summaryrefslogtreecommitdiff
path: root/Deployment.md
blob: 4f3aea905f44a0b29036e873c2bb9c2849b89d7a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
# Deploying SpaceBeans on Debian

This is simple "how to" to deploy the service on a stock Debian installation.

All commands need to be run as `root` user.

(tip: `sudo -i` if you're using sudo)

0. Install OpenJDK JRE headless:
```
apt install openjdk-8-jre-headless
```
(If Java 8 is not available, you can install 11 instead)

1. Create a system user:
```
groupadd spacebeans

adduser --quiet \
        --system \
        --shell /usr/sbin/nologin \
        --home /nonexistent \
        --ingroup spacebeans \
        --no-create-home \
        --disabled-password \
        spacebeans
```

2. Copy the server's binary to `/opt/spacebeans/`:
```
mkdir -p /opt/spacebeans
cd /opt/spacebeans
# get the URL to the latest JAR from https://gitlab.com/reidrac/spacebeans/-/releases
wget URL/spacebeans-VERSION.jar
```

3. Create a certificate (optional, only if you don't have one already).

When entering the certificate details, use the domain name as `CN`.

```
cd /opt/spacebeans
keytool -genkey -keyalg RSA -alias ALIAS -keystore keystore.jks -storepass SECRET -noprompt -validity 36500 -keysize 2048
chown spacebeans:spacebeans keystore.jks
chmod 0400 keystore.jks
```

In the configuration file provide the path to the keystore, the alias and the
secret used when generating the certificate.

4. Prepare your `spacebeans.conf` file.

Put it in `/opt/spacebeans/`, with at least one virtual host.

For example:
```
virtual-hosts = [
    {
        host = "*your domain*"
        root = "/var/gemini/*your domain*"
        index-file = "index.gmi"

        directory-listing = true

        key-store {
            path = "/opt/spacebeans/keystore.jks"
            alias = "*your alias*"
            password = "*your secret*"
        }
    }
]
```

Ensure that the file has the right permissions:
```
cd /opt/spacebeans
chown spacebeans:spacebeans spacebeans.conf
chmod 0400 spacebeans.conf
```

5. Create `/etc/systemd/system/spacebeans.service`:

```
[Unit]
Description=SpaceBeans Gemini Server
After=network.target

[Service]
Type=simple
Restart=always
RestartSec=5
User=spacebeans
ExecStart=/usr/bin/java -jar /opt/spacebeans/spacebeans-VERSION.jar -c /opt/spacebeans/spacebeans.conf

[Install]
WantedBy=multi-user.target
```

Then start the service:
```
systemctl start spacebeans.service
```

Check that it is up and running:
```
systemctl status spacebeans.service
```

(should say "Active: active (running)")

Then enable it so it starts after a reboot:
```
systemctl enable spacebeans.service
```

And you're probably done!

6. Optionally, tidy up your logs.

The logs have redundant information when collected by systemd.

Create this file in `/opt/spacebeans/logback.xml`:
```
<configuration>
  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
    <encoder>
        <pattern>[%level] %message%n%xException{10}</pattern>
    </encoder>
  </appender>
  <logger name="net.usebox.gemini.server" level="INFO" />
  <root level="WARN">
    <appender-ref ref="STDOUT" />
  </root>
</configuration>
```

Change the `ExecStart` command in your service file to:
```
ExecStart=/usr/bin/java -Dlogback.configurationFile=/opt/spacebeans/logback.xml -jar /opt/spacebeans/spacebeans-VERSION.jar -c /opt/spacebeans/spacebeans.conf
```

Then restart the service:
```
systemctl restart spacebeans.service
```

This should make the logs nicer.