4 - Technical documentation

Configuring tools for internal use

Configuring tools for internal use

Installed services on the Commons server

URL localisation langage BDD
cloud.co.tools (nextcloud) /var/www/cloud.co.tools php mysql
onlyoffice.co.tools docker    
login.lescommuns.org (Keycloak) /var/www/login.lescommuns.org java mysql
codimd.co.tools docker node.js mysql
weblate.co.tools docker python postgres
cryptpad.co.tools /var/www/cryptpad.co.tools node.js  
doc.co.tools (bookstack) /var/www/doc.co.tools php mysql
Configuring tools for internal use

Ubuntu server

Installing and configuring the Ubuntu server 16.04

Return to the list of tool configurations

Define a password for root user

ubuntu is the root user. The password can be useful in case SSH doesn't work any more, for recovery with VNC.

2
 
1
2

Mount the 2nd hard drive in /var/www

5
 
1
2
3
4
5

Remplacer l'UUID par celui donné par blkid pour /dev/sdb

2
 
1
2

Set Time zone

3
 
1
2
3
2
 
1
2

And restart the system or just MySQL : service mysql reload

Set Locale

sudo /usr/share/locales/install-language-pack fr_FR

Schedule server restart every month automaticaly

1
 
1

Add :

2
 
1
2

Security

Firewall

4
 
1
2
3
4

OSSEC

Newest version : https://github.com/ossec/ossec-hids/ (Server/Agent Unix)

2
 
1
2

if stops at ``

7
 
1
2
3
4
5
6
7
4
 
1
2
3
4

choose local (not server) enter email choose default for all others options

nano /var/ossec/etc/ossec.conf add :

2
 
1
2

And check email_to and email_from

nano /var/ossec/rules/local_rules.xml add :

17
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

Automaticaly add IP in white list

Source

  1. create approved_humhub_list and chmod 666 in order to apache to be able to edit this file :
2
 
1
2
  1. edit nano /var/ossec/etc/ossec.conf and in <rules></rules> add:
1
 
1
  1. service ossec restart
  2. In /var/ossec/rules/local_rules.xml, add:
5
 
1
2
3
4
5

id="100016" must be unique, change it if necessary ! 6. Update automaticaly /var/ossec/lists/approved_humhub_list.cdb every minutes adding this in root crontab:

1
 
1

Call this script in your website if current user is admin :

23
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

GUI

Newest version : https://github.com/ossec/ossec-wui/releases

9
 
1
2
3
4
5
6
7
8
9

choose www-data

2
 
1
2

http://serverIp/ossec

More details here

Fail2ban

3
 
1
2
3
27
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
1
 
1
5
 
1
2
3
4
5
2
 
1
2

Monitoring

2
 
1
2

Munin

3
 
1
2
3

Uncomment :

5
 
1
2
3
4
5

And replace email address

1
 
1

Replace :

4
 
1
2
3
4

By :

2
 
1
2
9
 
1
2
3
4
5
6
7
8
9

Go to http://IPAdress/munin If it doesn't work, create a Vhost in /etc/apache2/sites-available :

93
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

Monit

4
 
1
2
3
4
5
 
1
2
3
4
5
2
 
1
2

Got to http://IpAdress:2812

user 'admin' / password 'monit'

LAMP

Follow this documentation except the PHP paragraph

Install PHP7.1 (instead of 7.0 in Ubuntu 16.04)

8
 
1
2
3
4
5
6
7
8

Select 7.1 version

List enabled apache2 modules : apachectl -t -D DUMP_MODULES Enable URL rewriting module : a2enmod rewrite

nano /etc/php/7.1/apache2/php.ini :

7
 
1
2
3
4
5
6
7

session.gc_maxlifetime enables to stay connected 1 month

sudo nano /etc/apache2/apache2.conf (replace xxx.xxx.xxx.xxx by IP server address) : Add to the end of the file : ServerName xxx.xxx.xxx.xxx

1
 
1

A bug can make Apache crash. Workaround : nano /etc/logrotate.d/apache2 Replace reload with restart

PHP 5.6 (for Communect)

https://phpraxis.wordpress.com/2016/05/16/install-php-5-6-or-5-5-in-ubuntu-16-04-lts-xenial-xerus/

4
 
1
2
3
4

Optimize MySQL

1
 
1
3
 
1
2
3
2
 
1
2

More info

Changing values for Ubuntu 16.04

Report for optimization software

phpMyAdmin

https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-phpmyadmin-on-ubuntu-16-04 : use the same password for phpMyAdmin as for MySQL

Email

https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-ubuntu-16-04

1
 
1

Enter domain name here (ex : domain.ext)

1
 
1
4
 
1
2
3
4

Access to the server with authentication (SSH and SFTP)

On your local computer, if you don't already have, create a public (~/.ssh/id_rsa.pub) and a private key (~/.ssh/id_rsa) (give a long pass phrase), protect your private key, save the pass phrase to avoid typing it at each connexion and display your public key :

4
 
1
2
3
4

Add the public key on the distant server file ~/.ssh/authorized_keys by pasting it in a new line. Connect by SSH or SFTP : ssh web@83.166.144.90 or ssh ubuntu@83.166.144.90

If you want to create your keys in specific files :

2
 
1
2
3
 
1
2
3

www-data account

source

7
 
1
2
3
4
5
6
7

add

1
 
1
2
 
1
2

Add this line just before exit 0

1
 
1

IMPORTANT : Now, to write in /var/www as www-data user, you must use the web user and access /var/www threw /home/web/www

DNS

https://wiki.gandi.net/fr/dns/zone/a-record

and then

https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-16-04

SSL for HTTPS with Letsencrypt

source

6
 
1
2
3
4
5
6

Add : 15 3 * * * /usr/bin/certbot renew --quiet

To create a certificate to a domain (must be setup on apache2 with a2ensite /etc/apache2/sites-avalaible/domain.ext.conf; service apache2 reload;)

1
 
1

If doesn't work :

1
 
1

webroot is the folder where the website is installed

A new file is created : /etc/apache2/sites-available/domain.ext-le-ssl.conf

Node.Js

Each web app needs a specific version of Node.js. So create a new user for each web app and install Node.Js locally.

  1. Install NVM (Node version manager) : https://github.com/creationix/nvm#install-script
  2. edit the package.json file of the web app, look at the node version, and install node : nvm install 6.x.x; nvm use 6.x.x;. If you want the stable version : nvm install stable; nvm use stable;. LTS (recommanded) : nvm install --lts; nvm use --lts;
  3. Node.Js and NPM (Node Package Manager) will be installed

But if Node.js is executed by apache (using the system() or exec() command), Node.Js needs to be installed globally :

1
 
1

LDAP

Not finalized, to resume

Warning before apt-get install phpldapadmin ! Check afterwards weather apache server still works, otherwise you have to do an apt-get remove --purge apache2 then reinstall, add modules that are missing a2enmod and show the list ls /etc/apache2/mods-available/ , add sites-availables, reconfigure HTTPS

Warning : it will appear only at install, it is necessary to choose a subdomain not to interact with another site, but I'm not sure.

First create the subdomain under apache a2ensite ldap.make.social.conf and publish it in HTTPS : certbot --apache -d ldap.make.social

https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-openldap-and-phpldapadmin-on-ubuntu-16-04

If apache does not work anymore after the installation : https://support.plesk.com/hc/en-us/articles/213946305-Apache-crashes-on-reload-and-websites-show-502-Bad-Gateway-seg-fault-or-similar-nasty-error-detected-in-the-parent-process

local backups

HackMd

Note the postgress container ID :

1
 
1

Create a backup script in the file /var/www/backups/scripts/hackmd.sh :

12
 
1
2
3
4
5
6
7
8
9
10
11
12

Then schedule the daily backups of the database :

1
 
1

and add :

1
 
1

MongoDb

Create a backup script in the file /var/www/backups/scripts/mongodb.sh :

4
 
1
2
3
4

Then schedule the daily backups of the database :

1
 
1

and add :

1
 
1

Nextcloud and the other PHP/MySQL applications

20
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

Edit the file *.inc.php

sudo crontab -e :

5
 
1
2
3
4
5

Backups on the Hubic cloud server

  1. Create an account Hubic (we use the account contact@openappecosystem.cc)
  2. Create a folder called "backups"

On the server as root user :

  1. Install rclone
  2. Configure rclone for Hubic (leave blank "Hubic Client Id" and "Hubic Client Secret" and open to the URL asked at the end of the process in a second SSH terminal using elinks)
  3. crontab -e :
1
 
1

Interesting article if you want to encrypt backups : http://nogues.pro/blog/backup-hubic-duplicity-rsync.html

Copies of system files

su root; crontab -e :

6
 
1
2
3
4
5
6

su web; crontab -e :

6
 
1
2
3
4
5
6

sudo nano /etc/rc.local :

7
 
1
2
3
4
5
6
7

Increase partition size

If disk space has been increased with Infomaniak, the partition must be increased to the new size (check if partition system is XFS) :

1
 
1

Remove old kernels

8
 
1
2
3
4
5
6
7
8

List largest installed packages

1
 
1
Configuring tools for internal use

Keycloak

Configuring tools for internal use

CodiMD

Install and configuration of HackMd

Based on node.js

Installation with docker

Pre-requisites

https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-16-04

sudo apt install docker-compose

Installing docker

sudo su
mkdir /var/www/docker
cd /var/www/docker    
git clone https://github.com/hackmdio/docker-hackmd.git
cd docker-hackmd
docker-compose up

Configuring reverse proxy with apache :

ProxyPass / http://83.166.144.90:3000/
ProxyPassReverse / http://83.166.144.90:3000/
ProxyRequests Off
ProxyPreserveHost Off

Launch at machine startup

sudo nano /etc/rc.local

Add this line :

docker-compose -f /var/www/docker/docker-hackmd/docker-compose.yml up &

In short, my unsuccessful attempt to install without docker

To complete this notice : https://www.digitalocean.com/community/tutorials/how-to-install-node-js-on-ubuntu-16-04 And replace everything that is nvm install 6.0.0 then with 6.11.1 (not the latest version)

su ubuntu cd /var/www/wiki.communecter.org

git clone https://github.com/hackmdio/hackmd.git cd hackmd

sudo npm install -g node-gyp; sudo npm link node-gyp sudo npm install -g webpack; sudo npm link webpack sudo npm install -g common-chunks-webpack-plugin; sudo npm link common-chunks-webpack-plugin sudo npm install -g extract-text-webpack-plugin; sudo npm link extract-text-webpack-plugin sudo npm install -g i18n-webpack-plugin; sudo npm link i18n-webpack-plugin sudo npm install -g compression-webpack-plugin; sudo npm link compression-webpack-plugin sudo npm install -g html-webpack-plugin; sudo npm link html-webpack-plugin sudo npm install -g copy-webpack-plugin; sudo npm link copy-webpack-plugin

sudo ./bin/setup

nano config.json "domain": "test.make.social", "db": { "username": "hackmd", "password": "NSx^1SeT@byuTfYoOXBd", "database": "hackmd", "host": "localhost", "port": "3306", "dialect": "mysql"

NODE_ENV=production HMD_PROTOCOL_USESSL=true DEBUG=false HMD_ALLOW_ORIGIN=localhost,wiki.communecter.org,test.make.social HMD_DB_URL=mysql://localhost:3306/hackmd

sudo npm run build

sudo ufw allow 3000

sudo nodejs app.js

http://test.make.social:3000/

After that add it at server startup :

NODE_ENV=production HMD_PROTOCOL_USESSL=true DEBUG=false HMD_ALLOW_ORIGIN=localhost,wiki.communecter.org,test.make.social HMD_DB_URL=mysql://localhost:3306/hackmd nodejs /var/www/test.make.social/public_html/app.js


https://github.com/hackmdio/hackmd/issues/86


This is the Google cache of https://blog.matuni.xyz/archives/2017/05. This is a snapshot of the page as it was posted on May 10, 2017 07:45:36 GMT. The current page may have changed since that date. Learn more Version

Version intégraleVersion in text seulAfficher the sourceAstuce : For finding your search term on this page, press on Ctrl+F or on ⌘+F (Mac), then use the search bar. Archives may 2017 Set up Hackmd on its own server

Written by Mathias B. / 09 may 2017 / no comments
Hello to all,

I wrote this article "Block Notes" because I just finished installing Hackmd for Unixcorn, that by experience I know that it is not a simple software to install and that it will do a little documentation French (the origianl source of the translation is French).

Preparing the server for Hackmd

Here it will be what you want, a VPS (virtual private server), a container on your hypervisor or a similar dedicated server. Please note that once the installation is complete Hackmd does not consume very few resources. Two cores, 2 GB of RAM and a bit of bandwidth will be enough to meet its needs.

Here I created a non-privileged LXC container Debian 8 Jessie, on which I installed NodeJs.

Installation of NodeJs

To do this in the most comfortable way, it is good to go through the official deposits of the project. To do this launch this small script proposes :

curl -sL https://deb.nodesource.com/setup_7.x | bash -

It adds you the deposits, the signature key of the packages and reloads the cache. You just have to launch the installation :

apt install nodejs build-essential

For information the build-essential package is required for installing project dependencies which will be realized a little later.

Preparing the database

I use the PostgreSQL database server here. It runs on another container to which the, created previously, connects via a virtual local network. Let's create the necessary user, his database and assign him a password :

su - postgres psql CREATE USER hackmd; ALTER USER hackmd WITH PASSWORD 'tonsupermotdepasse'; CREATE DATABASE hackmd; \q

To allow access to this database through the network 26/5000 you must adapt the file pb_hba.conf by adding the following line :

host hackmd hackmd adresse.ip.de.hackmd/0 md5

Once done do not forget to relaunch PostgreSQL with a small :

service postgresql restart

Installing Dependencies

Hackmd's developer did it right, the installation itself is very simple. Clone the repository and run the installation script provided, which is summarized in the following steps :

git clone https://github.com/hackmdio/hackmd.git cd hackmd ./bin/setup

Configuring Hackmd

Here comes the time to put the nose in the configuration files. Edit the config.json file and make sure to fill in the following lines correctly :

"production": { "domain": "pad.unixcorn.org", "db": { "username": "hackmd", "password": "votresupermotdepasee", "database": "hackmd", "host": "adresse.ip.de.postgresql", "port": "5432", "dialect": "postgres" },

You should then note the environment variables needed to launch the NodeJs directives, here are the ones I use : NODE_ENV=production HMD_PROTOCOL_USESSL=true

Build and start of the server

We generate the assets with the following command :

NODE_ENV=production HMD_PROTOCOL_USESSL=true npm run build

The operation can take a long time depending on the hardware configuration of your machine, be patient. Once completed you can start the server with the following command :

NODE_ENV=production HMD_PROTOCOL_USESSL=true nodejs app.js

More than configuring your reverse proxy, here I would give the example of configuration of Nginx. Proxy Nginx

The following example takes into account a redirection to HTTPS by default, the integration of Let's Encrypt certificates provided by the acme.sh utility as well as advanced TLS settings (cyphers, HSTS (HTTP Strict Transport Security)...).

server {
  listen 80;
 listen [::]:80;
  server_name votresuper.nomdedomaine.lol;

  # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
  return 301 https://$host$request_uri;
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name votresuper.nomdedomaine.lol;

  # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
  ssl_certificate /root/.acme.sh/pad.unixcorn.org_ecc/fullchain.cer;
  ssl_certificate_key /root/.acme.sh/pad.unixcorn.org_ecc/pad.unixcorn.org.key;
  ssl_session_timeout 1d;
  ssl_session_cache shared:SSL:50m;
 ssl_session_tickets off;

  # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
  ssl_dhparam /etc/ssl/certs/dhparam.pem;

  # modern configuration. tweak to your needs.
  ssl_protocols TLSv1.2;
  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
  ssl_prefer_server_ciphers on;

  # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
  add_header Strict-Transport-Security max-age=15768000;

  # OCSP Stapling ---    # fetch OCSP records from URL in ssl_certificate and cache them
  ssl_stapling on;
  ssl_stapling_verify on;

  ## verify chain of trust of OCSP response using Root CA and Intermediate certs
  ssl_trusted_certificate /root/.acme.sh/pad.unixcorn.org_ecc/ca.cer;

  location / {
  proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header Host $http_host;
   proxy_set_header X-NginX-Proxy true;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "upgrade";
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header Host $host;
   proxy_http_version 1.1;
   proxy_pass http://votre.ip.serveur.hackmd:3000;
   proxy_cache_bypass $http_upgrade;
      proxy_redirect off;
  }
}

Test your configuration, reload it and pop its done!

Configuring tools for internal use

CryptPad

Source : https://github.com/xwiki-labs/cryptpad

CryptPad - Installation & configuration

Install

Source : https://github.com/xwiki-labs/cryptpad/wiki/Installation-guide

Adapt v0.33.6 with the number here

sudo su
mkdir /var/www/cryptpad.co.tools
mkdir /var/www/cryptpad.co.tools/home-user
adduser cryptpad --home /var/www/cryptpad.co.tools/home-user
chown -R cryptpad:cryptpad /var/www/cryptpad.co.tools
ufw allow 2016
su cryptpad
cd /var/www/cryptpad.co.tools
git clone https://github.com/xwiki-labs/cryptpad.git cryptpad
cd cryptpad
curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.6/install.sh | bash
nvm install --lts
npm install bower
npm install
bower install
cp config.example.js config.js

Edit config.js :

var domain = ' https://pad.co.tools/';
httpPort: 2016,
httpSafePort: 2017,
myDomain: 'pad.co.tools',
adminEmail: 'contact@communecter.org',

create start-server.sh file and make it executable :

#!/bin/bash
export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"  # This loads nvm bash_completion

cd /var/www/cryptpad.co.tools/cryptpad
node server &

sudo nano /etc/rc.local :

su cryptpad -c "/var/www/cryptpad.co.tools/cryptpad/start-server.sh" &

Install with docker

Source : https://hub.docker.com/r/arno0x0x/docker-cryptpad/

sudo su
ufw allow 2016
docker pull arno0x0x/docker-cryptpad
docker run -d -p 2016:3000 -v /var/www/cryptpad.co.tools/datastore/ arno0x0x/docker-cryptpad

Apache

Source : https://github.com/xwiki-labs/cryptpad/wiki/Apache

        ServerName pad.co.tools
        ServerAlias cryptopad.co.tools
        ServerAdmin webmaster@co.tools

        ProxyPass / http://83.166.144.90:2016/
        ProxyPassReverse / http://83.166.144.90:2016/
        ProxyRequests Off
        ProxyPreserveHost Off

        RewriteEngine on
        RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
        RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
        RewriteRule .* ws://83.166.144.90:2016%{REQUEST_URI} [P]
Configuring tools for internal use

Weblate

Install and configuration of Weblate

 

Docker install

Following steps in:

https://docs.weblate.org/en/latest/admin/deployments.html#docker

Steps done:

sudo su weblate
sudo mkdir /var/www/weblate.co.tools
cd /var/www/weblate.co.tools
git clone https://github.com/WeblateOrg/docker-compose.git weblate-docker
cd weblate-docker

echo "version: '2'
services:
  weblate:
    environment:
      - WEBLATE_EMAIL_HOST=smtp.co.tools
      - WEBLATE_EMAIL_HOST_USER=wave
      - WEBLATE_EMAIL_HOST_PASSWORD=pass
      - WEBLATE_SERVER_EMAIL=wave@communecter.org
      - WEBLATE_DEFAULT_FROM_EMAIL=wave@communecter.org
      - WEBLATE_ALLOWED_HOSTS=weblate.co.tools,localhost
      - WEBLATE_SITE_TITLE=Plateforme de traduction de Communecter
      - WEBLATE_ADMIN_PASSWORD=pass
      - WEBLATE_ADMIN_EMAIL=wave@communecter.org
      - WEBLATE_ADMIN_NAME="Administrateur"
      - WEBLATE_IP_PROXY_HEADER=HTTP_X_FORWARDED_FOR
      - WEBLATE_REGISTRATION_OPEN=1
      - WEBLATE_ENABLE_HTTPS=1
      - WEBLATE_SOCIAL_AUTH_GITLAB_KEY=application id
      - WEBLATE_SOCIAL_AUTH_GITLAB_SECRET=secret
      - WEBLATE_SOCIAL_AUTH_GITLAB_API_URL=https://weblate.co.tools/accounts/complete/gitlab/
" > docker-compose.override.yml

With values according to mail server.

And finally:

sudo docker-compose up

Configure apache : /etc/apache2/sites-enabled/weblate.co.tools.conf :

<VirtualHost *:80>
        ServerName weblate.co.tools
        ServerAdmin webmaster@make.social

        ProxyPass / http://localhost:10080/
        ProxyPassReverse / http://localhost:10080/
        ProxyRequests Off
        ProxyPreserveHost On

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Configure lets encrypt :

certbot --apache -d weblate.co.tools

Et on repasse sur les fichiers de conf Apache weblate.co.tools-le-ssl.conf :

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName weblate.co.tools
        ServerAdmin webmaster@make.social

        ProxyPass / http://localhost:10080/
        ProxyPassReverse / http://localhost:10080/
        ProxyRequests Off
        ProxyPreserveHost On

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        RequestHeader set X-Forwarded-Proto "https"


SSLCertificateFile /etc/letsencrypt/live/weblate.co.tools/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/weblate.co.tools/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Ainsi que : weblate.co.tools.conf

<VirtualHost *:80>
        ServerName weblate.co.tools
        ServerAdmin webmaster@make.social

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        Redirect permanent / https://weblate.co.tools/
</VirtualHost>

 

Weblate configuration (pixel-humain project)

In weblate, a project is made of components. Each component has one translation file per language. If your source code uses many files for a given language, you will have to create a new component for each file.

Hopefully, weblate has a Component discovery addon. Using this addon, Weblate automatically discovers sources files for a given language. To use this addon, you have to :

 

Gitlab configuration (co2-bot)

In weblate, when creating a new project, you have to create a first component to set the repository of the source code. You have to use two URLs : the source code repository, and the push repository. Select the main repository as the Source code Repository, and the fork repository as the Push URL.

On Gitlab :

  1. the weblate user is co2-bot. To use Weblate properly on Gitlab, you should fork the repo you want to integrate to Weblate using co2-bot user. For example co2-bot forked pixel-humain.
  2. set a webhook in the main repository to the weblate URL : https://weblate.co.tools/hooks/gitlab/

The workflow should be like below :

  1. As Developers, you will have to initialize empty translation files (with keys but no values). When you push to the source code repository, weblate will automatically pull the new files and update the translations accordingly.
  2. As Translators, you work on the translations. When you are ready, you can push to the push repository using Weblate interface.
  3. As Developers or Translators, when you have a major release, you should create a Merge Request between co2-bot fork repository and the main repository. Check the consistency of the files and do a squashed merge once you are ready.
Configuring tools for internal use

Nextcloud and Collabora online

Nextcloud and Collabora online installation & configuration

Prerequisite

Ubuntu 16.04 server + LAMP + sudo apt install smbclient

Installation of NextCloud

  1. Fetch Nextcloud
su web
mkdir ~/www/cloud.communecter.org
cd ~/www/cloud.communecter.org
wget https://download.nextcloud.com/server/releases/nextcloud-xxx.zip
unzip nextcloud-xxx.zip -d .
mv nextcloud/ public_html
mkdir data

Add the icons of external applications in nextcloud/apps/external/img which are in the zip file

  1. Configure apache

  2. Go to https://cloud.communecter.org to configure it

  3. Edit the file config/config.php :

array (
    0 => 'localhost',
    1 => 'cloud.communecter.org',
    2 => 'cloud.co.tools',
    3 => 'nextcloud.co.tools',
    4 => '83.166.144.90',
  ),

Installation of Collabora

Follow these instructions : https://nextcloud.com/collaboraonline/ Docker alternative : https://hub.docker.com/r/thedarkknight/libreoffice-online-unlimited/

Configure apache in /etc/apache2/site-availables :

    <VirtualHost *:80>
                        ServerName collabora.co.tools

                        SSLHonorCipherOrder     on

                        # Encoded slashes need to be allowed
                        AllowEncodedSlashes NoDecode

                        # Container uses a unique non-signed certificate
                        SSLProxyEngine On
                        SSLProxyVerify None
                        SSLProxyCheckPeerCN Off
                        SSLProxyCheckPeerName Off

                        # keep the host
                        ProxyPreserveHost On

                        # static html, js, images, etc. served from loolwsd
                        # loleaflet is the client part of LibreOffice Online
                        ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
                        ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

                        # WOPI discovery URL
                        ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
                        ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

                        # Main websocket
                        ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon

                        # Admin Console websocket
                        ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

                        # Download as, Fullscreen presentation and Image upload operations
                        ProxyPass           /lool https://127.0.0.1:9980/lool
                        ProxyPassReverse    /lool https://127.0.0.1:9980/lool
    </VirtualHost>

Fetch and launch docker (the option --restart always will cause the container to be added to service docker which is automatically launched at the start of the computer)

sudo su
docker pull collabora/code
ufw allow 9980
docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain=cloud\\.communecter\\.org\|cloud\\.openappecosystem\\.cc\|nextcloud\\.co\\.tools|cloud\\.co\\.tools|cloud\\.cosystem\\.cc' --restart always --cap-add MKNOD collabora/code

Then, in the web interface of NextCloud, add the application Collabora and configure it by giving the server address : https://collabora.co.tools

Configuring tools for internal use

GitBook

With a cron, update the gitbook from the github wiki + a script to make the necessary conversions

Start reading page "Contribute to the documentation"

If necessary : GitBook Toolchain Documentation

Installation and configuration : https://gitlab.com/funkycram/git-wiki-to-gitbook

Configuring tools for internal use

BookStack

Installation

https://www.bookstackapp.com/docs/admin/installation/ : manual installation

Update

https://www.bookstackapp.com/docs/admin/updates

Export pdf

Documentation

Mise en place

dans le fichier .env, j'ai du paramétrer memcached comme expliqué ici : https://www.bookstackapp.com/docs/admin/cache-session-config/

CACHE_DRIVER=memcached
SESSION_DRIVER=memcached

and

php artisan config:cache
php artisan config:clear

Bug "page expired"

Toujours un souci de cache ! Du coup j'ai remplacé memcached par database et ça marche !

Configuring tools for internal use

Dialoguea (Obsolete)

Dialoguea : installation

GitHub repository

requirements

system

sudo su
apt install -y libvips-dev libgsf-1-dev
wget http://dl.google.com/closure-compiler/compiler-latest.tar.gz
tar zxvf compiler-latest.tar.gz
mv closure-compiler-v20170910.jar /usr/share/java/build/compiler.jar
rm compiler-latest.tar.gz

Create a specific user

In order to have a specific version for Dialoguea, we create a specific user for it. Replace DIR by the home directory you want :

sudo adduser dialoguea --home DIR
sudo su dialoguea

node.js

nvm install 6.9.4

extra npm packages

npm install -g bower nodemon grunt-cli grunt-closure-compiler
npm install grunt --save-dev
npm install babel fs-extra grunt-contrib-concat

Install

git clone https://github.com/ForumDebats/dialoguea.git
cd dialoguea
npm install
bower install
echo "my53CR3Tkey" > key.pub
cd scripts; ./install-tinyup.sh; cd -;
cd tinymce/plugins/upimage
mv plugin.min.js.off plugin.min.js
cd -

grunt

Create the minimified files in public/css (https://www.minifier.org/) :

configure SITE and SMTP in settings.js (for the provider, just add the name : e.g. if your SMTP is smtp.mailgun.com, write mailgun)

Allow 2015 port in firewall, add an admin user and launch the server :

sudo ufw allow 2015
npm run adduser
npm run dev

On the web browser, sign in and create a public group

Update

git pull && grunt

bug or feature requests ?

https://github.com/ForumDebats/dialoguea/issues

Make the node.js server start when Ubuntu server starts:

Create the file start-server.sh containing (adapt the cd line) :

#!/bin/bash
export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"  # This loads nvm bash_completion

cd /var/www/dialoguea
npm run dev &

sudo nano /etc/rc.local :

su dialoguea -c "/var/www/dialoguea/start-server.sh" &
Configuring tools for internal use

Wiki.JS (Obsolete)

Wiki.Js install & configuration

official website

based on Node.js

Install as an ubuntu user by following official documentation

Configure the port in config.yml :

title: WikiJS
host: 'https://wikijs.communecter.org'
port: 3003

And the reverse proxy for apache :

        ProxyPass / http://83.166.144.90:3003/
        ProxyPassReverse / http://83.166.144.90:3003/
        ProxyRequests Off
        ProxyPreserveHost Off

If there is a bug, the command to restart the server is node wiki reload

Replace files in assets with those in this zip file

Edit the file app.js and add the following CSS code just before the 1st character \ de \n\n/*# sourceMappingURL=app.scss.map :

    .nav-left{overflow-x: hidden} .nc-icon-outline.ui-2_layers::before {content: ""; width: 36px; display: block;} a.nav-item {background-image: url("/images/logo-30-36.png");background-repeat: no-repeat;background-position: 10px center;}  .nav-item h1 {font-size: 24px; margin-top: 8px;} .nav.is-indigo .control input[type="text"]:placeholder-shown {color: #e8eaf6}#search-input::-webkit-input-placeholder { color: #e8eaf6 !important; } #search-input:-moz-placeholder { color: #e8eaf6 !important; opacity:  1;}#search-input::-moz-placeholder {color: #e8eaf6 !important;opacity: 1;}#search-input:-ms-input-placeholder {color: #e8eaf6 !important;}#search-input::-ms-input-placeholder {color: #e8eaf6 !important;}#search-input::placeholder {color: #e8eaf6 !important;} .mkcontent a {color: #1976d2; text-decoration: none;} .mkcontent a:hover {text-decoration: underline;} .mkcontent h3 {color: #004d40}

And replace all :