The server is now (tenuously) running, and serving pages via SSL!
[?]
Jun 9, 2015, 9:23 PM
XZLSHL4DE6B5OEJVXALEYXY5JY2EJYUL2SSUJEGMNX65Y6JRJJUACDependencies
- [2]
ZKJJVD2HFix aftok-server runit script permissions. - [3]
E2KOBKIJAdd setup script detailing the setup of the docker host. - [4]
PBD7LZYQPostgres & auth are beginning to function. - [5]
PGZJ736CUpdate aftok.cfg.example and revise INSTALL instructions - [6]
NZGH6W6Vadd cabal install cpphs step to docs to avoid thyme install failure - [7]
JEOPOOPTDockerfile now builds correctly. - [8]
DLZRD7VBAdd a preliminary, probably somewhat broken set of setup instructions. - [9]
QO4NFWIYAdded sample config file.
Change contents
- edit in INSTALL.md at line 28[4.752]→[4.752:828](∅→∅),[4.828]→[4.78:237](∅→∅),[4.237]→[4.1326:1327](∅→∅),[4.1326]→[4.1326:1327](∅→∅),[4.1327]→[4.238:330](∅→∅)
To start the server, you'll need to create an SSL X509 certificate that'sused for encryption of cookies. We're not currently taking advantage of this,since there's no browser-based UI, but without it the server will fail to start.openssl req -x509 -newkey rsa:2048 -keyout conf/key.pem -out conf/cert.pem -days 365 -nodes - replacement in INSTALL.md at line 67
sslCert = "/etc/aftok/cert.pem"siteKey = "/etc/aftok/key.pem"siteKey = "/etc/aftok/snap-site-key" - replacement in INSTALL.md at line 72
user = "quixotic"pass = "qdevel"db = "quixotic"user = "aftok"pass = ""db = "aftok" - replacement in conf/aftok.cfg.example at line 3
sslCert = "conf/cert.pem"siteKey = "conf/key.pem"siteKey = "/etc/aftok/snap-site-key" - replacement in conf/aftok.cfg.example at line 6
host = "localhost"host = "127.0.0.1" - replacement in conf/aftok.cfg.example at line 8
user = "postgres"pass = ""db = "testdb"user = "aftok"pass = "password"db = "aftok" - file addition: nginx.conf[3.1]
user www-data;worker_processes 4;pid /run/nginx.pid;events {worker_connections 768;# multi_accept on;}http {ssl_session_cache shared:SSL:10m;ssl_session_timeout 10m;server {listen 80;return 301 https://$host$request_uri;}server {listen 443;server_name aftok.com;ssl_certificate /etc/nginx/aftok.crt;ssl_certificate_key /etc/nginx/aftok.key;ssl on;ssl_session_cache builtin:1000 shared:SSL:10m;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;ssl_prefer_server_ciphers on;access_log /var/log/nginx/jenkins.access.log;location / {proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;# Fix the “It appears that your reverse proxy set up is broken" error.proxy_pass http://localhost:8000;proxy_read_timeout 90;proxy_redirect http://localhost:8000 https://aftok.com;}}} - edit in deploy/setup.sh at line 23
psql -h 127.0.0.1 -p 5432 -U aftok -W -f sql/aftok-pg.sql aftok - replacement in deploy/setup.sh at line 25
# SSL cert setupopenssl req -x509 -newkey rsa:2048 -keyout /opt/containers/aftok-server/key.pem -out /opt/containers/aftok-server/cert.pem -days 365 -nodes# start the snap application - replacement in deploy/setup.sh at line 28
mkdir -p /opt/containers/nginxdocker run --name aftok-nginx -v /opt/containers/nginx:/etc/nginx:ro --net="host" -d nginx# set up nginxmkdir -p /opt/containers/aftok-nginxcp aftok/deploy/nginx.conf /opt/containers/aftok-nginxopenssl req -x509 -newkey rsa:2048 -keyout /opt/containers/aftok-nginx/aftok.key -out /opt/containers/aftok-nginx/aftok.crt -days 365 -nodes - edit in deploy/setup.sh at line 33[3.1039]
# run nginx under dockerdocker run --name aftok-nginx -v /opt/containers/aftok-nginx:/etc/nginx:ro --net="host" -d nginx - replacement in scripts/create_user.sh at line 3
curl -v -H "Content-Type: application/json" -d '{"username":"nuttycom", "password":"kjntest", "email":"kris@quixoticcompany.com", "btcAddr":"1KamUn1BaRMd2HwikyQWGTdUvfPScg9QA5"}' http://localhost:8000/registerread -p "Username: " USERread -s -p "Password: " PASSechoread -p "Email: " EMAILread -p "BTC Address: " BTC_ADDRcurl -k -v -H 'Content-Type: application/json' -d "{\"username\":\"$USER\", \"password\":\"$PASS\", \"email\":\"$EMAIL\", \"btcAddr\":\"$BTC_ADDR\"}" 'https://localhost/register'