From 5ab84790d37d1e4c8bcb97e6ea3ab0a6810f3ae0 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Mon, 15 Aug 2022 09:21:48 +0200 Subject: [PATCH] Fix #1875 --- .../10.docs/my_webapp/app_my_webapp.md | 59 +++++++++++++++---- 1 file changed, 47 insertions(+), 12 deletions(-) diff --git a/pages/04.applications/10.docs/my_webapp/app_my_webapp.md b/pages/04.applications/10.docs/my_webapp/app_my_webapp.md index 1e55ed54..5e55e865 100644 --- a/pages/04.applications/10.docs/my_webapp/app_my_webapp.md +++ b/pages/04.applications/10.docs/my_webapp/app_my_webapp.md @@ -6,22 +6,57 @@ taxonomy: routes: default: '/app_my_webapp' --- +In addition to the [Readme_en.md](https://github.com/YunoHost-Apps/my_webapp_ynh/blob/testing/README_fr.md) of the application, here are some useful tips. -In addition to the application's [Readme.md](https://github.com/YunoHost-Apps/my_webapp_ynh/blob/testing/README.md), here are some useful tips. +## Automatic update of the site content. +The application creates a new user with limited rights: he can connect (with a password) in SFTP to access the `/var/www/my_webapp` folder (or `/var/www/my_webapp__` if there are several installations of this application). -## Automatic update of the site content +This configuration forces you to update the content of the site by hand, with a password login. +If you want to automate things, you need a connection option without a password to type (called "non-interactive"). -The application creates a new user with limited rights: it can connect (with a password) through SFTP to access the `/var/www/my_webapp` directory (or `/var/www/my_webapp__` if there are several installations of this application). +Here are the steps to do this: -This configuration requires updating the site content manually, with a password connection. +### On your computer +- Create a public/private key pair, on the client computer and WITHOUT putting a passphrase. (example for an RSA key `ssh-keygen -t rsa -b 4096`) -If you want to automate things, you need to be able to connect without typing a password (i.e. "non-interactive"). Here are the steps to follow to get there: -- Enable public key connection, in `/etc/ssh/sshd_config`, on the server -- Create a public/private key pair for your script on the "writing" computer - without a protective passphrase. -- Copy the public key to the server, in `/var/www/my_webapp(__#)/.ssh/authorized_keys` -- Set the user `my_webapp(__#)` as owner of the `authorized_keys` file and `www/` directory -- You can now connect without a password, with `sftp -b`, `lftp` or other SFTP clients. +>By default your keys are in `~/.ssh/your_key` for the private key and `~/.ssh/your_key.pub` for the public key. +- Open a terminal, +- Connect to your YunoHost server with SSH `ssh -p XXX admin@ndd` (`-p` is optional, if you have changed the default SSH port), +- Enable public key login, in `/etc/ssh/sshd_config` (if not already done), with the command `nano /etc/ssh/sshd_config`, +``` +PubkeyAuthentication yes +``` +- CTRL+X to save +- `sudo service sshd restart` to take over the new settings. -NB: The port number to use for the SFTP connection is the one used for the SSH, and configured in `/etc/ssh/sshd_config`. +- Switch to `root` via the command `sudo -i`, -This tip allows you to automatically update your site. For example, the makefile of the Pelican tool allows you to use `make ftp_upload`. +>WARNING: You now have full rights to your server. +- Create a `.ssh` folder in `/var/www/my_webapp(__#)` or `/var/www/my_webapp` (if your site is at the root of your ndd) (e.g. `mkdir /var/www/my_webapp/.ssh`), +- place yourself in this folder (e.g. `cd /var/www/my_webapp/.ssh`), +- Create an `authorized_keys` file via the `nano authorized_keys` command, +- Paste the contents of `your_key.pub` generated in step XX, +- Move to the `my_webapp` folder (`cd ./..` or `cd /var/www/my_webapp`), +- Enter the user `my_webapp` who owns the file and folder `chown -hR my_webapp .ssh`, +- Check with the following command `ls -l -a` you should get : +``` +root@ndd:/var/www/my_webapp# ls -l -a +total 16 +drwxr-x---+ 4 root root 4096 Jan 12 10:56 . +drwxr-xr-x+ 14 root root 4096 Jan 12 10:47 . +drwxr-xr-x 2 my_webapp root 4096 Jan 12 10:57 .ssh +drwxr-xr-x 2 my_webapp www-data 4096 Jan 12 10:47 www +``` +- Open another terminal and test the connection via the command `sftp -i ~/.ssh/your_cle -P XXXX my_webapp@ndd`. +``` +user@pc_client:~$ sftp -i ~/.ssh/your_cle -P XXXXX my_webapp@ndd +Debian GNU/Linux 11 +Connected to ndd. +sftp> +``` + +>The `-i` and `-P` options are not required if you have a single generated key and/or if your port is the default 22. +You can now connect without a password, with `sftp -b`, `lftp` or other SFTP clients. + +>NB: The port number to use for the SFTP connection is the one used for SSH, and configured in `/etc/ssh/sshd_config`. +This trick allows you to automatically update your site. For example, the Makefile for the Pelican tool allows you to use `make ftp_upload`.