2023-01-03 22:25:40 -06:00
|
|
|
|
|
|
|
|
|
|
|
apt update
|
|
|
|
|
2023-10-08 18:00:33 -06:00
|
|
|
apt upgrade -y
|
2023-01-03 22:25:40 -06:00
|
|
|
|
|
|
|
localectl set-locale LANG=en_US.UTF-8 LANGUAGE="en_US:en"
|
|
|
|
|
|
|
|
vim /etc/environment
|
|
|
|
|
|
|
|
LANG=en_US.UTF-8
|
|
|
|
LC_ALL=en_US.UTF-8
|
|
|
|
|
|
|
|
locale-gen en_US.UTF-8
|
|
|
|
|
|
|
|
dpkg-reconfigure locales
|
|
|
|
|
|
|
|
hostnamectl set-hostname lectura.social
|
|
|
|
|
|
|
|
vim /etc/security/limits.conf
|
|
|
|
|
|
|
|
* soft nofile 20480
|
|
|
|
|
|
|
|
adduser bookwyrm
|
|
|
|
|
|
|
|
gpasswd -a bookwyrm sudo
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
sudo apt install python3-pip python3-venv python-is-python3
|
|
|
|
|
|
|
|
sudo pip3 install --upgrade pip wheel
|
|
|
|
|
|
|
|
sudo apt install vim libpq-dev postgresql redis nginx certbot git
|
|
|
|
|
|
|
|
|
2023-10-08 18:00:33 -06:00
|
|
|
sudo vim /etc/postgresql/14/main/pg_hba.conf
|
2023-01-03 22:25:40 -06:00
|
|
|
|
|
|
|
local all postgres trust
|
|
|
|
local all all scram-sha-256
|
|
|
|
|
2023-10-08 18:00:33 -06:00
|
|
|
sudo systemctl restart postgresql
|
2023-01-03 22:25:40 -06:00
|
|
|
|
2023-10-08 18:00:33 -06:00
|
|
|
CREATE ROLE bookwyrm WITH LOGIN ENCRYPTED PASSWORD 'Super_Secret';
|
2023-01-03 22:25:40 -06:00
|
|
|
|
|
|
|
CREATE DATABASE bookwyrm WITH OWNER bookwyrm;
|
|
|
|
|
|
|
|
ALTER USER bookwyrm WITH SUPERUSER;
|
|
|
|
|
|
|
|
ALTER USER bookwyrm WITH NOSUPERUSER;
|
|
|
|
|
|
|
|
|
|
|
|
sudo mkdir /opt/bookwyrm
|
|
|
|
sudo chown bookwyrm:bookwyrm /opt/bookwyrm
|
|
|
|
|
|
|
|
cd /opt/bookwyrm
|
|
|
|
|
|
|
|
git clone https://github.com/bookwyrm-social/bookwyrm.git ./
|
|
|
|
git config --global --add safe.directory /opt/bookwyrm
|
|
|
|
git checkout production
|
|
|
|
|
|
|
|
|
|
|
|
cp .env.example .env
|
|
|
|
|
|
|
|
python3 -m venv venv
|
|
|
|
|
|
|
|
source venv/bin/activate.fish
|
|
|
|
|
|
|
|
pip install --upgrade pip wheel
|
|
|
|
|
|
|
|
pip install -r requirements.txt
|
|
|
|
|
|
|
|
vim .env
|
|
|
|
|
|
|
|
|
|
|
|
python manage.py migrate
|
|
|
|
|
|
|
|
python manage.py initdb
|
|
|
|
|
|
|
|
python manage.py collectstatic --no-input
|
|
|
|
|
|
|
|
python manage.py admin_code
|
|
|
|
|
2023-10-08 18:00:33 -06:00
|
|
|
9dac9b40-c47e-4e56-a00f-0917979e3fd0
|
2023-01-03 22:25:40 -06:00
|
|
|
|
|
|
|
|
|
|
|
sudo systemctl stop nginx
|
|
|
|
|
|
|
|
sudo certbot register --agree-tos -m CORREO
|
|
|
|
|
|
|
|
sudo certbot certonly --standalone --preferred-challenges http-01 -d lectura.social
|
|
|
|
|
|
|
|
/etc/letsencrypt/live/lectura.social/fullchain.pem
|
|
|
|
/etc/letsencrypt/live/lectura.social/privkey.pem
|
|
|
|
|
|
|
|
openssl dhparam -dsaparam -out /etc/letsencrypt/ssl-dhparams.pem 4096
|
|
|
|
|
|
|
|
Crear el archivo "options-ssl-nginx.conf"
|
|
|
|
```
|
|
|
|
vim /etc/letsencrypt/options-ssl-nginx.conf
|
|
|
|
```
|
|
|
|
|
|
|
|
Con el siguiente contenido:
|
|
|
|
```
|
|
|
|
ssl_session_cache shared:le_nginx_SSL:10m;
|
|
|
|
ssl_session_timeout 1440m;
|
|
|
|
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
|
|
|
|
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA38";
|
|
|
|
|
|
|
|
add_header Strict-Transport-Security "max-age=63072000; preload";
|
|
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
|
|
add_header X-Content-Type-Options nosniff;
|
|
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
|
|
add_header Permissions-Policy interest-cohort=();
|
|
|
|
```
|
|
|
|
|
|
|
|
Crear el archivo "certbot.conf"
|
|
|
|
```
|
|
|
|
vim /etc/letsencrypt/certbot.conf
|
|
|
|
```
|
|
|
|
|
|
|
|
Con el siguiente contenido. Asegurate de reemplazar "social.elmau.net" por tu dominio.
|
|
|
|
```
|
|
|
|
ssl_certificate /etc/letsencrypt/live/social.elmau.net/fullchain.pem;
|
|
|
|
ssl_certificate_key /etc/letsencrypt/live/social.elmau.net/privkey.pem;
|
|
|
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
|
|
|
```
|
|
|
|
|
|
|
|
sudo rm /etc/nginx/sites-enabled/default
|
|
|
|
|
|
|
|
|
|
|
|
Reemplazar el contenido del archivo "nginx.conf"
|
|
|
|
```
|
|
|
|
vim /etc/nginx/nginx.conf
|
|
|
|
```
|
|
|
|
|
|
|
|
Por:
|
|
|
|
```
|
|
|
|
user www-data;
|
|
|
|
worker_processes auto;
|
|
|
|
worker_rlimit_nofile 20480;
|
|
|
|
pid /run/nginx.pid;
|
|
|
|
include /etc/nginx/modules-enabled/*.conf;
|
|
|
|
|
|
|
|
error_log /var/log/nginx/error.log warn;
|
|
|
|
|
|
|
|
events {
|
|
|
|
worker_connections 5120;
|
|
|
|
}
|
|
|
|
|
|
|
|
http {
|
|
|
|
include /etc/nginx/mime.types;
|
|
|
|
default_type application/octet-stream;
|
|
|
|
|
|
|
|
server_tokens off;
|
|
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
|
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
|
|
|
|
|
|
access_log /var/log/nginx/access.log main;
|
|
|
|
|
|
|
|
sendfile on;
|
|
|
|
tcp_nopush on;
|
|
|
|
types_hash_max_size 2048;
|
|
|
|
keepalive_timeout 60;
|
|
|
|
|
|
|
|
include /etc/nginx/sites-enabled/*.conf;
|
|
|
|
|
|
|
|
disable_symlinks off;
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
sudo cp nginx/production /etc/nginx/sites-available/lectura.social.conf
|
|
|
|
|
|
|
|
sudo vim /etc/nginx/sites-available/lectura.social.conf
|
|
|
|
|