$ sudo apt-get install python-dev git-core python-virtualenv libapache2-mod-wsgi
$ cd /var/www/ $ git clone https://github.com/mozilla-services/syncserver $ cd syncserver $ make build
$ cat syncserver.ini
[server:main] use = egg:Paste#http host = 0.0.0.0 port = 5000 [app:main] use = egg:syncserver [syncserver] public_url = https://sync.domain.com/ sqluri = sqlite:////var/www/db.sql secret = your_server_key
head /dev/urandom |md5sum
$ touch /var/www/db.sql
$ chown -R www-data:www-data /var/www/ $ chmod 600 /var/www/db.sql
$ cat /etc/apache2/sites-available/sync.domain.com.conf
<VirtualHost *:80> ServerName sync.domain.com Redirect permanent / https://sync.domain.com/ ErrorLog /var/log/apache2/sync/error.log CustomLog /var/log/apache2/sync/access.log combined </VirtualHost> <VirtualHost *:443> Servername sync.domain.com ServerAdmin webmaster@domain.com DocumentRoot /var/www/syncserver WSGIProcessGroup sync.domain.com WSGIDaemonProcess sync.domain.com user=www-data group=www-data processes=2 threads=25 python-path=/var/www/syncserver/local/lib/python2.7/site-packages WSGIPassAuthorization On WSGIScriptAlias / /var/www/syncserver/syncserver.wsgi ErrorLog /var/log/apache2/sync/error-ssl.log CustomLog /var/log/apache2/sync/access-ssl.log combined SSLEngine on SSLProtocol -ALL +SSLv3 +TLSv1 SSLHonorCipherOrder On SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH SSLCertificateFile /etc/apache2/ssl/sync.domain.com.crt SSLCertificateKeyFile /etc/apache2/ssl/sync.domain.com.key <Directory /var/www/syncserver> Order deny,allow Allow from all </Directory> </VirtualHost>
$ cd /etc/apache2/ssl/ $ openssl genrsa -des3 -out server.key 1024 $ openssl req -new -key server.key -out server.csr $ cp server.key sync.domain.com.key $ openssl rsa -in sync.domain.com.key -out server.key $ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt $ cp server.crt sync.domain.com.crt $ cp server.key sync.domain.com.key
$ mkdir /var/log/apache2/sync/ $ touch /var/log/apache2/sync/error-ssl.log $ touch /var/log/apache2/sync/access-ssl.log $ touch /var/log/apache2/sync/error.log $ touch /var/log/apache2/sync/access.log $ chown -R www-data:www-data /var/log/apache2/sync/
$ a2ensite sync.domain.com
service apache2 restart
https://sync.domain.com/token/1.0/sync/1.5
the web server will give us something like: {"status": "error", "errors": [{"location": "body", "name": "", "description": "Unauthorized"}]}
https://sync.domain.com/token/1.0/sync/1.5
$ cat /home/syncserv/syncserver.ini
... [syncserver] public_url = https://___IP/ ( ) ... secret = _ (head /dev/urandom |md5sum) ...
<VirtualHost *:80> ServerName sync.domain.com Redirect permanent / https://sync.domain.com/ ErrorLog /var/log/apache2/sync/error.log CustomLog /var/log/apache2/sync/access.log combined </VirtualHost> <VirtualHost *:443> Servername sync.domain.com ServerAdmin webmaster@domain.com DocumentRoot /home/syncserv WSGIProcessGroup sync.domain.com WSGIDaemonProcess sync.domain.com user=syncserv group=syncserv processes=2 threads=25 python-path=/home/syncserv/local/lib/python2.7/site-packages WSGIPassAuthorization On WSGIScriptAlias / /home/syncserv/syncserver.wsgi ErrorLog /var/log/apache2/sync/error-ssl.log CustomLog /var/log/apache2/sync/access-ssl.log combined SSLEngine on SSLProtocol ALL -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH SSLCertificateFile /etc/apache2/ssl/sync.domain.com.crt SSLCertificateKeyFile /etc/apache2/ssl/sync.domain.com.key <Directory /home/syncserv> Order deny,allow Allow from all </Directory> </VirtualHost>
Source: https://habr.com/ru/post/241889/
All Articles