Simplify self-hosting guidelines
alex wennerberg alex@alexwennerberg.com
Sun, 31 Jan 2021 11:59:03 -0800
7 files changed,
34 insertions(+),
38 deletions(-)
M
README.md
→
README.md
@@ -7,39 +7,39 @@
See the flagship instance at https://flounder.online and gemini://flounder.online ## Building +Requirements: +go >= 1.15 +sqlite dev libraries -Requires go >= 1.15 and sqlite3 development libraries. - -`go build` - -To run locally, you can use the example-config.toml to start a test server. +To run locally, copy example-config.toml to flounder.toml, then run: -`./flounder -c example-config.toml serve` +`go run . serve` -After creating an account, you can activate it at the command line with: +Add the following to `/etc/hosts` (include any other users you want to create): -./flounder -c example-config.toml activate-user [your-username] +``` +127.0.0.1 flounder.local admin.flounder.local proxy.flounder.local +``` -## Deploying +## TLS Certs and Reverse Proxy Gemini TLS certs are handled for you. For HTTP, you'll need a reverse proxy that does the following for you: -1. Wildcard for \*.yourdomain.whatever +1. Cert for yourdomain.whatever +1. Wildcard cert for \*.yourdomain.whatever 2. On Demand cert for custom user domains -If you have a very small deployment <20 users, for example, you can use on demand cert for all domains, and don't have to setup a wildcard cert, for simplicity. +If you have a very small deployment of say, <100 users, for example, you can use on demand cert for all domains, and you can skip step 2. -I'm using Caddy. I haven't tested any other servers. - -I have not extensively tested the self-hosting capabilities, but making it easy to self-host Flounder for either a single or multi-user instance is a goal of mine. There may be minor issues where "flounder.online" is hardcoded, but I'm trying to fix them. Email me if you encounter issues or would like guidance. +However, for a larger deployment, you'll have to set up a wildcard cert. Wildcard certs are a bit of a pain and difficult to do automatically, depending on your DNS provider. For information on doing this via Caddy, you can follow this guide: https://caddy.community/t/how-to-use-dns-provider-modules-in-caddy-2/8148. -## Admin +For information on using certbot to manage wildcard certs, see this guide: https://letsencrypt.org/docs/challenge-types/#dns-01-challenge -To make yourself an admin, create a user through the web browser, then run `./flounder -c [config_path] make-admin [your user]` -- this gives you access to admin tools to manage users. +An example simple Caddyfile using on-demand certs is available in Caddyfile.example -Backup your users' data regularly! The admin deletion commands are irreversible. +If you want to host using a server other than Caddy, there's no reason you can't, but it may be more cumbersome to setup the http certs. -Flounder comes with an admin panel accessible to users with the admin db flag set. Admins can also impersonate users if you need to take actions like moderating their content, deleting their account, changing their password, etc. +You can run this locally by removing the port from the Host config ## Development
M
example-config.toml
→
example-config.toml
@@ -2,9 +2,11 @@ # Used in HTML templates and titles
SiteTitle="demoflounder" # Include port if running locally -Host="localhost:8165" +Host="flounder.local:8165" +# Running through reverse proxy +# Host="flounder.local" -# Set this depending on whether you want to run this service standalone or through a reverse proxy server +# Port to run on HttpPort=8165 # Folder containing subfolders for each user's files@@ -13,11 +15,6 @@ LogFile="./flounder.log"
# Gemini autogenerates self-signed certs GeminiCertStore="/tmp" - -# A wildcard TLS cert for HTTPS. -# Only required if HttpsEnabled=true -# TLSCertFile="./server.crt" -# TLSKeyFile="./server.key" # Optional SMTP -- to send notification emails to users on acct activation # SMTPServer = mail.goodsite.com:587
M
gmi2html.go
→
gmi2html.go
@@ -99,7 +99,3 @@ fmt.Fprint(&b, "</ul>\n")
} return b.String() } - -// Convert a Gemini link to a proxy link -func proxyLink() { -}
M
http.go
→
http.go
@@ -725,8 +725,12 @@ if domain != "" && domains[domain] != "" {
w.Write([]byte(domain)) return } + if domain == c.Host || strings.HasSuffix(domain, "."+c.Host) { + w.Write([]byte(domain)) + } http.Error(w, "Not Found", 404) } + func runHTTPServer() { log.Printf("Running http server with hostname %s on port %d.", c.Host, c.HttpPort) var err error@@ -745,7 +749,6 @@ serveMux := http.NewServeMux()
s := strings.SplitN(c.Host, ":", 2) hostname := s[0] - port := c.HttpPort serveMux.HandleFunc(hostname+"/", rootHandler) serveMux.HandleFunc(hostname+"/my_site", mySiteHandler)@@ -769,18 +772,17 @@ serveMux.HandleFunc(hostname+"/admin/user/", adminUserHandler)
wrapped := handlers.CustomLoggingHandler(log.Writer(), handlers.RecoveryHandler()(serveMux), logFormatter) - // handle user files based on subdomain + // handle user files based on subdomain or custom domains // also routes to proxy - serveMux.HandleFunc("proxy."+hostname+"/", proxyGemini) // eg. proxy.flounder.online + serveMux.HandleFunc("proxy."+hostname+"/", proxyGemini) serveMux.HandleFunc("/", userFile) // login+register functions srv := &http.Server{ ReadTimeout: 5 * time.Second, WriteTimeout: 10 * time.Second, IdleTimeout: 120 * time.Second, - Addr: fmt.Sprintf(":%d", port), - // TLSConfig: tlsConfig, - Handler: wrapped, + Addr: fmt.Sprintf(":%d", c.HttpPort), + Handler: wrapped, } log.Fatal(srv.ListenAndServe()) }
M
templates/header.html
→
templates/header.html
@@ -5,7 +5,7 @@ <head>
<meta charset="utf-8" /> <title>{{.Config.SiteTitle}}</title> <meta name="viewport" content="width=device-width" /> - <link rel="stylesheet" type="text/css" href="https://{{.Config.Host}}/style.css" /> + <link rel="stylesheet" type="text/css" href="//{{.Config.Host}}/style.css" /> <link rel="icon" href="data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22 viewBox=%220 0 100 100%22><text y=%22.9em%22 font-size=%2290%22>🐟</text></svg>"> </head> <body>