Skip to content

Latest commit

 

History

History
234 lines (154 loc) · 13.1 KB

File metadata and controls

234 lines (154 loc) · 13.1 KB

Server setup guide

Introduction

This file contains the traggo section of my personal guide to setup an Ubuntu server. The introduction to this guide as well as its full Table of Contents can be found on the README.md file of this repository. The Table of Contents of this section is listed below.

  1. Software Installation

    1. traggo installation
      1. Install trago
      2. Reverse Proxy Setup
      3. Create and set an SSL Certificate
      4. www to non-www redirection

2.6. traggo installation

2.6.1. Install traggo

traggo will be installed using Docker. To prepare the folders necessary for the traggo installation, execute the following commands:

sudo mkdir /opt/traggo
sudo mkdir /opt/traggo/data
sudo mkdir /opt/traggo/docker-files

The folder /opt/traggo/docker-fileswill contain the files necessary to deploy traggo with Docker. To set better permissions for this folder, replace the {LABEL} in the below command as appropriate and execute it.

  sudo chown -R {USERNAME}:{USERNAME} /opt/traggo/docker-files/

Label Definition

  • {USERNAME} : The user that will deploy traggo

We will create a user to manage the traggo app deployed with Docker and set it as the owner of the folder /opt/traggo/data/. To create this user and set it as the owner of the folder /opt/traggo/data/, execute the following commands:

sudo useradd -r -s /usr/sbin/nologin traggo
sudo chown -R traggo:traggo /opt/traggo/data/

To download the customized docker-compose.yml and .env files from this repository to the server, execute the following commands:

cd /opt/linkding/docker-files/
wget https://raw.githubusercontent.com/EnduranceCode/server-setup-guide/refs/heads/master/system/opt/traggo/docker-files/docker-compose.yml
wget https://raw.githubusercontent.com/EnduranceCode/server-setup-guide/refs/heads/master/system/opt/traggo/docker-files/.env

To confirm that the files were downloaded, check the output of the following command:

ls -lag

Open the file docker-compose.yml and replace the values for TRAGGO_DEFAULT_USER_NAME and TRAGGO_DEFAULT_USER_PASS with the desired values and then check if any further modification is necessary. After making all the desired modifications, save the file with the command CTRL + O and then close the editor with the command CTRL + X.

Open the file .env with the nano text editor and check if there are any changes needed. If you've made any modification, save it with the command CTRL + O and then close the editor with the command CTRL + X.

To complete the deployment of traggo, execute the following command:

docker compose -p traggo up -d

The output of the above command should show that traggo was deployed with success. For a second confirmation, check the output of the following command:

docker ps

The above command should show that the traggo container is being executed.

To check if traggo is running correctly, replace the {LABEL} in the below URL as appropriate and enter it into a browser’s address bar.

  http://{SERVER_IP_ADDRESS}:{HOST_PORT}/

Label Definition

  • {SERVER_IP_ADDRESS} : The IP Address of the server that can be obtained with the command hostname -I or the command curl -4 icanhazip.com
  • {HOST_PORT} : The port on the host system that the application was published on

2.6.2. Reverse Proxy Setup

To ensure that the necessary Apache Server modules for reverse proxying are enabled, execute the following commands:

sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod headers
sudo systemctl reload apache2

To have a domain (or a subdomain) pointing to your traggo instance, you need to start by creating the DNS records of the desired domain (or subdomain) redirecting to your server's IP address.

After creating the necessary DNS Records, create an Apache Virtual Host for that domain (or a subdomain) following the instructions available in this repository. To download the template for the Virtual Host configuration file, execute the following command:

sudo wget -P /etc/apache2/sites-available/ https://raw.githubusercontent.com/EnduranceCode/system-configuration-files/refs/heads/master/root/etc/apache2/sites-available/virtual-host-template.conf

When customizing the Virtual Host configuration file downloaded with the previous command, besides replacing the {LABELS} listed on the provided instructions, execute also the following changes:

  • Replace also the label {APP_PORT} with the value set on the .env file for the HOST_PORT variable;
  • Change the template's directive Timeout 300 to Timeout 10;
  • Add the options retry=0 timeout=5 on the directive ProxyPass.

traggo uses GraphQL endpoints that can be blocked by some ModSecurity rules. To avoid issues with these endpoints, it can be necessary to add ModSecurity exclusions to the Virtual Host configuration file created for the traggo instance. To do so, add the just before the closing </VirtualHost> tag.

# Fix ModSecurity issues with GraphQL endpoints
<LocationMatch "/graphql">

    # Policy Violation - Disable "Argument value too long" (Rule 920370)
    SecRuleRemoveById 920370

    # Disable ALL RCE rules (932000 to 932999)
    SecRuleRemoveById 932000-932999
        
    # Disable rule 942190 - SQL Injection Attack Detected via libinjection
    SecRuleRemoveById 942190
</LocationMatch>

Check if it's necessary any further modifications, implement it if necessary and when everything is done, save the file with the command CTRL + O and then exit the text editor with the command CTRL + X. Then, proceed with the creation of a Virtual Host, following the instructions available in this repository.

2.6.3. Create and set an SSL Certificate

If Certbot isn't yet installed on you server, install it and set the SSL certificate for the traggo instance domain (or a subdomain) following the instructions available in this repository. If you already have SSL Certifcates installed on your server with Certbot, you can expand it to include the new domain or you can create a separate certificate for the new domain.

To expand an existing certificate, replace the {LABELS} in the below command as appropriate and execute it.

sudo certbot --apache --cert-name {EXISTING_DOMAIN} --expand -d {EXISTING_DOMAIN} -d {NEW_DOMAIN}

Label Definition

  • {EXISTING_DOMAIN} : The existing domain (or subdomain) that already has a SSL certificate
  • {NEW_DOMAIN} : The new domain (or subdomain) to be included in the existing SSL certificate

Otherwise, to create a separate certificate for the new domain (or subdomain), replace the {LABEL} in the below command as appropriate and execute it.

sudo certbot --apache -d {DOMAIN}

Label Definition

  • {DOMAIN} : The domain (or subdomain) of the new SSL certificate

Restart the Apache Server to apply the updated configuration, executing the following command:

sudo systemctl restart apache2

SSL Labs Server Test can be used to verify the certificate’s grade and obtain detailed information about it, from the perspective of an external service.

To test if the Certbot renewal script includes the new domain (or subdomain), execute the following command:

sudo certbot renew --dry-run

2.5.4. www to non-www redirection

To implement "www to non-www redirection" it's necessary to edit the Virtual Host configuration files (port 80 and port 443). Start with port 443 Virtual Host file generated by Certbot, replace the {LABEL} in the below command as appropriate and then execute it to open the file with the nano text editor.

sudo nano /etc/apache2/sites-available/{VIRTUAL_HOST_FOLDER}-le-ssl.conf

Label Definition

Within the file, replace the {LABELS} in the below snippet as appropriate and then insert it before the proxy config inside the <VirtualHost *:443> block.

# Redirect www.{SUBDOMAIN}.{VIRTUAL_HOST_FOLDER}.{VIRTUAL_HOST_TLD} to {SUBDOMAIN}.{VIRTUAL_HOST_FOLDER}.{VIRTUAL_HOST_TLD}
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.{SUBDOMAIN}\.{VIRTUAL_HOST_FOLDER}\.{VIRTUAL_HOST_TLD}$ [NC]
RewriteRule ^ https://{SUBDOMAIN}.{VIRTUAL_HOST_FOLDER}.{VIRTUAL_HOST_TLD}%{REQUEST_URI} [L,R=301]

Labels Definition

  • {SUBDOMAIN} : The subdomain, if applicable, of the new Virtual Host
  • {VIRTUAL_HOST_FOLDER} : The Second-level domain of the new Virtual Host
  • {VIRTUAL_HOST_TLD} : The TLD of the new Virtual Host

After making all the necessary changes, save the file with the command CTRL + O and then exit the nano text editor with the command CTRL + X. Validate the Apache Server configuration with the following command:

sudo apachectl configtest

If the configuration is correct, it's then time to edit the port 80 Virtual Host file. Replace the {LABEL} in the below command as appropriate and then execute it to open the file with the nano text editor.

sudo nano /etc/apache2/sites-available/{VIRTUAL_HOST_FOLDER}.conf

Label Definition

Within the file, delete the totality of it's content. Then, replace the {LABELS} in the below snippet as appropriate and then paste it in the file.

<VirtualHost *:80>

    ServerName {SUBDOMAIN}.{VIRTUAL_HOST_FOLDER}.{VIRTUAL_HOST_TLD}

    ServerAlias www.{SUBDOMAIN}.{VIRTUAL_HOST_FOLDER}.{VIRTUAL_HOST_TLD}

    ServerAdmin {SERVER_ADMIN_EMAIL}

    RewriteEngine on
    RewriteCond %{HTTP_HOST} ^www\.{SUBDOMAIN}\.{VIRTUAL_HOST_FOLDER}\.{VIRTUAL_HOST_TLD}$ [NC]
    RewriteRule ^ https://{SUBDOMAIN}.{VIRTUAL_HOST_FOLDER}.{VIRTUAL_HOST_TLD}%{REQUEST_URI} [L,R=301]

    RewriteCond %{HTTP_HOST} ^{SUBDOMAIN}\.{VIRTUAL_HOST_FOLDER}\.{VIRTUAL_HOST_TLD}$ [NC]
    RewriteRule ^ https://{SUBDOMAIN}.{VIRTUAL_HOST_FOLDER}.{VIRTUAL_HOST_TLD}%{REQUEST_URI} [L,R=301]
</VirtualHost>

Labels Definition

  • {SUBDOMAIN} : The subdomain, if applicable, of the new Virtual Host
  • {VIRTUAL_HOST_FOLDER} : The Second-level domain of the new Virtual Host
  • {VIRTUAL_HOST_TLD} : The TLD of the new Virtual Host
  • {SERVER_ADMIN_EMAIL} : The server's admin e-mail

After making all the necessary changes, save the file with the command CTRL + O and then exit the nano text editor with the command CTRL + X. Validate the Apache Server configuration with the following command:

sudo apachectl configtest

To activate the new Virtual Host, replace the {LABEL} in the below commands as appropriate and then execute it.

sudo a2ensite {VIRTUAL_HOST_FOLDER}.conf
sudo systemctl reload apache2

Label Definition