~ubuntu-branches/debian/experimental/upspin/experimental

« back to all changes in this revision

Viewing changes to doc/server_setup_ubuntu.md

Committer: Package Import Robot
Author(s): Michael Stapelberg
Date: 2017-03-09 14:06:46 UTC
Revision ID: package-import@ubuntu.com-20170309140646-3q7qp80jy7aivjsg

Tags: upstream-0.0~git20170316.0.d0c0831

Import upstream version 0.0~git20170316.0.d0c0831

files added:

.travis.yml

AUTHORS

CONDUCT.md

CONTRIBUTING.md

CONTRIBUTORS

LICENSE

PATENTS

README.md

access

access/access.go

access/access_test.go

bind

bind/bind.go

bind/bind_test.go

cache

cache/lru.go

cache/lru_test.go

client

client/all_test.go

client/benchmark_test.go

client/client.go

client/clientutil

client/clientutil/all_test.go

client/clientutil/readall.go

client/file

client/file/file.go

client/file/file_test.go

cloud

cloud/docker

cloud/docker/cloudbuild

cloud/docker/cloudbuild/Dockerfile

cloud/docker/dirserver

cloud/docker/dirserver/Dockerfile

cloud/docker/frontend

cloud/docker/frontend/Dockerfile

cloud/docker/keyserver

cloud/docker/keyserver/Dockerfile

cloud/docker/storeserver

cloud/docker/storeserver/Dockerfile

cloud/gcpmetric

cloud/gcpmetric/saver.go

cloud/gcpmetric/saver_test.go

cloud/https

cloud/https/https.go

cloud/kube

cloud/kube/deployment

cloud/kube/deployment/dirserver.yaml

cloud/kube/deployment/frontend.yaml

cloud/kube/deployment/keyserver.yaml

cloud/kube/deployment/storeserver.yaml

cloud/kube/service

cloud/kube/service/dirserver.yaml

cloud/kube/service/frontend.yaml

cloud/kube/service/keyserver.yaml

cloud/kube/service/storeserver.yaml

cloud/log

cloud/log/log.go

cloud/mail

cloud/mail/mail.go

cloud/mail/sendgrid

cloud/mail/sendgrid/all_test.go

cloud/mail/sendgrid/sendgrid.go

cloud/storage

cloud/storage/disk

cloud/storage/disk/disk.go

cloud/storage/gcs

cloud/storage/gcs/gcs.go

cloud/storage/gcs/gcs_test.go

cloud/storage/storage.go

cloud/storage/storage_test.go

cloud/storage/storagetest

cloud/storage/storagetest/storagetest.go

cmd/cacheserver

cmd/cacheserver/cacheutil

cmd/cacheserver/cacheutil/detach_posix.go

cmd/cacheserver/cacheutil/start.go

cmd/cacheserver/doc.go

cmd/cacheserver/main.go

cmd/dirserver

cmd/dirserver/main.go

cmd/frontend

cmd/frontend/frontend.go

cmd/frontend/frontend_test.go

cmd/frontend/gzip.go

cmd/frontend/images

cmd/frontend/images/txt_dns.png

cmd/frontend/templates

cmd/frontend/templates/base.tmpl

cmd/frontend/templates/doc.tmpl

cmd/frontend/templates/doclist.tmpl

cmd/frontend/testdata

cmd/frontend/testdata/doc

cmd/frontend/testdata/doc/test.md

cmd/keyserver

cmd/keyserver/log.go

cmd/keyserver/main.go

cmd/keyserver/signup.go

cmd/storeserver

cmd/storeserver/main.go

cmd/upspin

cmd/upspin-deploy

cmd/upspin-deploy/cdbuild.go

cmd/upspin-deploy/deploy-prod.sh

cmd/upspin-deploy/deploy-test.sh

cmd/upspin-deploy/main.go

cmd/upspin-setupstorage

cmd/upspin-setupstorage/setupstorage.go

cmd/upspin/countersign.go

cmd/upspin/cp.go

cmd/upspin/deletestorage.go

cmd/upspin/doc.go

cmd/upspin/gendoc.go

cmd/upspin/get.go

cmd/upspin/getref.go

cmd/upspin/info.go

cmd/upspin/keygen.go

cmd/upspin/keygen_test.go

cmd/upspin/link.go

cmd/upspin/ls.go

cmd/upspin/main.go

cmd/upspin/metric.go

cmd/upspin/metric_debug.go

cmd/upspin/mkdir.go

cmd/upspin/mkdoc.sh

cmd/upspin/put.go

cmd/upspin/repack.go

cmd/upspin/rm.go

cmd/upspin/rotate.go

cmd/upspin/setupdomain.go

cmd/upspin/setupserver.go

cmd/upspin/setupwriters.go

cmd/upspin/share.go

cmd/upspin/shell.go

cmd/upspin/signup.go

cmd/upspin/snapshot.go

cmd/upspin/tar.go

cmd/upspin/unix.go

cmd/upspin/unix_test.go

cmd/upspin/user.go

cmd/upspin/whichaccess.go

cmd/upspin/windows.go

cmd/upspin/windows_test.go

cmd/upspinfs

cmd/upspinfs/cache.go

cmd/upspinfs/doc.go

cmd/upspinfs/errors_unix.go

cmd/upspinfs/fs.go

cmd/upspinfs/internal

cmd/upspinfs/internal/ose

cmd/upspinfs/internal/ose/ose.go

cmd/upspinfs/main.go

cmd/upspinfs/scripts

cmd/upspinfs/scripts/fstabfortest

cmd/upspinfs/scripts/mount_darwin

cmd/upspinfs/scripts/mount_linux

cmd/upspinfs/upspinfs_test.go

cmd/upspinserver

cmd/upspinserver/main.go

cmd/upspinserver/web.go

config

config/initconfig.go

config/initconfig_test.go

config/user.go

dir/dircache

dir/dircache/log.go

dir/dircache/log_test.go

dir/dircache/proxied.go

dir/dircache/server.go

dir/inprocess

dir/inprocess/all_test.go

dir/inprocess/directory.go

dir/inprocess/watch.go

dir/remote

dir/remote/remote.go

dir/server

dir/server/access.go

dir/server/all_test.go

dir/server/bench_test.go

dir/server/server.go

dir/server/snapshot.go

dir/server/snapshot_test.go

dir/server/tree

dir/server/tree/all_test.go

dir/server/tree/blocks.go

dir/server/tree/log.go

dir/server/tree/log_test.go

dir/server/tree/tree.go

dir/server/tree/watch.go

dir/server/tree/watch_test.go

dir/server/userlock.go

dir/unassigned

dir/unassigned/unassigned.go

doc/access_control.md

doc/config.md

doc/deploying_to_google_cloud.md

doc/index.md

doc/mascot.md

doc/overview.md

doc/security.md

doc/server_setup.md

doc/server_setup_ubuntu.md

doc/signup.md

doc/tos.md

doc/usage_examples.md

errors

errors/debug.go

errors/debug_stub.go

errors/debug_test.go

errors/errors.go

errors/errors_test.go

errors/example_test.go

exp/README.md

exp/client

exp/client/gobind

exp/client/gobind/gobind.go

exp/cmd

exp/cmd/upbox

exp/cmd/upbox/config.go

exp/cmd/upbox/generate_cert.go

exp/cmd/upbox/main.go

exp/dir

exp/dir/filesystem

exp/dir/filesystem/common.go

exp/dir/filesystem/dir.go

exp/store

exp/store/filesystem

exp/store/filesystem/common.go

exp/store/filesystem/store.go

factotum

factotum/factotum.go

factotum/factotum_test.go

factotum/testdata

factotum/testdata/bad

factotum/testdata/bad-archived

factotum/testdata/bad-archived/public.upspinkey

factotum/testdata/bad-archived/secret.upspinkey

factotum/testdata/bad-archived/secret2.upspinkey

factotum/testdata/bad/public.upspinkey

factotum/testdata/bad/secret.upspinkey

factotum/testdata/comment

factotum/testdata/comment/public.upspinkey

factotum/testdata/comment/secret.upspinkey

factotum/testdata/comment/secret2.upspinkey

factotum/testdata/empty

factotum/testdata/empty/no-keys-here

factotum/testdata/mismatched

factotum/testdata/mismatched/public.upspinkey

factotum/testdata/mismatched/secret.upspinkey

factotum/testdata/ok

factotum/testdata/ok-archived

factotum/testdata/ok-archived/public.upspinkey

factotum/testdata/ok-archived/secret.upspinkey

factotum/testdata/ok-archived/secret2.upspinkey

factotum/testdata/ok/public.upspinkey

factotum/testdata/ok/secret.upspinkey

flags

flags/flags.go

key/inprocess

key/inprocess/key.go

key/inprocess/key_test.go

key/proquint

key/proquint/proquint.go

key/proquint/proquint_test.go

key/remote

key/remote/remote.go

key/server

key/server/log.go

key/server/log_test.go

key/server/server.go

key/server/server_test.go

key/server/testdata

key/server/testdata/log.txt

key/sha256key

key/sha256key/sha256.go

key/sha256key/sha256_test.go

key/testdata

key/testdata/aly

key/testdata/aly/public.upspinkey

key/testdata/aly/secret.upspinkey

key/testdata/bob

key/testdata/bob/public.upspinkey

key/testdata/bob/secret.upspinkey

key/testdata/carla

key/testdata/carla/keygen

key/testdata/carla/public.upspinkey

key/testdata/carla/secret.upspinkey

key/testdata/dir-server

key/testdata/dir-server/public.upspinkey

key/testdata/dir-server/secret.upspinkey

key/testdata/joe

key/testdata/joe/public.upspinkey

key/testdata/joe/secret.upspinkey

key/testdata/remote

key/testdata/remote/README

key/testdata/remote/test

key/testdata/remote/test+snapshot

key/testdata/remote/test+snapshot/keys-go-here

key/testdata/remote/test-friend

key/testdata/remote/test-friend/keys-go-here

key/testdata/remote/test/keys-go-here

key/testdata/test

key/testdata/test+snapshot

key/testdata/test+snapshot/public.upspinkey

key/testdata/test+snapshot/secret.upspinkey

key/testdata/test-friend

key/testdata/test-friend/public.upspinkey

key/testdata/test-friend/secret.upspinkey

key/testdata/test/public.upspinkey

key/testdata/test/secret.upspinkey

key/testdata/user1

key/testdata/user1/public.upspinkey

key/testdata/user1/secret.upspinkey

key/transports

key/transports/transports.go

key/unassigned

key/unassigned/unassigned.go

key/usercache

key/usercache/cache.go

key/usercache/cache_test.go

log/log.go

log/log_test.go

metric

metric/all_test.go

metric/example_test.go

metric/metric.go

pack

pack/ee

pack/ee/create.go

pack/ee/ee.go

pack/ee/ee_test.go

pack/ee/export_test.go

pack/eeintegrity

pack/eeintegrity/eeintegrity.go

pack/eeintegrity/eeintegrity_test.go

pack/internal

pack/internal/blocksum.go

pack/internal/checkloc.go

pack/internal/lazybuf.go

pack/internal/nextblock.go

pack/internal/packtest

pack/internal/packtest/blocktest.go

pack/pack.go

pack/packutil

pack/packutil/packdata.go

pack/plain

pack/plain/plain.go

pack/plain/plain_test.go

path

path/path.go

path/path_test.go

rpc/all_test.go

rpc/client.go

rpc/dirserver

rpc/dirserver/server.go

rpc/doc.go

rpc/keyserver

rpc/keyserver/server.go

rpc/keyservice.go

rpc/server.go

rpc/session.go

rpc/storeserver

rpc/storeserver/server.go

rpc/testdata

rpc/testdata/cert.pem

rpc/testdata/key.pem

rpc/testdata/proto.go

rpc/testdata/testserver.pb.go

rpc/testdata/testserver.proto

serverutil

serverutil/glob.go

serverutil/glob_test.go

serverutil/perm

serverutil/perm/dir.go

serverutil/perm/dir_test.go

serverutil/perm/perm.go

serverutil/perm/perm_test.go

serverutil/perm/store.go

serverutil/perm/store_test.go

serverutil/rate.go

serverutil/rate_test.go

serverutil/ratecounter.go

serverutil/ratecounter_test.go

shutdown

shutdown/shutdown.go

shutdown/shutdown_test.go

store

store/inprocess

store/inprocess/store.go

store/remote

store/remote/remote.go

store/server

store/server/server.go

store/server/server_test.go

store/storecache

store/storecache/cache.go

store/storecache/server.go

store/storecache/wbq.go

store/transports

store/transports/transports.go

store/unassigned

store/unassigned/unassigned.go

subcmd

subcmd/flag.go

subcmd/io.go

subcmd/server.go

subcmd/state.go

test

test/access_test.go

test/all_test.go

test/copy_test.go

test/error_test.go

test/group_test.go

test/integration_test.go

test/servermux

test/servermux/mux.go

test/snapshot_test.go

test/testenv

test/testenv/match.go

test/testenv/runner.go

test/testenv/testenv.go

test/testfixtures

test/testfixtures/simpleconfig.go

test/testfixtures/testfixtures.go

test/testutil

test/testutil/testutil.go

test/watch_test.go

transports

transports/transports.go

upspin

upspin/code.go

upspin/copy_test.go

upspin/doc.go

upspin/endpoint.go

upspin/endpoint_test.go

upspin/marshal_test.go

upspin/proto

upspin/proto/README

upspin/proto/proto.go

upspin/proto/upspin.pb.go

upspin/proto/upspin.proto

upspin/quote_test.go

upspin/time_test.go

upspin/upspin.go

user

user/user.go

user/user_test.go

valid

valid/valid.go

valid/valid_test.go

Show diffs side-by-side

added added

removed removed

doc/server_setup_ubuntu.md

# Running `upspinserver` on Ubuntu 16.04

These instructions are part of the instructions for

[Setting up `upspinserver`](/doc/server_setup.md).

Please make sure you have read that document first.

## Introduction

These instructions assume you have access to an Debian or Ubuntu linux

server, and that the server is reachable at your chosen host name.

(`upspin.example.com`)

> Note that these instructions have been verified to work against Ubuntu 16.04.

> The exact commands may differ on your system.

Once the server is running you should log in to it as root and configure it to

run `upspinserver` by following these instructions.

## Create a user for `upspinserver`

The following commands must be executed on the server as the super user, `root`,

perhaps via `sudo su`.

Create a Unix account named `upspin`:

```

$ useradd upspin

```

Give yourself SSH access to the `upspin` account on the server (a convenience):

```

$ su upspin

$ cd $HOME

$ mkdir .ssh

$ chmod 0700 .ssh

$ cat > .ssh/authorized_keys

(Paste your SSH public key here and type Control-D and Enter)

```

## Build `upspinserver` and copy it to the server

From your workstation, run these commands:

```

$ GOOS=linux GOARCH=amd64 go build upspin.io/cmd/upspinserver

$ scp upspinserver upspin@upspin.example.com:.

```

## Run `upspinserver` on server startup

The following commands must be executed on the server as the super user, `root`.

These instructions assume that your Linux server is running `systemd`.

Create the file `/etc/systemd/system/upspinserver.service` that contains

the following service definition.

```

[Unit]

Description=Upspin server

[Service]

ExecStart=/home/upspin/upspinserver

User=upspin

Group=upspin

Restart=on-failure

[Install]

WantedBy=multi-user.target

```

### Allow `upspinserver` to listen on port `443`

The `upspinserver` binary needs to listen on port `443` in order to obtain

its TLS certificates through [LetsEncrypt](https://letsencrypt.org/).

Normally only user `root` can bind ports below `1024`.

Instead of running `upspinserver` as `root` (which is generally discouraged),

we will grant the `upspinserver` binary this capability by using `setcap` (as

`root`):

```

$ setcap cap_net_bind_service=+ep /home/upspin/upspinserver

```

Note that you need to run this `setcap` command whenever the `upspinserver`

binary is updated.

### Start the service

Use `systemctl` to enable and start the service:

```

$ systemctl enable --now /etc/systemd/system/upspinserver.service

```

You may also use `systemctl stop upspinserver` and `systemctl restart

upspinserver` to stop and restart the server, respectively.

100

101

You can use `journalctl` to see the log output of the server:

102

103

```

104

$ journalctl -f -u upspinserver

105

106

```

107

108

## Continue

109

110

You can now continue following the instructions in

111

[Setting up `upspinserver`](/doc/server_setup.md).

Older »