Merge pull request #714 from lbryio/master

Cut staging from master
This commit is contained in:
Shawn K 2018-11-09 19:04:13 -05:00 committed by GitHub
commit 7da9c3476d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 384 additions and 1 deletions

View file

@ -0,0 +1,9 @@
# Replace {{EXAMPLE.COM}} with 'yourdomain.com', omitting quotes
www.{{EXAMPLE.COM}} {
redir https://{{EXAMPLE.COM}}
}
{{EXAMPLE.COM}} {
proxy / localhost:3000
}

View file

@ -0,0 +1,14 @@
[Unit]
Description=Caddy HTTP/2 web server
[Service]
User=www-data
Group=www-data
Environment=CADDYPATH=/opt/caddy/store
ExecStart=/usr/local/bin/caddy -agree=true -log=/opt/caddy/logs/caddy.log -conf=/opt/caddy/Caddyfile -root=/dev/null
ExecReload=/bin/kill -USR1 $MAINPID
LimitNOFILE=1048576
LimitNPROC=64
[Install]
WantedBy=multi-user.target

View file

@ -0,0 +1,8 @@
#/etc/nginx/snippets/letsencrypt.conf
location ^~ /.well-known/acme-challenge/ {
allow all;
root /var/lib/letsencrypt/;
default_type "text/plain";
try_files $uri =404;
}

View file

@ -0,0 +1,51 @@
#/etc/nginx/sites-available/myspeech
server {
listen 80;
listen [::]:80;
server_name {{DOMAIN_NAME}} {{WWW_DOMAIN_NAME}}
include snippets/letsencrypt.conf;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name {{WWW_DOMAIN_NAME}};
ssl_certificate /etc/letsencrypt/live/{{DOMAIN_NAME}}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{DOMAIN_NAME}}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{DOMAIN_NAME}}/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
access_log /var/log/nginx/www-myspeech.access.log;
error_log /var/log/nginx/www-myspeech.error.log;
return 301 https://{{DOMAIN_NAME}}$request_uri;
}
server {
#YOUR SITE HERE
listen 443 ssl http2;
server_name {{DOMAIN_NAME}};
ssl_certificate /etc/letsencrypt/live/{{DOMAIN_NAME}}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{DOMAIN_NAME}}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{DOMAIN_NAME}}/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
access_log /var/log/nginx/myspeech.access.log;
error_log /var/log/nginx/myspeech.error.log;
location / {
proxy_read_timeout 5m;
proxy_pass http://localhost:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Host $host;
proxy_pass_header Server;
}
}

View file

@ -0,0 +1,20 @@
#/etc/nginx/snippets/ssl.conf
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 30s;
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;

View file

@ -0,0 +1,8 @@
{
"host": "public.chainquery.lbry.io",
"port": "3306",
"timeout": 30,
"database": "chainquery",
"username": "speechpublic",
"password": "7uITJLwZRvHBZYS3JZDykD1-7hLVkVA1jDWfcgqi6QnC"
}

View file

@ -0,0 +1,12 @@
#!/bin/bash
sudo ufw status
sudo ufw allow 80
sudo ufw allow 443
sudo ufw allow 22
sudo ufw allow 3333
sudo ufw allow 4444
sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw show added
sudo ufw enable
sudo ufw status

View file

261
docs/ubuntu16vpspersonal.md Normal file
View file

@ -0,0 +1,261 @@
# Create Your Own Spee.ch on Ubuntu 16.x 18.x VPS
# Overview
## Prerequisites
* UBUNTU 16+ VPS with root access
* Your login info ready
* Domain name with @ and www pointed at your VPS IP
* Email Address
* Ability to send 5+ LBRY credits to an address
* Noncommercial use
* We recommend that you fork Spee.ch so that you can customize the site.
## You'll be installing:
* MYSQL DB
* Default Port
* NODE v8+
* HTTPS PROXY SERVER
* Caddy for personal use
* Exposed ports: 22, 80, 443, 3333, 4444
* Reverse proxies to App on 3000
* SPEE.CH
* LBRYNET DAEMON
# 1. Update OS and install packages
## OS
`sudo apt-get update -y`
`ulimit -n 8192`
## Git
`sudo apt-get install git -y`
## NODE v8
`wget -qO- https://deb.nodesource.com/setup_8.x | sudo -E bash -`
`sudo apt-get install -y nodejs`
## Curl, Tmux, Unzip, ffmpeg
`sudo apt-get install curl tmux unzip ffmpeg -y`
## Grab config files
`git clone https://github.com/jessopb/speechconfigs.git`
`chmod 640 -R ~/speechconfigs`
# 2 Secure the UFW firewall
## UFW
`sudo ufw status`
`sudo ufw allow 80`
`sudo ufw allow 443`
`sudo ufw allow 22`
`sudo ufw allow 3333`
`sudo ufw allow 4444`
`sudo ufw default allow outgoing`
`sudo ufw default deny incoming`
`sudo ufw show added`
`sudo ufw enable` (yes, you've allowed ssh 22)
`sudo ufw status`
# 3 Install Caddy to handle https and reverse proxy
## Get Caddy
`curl https://getcaddy.com | bash -s personal`
## Set up Caddy
`mkdir -p /opt/caddy/logs/`
`mkdir -p /opt/caddy/store/`
`cp ~/speechconfigs/caddy/Caddyfile.speechsample ~/speechconfigs/caddy/Caddyfile`
`nano ~/speechconfigs/caddy/Caddyfile`
( Change {{EXAMPLE.COM}} to YOURDOMAIN.COM )
`cp ~/speechconfigs/caddy/Caddyfile /opt/caddy/`
## Set up Caddy to run as systemd service
`cp ~/speechconfigs/caddy/caddy.service /etc/systemd/system/caddy.service`
`chmod 644 /etc/systemd/system/caddy.service`
`chown -R www-data:www-data /opt/caddy/`
`setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy`
`systemctl daemon-reload`
`systemctl start caddy`
`systemctl status caddy`
At this point, navigating to yourdomain.com should give you a 502 bad gateway error. That's good!
# 4 Set up MySql
## Install MySql
`sudo apt-get install mysql-server -y`
( enter blank password each time )
`sudo systemctl status mysql` (q to exit)
## Secure Setup
`sudo mysql_secure_installation`
* No to password validation
* Y to all other options
* password abcd1234
## Login to mysql from root to complete setup:
`mysql` to enter mysql> console
mysql> `ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'abcd1234';`
mysql> `FLUSH PRIVILEGES;`
Control+D to exit
Verify:
`mysql -u root -p` and then entering your password abcd1234 should give you the mysql> shell
# 5 Get Lbrynet Daemon
### TODO: Enable something like sudo systemctl start lbrynet so it runs as www-data
## Enter tmux
`tmux`
* Ctrl+b, d detaches leaving session running.
* ~# `tmux`, Ctrl+b, ( goes back to that session.
## Get the daemon
`wget -O ~/latest_daemon.zip https://lbry.io/get/lbrynet.linux.zip`
`unzip -o -u ~/latest_daemon.zip`
## Start the daemon
~# `./lbrynet start`
## Detatch tmux session
`Control+b, then d` to leave lbrynet daemon running and exit the session
`tmux` if you want to get back into tmux
`Control+b, then ) in tmux` to cycle back to your lbrynet session to see output
## Display wallet address to which to send 5+ LBC.
### These commands work when `lbrynet start` is already running in another tmux
`./lbrynet commands` to check out the current commands
`./lbrynet address_list` to get your wallet address
`Ctrl + Shift + C` after highlighting an address to copy.
Use a LBRY app or daemon to send LBC to the address. Sending LBC may take a few seconds or longer.
`./lbrynet account_balance` to check your balance after you've sent LBC.
# 6 Set up spee.ch
## Clone speech either from your own fork, or from the lbryio/spee.ch repo.
### Developers
SSH?
`git clone git@github.com:{{youraccount}}/spee.ch`
HTTPS?
`git clone https://github.com/{{youraccount}}/spee.ch.git`
### Publishers
`git clone -b release https://github.com/lbryio/spee.ch`
## Build it
`cd spee.ch`
~/spee.ch# `npm install`
`cp ~/speechconfigs/speech/chainqueryConfig.json ~/spee.ch/site/config/chainqueryConfig.json`
~/spee.ch# `npm run configure` (once your wallet balance has cleared)
* DATABASE: lbry
* USER NAME: root
* PASSWORD: abcd1234
* PORT: 3000
* Site Title: Your Site Name
* Enter your site's domain name: https://freezepeach.fun (this must include https://)
* Enter a directory where uploads should be stored: (/home/lbry/Uploads)
~/spee.ch/# `npm run start`
## Try it
Navigate to yourdomain.fun!
### 7 Maintenance Proceedures
* Change wallet
* TODO
* Change daemon
* wget daemon from https://github.com/lbryio/lbry/releases
* wget --quiet -O ~/your_name_daemon.zip https://your_copied_file_path.zip
* rm ./lbrynet
* unzip -o -u ~/your_name_daemon.zip
### 7 TODO
* Don't run as root
* Use Dockerized Spee.ch and Lbrynet
* https://github.com/lbryio/lbry-docker/tree/master/www.spee.ch
* https://github.com/lbryio/lbry-docker/tree/master/lbrynet-daemon
* https://blog.hasura.io/an-exhaustive-guide-to-writing-dockerfiles-for-node-js-web-apps-bbee6bd2f3c4
* https://docs.traefik.io/user-guide/docker-and-lets-encrypt/
* https://docs.traefik.io/configuration/acme/
* Systemd unit files
* https://nodesource.com/blog/running-your-node-js-app-with-systemd-part-1/
* Spee.ch
* sudo nano /lib/systemd/system/speech.service
* Lbrynet
* sudo nano /lib/systemd/system/lbrynet.service
```
[Unit]
Description=hello_env.js - making your environment variables read
Documentation=https://example.com
After=network.target
[Service]
Environment=NODE_PORT=3001
Type=simple
User=ubuntu
ExecStart=node path/server.js
Restart=on-failure
[Install]
WantedBy=multi-user.target
```
* Provide spee.ch build releases?
* Provide system to configure chainqueryConfig.json
* Clone speech to stripped version, streamline customization
* Automate for testing

View file

@ -1,7 +1,7 @@
module.exports = {
...require('./auth'),
...require('./pages'),
...require('./api'),
...require('./auth'),
...require('./assets'),
...require('./fallback'),
};