Etherpad lite

Installation de paquets nécessaires

apt-get install gzip git curl python libssl-dev pkg-config build-essential

Installation de nodejs

curl -sL https://deb.nodesource.com/setup_12.x | bash -
apt-get install -y nodejs

Installation de mariadb

apt -y install software-properties-common gnupg2
add-apt-repository 'deb [arch=amd64] http://mariadb.mirror.liquidtelecom.comapt updatez/repo/10.4/debian buster main'
apt update
apt install mariadb-server mariadb-client
systemctl enable --now mariadb
mysql_secure_installation

Création de la base

Remplacez les valeurs etherpad_user et Str0n9Pas$worD par ceux de votre choix.

mysql -u root -p
CREATE DATABASE etherpad_db;
GRANT ALL PRIVILEGES ON etherpad_db.* TO etherpad_user@localhost IDENTIFIED BY 'Str0n9Pas$worD';
FLUSH PRIVILEGES;
EXIT;

Installation de etherpad-lite

useradd -m -s /bin/bash etherpad
su - etherpad
git clone --branch master https://github.com/ether/etherpad-lite.git
cd etherpad-lite/
bin/run.sh

Configuration

vim settings.json

Décommentez si nécessaire

  • Remplacez le champ ip par l’adresse privée que vous avez choisi.
"ip": "127.0.0.1",
"port": 9001,
  • Remplacez les champs user et password par ceux que vous avez choisi.
  "dbType" : "mysql",
  "dbSettings" : {
    "user":     "user",
    "host":     "localhost",
    "port":     3306,
    "password": "password",
    "database": "etherpad_db",
    "charset":  "utf8mb4"
  },

  • Remplacez les valeurs par ceux de votre choix.
  "users": {
    "admin": {
      // 1) "password" can be replaced with "hash" if you install ep_hash_auth
      // 2) please note that if password is null, the user will not be created
      "password": "changeme",
      "is_admin": true
    },
    "user": {
      // 1) "password" can be replaced with "hash" if you install ep_hash_auth
      // 2) please note that if password is null, the user will not be created
      "password": "changeme",
      "is_admin": false
    }
  },

Création de l’unité etherpad.service

  • /etc/systemd/system/etherpad.service
[Unit]
Description=etherpad-lite (real-time collaborative document editing)
After=syslog.target network.target

[Service]
Type=simple
User=etherpad
Group=etherpad
WorkingDirectory=/home/etherpad/etherpad-lite
Environment=NODE_ENV=production
ExecStart=/usr/bin/nodejs /home/etherpad/etherpad-lite/node_modules/ep_etherpad-lite/node/server.js -s /home/etherpad/etherpad-lite/settings.json
Restart=always # use mysql plus a complete settings.json to avoid Service hold-off time over, scheduling restart.

[Install]
WantedBy=multi-user.target

On démarre etherpad !

systemctl daemon-reload
systemctl enable --now etherpad.service

Le vhost sur votre conteneur etherpad

Modifier l’upstream et FQDN en conséquence.

upstream etherpad-lite {
    server 127.0.0.1:9001;
}

server {
    listen       80;
    server_name FQDN;

    # Allow normal files to pass through
    location ~ ^/(locales/|locales.json|admin/|static/|pluginfw/|javascripts/|socket.io/|ep/|minified/|api/|ro/|error/|jserror/|favicon.ico|robots.txt) {
            proxy_buffering off;
            proxy_pass http://etherpad-lite;
    }

    # Redirect to force /p/* URLs to the friendly version
    location /p/ {
            rewrite ^/p/(.*) /$1 redirect;
    }

    # Match the home page
    location ~ ^/$ {
            proxy_buffering off;
            proxy_pass http://etherpad-lite;
    }

    # Handle pad URLs here
    location / {
            proxy_buffering off;
            proxy_pass http://etherpad-lite/p/;
            proxy_redirect / /p/;
            proxy_pass_header Server;
    }
}

Le vhost sur votre rvprx

server {
    listen      80;
    server_name FQDN;
    return 301  https://FQDN$request_uri;
}

server {
    listen      443 ssl http2;
    server_name FDQN;

    ssl on;
    # Let's Encrypt:
    ssl_certificate     /etc/letsencrypt/live/FQDN/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/FQDN/privkey.pem;
    ssl_session_timeout  5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";

    # LOGS
    gzip on;
    access_log /var/log/nginx/FQDN_access.log;
    error_log  /var/log/nginx/FQDN_error.log;

    location / { 
       proxy_pass http://IP_PRIV;
       proxy_set_header Host $host;
       proxy_pass_header Server;
       # be carefull, this line doesn't override any proxy_buffering on set in a conf.d/file.conf
       proxy_buffering off;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $remote_addr;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header Host $host;  # pass the host header                                                   
       proxy_http_version 1.1;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection $connection_upgrade;

 }
}

# we're in the http context here
map $http_upgrade $connection_upgrade {
  default upgrade;
  ''      close;
}