From a39b229325c1cfa50288948aa8f867d5d2bfd0b8 Mon Sep 17 00:00:00 2001 From: silverpill Date: Sat, 30 Apr 2022 16:04:01 +0000 Subject: [PATCH] Add installation instructions to readme --- README.md | 28 ++++++++++++++++++++++++++- contrib/mitra.nginx | 45 +++++++++++++++++++++++++++++++++++++++++++ contrib/mitra.service | 20 +++++++++++++++++++ 3 files changed, 92 insertions(+), 1 deletion(-) create mode 100644 contrib/mitra.nginx create mode 100644 contrib/mitra.service diff --git a/README.md b/README.md index f44724d..28efff6 100644 --- a/README.md +++ b/README.md @@ -22,11 +22,37 @@ Matrix chat: [#mitra:halogen.city](https://matrix.to/#/#mitra:halogen.city) ## Requirements -- Rust 1.54+ +- Rust 1.54+ (when building from source) - PostgreSQL 12+ - IPFS node (optional, see [guide](./docs/ipfs.md)) - Ethereum node (optional) +## Installation + +### Building from source + +Run: + +``` +cargo build --release +``` + +This command will produce two binaries in `target/release` directory, `mitra` and `mitractl`. + +Create a database and a configuration file (see [example](./config.yaml.example)). + +When starting Mitra, set the value of `ENVIRONMENT` variable to `production` and specify the path to configuration file with `CONFIG_PATH`: + +``` +ENVIRONMENT=production CONFIG_PATH=/etc/mitra/config.yaml mitra +``` + +An HTTP server will be needed to handle HTTPS requests and serve the frontend. See the example of [nginx configuration file](./contrib/mitra.nginx). + +Building instructions for `mitra-web` frontend can be found at https://codeberg.org/silverpill/mitra-web#project-setup. + +To run Mitra as a systemd service, check out the [systemd unit file example](./contrib/mitra.service). + ## Development ### Create database diff --git a/contrib/mitra.nginx b/contrib/mitra.nginx new file mode 100644 index 0000000..9e56151 --- /dev/null +++ b/contrib/mitra.nginx @@ -0,0 +1,45 @@ +server { + server_name example.tld; + + listen 80; + listen [::]:80; + + location / { + return 301 https://$server_name$request_uri; + } +} + +server { + server_name example.tld;; + + listen 443 ssl http2; + listen [::]:443 ssl http2; + + ssl_certificate /etc/letsencrypt/live/example.tld/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/example.tld/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/example.tld/chain.pem; + + ssl_session_timeout 1d; + ssl_session_cache shared:MozSSL:10m; # about 40000 sessions + ssl_session_tickets off; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + ssl_prefer_server_ciphers off; + + ssl_stapling on; + ssl_stapling_verify on; + + location / { + # Frontend + root /usr/share/mitra/www; + try_files $uri /index.html; + } + + location ~ ^/(actor|api|contracts|feeds|media|nodeinfo|oauth|objects|users|.well-known) { + # Backend + proxy_pass http://127.0.0.1:8383; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $remote_addr; + } +} diff --git a/contrib/mitra.service b/contrib/mitra.service new file mode 100644 index 0000000..28ee5f9 --- /dev/null +++ b/contrib/mitra.service @@ -0,0 +1,20 @@ +[Unit] +Description=Mitra Server +After=postgresql.service +Requires=postgresql.service + +[Service] +ExecStart=/usr/bin/mitra +WorkingDirectory=/var/lib/mitra +Environment="ENVIRONMENT=production" +Environment="CONFIG_PATH=/etc/mitra/config.yaml" +User=mitra +Group=mitra + +PrivateTmp=true +ProtectSystem=full +ProtectHome=true +NoNewPrivileges=true + +[Install] +WantedBy=multi-user.target