-
-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #8 from 3036662/PR_techSelection
Added self-hosting to Librum's Server
- Loading branch information
Showing
15 changed files
with
773 additions
and
33 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
.TH librum-server | ||
|
||
.SH NAME | ||
.B librum-server | ||
- the server for the Librum application | ||
|
||
|
||
.SH DESCRIPTION | ||
.B librum-server | ||
is a server running as a service | ||
|
||
.SH INSTALLATION | ||
.TP | ||
After installing the librum-server package | ||
.RS | ||
.B 1. | ||
Install and configure the MariaDb or MySql service | ||
.RS | ||
.LP | ||
.B a) | ||
Edit /etc/mysql/mariadb.conf.d/50-server.cnf to set bind-address=127.0.0.1 and comment out the skip-networking option | ||
.LP | ||
.B b) | ||
Restart MySql server - systemctl restart mysqld | ||
.LP | ||
.B c) | ||
Run mysql and create a user for the mysql database. For example: | ||
ALTER USER 'root'@'localhost' IDENTIFIED BY 'strongPassword123'; | ||
.RE | ||
|
||
.LP | ||
.B 2. | ||
Edit the configuration file at /etc/librum-server/librum-server.conf | ||
You must provide: | ||
.RS | ||
.LP | ||
.B JWTValidIssuer | ||
- Any string for key provider for example "myhomeKeyProvider" | ||
.LP | ||
.B JWTKey | ||
- The secret key for JWT token generation (at least 20 symbols) | ||
.LP | ||
.B AdminEmail | ||
- An admin email for seeding the database with an admin account on the first run | ||
.LP | ||
.B AdminPassword | ||
- A password for the admin account (5 symbols minimum) | ||
.LP | ||
.B DBConnectionString | ||
- The connection string for Mysql (or MariaDB) | ||
for example "Server=127.0.0.1;port=3306;Database=my_database_name;Uid=mysql_user;Pwd=mysql_password;" | ||
.LP | ||
.B SMTPEndpoint | ||
- The smtp server endpoint used for sending emails to confirm your account | ||
.LP | ||
.B SMTPUsername and SMTPPassword | ||
- The username and password for your smtp server | ||
.LP | ||
.B SMTPMailFrom | ||
- It is recommended to set this variable to be exactly the same email that you are using on your mail server | ||
.LP | ||
.B CleanUrl | ||
- A clean url without ports, it will be used to build the "reset password link". | ||
As an example, a server running on 127.0.0.1:5000 can be exposed to the web as https://myserver.com, so the CleanUrl would be https://myserver.com | ||
.RE | ||
.LP | ||
.B 3. | ||
Refresh the systemd services by running: systemctl daemon-reload | ||
.LP | ||
.B 4. | ||
Run the server: systemctl start librum-server | ||
.LP | ||
.B 5. | ||
Check status with: systemctl status librum-server | ||
.RE | ||
.LP | ||
.B 6. | ||
Configure your librum-reader app to launch using your server. | ||
In ~/.config/librum-server/librum-server.conf set selfHosted to true and set serverHost to the servers url (e.g. https://127.0.0.1:5001) | ||
|
||
.SH UNINSTALL | ||
.TP | ||
Delte the package and in ~/.config/librum-server/librum-server.conf, change selfHosted to false and serverHost to api.librumreader.com to switch back to the official servers. | ||
|
||
.SH DIAGNOSTICS | ||
.PP | ||
The activity of server is logged to /var/lib/librum-server/srv/Data/Logs and journalctl. | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
# Valid issuer for JWT Key - string | ||
JWTValidIssuer="exampleIssuer" | ||
|
||
# Secret key for JWT token generation (at least 20 symbols) | ||
JWTKey="exampleOfALongSecretToken" | ||
|
||
# An admin email for seeding the database with an admin account on the first run | ||
AdminEmail="[email protected]" | ||
|
||
# A password for the admin account (5 symbols minimum) | ||
AdminPassword="strongPassword123" | ||
|
||
# The connection string for Mysql (or MariaDB) | ||
DBConnectionString="Server=127.0.0.1;port=3306;Database=my_database_name;Uid=mysql_user;Pwd=mysql_password;" | ||
|
||
# The smtp server endpoint used for sending emails to confirm your account | ||
SMTPEndpoint="smtp.example.com" | ||
|
||
# The username and password for your smtp server | ||
SMTPUsername="mailuser123" | ||
SMTPPassword="smtpUserPassword123" | ||
|
||
# It is recommended to set this variable to be exactly the same email that you are using on your mail server | ||
SMTPMailFrom="[email protected]" | ||
|
||
# A clean url without ports, it will be used to build the "reset password link". | ||
# As an example, a server running on 127.0.0.1:5000 can be exposed to the web as https://myserver.com, so the CleanUrl would be https://myserver.com | ||
CleanUrl="https://127.0.0.1" | ||
|
||
# Your OpenAI api token - If left empty, all Ai services will simply be disabled | ||
OpenAIToken="" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
[Unit] | ||
Description=Server for the Librum application | ||
|
||
[Service] | ||
WorkingDirectory=/var/lib/librum-server/srv | ||
ExecStart=/var/lib/librum-server/srv/run.sh | ||
User=librum-server | ||
Restart=always | ||
# Restart service after 10 seconds if the dotnet service crashes: | ||
RestartSec=10 | ||
KillSignal=SIGINT | ||
SyslogIdentifier=librum-server | ||
Environment=ASPNETCORE_ENVIRONMENT=Production | ||
Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false | ||
Environment=LIBRUM_SELFHOSTED=true | ||
EnvironmentFile=/etc/librum-server/librum-server.conf | ||
|
||
[Install] | ||
WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
#!/bin/bash | ||
|
||
cd /var/lib/librum-server/srv | ||
dotnet Presentation.dll |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,203 @@ | ||
# Librum-Server | ||
The build and deploy process was tested on Ubuntu 22.04. It should work on any other linux distribution, but the commands might need to be adjusted. | ||
|
||
<br> | ||
|
||
## Dependencies | ||
|
||
You will need `dotnet`, `openssl` and `mariadb-server`. | ||
<br> | ||
<br> | ||
To download dotnet7 follow: https://learn.microsoft.com/en-us/dotnet/core/install/linux (if you run into problems with the dotnet7 installation on ubuntu, this: https://stackoverflow.com/a/77059342 might help). | ||
<br> | ||
<br> | ||
download the other packages via: | ||
``` | ||
sudo apt install openssl mariadb-server | ||
``` | ||
to install all dependencies. | ||
|
||
<br> | ||
|
||
## Build | ||
|
||
To build the server, clone the repository and use `dotnet publish` | ||
|
||
``` | ||
git clone https://github.com/Librum-Reader/Librum-Server.git | ||
cd Librum-Server | ||
dotnet restore | ||
cd src/Presentation | ||
dotnet publish -c Release -o build --no-restore --verbosity m | ||
``` | ||
|
||
<br> | ||
|
||
## Install | ||
### Create a `librum-server` group and user | ||
|
||
``` | ||
groupadd -r -f librum-server | ||
sudo useradd -r -g librum-server -d /var/lib/librum-server --shell /usr/sbin/nologin librum-server | ||
``` | ||
|
||
### Install the .service file for systemd | ||
|
||
``` | ||
cd ../.. | ||
sudo install -d /etc/systemd/system/ | ||
sudo install self-hosting/librum-server.service -m660 /etc/systemd/system/ | ||
``` | ||
|
||
### Install the .conf file that contains the environment variables | ||
|
||
``` | ||
sudo install -d /etc/librum-server/ | ||
sudo install -m660 self-hosting/librum-server.conf /etc/librum-server/ | ||
``` | ||
|
||
### Install the server | ||
|
||
``` | ||
sudo mkdir -p /var/lib/librum-server/srv | ||
sudo cp src/Presentation/build/* /var/lib/librum-server/srv --recursive | ||
sudo chmod --recursive 660 /var/lib/librum-server/ | ||
sudo chmod 770 /var/lib/librum-server | ||
sudo chmod 770 /var/lib/librum-server/srv | ||
sudo install self-hosting/run.sh -m770 /var/lib/librum-server/srv | ||
sudo chown --recursive librum-server /var/lib/librum-server/ | ||
``` | ||
|
||
### Install the manpage | ||
|
||
``` | ||
mkdir -p /usr/share/man/man7 | ||
sudo install -m664 self-hosting/librum-server.7 /usr/share/man/man7 | ||
``` | ||
|
||
### Insall readme | ||
|
||
``` | ||
sudo install -m664 self-hosting/self-host-installation.md /var/lib/librum-server/srv | ||
``` | ||
|
||
### Create the SSL certificate for the server | ||
|
||
``` | ||
KEYOUT=/var/lib/librum-server/srv/librum-server.key | ||
CRTOUT=/var/lib/librum-server/srv/librum-server.crt | ||
PFXOUT=/var/lib/librum-server/srv/librum-server.pfx | ||
sudo /usr/bin/openssl req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes -keyout $KEYOUT -out $CRTOUT -subj "/CN=librum-server" -extensions v3_ca -extensions v3_req | ||
sudo openssl pkcs12 -export -passout pass: -out $PFXOUT -inkey $KEYOUT -in $CRTOUT | ||
sudo chown librum-server $PFXOUT | ||
``` | ||
|
||
### Configure the server ports | ||
|
||
Edit `/var/lib/librum-server/srv/appsettings.json` and change it to look like the following: | ||
|
||
``` | ||
{ | ||
"Kestrel": { | ||
"EndPoints": { | ||
"Http": { | ||
"Url": "http://127.0.0.1:5000" | ||
}, | ||
"Https": { | ||
"Url": "https://127.0.0.1:5001", | ||
"Certificate": { | ||
"Path": "librum-server.pfx" | ||
} | ||
} | ||
} | ||
}, | ||
"Logging": { | ||
"LogLevel": { | ||
"Default": "Warning", | ||
"Microsoft.AspNetCore": "Warning" | ||
} | ||
}, | ||
"AllowedHosts": "*", | ||
"AzureKeyVaultUri": "https://librum-keyvault.vault.azure.net/", | ||
"IpRateLimiting": { | ||
"EnableEndpointRateLimiting": true, | ||
"StackBlockedRequests": false, | ||
"RealIpHeader": "X-Real-IP", | ||
"ClientIdHeader": "X-ClientId", | ||
"HttpStatusCode": 429, | ||
"GeneralRules": [ | ||
{ | ||
"Endpoint": "post:/api/register", | ||
"Period": "15m", | ||
"Limit": 6 | ||
} | ||
] | ||
} | ||
} | ||
``` | ||
|
||
<br> | ||
|
||
## Run | ||
|
||
### Install and configure MariaDB | ||
|
||
Edit `/etc/mysql/mariadb.conf.d/50-server.cnf` (called differently on other linux distros e.g. `/etc/my.cnf.d/server.cnf` or `my.cnf`). | ||
|
||
Set `bind-adress` to `127.0.0.1` and if a `skip-networking` section exists, comment it out by adding a `#` infront of it. | ||
|
||
Then restart the mariaDB service: | ||
|
||
``` | ||
systemctl restart mysqld | ||
``` | ||
|
||
#### Create Mysql user and password | ||
For example: | ||
|
||
``` | ||
sudo mysql_secure_installation | ||
Switch to unix_socket authentication [Y/n] n | ||
Change the root password? [Y/n] y | ||
Remove anonymous users? [Y/n] y | ||
Disallow root login remotely? [Y/n] y | ||
Remove test database and access to it? [Y/n] y | ||
Reload privilege tables now? [Y/n] y | ||
``` | ||
|
||
### Run the librum-server | ||
Firstly you must edit `/etc/librum-server/librum-server.conf` and change the variables following the comments above them. | ||
|
||
Then you can run: | ||
|
||
``` | ||
sudo systemctl daemon-reload | ||
sudo systemctl start librum-server | ||
``` | ||
|
||
to start the service. | ||
|
||
<br> | ||
|
||
## Note | ||
- By default the server listens to 5000 (http) and (5001) https. You can chage it in the `/var/lib/librum-server/srv/appsettings.json` file. | ||
- The server stores its files at `/var/librum-server/data_storage` | ||
- Logs are written to `/var/librum-server/srv/Data` | ||
|
||
<br> | ||
|
||
## Configuration for the client application | ||
|
||
By default the Librum client application is set up to use the official servers. To connect it with your self-hosted server, you will need to edit `~/.config/Librum-Reader/Librum.conf` and set `selfHosted=true` and `serverHost` to your server's url (e.g. `serverHost=https://127.0.0.1:5001`).<br> | ||
If there is no file at `~/.config/Librum-Reader/Librum.conf`, make sure that you have ran the application at least once before for the settings files to be generated. | ||
<br> | ||
<br> | ||
To switch back to the official servers, set `selfHosted=false` and `serverHost=api.librumreader.com` | ||
|
||
<br> | ||
|
||
## Questions | ||
|
||
If you have any questions or run into problems which you can't solve, feel free to open an issue. |
Oops, something went wrong.