From: "Rémy Dernat" <remy.dernat@umontpellier.fr>
To: galene@lists.galene.org
Subject: [Galene] Re: Galene in Docker [was: ANNOUNCE: galene-0.6.2]
Date: Thu, 12 Jan 2023 19:08:15 +0100 [thread overview]
Message-ID: <410ea8f2-1981-8521-62bc-27f2cf5cb073@umontpellier.fr> (raw)
In-Reply-To: <20230112103442.14651e37@gato.skoll.ca>
[-- Attachment #1.1.1: Type: text/plain, Size: 2668 bytes --]
Hi,
My Galene server is running behind a Nginx RP for more than one year. I
attached my galene server configuration on nginx. It is really simple.
It needs a Let's encrypt certificate, but you may be able to do it with
ZeroSSL or whatever, or even in basic HTTP with no certs.
I have also a "/room" served from this php code :
https://github.com/remyd1/galene_room
You can remove this part safely if not needed.
- edit it and replace galene.example.tld with your FQDN
- put this in /etc/nginx/sites-available, and do a symlink to it from
/etc/nginx/sites-enabled
- test it with "nginx -t"
- if it is ok, it just should work as is after restarting the nginx
service.
However, I have a cron job for LE renewals; when certs are changing, you
may need to check permissions and reload your HTTP server (my server is
running under a "galene" user, so this user is using acl ({get,set}facl)
to access to /etc/letsencrypt [1][2]).
Best regards,
[1] in attachments, you can also find a galene.service file to put in
/etc/systemd/system/, then do "systemctl daemon-reload" (...) "systemctl
start galene" and an update bash script to update a galene server (my
galene source code is in /opt/galene-src and galene is installed in
~galene/...)
[2] To fix permissions after LE renewals, I have this in crontab
@weekly /root/crons/letsencrypt && /root/fix-perms.sh &&
/usr/bin/systemctl restart galene
with fix-perms.sh content :
#!/bin/bash
echo "Checking permissions..."
chown -R galene:galene ~galene
setfacl -R -m u:galene:rx /etc/letsencrypt/
for file in `ls /etc/letsencrypt/live/galene.example.tld/`
do
setfacl -m u:galene:r /etc/letsencrypt/live/galene.example.tld/$file
done
Le 12/01/2023 à 16:34, Dianne Skoll a écrit :
> On Thu, 12 Jan 2023 16:29:05 +0100
> Juliusz Chroboczek <jch@irif.fr> wrote:
>
>> I think we're agreeing: running Galene in a Docker container is
>> possible, but it's not as convenient as with traditional web apps. I
>> feel it's not worth the hassle, but reasonable people may disagree.
> If Galene were complicated to set up, that might argue for using
> Docker to reduce installation headaches... but it's a single
> executable with a pretty simple set of config files, so I don't see
> Docker buying much.
>
> Running behind an HTTP proxy, though, is very useful.
>
> Regards,
>
> Dianne.
> _______________________________________________
> Galene mailing list -- galene@lists.galene.org
> To unsubscribe send an email to galene-leave@lists.galene.org
--
Chef de projet SI CNRS
Equipe ISI
ISEM UMR5554
[-- Attachment #1.1.2: galene.conf --]
[-- Type: text/plain, Size: 1618 bytes --]
server {
listen 443 default_server ssl;
listen [::]:443 default_server ssl;
server_name galene.example.tld;
ssl_certificate /etc/letsencrypt/live/galene.example.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/galene.example.tld/privkey.pem;
location /room/api {
root /var/www/html;
deny all;
return 404;
}
location /room {
root /var/www/html;
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}
}
location /api {
root /var/www/html/room/;
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswdapi;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}
}
location / {
# Force usage of https
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
proxy_pass https://127.0.0.1:8443;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
[-- Attachment #1.1.3: galene.service --]
[-- Type: text/x-dbus-service, Size: 290 bytes --]
# /etc/systemd/system/galene.service
[Unit]
Description=Galene
After=network.target
[Service]
Type=simple
WorkingDirectory=/home/galene
User=galene
Group=galene
EnvironmentFile=/etc/default/galene
ExecStart=/home/galene/galene $ARGS
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
[-- Attachment #1.1.4: update-galene.sh --]
[-- Type: application/x-shellscript, Size: 1043 bytes --]
[-- Attachment #1.1.5: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 2327 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 495 bytes --]
next prev parent reply other threads:[~2023-01-12 18:08 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-11 18:57 [Galene] ANNOUNCE: galene-0.6.2 Juliusz Chroboczek
2023-01-11 19:20 ` [Galene] " Juliusz Chroboczek
2023-01-12 7:07 ` Fabrice Rouillier
2023-01-12 12:13 ` Juliusz Chroboczek
2023-01-12 12:18 ` Werner Fleck
2023-01-12 12:42 ` Juliusz Chroboczek
2023-01-12 13:55 ` Werner Fleck
2023-01-12 14:47 ` [Galene] Galene in Docker [was: ANNOUNCE: galene-0.6.2] Juliusz Chroboczek
2023-01-12 15:01 ` [Galene] " Werner Fleck
2023-01-12 15:29 ` Juliusz Chroboczek
2023-01-12 15:32 ` Fabrice Rouillier
2023-01-12 15:34 ` Dianne Skoll
2023-01-12 18:08 ` Rémy Dernat [this message]
2023-01-12 18:16 ` Dianne Skoll
2023-01-12 21:30 ` Juliusz Chroboczek
2023-01-15 21:16 ` Fabrice Rouillier
2023-01-27 9:11 ` Fabrice Rouillier
2023-01-27 11:50 ` Juliusz Chroboczek
2023-01-27 11:56 ` Fabrice Rouillier
2023-01-12 20:50 ` Fabrice Rouillier
2023-01-12 21:37 ` Juliusz Chroboczek
2023-01-12 15:18 ` [Galene] Re: ANNOUNCE: galene-0.6.2 Fabrice Rouillier
2023-01-12 17:00 ` Werner Fleck
2023-01-17 13:55 ` Werner Fleck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.galene.org/postorius/lists/galene.lists.galene.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=410ea8f2-1981-8521-62bc-27f2cf5cb073@umontpellier.fr \
--to=remy.dernat@umontpellier.fr \
--cc=galene@lists.galene.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox