A short while ago, some people in my club came up with the idea of using a whiteboard application for a “rumourmill”. This lead to the following requirements:
- Needs to be anonymous
- Needs to be easy to use
- Needs to be administrable
- Whiteboard could be used for other stuff as well. E.g. brainstorming
I checked some opensource projects, the best we might use is spacedeck-open. Now let’s step through the installation steps…
Install Spacedeck-Open
apt install git nodejs npm graphicsmagick ffmpeg ghostscript nginx
cd /opt/
git clone https://github.com/spacedeck/spacedeck-open.git
cd spacedeck-open
sudo npm install
chown -R www-data:www-data /opt/spacedeck-open/
Create Systemd Service
Now that we have installed the application, we need to start it as a service. First create a new service file.
sudo nano /lib/systemd/system/spacedeck.service
[Unit]
After=network.service
[Service]
User=www-data
WorkingDirectory=/opt/spacedeck-open/
ExecStart=node spacedeck.js
Restart=always
StandardOutput=syslog
StandardError=syslog
[Install]
WantedBy=default.target
content of /lib/systemd/system/spacedeck.service
Now that we have added a service, let us start the service as follows:
sudo chmod 664 /lib/systemd/system/spacedeck.service
sudo systemctl daemon-reload
sudo systemctl enable spacedeck
sudo systemctl start spacedeck
The server should now be running under Port 9666.
Configure NGINX reverse proxy
In my case I wanted to also publish the website on port 80/443 over an nginx reverse proxy with letsencrypt certificates. I proceeded with the following steps:
mkdir /var/www/spacedeck
nano /etc/nginx/sites-available/spacedeck
server {
listen 80;
listen [::]:80;
server_name spacedeck.example.com;
# Let's Encrypt
location /.well-known/ {
root /var/www/spacedeck;
}
}
Content of /etc/nginx/sites-available/spacedeck
Now let’s enable the service by creating a symlink:
ln -s /etc/nginx/sites-available/spacedeck /etc/nginx/sites-enabled/spacedeck
Now that we have a simple nginx config, we can first test it with nginx -t and after create a certificate with certbot:
letsencrypt --webroot -w /var/www/spacedeck -d spacedeck.example.com certonly
mkdir -p /etc/nginx/ssl/
openssl dhparam -out /etc/nginx/ssl/dhparam-2048.pem 2048;
After the creation succeeded, we update the nginx config to use the certificate we just created:
server {
listen 80;
listen [::]:80;
server_name spacedeck.example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name spacedeck.example.com;
ssl_certificate /etc/letsencrypt/live/spacedeck.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/spacedeck.example.com/privkey.pem;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhparam-2048.pem;
# Let's Encrypt
location /.well-known/ {
root /var/www/spacedeck;
}
location / {
proxy_pass http://127.0.0.1:8080;
proxy_buffering off;
proxy_buffer_size 4k;
proxy_connect_timeout 300s;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
send_timeout 300s;
# Enable proxy websockets for the noVNC console to work
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Standard proxying headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Host $host;
}
}
new content of /etc/nginx/sites-available/spacedeck
Now the last thing to do is testing the config with “nginx -t” and then restarting or reloading the nginx service with “service nginx restart”. If you now go to your link, e.g. spacedeck.example.com you should see the spacedeck homepage.
Optional stuff
If you’d like to update the letsencrypt certificates automatically, you should create some crontab entries. Enter crontab by using “sudo crontab -e”:
# autorenew letsencrypt certificates
20 3 * * 1 /usr/bin/letsencrypt renew >> /var/log/le-renew.log
# Reload nginx to use the new certificates
25 3 * * 1 /bin/systemctl reload nginx
Like this:
Like Loading...
Related
Leave a Reply