Merge pull request #2069 from YunoHost/#1875

Fix #1875
This commit is contained in:
Éric Gaspar 2022-08-15 09:23:01 +02:00 committed by GitHub
commit 40355bebbb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -6,22 +6,57 @@ taxonomy:
routes: routes:
default: '/app_my_webapp' default: '/app_my_webapp'
--- ---
In addition to the [Readme_en.md](https://github.com/YunoHost-Apps/my_webapp_ynh/blob/testing/README_fr.md) of the application, here are some useful tips.
In addition to the application's [Readme.md](https://github.com/YunoHost-Apps/my_webapp_ynh/blob/testing/README.md), here are some useful tips. ## Automatic update of the site content.
The application creates a new user with limited rights: he can connect (with a password) in SFTP to access the `/var/www/my_webapp` folder (or `/var/www/my_webapp__<numero>` if there are several installations of this application).
## Automatic update of the site content This configuration forces you to update the content of the site by hand, with a password login.
If you want to automate things, you need a connection option without a password to type (called "non-interactive").
The application creates a new user with limited rights: it can connect (with a password) through SFTP to access the `/var/www/my_webapp` directory (or `/var/www/my_webapp__<number>` if there are several installations of this application). Here are the steps to do this:
This configuration requires updating the site content manually, with a password connection. ### On your computer
- Create a public/private key pair, on the client computer and WITHOUT putting a passphrase. (example for an RSA key `ssh-keygen -t rsa -b 4096`)
If you want to automate things, you need to be able to connect without typing a password (i.e. "non-interactive"). Here are the steps to follow to get there: >By default your keys are in `~/.ssh/your_key` for the private key and `~/.ssh/your_key.pub` for the public key.
- Enable public key connection, in `/etc/ssh/sshd_config`, on the server - Open a terminal,
- Create a public/private key pair for your script on the "writing" computer - without a protective passphrase. - Connect to your YunoHost server with SSH `ssh -p XXX admin@ndd` (`-p` is optional, if you have changed the default SSH port),
- Copy the public key to the server, in `/var/www/my_webapp(__#)/.ssh/authorized_keys` - Enable public key login, in `/etc/ssh/sshd_config` (if not already done), with the command `nano /etc/ssh/sshd_config`,
- Set the user `my_webapp(__#)` as owner of the `authorized_keys` file and `www/` directory ```
- You can now connect without a password, with `sftp -b`, `lftp` or other SFTP clients. PubkeyAuthentication yes
```
- CTRL+X to save
- `sudo service sshd restart` to take over the new settings.
NB: The port number to use for the SFTP connection is the one used for the SSH, and configured in `/etc/ssh/sshd_config`. - Switch to `root` via the command `sudo -i`,
This tip allows you to automatically update your site. For example, the makefile of the Pelican tool allows you to use `make ftp_upload`. >WARNING: You now have full rights to your server.
- Create a `.ssh` folder in `/var/www/my_webapp(__#)` or `/var/www/my_webapp` (if your site is at the root of your ndd) (e.g. `mkdir /var/www/my_webapp/.ssh`),
- place yourself in this folder (e.g. `cd /var/www/my_webapp/.ssh`),
- Create an `authorized_keys` file via the `nano authorized_keys` command,
- Paste the contents of `your_key.pub` generated in step XX,
- Move to the `my_webapp` folder (`cd ./..` or `cd /var/www/my_webapp`),
- Enter the user `my_webapp` who owns the file and folder `chown -hR my_webapp .ssh`,
- Check with the following command `ls -l -a` you should get :
```
root@ndd:/var/www/my_webapp# ls -l -a
total 16
drwxr-x---+ 4 root root 4096 Jan 12 10:56 .
drwxr-xr-x+ 14 root root 4096 Jan 12 10:47 .
drwxr-xr-x 2 my_webapp root 4096 Jan 12 10:57 .ssh
drwxr-xr-x 2 my_webapp www-data 4096 Jan 12 10:47 www
```
- Open another terminal and test the connection via the command `sftp -i ~/.ssh/your_cle -P XXXX my_webapp@ndd`.
```
user@pc_client:~$ sftp -i ~/.ssh/your_cle -P XXXXX my_webapp@ndd
Debian GNU/Linux 11
Connected to ndd.
sftp>
```
>The `-i` and `-P` options are not required if you have a single generated key and/or if your port is the default 22.
You can now connect without a password, with `sftp -b`, `lftp` or other SFTP clients.
>NB: The port number to use for the SFTP connection is the one used for SSH, and configured in `/etc/ssh/sshd_config`.
This trick allows you to automatically update your site. For example, the Makefile for the Pelican tool allows you to use `make ftp_upload`.