IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2026-03-01 12:44:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
gradido/deployment/hetzner_cloud/README.md
einhornimmond a3f46fa011 add error description
2025-12-06 11:01:47 +01:00

165 lines
5.0 KiB
Markdown
Raw Blame History

# Migration
[Migration from 2.2.0 to 2.2.1](migration/2_2_0-2_2_1/README.md)
# Key Pair
It is recommended to create a new ssh key pair for your gradido server.
You can create it with this command:
```bash
ssh-keygen -t ed25519 -C "your_email@example.com"
```
**Reason**: We recommend `ed25519` because it provides strong security with smaller key sizes, faster performance, and resistance to known attacks, making it more secure and efficient than traditional RSA keys.
# Setup on Hetzner Cloud Server
Suggested OS:
Debian 12
For Hetzner Cloud Server a cloud config can be attached, which will be run before first start
https://community.hetzner.com/tutorials/basic-cloud-config/de
https://cloudinit.readthedocs.io/en/latest/reference/examples.html
You can use our [cloudConfig.yaml](./cloudConfig.yaml) but you must insert you own ssh public key,
like this:
```yaml
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAkLGbzbG7KIGfkssKJBkc/0EVAzQ/8vjvVHzNdxhK8J yourname
```
I made a (german) video to show it to you (video is older, cloudConfig.yaml differ):
[![Video](https://img.youtube.com/vi/fORK3Bt3lPw/hqdefault.jpg)](https://www.youtube.com/watch?v=fORK3Bt3lPw)
## After Setup Cloud Server with cloudConfig.yaml
### setup your domain pointing on server ip address
### login to your new server as root
```bash
ssh -i ~/.ssh/id_ed25519 root@gddhost.tld
```
### Set password for user `gradido`
```bash
$ passwd gradido
# enter new password twice
```
### Switch to the new user
```bash
su gradido
```
### Test authentication via SSH
If you logout from the server you can test authentication:
```bash
$ ssh -i ~/.ssh/id_ed25519 gradido@gddhost.tld
# This should log you in and allow you to use sudo commands, which will require the user's password
```
### Disable password root login via ssh
```bash
sudo sed -i -e '/^\(#\|\)PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config.d/ssh-hardening.conf
sudo sed -i '$a AllowUsers gradido' /etc/ssh/sshd_config.d/ssh-hardening.conf
sudo /etc/init.d/ssh restart
```
### Test SSH Access only, no root ssh access
```bash
$ ssh gradido@gddhost.tld
# Will result in in either a passphrase request for your key or the message 'Permission denied (publickey)'
$ ssh -i ~/.ssh/id_ed25519 root@gddhost.tld
# Will result in 'Permission denied (publickey)'
$ ssh -i ~/.ssh/id_ed25519 gradido@gddhost.tld
# Will succeed after entering the correct keys passphrase (if any)
```
### Install `Gradido` code
`latest` is a tag pointing on last stable release
```bash
cd ~
git clone https://github.com/gradido/gradido.git --branch latest --depth 1
```
### Adjust the values in `.env`
***!!! Attention !!!***
*Don't forget this step!
All your following installations in `install.sh` will fail!*
*Notes:*
- *`;` cannot be part of any value!*
- *The GitHub secret is created on GitHub in Settings -> Webhooks.*
#### Create `.env` and set values
```bash
cd ~/gradido/deployment/bare_metal
cp .env.dist .env
nano .env
```
For a minimal setup you need at least to change this values:
```env
COMMUNITY_NAME="Your community name"
COMMUNITY_DESCRIPTION="Short Description from your Community."
# your domain name, without protocol (without https:// or http:// )
# domain name should be configured in your dns records to point to this server
# hetzner_cloud/install.sh will be acquire a SSL-certificate via letsencrypt for this domain
COMMUNITY_HOST=gddhost.tld
# setup email account for sending gradido system messages to users
EMAIL_USERNAME=peter@lustig.de
EMAIL_SENDER=peter@lustig.de
EMAIL_PASSWORD=1234
EMAIL_SMTP_HOST=smtp.lustig.de
```
### Run `install.sh` with branch or tag name
***!!! Attention !!!***
Don't use this script if you have custom config in /etc/nginx/conf.d, because this script
will remove it and ln ../bare_metal/nginx/conf.d
```bash
cd ~/gradido/deployment/hetzner_cloud
sudo ./install.sh latest
```
I made a (german) video to show it to you (video is older, output will differ):
[![Video](https://img.youtube.com/vi/9h-55Si6bMk/hqdefault.jpg)](https://www.youtube.com/watch?v=9h-55Si6bMk)
### Make yourself admin
- Create an account on your new gradido instance
- Click the link in the activation email
- go back to your ssh session and copy this command
```bash
sudo mysql -D gradido_community -e "insert into user_roles(user_id, role) values((select id from users order by id desc limit 1), 'ADMIN');"
```
- it will make last registered user admin
- login with you newly created user
- if you has a link to `Admin Area` it worked and you are admin
I made a (german) video to show it to you:
[![Video](https://img.youtube.com/vi/xVQ5t4MnLrE/hqdefault.jpg)](https://www.youtube.com/watch?v=xVQ5t4MnLrE)
### Troubleshooting
If after some tests this error occur, right after `Requesting a certificate for your-domain.tld`, try again another day. Letsencrypt is rate limited:
```bash
An unexpected error occurred:
AttributeError: can't set attribute
```
### But it isn't working
If it isn't working you can write us: [support@gradido.net](mailto:support@gradido.net)
Reference in New Issue View Git Blame Copy Permalink