adds docs folder #712
9 changed files with 383 additions and 0 deletions
9
docs/setup/conf/caddy/Caddyfile.speechsample
Normal file
9
docs/setup/conf/caddy/Caddyfile.speechsample
Normal file
|
@ -0,0 +1,9 @@
|
|||
# Replace {{EXAMPLE.COM}} with 'yourdomain.com', omitting quotes
|
||||
|
||||
www.{{EXAMPLE.COM}} {
|
||||
redir https://{{EXAMPLE.COM}}
|
||||
}
|
||||
|
||||
{{EXAMPLE.COM}} {
|
||||
proxy / localhost:3000
|
||||
}
|
14
docs/setup/conf/caddy/caddy.service
Normal file
14
docs/setup/conf/caddy/caddy.service
Normal file
|
@ -0,0 +1,14 @@
|
|||
[Unit]
|
||||
Description=Caddy HTTP/2 web server
|
||||
|
||||
[Service]
|
||||
User=www-data
|
||||
Group=www-data
|
||||
Environment=CADDYPATH=/opt/caddy/store
|
||||
ExecStart=/usr/local/bin/caddy -agree=true -log=/opt/caddy/logs/caddy.log -conf=/opt/caddy/Caddyfile -root=/dev/null
|
||||
ExecReload=/bin/kill -USR1 $MAINPID
|
||||
LimitNOFILE=1048576
|
||||
LimitNPROC=64
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
8
docs/setup/conf/nginx/letsencrypt.conf
Normal file
8
docs/setup/conf/nginx/letsencrypt.conf
Normal file
|
@ -0,0 +1,8 @@
|
|||
#/etc/nginx/snippets/letsencrypt.conf
|
||||
|
||||
location ^~ /.well-known/acme-challenge/ {
|
||||
allow all;
|
||||
root /var/lib/letsencrypt/;
|
||||
default_type "text/plain";
|
||||
try_files $uri =404;
|
||||
}
|
51
docs/setup/conf/nginx/myspeech
Normal file
51
docs/setup/conf/nginx/myspeech
Normal file
|
@ -0,0 +1,51 @@
|
|||
#/etc/nginx/sites-available/myspeech
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name {{DOMAIN_NAME}} {{WWW_DOMAIN_NAME}}
|
||||
include snippets/letsencrypt.conf;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name {{WWW_DOMAIN_NAME}};
|
||||
ssl_certificate /etc/letsencrypt/live/{{DOMAIN_NAME}}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{DOMAIN_NAME}}/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/{{DOMAIN_NAME}}/chain.pem;
|
||||
include snippets/ssl.conf;
|
||||
include snippets/letsencrypt.conf;
|
||||
|
||||
access_log /var/log/nginx/www-myspeech.access.log;
|
||||
error_log /var/log/nginx/www-myspeech.error.log;
|
||||
|
||||
return 301 https://{{DOMAIN_NAME}}$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
#YOUR SITE HERE
|
||||
listen 443 ssl http2;
|
||||
server_name {{DOMAIN_NAME}};
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/{{DOMAIN_NAME}}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{DOMAIN_NAME}}/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/{{DOMAIN_NAME}}/chain.pem;
|
||||
include snippets/ssl.conf;
|
||||
include snippets/letsencrypt.conf;
|
||||
|
||||
access_log /var/log/nginx/myspeech.access.log;
|
||||
error_log /var/log/nginx/myspeech.error.log;
|
||||
|
||||
location / {
|
||||
proxy_read_timeout 5m;
|
||||
proxy_pass http://localhost:3000;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass_header Server;
|
||||
}
|
||||
}
|
20
docs/setup/conf/nginx/ssl.conf
Normal file
20
docs/setup/conf/nginx/ssl.conf
Normal file
|
@ -0,0 +1,20 @@
|
|||
#/etc/nginx/snippets/ssl.conf
|
||||
|
||||
ssl_dhparam /etc/ssl/certs/dhparam.pem;
|
||||
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_session_tickets off;
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
resolver 8.8.8.8 8.8.4.4 valid=300s;
|
||||
resolver_timeout 30s;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
add_header X-Content-Type-Options nosniff;
|
8
docs/setup/conf/speech/chainqueryConfig.json
Normal file
8
docs/setup/conf/speech/chainqueryConfig.json
Normal file
|
@ -0,0 +1,8 @@
|
|||
{
|
||||
"host": "public.chainquery.lbry.io",
|
||||
"port": "3306",
|
||||
"timeout": 30,
|
||||
"database": "chainquery",
|
||||
"username": "speechpublic",
|
||||
"password": "7uITJLwZRvHBZYS3JZDykD1-7hLVkVA1jDWfcgqi6QnC"
|
||||
}
|
12
docs/setup/scripts/firewall.sh
Normal file
12
docs/setup/scripts/firewall.sh
Normal file
|
@ -0,0 +1,12 @@
|
|||
#!/bin/bash
|
||||
sudo ufw status
|
||||
sudo ufw allow 80
|
||||
sudo ufw allow 443
|
||||
sudo ufw allow 22
|
||||
sudo ufw allow 3333
|
||||
sudo ufw allow 4444
|
||||
sudo ufw default allow outgoing
|
||||
sudo ufw default deny incoming
|
||||
sudo ufw show added
|
||||
sudo ufw enable
|
||||
sudo ufw status
|
0
docs/setup/scripts/newuser.sh
Normal file
0
docs/setup/scripts/newuser.sh
Normal file
261
docs/ubuntu16vpspersonal.md
Normal file
261
docs/ubuntu16vpspersonal.md
Normal file
|
@ -0,0 +1,261 @@
|
|||
# Create Your Own Spee.ch on Ubuntu 16.x 18.x VPS
|
||||
|
||||
# Overview
|
||||
|
||||
## Prerequisites
|
||||
* UBUNTU 16+ VPS with root access
|
||||
* Your login info ready
|
||||
* Domain name with @ and www pointed at your VPS IP
|
||||
* Email Address
|
||||
* Ability to send 5+ LBRY credits to an address
|
||||
* Noncommercial use
|
||||
* We recommend that you fork Spee.ch so that you can customize the site.
|
||||
|
||||
## You'll be installing:
|
||||
* MYSQL DB
|
||||
* Default Port
|
||||
* NODE v8+
|
||||
* HTTPS PROXY SERVER
|
||||
* Caddy for personal use
|
||||
* Exposed ports: 22, 80, 443, 3333, 4444
|
||||
* Reverse proxies to App on 3000
|
||||
* SPEE.CH
|
||||
* LBRYNET DAEMON
|
||||
|
||||
|
||||
# 1. Update OS and install packages
|
||||
## OS
|
||||
`sudo apt-get update -y`
|
||||
|
||||
`ulimit -n 8192`
|
||||
|
||||
## Git
|
||||
|
||||
`sudo apt-get install git -y`
|
||||
|
||||
## NODE v8
|
||||
|
||||
`wget -qO- https://deb.nodesource.com/setup_8.x | sudo -E bash -`
|
||||
|
||||
`sudo apt-get install -y nodejs`
|
||||
|
||||
## Curl, Tmux, Unzip, ffmpeg
|
||||
|
||||
`sudo apt-get install curl tmux unzip ffmpeg -y`
|
||||
|
||||
## Grab config files
|
||||
|
||||
`git clone https://github.com/jessopb/speechconfigs.git`
|
||||
|
||||
`chmod 640 -R ~/speechconfigs`
|
||||
|
||||
# 2 Secure the UFW firewall
|
||||
## UFW
|
||||
|
||||
`sudo ufw status`
|
||||
|
||||
`sudo ufw allow 80`
|
||||
|
||||
`sudo ufw allow 443`
|
||||
|
||||
`sudo ufw allow 22`
|
||||
|
||||
`sudo ufw allow 3333`
|
||||
|
||||
`sudo ufw allow 4444`
|
||||
|
||||
`sudo ufw default allow outgoing`
|
||||
|
||||
`sudo ufw default deny incoming`
|
||||
|
||||
`sudo ufw show added`
|
||||
|
||||
`sudo ufw enable` (yes, you've allowed ssh 22)
|
||||
|
||||
`sudo ufw status`
|
||||
|
||||
# 3 Install Caddy to handle https and reverse proxy
|
||||
## Get Caddy
|
||||
|
||||
`curl https://getcaddy.com | bash -s personal`
|
||||
|
||||
## Set up Caddy
|
||||
|
||||
`mkdir -p /opt/caddy/logs/`
|
||||
|
||||
`mkdir -p /opt/caddy/store/`
|
||||
|
||||
`cp ~/speechconfigs/caddy/Caddyfile.speechsample ~/speechconfigs/caddy/Caddyfile`
|
||||
|
||||
`nano ~/speechconfigs/caddy/Caddyfile`
|
||||
( Change {{EXAMPLE.COM}} to YOURDOMAIN.COM )
|
||||
|
||||
`cp ~/speechconfigs/caddy/Caddyfile /opt/caddy/`
|
||||
|
||||
## Set up Caddy to run as systemd service
|
||||
|
||||
`cp ~/speechconfigs/caddy/caddy.service /etc/systemd/system/caddy.service`
|
||||
|
||||
`chmod 644 /etc/systemd/system/caddy.service`
|
||||
|
||||
`chown -R www-data:www-data /opt/caddy/`
|
||||
|
||||
`setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy`
|
||||
|
||||
`systemctl daemon-reload`
|
||||
|
||||
`systemctl start caddy`
|
||||
|
||||
`systemctl status caddy`
|
||||
|
||||
At this point, navigating to yourdomain.com should give you a 502 bad gateway error. That's good!
|
||||
|
||||
# 4 Set up MySql
|
||||
|
||||
## Install MySql
|
||||
|
||||
`sudo apt-get install mysql-server -y`
|
||||
( enter blank password each time )
|
||||
`sudo systemctl status mysql` (q to exit)
|
||||
|
||||
## Secure Setup
|
||||
|
||||
`sudo mysql_secure_installation`
|
||||
* No to password validation
|
||||
* Y to all other options
|
||||
* password abcd1234
|
||||
|
||||
## Login to mysql from root to complete setup:
|
||||
|
||||
`mysql` to enter mysql> console
|
||||
|
||||
mysql> `ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'abcd1234';`
|
||||
|
||||
mysql> `FLUSH PRIVILEGES;`
|
||||
|
||||
Control+D to exit
|
||||
|
||||
Verify:
|
||||
|
||||
`mysql -u root -p` and then entering your password abcd1234 should give you the mysql> shell
|
||||
|
||||
# 5 Get Lbrynet Daemon
|
||||
|
||||
### TODO: Enable something like sudo systemctl start lbrynet so it runs as www-data
|
||||
|
||||
## Enter tmux
|
||||
|
||||
`tmux`
|
||||
* Ctrl+b, d detaches leaving session running.
|
||||
* ~# `tmux`, Ctrl+b, ( goes back to that session.
|
||||
|
||||
## Get the daemon
|
||||
`wget -O ~/latest_daemon.zip https://lbry.io/get/lbrynet.linux.zip`
|
||||
|
||||
`unzip -o -u ~/latest_daemon.zip`
|
||||
|
||||
## Start the daemon
|
||||
~# `./lbrynet start`
|
||||
## Detatch tmux session
|
||||
`Control+b, then d` to leave lbrynet daemon running and exit the session
|
||||
|
||||
`tmux` if you want to get back into tmux
|
||||
|
||||
`Control+b, then ) in tmux` to cycle back to your lbrynet session to see output
|
||||
|
||||
## Display wallet address to which to send 5+ LBC.
|
||||
### These commands work when `lbrynet start` is already running in another tmux
|
||||
|
||||
`./lbrynet commands` to check out the current commands
|
||||
|
||||
`./lbrynet address_list` to get your wallet address
|
||||
|
||||
`Ctrl + Shift + C` after highlighting an address to copy.
|
||||
|
||||
Use a LBRY app or daemon to send LBC to the address. Sending LBC may take a few seconds or longer.
|
||||
|
||||
`./lbrynet account_balance` to check your balance after you've sent LBC.
|
||||
|
||||
# 6 Set up spee.ch
|
||||
## Clone speech either from your own fork, or from the lbryio/spee.ch repo.
|
||||
|
||||
### Developers
|
||||
|
||||
SSH?
|
||||
|
||||
`git clone git@github.com:{{youraccount}}/spee.ch`
|
||||
|
||||
HTTPS?
|
||||
|
||||
`git clone https://github.com/{{youraccount}}/spee.ch.git`
|
||||
|
||||
### Publishers
|
||||
|
||||
`git clone -b release https://github.com/lbryio/spee.ch`
|
||||
|
||||
## Build it
|
||||
`cd spee.ch`
|
||||
|
||||
~/spee.ch# `npm install`
|
||||
|
||||
`cp ~/speechconfigs/speech/chainqueryConfig.json ~/spee.ch/site/config/chainqueryConfig.json`
|
||||
|
||||
~/spee.ch# `npm run configure` (once your wallet balance has cleared)
|
||||
* DATABASE: lbry
|
||||
* USER NAME: root
|
||||
* PASSWORD: abcd1234
|
||||
* PORT: 3000
|
||||
* Site Title: Your Site Name
|
||||
* Enter your site's domain name: https://freezepeach.fun (this must include https://)
|
||||
* Enter a directory where uploads should be stored: (/home/lbry/Uploads)
|
||||
|
||||
~/spee.ch/# `npm run start`
|
||||
|
||||
## Try it
|
||||
|
||||
Navigate to yourdomain.fun!
|
||||
|
||||
|
||||
### 7 Maintenance Proceedures
|
||||
* Change wallet
|
||||
* TODO
|
||||
* Change daemon
|
||||
* wget daemon from https://github.com/lbryio/lbry/releases
|
||||
* wget --quiet -O ~/your_name_daemon.zip https://your_copied_file_path.zip
|
||||
* rm ./lbrynet
|
||||
* unzip -o -u ~/your_name_daemon.zip
|
||||
|
||||
### 7 TODO
|
||||
* Don't run as root
|
||||
* Use Dockerized Spee.ch and Lbrynet
|
||||
* https://github.com/lbryio/lbry-docker/tree/master/www.spee.ch
|
||||
* https://github.com/lbryio/lbry-docker/tree/master/lbrynet-daemon
|
||||
* https://blog.hasura.io/an-exhaustive-guide-to-writing-dockerfiles-for-node-js-web-apps-bbee6bd2f3c4
|
||||
* https://docs.traefik.io/user-guide/docker-and-lets-encrypt/
|
||||
* https://docs.traefik.io/configuration/acme/
|
||||
* Systemd unit files
|
||||
* https://nodesource.com/blog/running-your-node-js-app-with-systemd-part-1/
|
||||
* Spee.ch
|
||||
* sudo nano /lib/systemd/system/speech.service
|
||||
* Lbrynet
|
||||
* sudo nano /lib/systemd/system/lbrynet.service
|
||||
```
|
||||
[Unit]
|
||||
Description=hello_env.js - making your environment variables read
|
||||
Documentation=https://example.com
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Environment=NODE_PORT=3001
|
||||
Type=simple
|
||||
User=ubuntu
|
||||
ExecStart=node path/server.js
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
```
|
||||
* Provide spee.ch build releases?
|
||||
* Provide system to configure chainqueryConfig.json
|
||||
* Clone speech to stripped version, streamline customization
|
||||
* Automate for testing
|
Loading…
Reference in a new issue