Etebase: Difference between revisions
Denperidge (talk | contribs) Added CLI Method, changed global.secret_file comment, fixed NixOS syntax highlighting |
|||
| Line 3: | Line 3: | ||
This is a basic configuration to run the Etebase server: | This is a basic configuration to run the Etebase server: | ||
< | <syntaxhighlight lang="nixos"> | ||
networking.firewall.allowedTCPPorts = [ 443 ]; | networking.firewall.allowedTCPPorts = [ 443 ]; | ||
services = { | services = { | ||
| Line 12: | Line 12: | ||
settings = { | settings = { | ||
global.debug = false; | global.debug = false; | ||
global.secret_file = "/path/to/secret"; # | global.secret_file = "/path/to/secret"; # Needs to be a non-existing filepath, which is writeable by configured user | ||
allowed_hosts.allowed_host1 = "etebase.your.domain"; | allowed_hosts.allowed_host1 = "etebase.your.domain"; | ||
}; | }; | ||
| Line 29: | Line 29: | ||
}; | }; | ||
}; | }; | ||
</ | </syntaxhighlight> | ||
For the server to accept requests from a remote machine {{ic| allowed_host1}} variable should be set as the server's subdomain/domain name and your proxy has to present a {{ic| Host}} header. | For the server to accept requests from a remote machine {{ic| allowed_host1}} variable should be set as the server's subdomain/domain name and your proxy has to present a {{ic| Host}} header. | ||
| Line 39: | Line 39: | ||
To use the Etebase server, the creation of an admin account is required. This requires manual intervention: | To use the Etebase server, the creation of an admin account is required. This requires manual intervention: | ||
==== CLI Method ==== | |||
{{Note|This method possibly might only when using the NixOS service. If this command fails, use the INI Method described below}} | |||
<syntaxhighlight lang="bash"> | |||
sudo etebase-server createsuperuser | |||
</syntaxhighlight> | |||
==== INI Method ==== | |||
First you need to find where the generated {{ic|.ini}} configuration file is located: | First you need to find where the generated {{ic|.ini}} configuration file is located: | ||
<syntaxHighlight lang=sh> | <syntaxHighlight lang=sh> | ||
| Line 47: | Line 54: | ||
As a super user, run this command: <code>ETEBASE_EASY_CONFIG_PATH=/path/to/etebase-server.ini etebase-server createsuperuser</code> and that should prompt you to create a user. | As a super user, run this command: <code>ETEBASE_EASY_CONFIG_PATH=/path/to/etebase-server.ini etebase-server createsuperuser</code> and that should prompt you to create a user. | ||
==== After ==== | |||
Login with these credentials to https://etebase.your.domain/admin and create users for your etebase clients through the GUI. | Login with these credentials to https://etebase.your.domain/admin and create users for your etebase clients through the GUI. | ||
Revision as of 10:22, 2 September 2024
Etebase is an end-to-end encrypted backend as a service. Think Firebase, but encrypted in a way that only your users can access their data.
This is a basic configuration to run the Etebase server:
networking.firewall.allowedTCPPorts = [ 443 ];
services = {
etebase-server = {
enable = true;
unixSocket = "/var/lib/etebase-server/etebase-server.sock";
user = "etebase-server";
settings = {
global.debug = false;
global.secret_file = "/path/to/secret"; # Needs to be a non-existing filepath, which is writeable by configured user
allowed_hosts.allowed_host1 = "etebase.your.domain";
};
};
nginx = {
enable = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
virtualHosts."etebase.your.domain" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://unix:/var/lib/etebase-server/etebase-server.sock";
};
};
};
For the server to accept requests from a remote machine allowed_host1 variable should be set as the server's subdomain/domain name and your proxy has to present a Host header.
The django secret key is preferably a randomly generated key, the use of a secret managing scheme might prove useful. see Comparison_of_secret_managing_schemes.
Admin user
To use the Etebase server, the creation of an admin account is required. This requires manual intervention:
CLI Method
sudo etebase-server createsuperuser
INI Method
First you need to find where the generated .ini configuration file is located:
ls /nix/store | grep etebase-server.ini
As a super user, run this command: ETEBASE_EASY_CONFIG_PATH=/path/to/etebase-server.ini etebase-server createsuperuser and that should prompt you to create a user.
After
Login with these credentials to https://etebase.your.domain/admin and create users for your etebase clients through the GUI.