]> Sergey Matveev's repositories - paster.git/blobdiff - doc/install.texi
projects / paster.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Texinfo documentation, website and asciicasts
[paster.git] / doc / install.texi
diff --git a/doc/install.texi b/doc/install.texi
new file mode 100644 (file)
index 0000000..8083cb3
--- /dev/null
+++ b/doc/install.texi
@@ -0,0 +1,104 @@
+@node Install
+@unnumbered Install
+
+@itemize
+
+@item
+Install paster itself:
+
+@example
+$ go get go.stargrave.org/paster
+@end example
+
+If you have got problems with your trust anchors, unwilling to
+authenticate @code{go.stargrave.org}'s TLS connection, then clone the
+repository from @url{git://git.stargrave.org/paster.git} and build it
+as ordinary Go package with @code{go build}.
+
+@item
+Add @code{paster} user and @code{pastes} directory, also accessible by
+HTTP service (@url{http://www.godlighty.stargrave.org/, @code{godlighty}}
+user in current example):
+
+@example
+# pw useradd paster -s /usr/sbin/nologin -w no -d /path/to/pastes
+# mkdir /path/to/pastes
+# cat > /path/to/pastes/index.html <<EOF
+<!DOCTYPE html>
+<html>
+  <head><title>paster</title></head>
+  <body>Paste service.</body>
+</html>
+EOF
+# chown -R paster:godlighty pastes
+# chmod 2750 pastes
+# chmod 640 /path/to/pastes/index.html
+@end example
+
+@item
+Create @url{http://cr.yp.to/daemontools.html, daemontools} +
+@url{https://cr.yp.to/ucspi-tcp.html, UCSPI-TCP} service:
+
+@example
+# mkdir -p /var/service/.paster/log/main
+
+# cat > /var/service/.paster/run <<EOF
+#!/bin/sh -e
+cd /path/to/pastes
+umask 027
+exec setuidgid paster tcpserver -DHR -l 0 ::0 2020 \
+    timeout 1m $GOPATH/bin/paster http://paster.example.com/ 2>&1
+EOF
+
+# cat > /var/service/.paster/log/run <<EOF
+#!/bin/sh -e
+exec setuidgid paster multilog t ./main
+EOF
+
+# chmod +x /var/service/.paster/run /var/service/.paster/log/run
+# chown paster /var/service/.paster/log/main
+# mv /var/service/.paster /var/service/paster
+@end example
+
+@item
+Optionally prepare X.509 certificate for TLS enabled service:
+
+@example
+# umask 077
+# certtool --generate-privkey --bits 256 --ecc --outfile \
+    paster.example.com.key.pem
+
+# tmpl=`mktemp`
+# cat > $tmpl <<EOF
+dn = "cn=paster.example.com"
+expiration_days = 365
+signing_key
+dns_name = "paster.example.com"
+EOF
+
+# certtool --generate-self-signed \
+    --load-privkey paster.example.com.key.pem \
+    --template $tmpl --outfile paster.example.com.pem
+# rm $tmpl
+
+# chown paster:paster paster.example.com*.pem
+# chmod 600 paster.example.com.key.pem
+@end example
+
+and choose from plenty of UCSPI-friendly TLS wrappers:
+@url{http://www.fehcom.de/ipnet/ucspi-ssl.html},
+@url{https://github.com/younix/ucspi}
+or likely the @code{go.cypherpunks.ru/ucspi/cmd/tlss}:
+
+@example
+exec setuidgid paster tcpserver -DHR -l 0 ::0 2021 tlss \
+    -key paster.example.com.key.pem -cert paster.example.com.pem \
+    timeout 1m $GOPATH/bin/paster http://paster.example.com/ 2>&1
+@end example
+
+@item
+Be sure that your HTTP/whatever server uses proper @code{Content-Type}
+based on filename's extension (@code{text/plain} for @file{.txt},
+@code{image/jxl} for @file{.jxl} and so on).
+
+@end itemize
Paste service daemon