Framasoft-Mirror/Lufi
1
0
Fork 0
mirror of https://framagit.org/luc/lufi.git synced 2025-10-05 22:02:39 +02:00
Code Issues Releases Wiki Activity
Page: installation
Pages
Adding a robots.txt Invitations when using LDAP Migrate from SQLite to an other DB When you upgrade your OS configuration contribute create a new theme cron jobs dependencies home installation update
Clone
30
installation
Luc Didry edited this page 2025-06-30 11:36:44 +02:00
Unescape Escape
Table of Contents
This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Installation

Want to update your Lufi instance ? Have a look at the update page.

Installation

After installing Carton:

git clone https://framagit.org/fiat-tux/hat-softwares/lufi.git
cd lufi

If you don't want to use the LDAP authentication system, add the following argument to the commands below:

--without=ldap

If you don't want to use the htpasswd authentication system, add the following argument to the commands below:

--without=htpasswd

If you don't want to use the Swift object storage system, add the following argument to the commands below:

--without=swift-storage

WARNING! Use of SQLite is not a good option for production! Please, use SQLite only for development!

If you want to use SQLite:

carton install --deployment --without=test --without=postgresql --without=mysql

If you want to use PostgreSQL:

carton install --deployment --without=test --without=sqlite --without=mysql

If you want to use MySQL:

carton install --deployment  --without=test --without=sqlite --without=postgresql

If Carton cant install some modules:

  • install cpanminus from your package manager
  • if the uninstalled modules have a name which begins with Mojolicious::Plugin::FiatTux::, copy their URLs from the file cpanfile and install them with cpanm -L local the_URL
  • if the uninstalled modules dont have a name like that, just install them with cpanm -L local Name::Of::The::Module
  • finally, do a carton install --deployment [your options] again, to be sure that everything is installed

Then:

cp lufi.conf.template lufi.conf
# Edit the configuration file
vi lufi.conf

The configuration file is full of options and self-documented.

There is the contact option (mandatory), where you have to put some way for the users to contact you, and the report where you have to put an email address or an URL to let people report illegal files.

Just read the self-documented configuration file, it's quite simple.

After configuring Lufi, you can start it from command line:

carton exec hypnotoad script/lufi

But it's easier to use your system's init.

Init files

InitV

cp utilities/lufi.init /etc/init.d/lufi
cp utilities/lufi.default /etc/default/lufi
chown root:root /etc/init.d/lufi /etc/default/lufi
vim /etc/default/lufi

You need to change LDIR and USER in /etc/default/lufi to fit your installation. Then:

/etc/init.d/lufi start

Then, to start Lufi at every boot:

update-rc.d lufi defaults

You can check that Lufi is started with:

service lufi status

Systemd

cp utilities/lufi.service /etc/systemd/system/
vim /etc/systemd/system/lufi.service

You need to change User, WorkingDirectory and PIDFile in /etc/systemd/system/lufi.service to fit your installation. Then:

systemctl daemon-reload
systemctl start lufi.service

Then, to start Lufi at every boot:

systemctl enable lufi.service

You can check that Lufi is started with:

systemctl status lufi.service

Upstart

cp utilities/lufi_upstart.conf /etc/init/lufi.conf
cp utilities/lufi.default /etc/default/lufi
vim /etc/default/lufi

You need to change LDIR and USER in /etc/default/lufi to fit your installation. Then:

start lufi

Reverse proxies

Lufi is served by hypnotoad, a production-ready web server, but there's a lot of chances that you want to serve other web sites on your server. Your best shot is to use Nginx.

First uncomment line 13 of lufi.conf.

Putting Lufi behind Nginx

Warning: you'll need Nginx >= 1.3.

Here's a valid Nginx configuration:

server {
    listen 80;

    # Adapt this to your domain!
    server_name demo.lufi.io;

    access_log /var/log/nginx/lufi.success.log;
    error_log /var/log/nginx/lufi.error.log;

    location / {
        # HTTPS only header, improves security
        #add_header Strict-Transport-Security "max-age=15768000";

        # Adapt this to your configuration (port, subdirectory (see below))
        proxy_pass  http://127.0.0.1:8081;

        # Really important! Lufi uses WebSocket, it won't work without this
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # If you want to log the remote port of the file senders, you'll need that
        proxy_set_header X-Remote-Port $remote_port;

        proxy_set_header X-Forwarded-Proto $scheme;

        # We expect the downstream servers to redirect to the right hostname, so don't do any rewrites here.
        proxy_redirect     off;
    }
}

If you use Lufi under a subdirectory like /lufi/, change the prefix configuration option, change the nginx location to /lufi/ and change the proxy_pass to http://127.0.0.1:8080/lufi/.

Putting Lufi behind Apache 2.4

Thx to @cyrilm for providing the configuration.

Please note that Apache is not officially supported since it's a pain in the ass for WebSockets.

Please, have a look at issue #28 because some versions of Apache need a slightly different configuration.

First, you'll need to enable some modules:

a2enmod headers
a2enmod proxy
a2enmod proxy_http
a2enmod proxy_wstunnel

Here's only the configuration about Lufi, you need to put it in a working VirtualHost.

    # HTTPS only header, improves security
    # Header always set Strict-Transport-Security "max-age=63072000; preload"

    # Lufi
    ProxyPreserveHost On
    ProxyRequests off
    RewriteEngine On
    RewriteCond %{HTTP:Connection} upgrade [NC]
    RewriteCond %{HTTP:Upgrade} websocket [NC]
    # Adapt this to your configuration
    RewriteRule ^/lufi/(.*) ws://127.0.0.1:8081/lufi/$1 [P,L]

    RequestHeader unset X-Forwarded-Proto
    RequestHeader add X-Remote-Port %{R_P}e
    # HTTPS only, but won't be used if you use HTTP. You can leave it.
    RequestHeader set X-Forwarded-Proto https env=HTTPS

    <Location /lufi>
        # Adapt this to your configuration
        ProxyPass http://127.0.0.1:8081/lufi
        ProxyPassReverse /lufi
        LimitRequestBody 104857600
    </Location>

If you don't use Lufi under a subdirectory like /lufi/, change the prefix configuration option and replace /lufi/ (and obviously /lufi) by / in this configuration snippet.

Putting Lufi behind IIS

See https://framagit.org/fiat-tux/hat-softwares/lufi/-/issues/271#note_1830550.

Putting Lufi behind Haproxy

Haproxy complies with RFC8441 but some clients (i.e browsers) are not totally compliant with it. There is a workaround configuration setting h2-workaround-bogus-websocket-clients, which instructs the client to use HTTP/1.1 web socket instead of HTTP/2 (ref).

Also, you should enable h2 on the bind line

bind [::]:443 name in-tls tfo ssl strict-sni alpn h2,http/1.1 crt /etc/letsencrypt/live/xxx

You can now go to the cron jobs page or go back to wiki's homepage.