From aa745257f9cff7f63f67d48783a2ee63ba3a1574 Mon Sep 17 00:00:00 2001 From: "Juan J. Martinez" Date: Sat, 27 Feb 2021 14:14:29 +0000 Subject: Added Gemini link and a Debian "how to" --- Deployment.md | 115 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 9 +++-- 2 files changed, 121 insertions(+), 3 deletions(-) create mode 100644 Deployment.md diff --git a/Deployment.md b/Deployment.md new file mode 100644 index 0000000..126dfdb --- /dev/null +++ b/Deployment.md @@ -0,0 +1,115 @@ +# Deploying SpaceBeans on Debian + +This is simple "how to" to deploy the service on a stock Debian installation. + +All commands need to be run as `root` user. + +(tip: `sudo -i` if you're using sudo) + +0. Install OpenJDK JRE headless: +``` +apt install openjdk-8-jre-headless +``` +(If Java 8 is not available, you can install 11 instead) + +1. Create a system user: +``` +groupadd spacebeans + +adduser --quiet \ + --system \ + --shell /usr/sbin/nologin \ + --home /nonexistent \ + --ingroup spacebeans \ + --no-create-home \ + --disabled-password \ + spacebeans +``` + +2. Copy the server's binary to `/opt/spacebeans/`: +``` +mkdir -p /opt/spacebeans +cd /opt/spacebeans +wget https://github.com/reidrac/spacebeans/releases/download/vVERSION/spacebeans-VERSION.jar +``` + +3. Create a certificate (optional, only if you don't have one already): +``` +cd /opt/spacebeans +keytool -genkey -keyalg RSA -alias ALIAS -keystore keystore.jks -storepass SECRET -noprompt -validity 36500 -keysize 2048 +chown spacebeans:spacebeans keystore.jks +chmod 0400 keystore.jks +``` + +When entering the certificate details, use the domain name as `CN`. + +In the configuration file provide the path to the keystore, the alias and the +secret used when generating the certificate. + +4. Prepare your `spacebeaans.conf` file. + +Put it in `/opt/spacebeans/`, with at least one virtual host. + +For example: +``` +virtual-hosts = [ + { + host = "*your domain*" + root = "/var/gemini/*your domain*" + index-file = "index.gmi" + + directory-listing = true + + key-store { + path = "/opt/spacebeans/keystore.jks" + alias = "*your domain*" + password = "*your secret*" + } + } +] +``` + +Ensure that the file has the right permissions: +``` +cd /opt/spacebeans +chown spacebeans:spacebeans spacebeans.conf +chmod 0400 spacebeans.conf +``` + +5. Create `/etc/systemd/system/spacebeans.service`: + +``` +[Unit] +Description=SpaceBeans Gemini Server +After=network.target + +[Service] +Type=simple +Restart=always +RestartSec=5 +User=spacebeans +ExecStart=/usr/bin/java -jar /opt/spacebeans/spacebeans-VERSION.jar -c /opt/spacebeans/spacebeans.conf + +[Install] +WantedBy=multi-user.target +``` + +Then start the service: +``` +systemctl start spacebeans.service +``` + +Check that it is up and running: +``` +systemctl status spacebeans.service +``` + +(should say "Active: active (running)") + +Then enable it so it starts after a reboot: +``` +systemctl enable spacebeans.service +``` + +And you're done! + diff --git a/README.md b/README.md index 8ef2491..dc250ca 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,8 @@ This is an experimental server for the [Gemini](https://gemini.circumlunar.space/) protocol. -It is built using [Scala](https://www.scala-lang.org/) and [Akka Streams](https://doc.akka.io/docs/akka/current/stream/index.html). The name tries to link the Gemini *theme* with the fact that the +It is built using [Scala](https://www.scala-lang.org/) and [Akka Streams](https://doc.akka.io/docs/akka/current/stream/index.html). +The name tries to link the Gemini *theme* with the fact that the server runs on the Java Virtual Machine. Some of the **SpaceBeans** features: @@ -18,6 +19,8 @@ Some of the **SpaceBeans** features: Check [CHANGES](CHANGES.md) to see what's new in the latest release. +If you have a Gemini browser, you can also visit: [gemini://capsule.usebox.net/spacebeans/](gemini://capsule.usebox.net/spacebeans/) + ## How to run it Download [the `jar` distribution file](https://github.com/reidrac/spacebeans/releases/) and install Java Runtime Environment 8 (or @@ -35,7 +38,7 @@ how to configure the service. ### Running it as a service -TODO: instructions with systemd or similar. +Check this document on [Deployment.md](how to deploy on Debian). ## On security @@ -58,7 +61,7 @@ Comment out the `key-store` section on your virtual host and you are done. You can generate a self signed certificate using Java's `keytool`: ``` -keytool -genkey -keyalg RSA -alias ALIAS -keystore keystore.jks -storepass SECRET -validity 36500 -keysize 2048 +keytool -genkey -keyalg RSA -alias ALIAS -keystore keystore.jks -storepass SECRET -noprompt -validity 36500 -keysize 2048 ``` When entering the certificate details, use the domain name as `CN`. -- cgit v1.2.3