[paster.git] / INSTALL

Install paster itself:

    $ go get go.stargrave.org/paster

Add "paster" user and "pastes" directory, also accessible by HTTP service:

    # pw useradd paster -s /usr/sbin/nologin -w no -d /path/to/pastes
    # mkdir /path/to/pastes
    # echo "<html><body>Paste service</body></html>" > /path/to/pastes/index.html
    # chown -R paster:lighttpd pastes
    # chmod 2750 pastes
    # chmod 640 /path/to/pastes/index.html

Create daemontools+ucspi-tcp service:

    # mkdir -p /var/service/.paster/log/main
    # cat > /var/service/.paster/run <<EOF
    #!/bin/sh -e
    cd /path/to/pastes
    umask 027
    exec setuidgid paster tcpserver -DHR -l 0 ::0 2020 \
        timeout 1m $GOPATH/bin/paster http://paster.example.com/ 2>&1
    EOF
    # cat > /var/service/.paster/log/run <<EOF
    #!/bin/sh -e
    exec setuidgid paster multilog t ./main
    EOF
    # chmod +x /var/service/.paster/run /var/service/.paster/log/run
    # chown paster /var/service/.paster/log/main
    # mv /var/service/.paster /var/service/paster

Optionally prepare X.509 certificate for TLS enabled service:

    # umask 077
    # certtool --generate-privkey --bits 256 --ecc --outfile \
        paster.example.com.key.pem
    # tmpl=`mktemp`
    # cat > $tmpl <<EOF
    dn = "cn=paster.example.com"
    expiration_days = 365
    signing_key
    dns_name = "paster.example.com"
    EOF
    # certtool --generate-self-signed \
        --load-privkey paster.example.com.key.pem \
        --template $tmpl --outfile paster.example.com.pem
    # rm $tmpl
    # chown paster:paster paster.example.com*.pem
    # chmod 600 paster.example.com.key.pem

and choose from plenty of UCSPI-friendly TLS wrappers:
http://www.fehcom.de/ipnet/ucspi-ssl.html, https://github.com/younix/ucspi
or likely go.cypherpunks.ru/ucspi/cmd/tlss:

    exec setuidgid paster tcpserver -DHR -l 0 ::0 2021 tlss \
        -key paster.example.com.key.pem -cert paster.example.com.pem \
        timeout 1m $GOPATH/bin/paster http://paster.example.com/ 2>&1