Tiny refactor

[paster.git] / INSTALL

Install paster itself:

    $ go get go.stargrave.org/paster

Add "paster" user and "pastes" directory, also accessible by HTTP service:

    # pw useradd paster -s /usr/sbin/nologin -w no -d /path/to/pastes
    # mkdir /path/to/pastes
    # chown paster:lighttpd pastes
    # chmod 2750 pastes

Create daemontools+ucspi-tcp service:

    # mkdir -p /var/service/.paster/log/main
    # cat > /var/service/.paster/run <<EOF
    #!/bin/sh -e
    cd /path/to/pastes
    umask 027
    exec setuidgid paster tcpserver -DRH -l 0 ::0 2020 \
        $GOPATH/bin/paster http://paster.example.com/ 2>&1
    EOF
    # cat > /var/service/.paster/log/run <<EOF
    #!/bin/sh -e
    exec setuidgid paster multilog t ./main
    EOF
    # chmod +x /var/service/.paster/run /var/service/.paster/log/run
    # chown paster /var/service/.paster/log/main
    # mv /var/service/.paster /var/service/paster

Optionally prepare X.509 certificate for TLS enabled service:

    # umask 077
    # certtool --generate-privkey --bits 256 --ecc --outfile \
        paster.example.com.key.pem
    # tmpl=`mktemp`
    # cat > $tmpl <<EOF
    dn = "cn=paster.example.com"
    expiration_days = 365
    signing_key
    dns_name = "paster.example.com"
    EOF
    # certtool --generate-self-signed \
        --load-privkey paster.example.com.key.pem \
        --template $tmpl --output paster.example.com.pem
    # cat paster.example.com.key.pem >> paster.example.com.pem
    # rm paster.example.com.key.pem $tmpl
    # chown paster:paster paster.example.com.pem
    # chmod 600 paster.example.com.pem

prepare stunnel configuration:

    # cat > stunnel.conf <<EOF
    foreground = yes
    syslog = no
    debug = 3
    cert = paster.example.com.pem
    exec = $GOPATH/bin/paster
    execArgs = $GOPATH/bin/paster http://paster.example.com/
    EOF
    # chown paster stunnel.conf

and run "stunnel /path/to/stunnel.conf" in service/paster.