conduit/DEPLOY_FROM_SOURCE.md
Timo Kösters 6afc4c9b3e
feat: federation disabled by default
It can be enable in the Rocket.toml config or using ROCKET_FEDERATION_ENABLED=true
2020-10-07 11:51:56 +02:00

2.4 KiB

Deploy from source

Prerequisites

Make sure you have libssl-dev and pkg-config installed and the rust toolchain is available on at least on user.

Install Conduit

$ sudo useradd -m conduit
$ sudo -u conduit cargo install --git "https://git.koesters.xyz/timo/conduit.git"

Setup systemd service

In this guide, we set up a systemd service for Conduit, so it's easy to start, stop Conduit and set it to autostart when your server reboots. Paste the default systemd service below and configure it to fit your setup (in /etc/systemd/system/conduit.service).

[Unit]
Description=Conduit
After=network.target

[Service]
Environment="ROCKET_SERVER_NAME=YOURSERVERNAME.HERE" # EDIT THIS

Environment="ROCKET_PORT=14004" # Reverse proxy port

#Environment="ROCKET_MAX_REQUEST_SIZE=20000000" # in bytes
#Environment="ROCKET_REGISTRATION_DISABLED=true"
#Environment="ROCKET_ENCRYPTION_DISABLED=true"
#Environment="ROCKET_FEDERATION_ENABLED=true"
#Environment="ROCKET_LOG=normal" # Detailed logging

Environment="ROCKET_ENV=production"
User=conduit
Group=conduit
Type=simple
Restart=always
ExecStart=/home/conduit/.cargo/bin/conduit

[Install]
WantedBy=multi-user.target

Finally, run

$ sudo systemctl daemon-reload

Setup Reverse Proxy

This depends on whether you use Apache, Nginx or something else. For Apache it looks like this (in /etc/apache2/sites-enabled/050-conduit.conf):

<VirtualHost *:443>

ServerName conduit.koesters.xyz # EDIT THIS

AllowEncodedSlashes NoDecode

ServerAlias conduit.koesters.xyz # EDIT THIS

ProxyPreserveHost On
ProxyRequests off
AllowEncodedSlashes NoDecode
ProxyPass / http://localhost:14004/ nocanon
ProxyPassReverse / http://localhost:14004/ nocanon

Include /etc/letsencrypt/options-ssl-apache.conf

# EDIT THESE:
SSLCertificateFile /etc/letsencrypt/live/conduit.koesters.xyz/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/conduit.koesters.xyz/privkey.pem
</VirtualHost>

Then run

$ sudo systemctl reload apache2

SSL Certificate

The easiest way to get an SSL certificate for the domain is to install certbot and run this:

$ sudo certbot -d conduit.koesters.xyz

You're done!

Now you can start Conduit with

$ sudo systemctl start conduit

and set it to start automatically when your system boots with

$ sudo systemctl enable conduit