Add New Page: You are not allowed to add pages Select section/namespace. New page title.
 

Ubuntu App Server Setup

This page describes the steps used to set up a server to host applications on a Commotion mesh. The device used was a headless mini “home server”, running Ubuntu Server 12.04.

The end result will be a server that hosts an etherpad-lite instance, IRC webchat, and Tidepools. These services will be available at https://etherpad.mesh, https://irc.mesh, and https://tidepools.mesh. Any HTTP (non-SSL) requests will be redirected to HTTPS, and each of the services will automatically be started at boot.

Installing Ubuntu Server 12.04 from USB (only relevant steps included):

  • Choose guided partitioning with encrypted LVM
  • Choose appropriate hostname, username, and password. In this example, I chose “AppServer” for the hostname and “oti” for the username.
  • Choose a long encryption passphrase (~25 characters is good).
  • Select the following servers to install:
    • OpenSSH
    • LAMP
    • Pick a MySQL root password
    • Choose GRUB to install to the Master Boot Record
  • Reboot, enter encryption passphrase, and login

Initial Setup & Installing Dependencies

  • Generate ssh keys using @ssh-keygen -t rsa -b 4096@, or copy pre-made ssh keys to @~/.ssh@ (and @chmod 600 ~/.ssh/id_rsa@)
  • sudo add-apt-repository ppa:chris-lea/node.js
    sudo apt-get update && sudo apt-get dist-upgrade -y
    sudo reboot
  • after reboot:
    sudo apt-get install nodejs npm git squid mercurial rsnapshot gzip git-core curl python libssl-dev pkg-config build-essential python-twisted python-twisted-bin python-twisted-core python-twisted-runner python-twisted-names python-twisted-mail python-twisted-words python-twisted-web python-zope.interface python-openssl make g++ python-software-properties abiword mongodb devscripts build-essential fakeroot olsrd olsrd-plugins php5 php-pear php5-dev openjdk-6-jdk openjdk-6-jre -y

Install IRC webchat server

  • From your home directory:
hg clone http://hg.qwebirc.org/qwebirc/
cd qwebirc
hg up -C stable
cp config.py.example config.py
  • At this point, I needed to use an external server to create an SSH tunnel to push through IRC traffic, since the event I was setting up the server for blocked traffic on IRC ports. Due to clarity, I will not include how to do that in this guide.
  • Edit @~/qwebirc/config.py@ to include the following lines:
IRCSERVER, IRCPORT = "irc.freenode.net", 6667
BASE_URL = "http://irc.mesh:82/"
NETWORK_NAME = "OTInet"
APP_TITLE = NETWORK_NAME + " OTI IRC client"
  • Substitute @irc.freenode.net@ for whatever IRC server you want it to connect to.
  • ./compile.py
    sudo ./run.py -i 0.0.0.0 -p 82

Install Etherpad-lite

cd
git clone git://github.com/ether/etherpad-lite.git
wget http://nodejs.org/dist/v0.8.10/node-v0.8.10-linux-x86.tar.gz
cd ~/etherpad-lite/
npm install sqlite3
cp settings.json.template settings.json
  • Modify the following lines in @settings.json@:
    • "dbType" : "sqlite",
      "dbSettings" : { 
      	"filename" : "var/etherpad.sqlite3" 
      	}, 
      "defaultPadText" : "Welcome to Etherpad Lite!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nEtherpad Lite on Github: http:\/\/j.mp/ep-lite\n",
    • Replace the value assigned to @defaultPadText@ to whatever you want the template of each new pad to be.
    • Optionally, you can set up etherpad to use accounts, including an admin account, if it fits your needs. Simply modify the relevant settings in @settings.json@.
  • bin/run.sh &

Install Tidepools

cd
sudo pecl install mongo-1.2.7
  • Insert the following line right under @[PHP]@ in @/etc/php5/apache2/php.ini@:
    • extension=mongo.so
  • sudo service apache2 restart
    git clone git://github.com/jrbaldwin/TidePools.git
    sudo mv ~/TidePools/* /var/www/
  • From here, you must create custom map tiles to use in Tidepools. Check out http://tidepools.co/ for documentation.

Install Squid reverse proxy

cd /usr/src
sudo su
apt-get source squid3
apt-get build-dep squid3 openssh openssl
cd squid3-<version>
  • …replacing @<version>@ with the relevant version number.
  • Add the following line to the @DEB_CONFIGURE_EXTRA_FLAGS@ section of @./debian/rules@:
  • --enable-ssl \
  • ./configure
    debuild -us -uc -b
    cd ..
    dpkg -i squid3_<version>_i386.deb squid3-common_<version>_all.deb
    exit
  • again, replacing @<version>@ with the relevant version number.
  • Set up SSL encryption for client-server communication:
  • Create a Certificate Authority to sign the certificate you will be creating:
    • Modify the following lines in @/etc/ssl/openssl.cnf@:
      • dir = /usr/revproxy/CertAuth
        private_key = $dir/private/cakey.pem
        default_keyfile = /usr/revproxy/CertAuth/private/cakey.pem
    • cd /usr
      sudo su
      mkdir revproxy; cd revproxy
      mkdir CertAuth; cd CertAuth
      mkdir certs; mkdir private
      chmod 700 private
      echo '01' > serial
      touch index.txt
      openssl req -x509 -newkey rsa:2048 -out cacert.pem -outform PEM -days 1000
      • At the prompts, enter passphrase and information for the certificate authority you are creating…in my opinion, the info isn't very important since you will only be signing your own certificate.
  • Create a certificate:
    • openssl req -newkey rsa:1024 -keyout revproxykey.pem -keyform PEM -out revproxyreq.pem -outform PEM -nodes
      • I used the following information for the certificate, but modify for your own purposes:
        • Country Name (2 letter code) [AU]:SP 
          State or Province Name (full name) [Some-State]:Barcelona 
          Locality Name (eg, city) []:IS4CWN 
          Organization Name (eg, company) [Internet Widgits Pty Ltd]:Open Technology Institute 
          Organizational Unit Name (eg, section) []:Commotion 
          Common Name (e.g. server FQDN or YOUR name) []:IS4CWN Commotion Mesh
          Email Address []:s2e@opentechinstitute.org 
          Please enter the following 'extra' attributes 
          to be sent with your certificate request 
          A challenge password []: 
          An optional company name []: 
    • mkdir newcerts 
      openssl ca -policy policy_anything -in revproxyreq.pem -out revproxycert.cert
      exit
  • Configure Squid:
  • Edit @/etc/squid3/squid.conf@ to include the following lines, in their respective sections of the configuration file:
    • acl tidepools_app dstdomain tidepools.mesh 
      acl etherpad_app dstdomain etherpad.mesh 
      acl irc_app dstdomain irc.mesh
      acl port80 myport 80 
      http_access deny port80 tidepools_app
      http_access deny port80 etherpad_app
      http_access deny port80 irc_app
      http_access allow tidepools_app 
      http_access allow etherpad_app 
      http_access allow irc_app
      http_port 80 vhost
      https_port 443 cert=/usr/revproxy/CertAuth/revproxycert.cert key=/usr/revproxy/CertAuth/revproxykey.pem vhost
      cache_peer 0.0.0.0 parent 81 0 no-query proxy-only originserver name=tidepools 
      cache_peer 0.0.0.0 parent 9001 0 no-query proxy-only originserver name=etherpad 
      cache_peer 0.0.0.0 parent 82 0 no-query proxy-only originserver name=irc
      cache_peer_domain tidepools tidepools.mesh 
      cache_peer_domain etherpad etherpad.mesh 
      cache_peer_domain irc irc.mesh
      deny_info https://tidepools.mesh/ tidepools_app
      deny_info https://etherpad.mesh/ etherpad_app
      deny_info https://irc.mesh/ irc_app
  • Configure Apache:
  • Edit @/etc/apache2/ports.conf@ to modify the following lines:
    • NameVirtualHost *:81 
      Listen 81
  • Edit the top line of @/etc/apache2/sites-enabled/000-default@ to be the following:
    • <VirtualHost *:81>
  • *
    sudo service apache2 restart
    sudo service squid3 restart