IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2026-03-01 12:44:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
gradido/deployment/hetzner_cloud/README.md
einhornimmond a3f46fa011 add error description
2025-12-06 11:01:47 +01:00

5.0 KiB
Raw Blame History

Migration

Migration from 2.2.0 to 2.2.1

Key Pair

It is recommended to create a new ssh key pair for your gradido server. You can create it with this command:

ssh-keygen -t ed25519 -C "your_email@example.com"

Reason: We recommend ed25519 because it provides strong security with smaller key sizes, faster performance, and resistance to known attacks, making it more secure and efficient than traditional RSA keys.

Setup on Hetzner Cloud Server

Suggested OS: Debian 12

For Hetzner Cloud Server a cloud config can be attached, which will be run before first start https://community.hetzner.com/tutorials/basic-cloud-config/de https://cloudinit.readthedocs.io/en/latest/reference/examples.html You can use our cloudConfig.yaml but you must insert you own ssh public key, like this:

ssh_authorized_keys:
  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAkLGbzbG7KIGfkssKJBkc/0EVAzQ/8vjvVHzNdxhK8J yourname

I made a (german) video to show it to you (video is older, cloudConfig.yaml differ):

Video

After Setup Cloud Server with cloudConfig.yaml

setup your domain pointing on server ip address

login to your new server as root

ssh -i ~/.ssh/id_ed25519 root@gddhost.tld

Set password for user gradido

$ passwd gradido
# enter new password twice

Switch to the new user

su gradido

Test authentication via SSH

If you logout from the server you can test authentication:

$ ssh -i ~/.ssh/id_ed25519 gradido@gddhost.tld
# This should log you in and allow you to use sudo commands, which will require the user's password

Disable password root login via ssh

sudo sed -i -e '/^\(#\|\)PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config.d/ssh-hardening.conf
sudo sed -i '$a AllowUsers gradido' /etc/ssh/sshd_config.d/ssh-hardening.conf
sudo /etc/init.d/ssh restart

Test SSH Access only, no root ssh access

$ ssh gradido@gddhost.tld
# Will result in in either a passphrase request for your key or the message 'Permission denied (publickey)'
$ ssh -i ~/.ssh/id_ed25519 root@gddhost.tld
# Will result in 'Permission denied (publickey)'
$ ssh -i ~/.ssh/id_ed25519 gradido@gddhost.tld
# Will succeed after entering the correct keys passphrase (if any)

Install Gradido code

latest is a tag pointing on last stable release

cd ~
git clone https://github.com/gradido/gradido.git --branch latest --depth 1

Adjust the values in .env

!!! Attention !!!

Don't forget this step! All your following installations in install.sh will fail!

Notes:

  • ; cannot be part of any value!
  • The GitHub secret is created on GitHub in Settings -> Webhooks.

Create .env and set values

cd ~/gradido/deployment/bare_metal
cp .env.dist .env
nano .env

For a minimal setup you need at least to change this values:

COMMUNITY_NAME="Your community name"
COMMUNITY_DESCRIPTION="Short Description from your Community."
# your domain name, without protocol (without https:// or http:// )
# domain name should be configured in your dns records to point to this server
# hetzner_cloud/install.sh will be acquire a SSL-certificate via letsencrypt for this domain
COMMUNITY_HOST=gddhost.tld

# setup email account for sending gradido system messages to users
EMAIL_USERNAME=peter@lustig.de
EMAIL_SENDER=peter@lustig.de
EMAIL_PASSWORD=1234
EMAIL_SMTP_HOST=smtp.lustig.de

Run install.sh with branch or tag name

!!! Attention !!! Don't use this script if you have custom config in /etc/nginx/conf.d, because this script will remove it and ln ../bare_metal/nginx/conf.d

cd ~/gradido/deployment/hetzner_cloud
sudo ./install.sh latest

I made a (german) video to show it to you (video is older, output will differ):

Video

Make yourself admin

  • Create an account on your new gradido instance
  • Click the link in the activation email
  • go back to your ssh session and copy this command
sudo mysql -D gradido_community -e "insert into user_roles(user_id, role) values((select id from users order by id desc limit 1), 'ADMIN');"
  • it will make last registered user admin
  • login with you newly created user
  • if you has a link to Admin Area it worked and you are admin

I made a (german) video to show it to you:

Video

Troubleshooting

If after some tests this error occur, right after Requesting a certificate for your-domain.tld, try again another day. Letsencrypt is rate limited:

An unexpected error occurred:
AttributeError: can't set attribute

But it isn't working

If it isn't working you can write us: support@gradido.net