Skip to content

Commit

Permalink
Merge pull request #8 from 3036662/PR_techSelection
Browse files Browse the repository at this point in the history 
Added self-hosting to Librum's Server
  • Loading branch information
@DavidLazarescu
DavidLazarescu authored Nov 4, 2023
2 parents 1ff952d + d06ae7f commit da0a1f9
Show file tree
Hide file tree
Showing 15 changed files with 773 additions and 33 deletions.
89 changes: 89 additions & 0 deletions self-hosting/librum-server.7
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
.TH librum-server

.SH NAME
.B librum-server
- the server for the Librum application


.SH DESCRIPTION
.B librum-server
is a server running as a service

.SH INSTALLATION
.TP
After installing the librum-server package
.RS
.B 1.
Install and configure the MariaDb or MySql service
.RS
.LP
.B a)
Edit /etc/mysql/mariadb.conf.d/50-server.cnf to set bind-address=127.0.0.1 and comment out the skip-networking option
.LP
.B b)
Restart MySql server - systemctl restart mysqld
.LP
.B c)
Run mysql and create a user for the mysql database. For example:
ALTER USER 'root'@'localhost' IDENTIFIED BY 'strongPassword123';
.RE

.LP
.B 2.
Edit the configuration file at /etc/librum-server/librum-server.conf
You must provide:
.RS
.LP
.B JWTValidIssuer
- Any string for key provider for example "myhomeKeyProvider"
.LP
.B JWTKey
- The secret key for JWT token generation (at least 20 symbols)
.LP
.B AdminEmail
- An admin email for seeding the database with an admin account on the first run
.LP
.B AdminPassword
- A password for the admin account (5 symbols minimum)
.LP
.B DBConnectionString
- The connection string for Mysql (or MariaDB)
for example "Server=127.0.0.1;port=3306;Database=my_database_name;Uid=mysql_user;Pwd=mysql_password;"
.LP
.B SMTPEndpoint
- The smtp server endpoint used for sending emails to confirm your account
.LP
.B SMTPUsername and SMTPPassword
- The username and password for your smtp server
.LP
.B SMTPMailFrom
- It is recommended to set this variable to be exactly the same email that you are using on your mail server
.LP
.B CleanUrl
- A clean url without ports, it will be used to build the "reset password link".
As an example, a server running on 127.0.0.1:5000 can be exposed to the web as https://myserver.com, so the CleanUrl would be https://myserver.com
.RE
.LP
.B 3.
Refresh the systemd services by running: systemctl daemon-reload
.LP
.B 4.
Run the server: systemctl start librum-server
.LP
.B 5.
Check status with: systemctl status librum-server
.RE
.LP
.B 6.
Configure your librum-reader app to launch using your server.
In ~/.config/librum-server/librum-server.conf set selfHosted to true and set serverHost to the servers url (e.g. https://127.0.0.1:5001)

.SH UNINSTALL
.TP
Delte the package and in ~/.config/librum-server/librum-server.conf, change selfHosted to false and serverHost to api.librumreader.com to switch back to the official servers.

.SH DIAGNOSTICS
.PP
The activity of server is logged to /var/lib/librum-server/srv/Data/Logs and journalctl.


31 changes: 31 additions & 0 deletions self-hosting/librum-server.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# Valid issuer for JWT Key - string
JWTValidIssuer="exampleIssuer"

# Secret key for JWT token generation (at least 20 symbols)
JWTKey="exampleOfALongSecretToken"

# An admin email for seeding the database with an admin account on the first run
AdminEmail="[email protected]"

# A password for the admin account (5 symbols minimum)
AdminPassword="strongPassword123"

# The connection string for Mysql (or MariaDB)
DBConnectionString="Server=127.0.0.1;port=3306;Database=my_database_name;Uid=mysql_user;Pwd=mysql_password;"

# The smtp server endpoint used for sending emails to confirm your account
SMTPEndpoint="smtp.example.com"

# The username and password for your smtp server
SMTPUsername="mailuser123"
SMTPPassword="smtpUserPassword123"

# It is recommended to set this variable to be exactly the same email that you are using on your mail server
SMTPMailFrom="[email protected]"

# A clean url without ports, it will be used to build the "reset password link".
# As an example, a server running on 127.0.0.1:5000 can be exposed to the web as https://myserver.com, so the CleanUrl would be https://myserver.com
CleanUrl="https://127.0.0.1"

# Your OpenAI api token - If left empty, all Ai services will simply be disabled
OpenAIToken=""
19 changes: 19 additions & 0 deletions self-hosting/librum-server.service
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
[Unit]
Description=Server for the Librum application

[Service]
WorkingDirectory=/var/lib/librum-server/srv
ExecStart=/var/lib/librum-server/srv/run.sh
User=librum-server
Restart=always
# Restart service after 10 seconds if the dotnet service crashes:
RestartSec=10
KillSignal=SIGINT
SyslogIdentifier=librum-server
Environment=ASPNETCORE_ENVIRONMENT=Production
Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false
Environment=LIBRUM_SELFHOSTED=true
EnvironmentFile=/etc/librum-server/librum-server.conf

[Install]
WantedBy=multi-user.target
4 changes: 4 additions & 0 deletions self-hosting/run.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
#!/bin/bash

cd /var/lib/librum-server/srv
dotnet Presentation.dll
203 changes: 203 additions & 0 deletions self-hosting/self-host-installation.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,203 @@
# Librum-Server
The build and deploy process was tested on Ubuntu 22.04. It should work on any other linux distribution, but the commands might need to be adjusted.

<br>

## Dependencies

You will need `dotnet`, `openssl` and `mariadb-server`.
<br>
<br>
To download dotnet7 follow: https://learn.microsoft.com/en-us/dotnet/core/install/linux (if you run into problems with the dotnet7 installation on ubuntu, this: https://stackoverflow.com/a/77059342 might help).
<br>
<br>
download the other packages via:
```
sudo apt install openssl mariadb-server
```
to install all dependencies.

<br>

## Build

To build the server, clone the repository and use `dotnet publish`

```
git clone https://github.com/Librum-Reader/Librum-Server.git
cd Librum-Server
dotnet restore
cd src/Presentation
dotnet publish -c Release -o build --no-restore --verbosity m
```

<br>

## Install
### Create a `librum-server` group and user

```
groupadd -r -f librum-server
sudo useradd -r -g librum-server -d /var/lib/librum-server --shell /usr/sbin/nologin librum-server
```

### Install the .service file for systemd

```
cd ../..
sudo install -d /etc/systemd/system/
sudo install self-hosting/librum-server.service -m660 /etc/systemd/system/
```

### Install the .conf file that contains the environment variables

```
sudo install -d /etc/librum-server/
sudo install -m660 self-hosting/librum-server.conf /etc/librum-server/
```

### Install the server

```
sudo mkdir -p /var/lib/librum-server/srv
sudo cp src/Presentation/build/* /var/lib/librum-server/srv --recursive
sudo chmod --recursive 660 /var/lib/librum-server/
sudo chmod 770 /var/lib/librum-server
sudo chmod 770 /var/lib/librum-server/srv
sudo install self-hosting/run.sh -m770 /var/lib/librum-server/srv
sudo chown --recursive librum-server /var/lib/librum-server/
```

### Install the manpage

```
mkdir -p /usr/share/man/man7
sudo install -m664 self-hosting/librum-server.7 /usr/share/man/man7
```

### Insall readme

```
sudo install -m664 self-hosting/self-host-installation.md /var/lib/librum-server/srv
```

### Create the SSL certificate for the server

```
KEYOUT=/var/lib/librum-server/srv/librum-server.key
CRTOUT=/var/lib/librum-server/srv/librum-server.crt
PFXOUT=/var/lib/librum-server/srv/librum-server.pfx
sudo /usr/bin/openssl req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes -keyout $KEYOUT -out $CRTOUT -subj "/CN=librum-server" -extensions v3_ca -extensions v3_req
sudo openssl pkcs12 -export -passout pass: -out $PFXOUT -inkey $KEYOUT -in $CRTOUT
sudo chown librum-server $PFXOUT
```

### Configure the server ports

Edit `/var/lib/librum-server/srv/appsettings.json` and change it to look like the following:

```
{
"Kestrel": {
"EndPoints": {
"Http": {
"Url": "http://127.0.0.1:5000"
},
"Https": {
"Url": "https://127.0.0.1:5001",
"Certificate": {
"Path": "librum-server.pfx"
}
}
}
},
"Logging": {
"LogLevel": {
"Default": "Warning",
"Microsoft.AspNetCore": "Warning"
}
},
"AllowedHosts": "*",
"AzureKeyVaultUri": "https://librum-keyvault.vault.azure.net/",
"IpRateLimiting": {
"EnableEndpointRateLimiting": true,
"StackBlockedRequests": false,
"RealIpHeader": "X-Real-IP",
"ClientIdHeader": "X-ClientId",
"HttpStatusCode": 429,
"GeneralRules": [
{
"Endpoint": "post:/api/register",
"Period": "15m",
"Limit": 6
}
]
}
}
```

<br>

## Run

### Install and configure MariaDB

Edit `/etc/mysql/mariadb.conf.d/50-server.cnf` (called differently on other linux distros e.g. `/etc/my.cnf.d/server.cnf` or `my.cnf`).

Set `bind-adress` to `127.0.0.1` and if a `skip-networking` section exists, comment it out by adding a `#` infront of it.

Then restart the mariaDB service:

```
systemctl restart mysqld
```

#### Create Mysql user and password
For example:

```
sudo mysql_secure_installation
Switch to unix_socket authentication [Y/n] n
Change the root password? [Y/n] y
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
```

### Run the librum-server
Firstly you must edit `/etc/librum-server/librum-server.conf` and change the variables following the comments above them.

Then you can run:

```
sudo systemctl daemon-reload
sudo systemctl start librum-server
```

to start the service.

<br>

## Note
- By default the server listens to 5000 (http) and (5001) https. You can chage it in the `/var/lib/librum-server/srv/appsettings.json` file.
- The server stores its files at `/var/librum-server/data_storage`
- Logs are written to `/var/librum-server/srv/Data`

<br>

## Configuration for the client application

By default the Librum client application is set up to use the official servers. To connect it with your self-hosted server, you will need to edit `~/.config/Librum-Reader/Librum.conf` and set `selfHosted=true` and `serverHost` to your server's url (e.g. `serverHost=https://127.0.0.1:5001`).<br>
If there is no file at `~/.config/Librum-Reader/Librum.conf`, make sure that you have ran the application at least once before for the settings files to be generated.
<br>
<br>
To switch back to the official servers, set `selfHosted=false` and `serverHost=api.librumreader.com`

<br>

## Questions

If you have any questions or run into problems which you can't solve, feel free to open an issue.
Loading

0 comments on commit da0a1f9

Please sign in to comment.