=https://example.com
+    After=network.target
+
+    [Service]
+    Environment=NODE_PORT=3001
+    Type=simple
+    User=ubuntu
+    ExecStart=node path/server.js
+    Restart=on-failure
+
+    [Install]
+    WantedBy=multi-user.target
+    ```
+* Provide spee.ch build releases?
+* Provide system to configure chainqueryConfig.json
+* Clone speech to stripped version, streamline customization
+* Automate for testing