|
|
@@ -140,7 +140,7 @@ The recommended way to operate oragono as a service on Linux is via systemd. Thi
|
|
140
|
140
|
The only major distribution that currently packages Oragono is Arch Linux; the aforementioned AUR package includes a systemd unit file. However, it should be fairly straightforward to set up a productionized Oragono on any Linux distribution. Here's a quickstart guide for Debian/Ubuntu:
|
|
141
|
141
|
|
|
142
|
142
|
1. Create a dedicated, unprivileged role user who will own the oragono process and all its associated files: `adduser --system --group oragono`. This user now has a home directory at `/home/oragono`.
|
|
143
|
|
-1. Copy the executable binary `oragono`, the config file `ircd.yaml`, the database `ircd.db`, and the self-signed TLS certificate (`tls.crt` and `tls.key`) to `/home/oragono`. Ensure that they are all owned by the new oragono role user: `sudo chown oragono:oragono /home/oragono/*`. Ensure that the configuration file logs to stderr.
|
|
|
143
|
+1. Copy the executable binary `oragono`, the config file `ircd.yaml`, the database `ircd.db`, and the self-signed TLS certificate (`fullchain.pem` and `privkey.pem`) to `/home/oragono`. Ensure that they are all owned by the new oragono role user: `sudo chown oragono:oragono /home/oragono/*`. Ensure that the configuration file logs to stderr.
|
|
144
|
144
|
1. Install our example [oragono.service](https://github.com/oragono/oragono/blob/master/distrib/systemd/oragono.service) file to `/etc/systemd/system/oragono.service`.
|
|
145
|
145
|
1. Enable and start the new service with the following commands:
|
|
146
|
146
|
1. `systemctl daemon-reload`
|
|
|
@@ -159,9 +159,9 @@ The other major hurdle for productionizing (but one well worth the effort) is ob
|
|
159
|
159
|
set -eu
|
|
160
|
160
|
|
|
161
|
161
|
umask 077
|
|
162
|
|
-cp /etc/letsencrypt/live/example.com/fullchain.pem /home/oragono/tls.crt
|
|
163
|
|
-cp /etc/letsencrypt/live/example.com/privkey.pem /home/oragono/tls.key
|
|
164
|
|
-chown oragono:oragono /home/oragono/tls.*
|
|
|
162
|
+cp /etc/letsencrypt/live/example.com/fullchain.pem /home/oragono/
|
|
|
163
|
+cp /etc/letsencrypt/live/example.com/privkey.pem /home/oragono/
|
|
|
164
|
+chown oragono:oragono /home/oragono/*.pem
|
|
165
|
165
|
# rehash oragono, which will reload the certificates:
|
|
166
|
166
|
systemctl reload oragono.service
|
|
167
|
167
|
````
|
|
|
@@ -428,8 +428,8 @@ Many clients do not have this support. However, you can designate port 6667 as a
|
|
428
|
428
|
|
|
429
|
429
|
":6697":
|
|
430
|
430
|
tls:
|
|
431
|
|
- key: tls.key
|
|
432
|
|
- cert: tls.crt
|
|
|
431
|
+ cert: fullchain.pem
|
|
|
432
|
+ key: privkey.pem
|
|
433
|
433
|
|
|
434
|
434
|
sts:
|
|
435
|
435
|
enabled: true
|
Shivaram Lingamneni
4 년 전