From 6b08e8c89d26225786736ad69ba335b275a1a048 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 4 Jul 2016 21:26:46 +0200 Subject: [doc] update install documentation --- README.md | 46 ++++++++++++++++++++++++++++------------------ doc/DEPLOY.md | 9 +++++++-- doc/DEVELOP.md | 27 +++++++++++++++++---------- doc/TROUBLESHOOT.md | 14 ++++++++++---- 4 files changed, 62 insertions(+), 34 deletions(-) diff --git a/README.md b/README.md index b6f3d1b..6d8a504 100644 --- a/README.md +++ b/README.md @@ -46,20 +46,6 @@ External docs: * Overview of the main code repositories * Ideas for discrete, unclaimed development projects that would greatly benefit the LEAP ecosystem. -Known problems ---------------------------- - -* Client certificates are generated without a CSR. The problem is that - this makes the web application extremely vulnerable to denial of - service attacks. This is not an issue unless the provider enables the - possibility of anonymously fetching a client certificate without - authenticating first. - -* By its very nature, the user database is vulnerable to enumeration - attacks. These are very hard to prevent, because our protocol is - designed to allow query of a user database via proxy in order to - provide network perspective. - Installation --------------------------- @@ -69,14 +55,24 @@ these instructions: ### Install system requirements +You'll need git, ruby (2.1.5), couchdb and bundler installed. +On a recent debian based distribution run + sudo apt install git ruby couchdb bundler -Your actual requirements might differ if you are running an older OS that defaults to ruby 1.9. +For other operation systems please lookup the install instructions of these +tools. ### Download source +We host our own git repository. In order to create a local clone run + git clone --recursive git://leap.se/leap_web +The repo is mirrored on github and we accept pull requests there: + + https://github.com/leapcode/leap_web + ### Install required ruby libraries cd leap_web @@ -88,13 +84,13 @@ have sudo, run ``bundle`` as root. ### Installation for development purposes -Please see `doc/DEVELOP.md` for further required steps when installing +Please see `doc/DEVELOP.md` for details about installing leap_web for development purposes. -Configuration +Configuration for Production ---------------------------- -The configuration file `config/defaults.yml` providers good defaults for +The configuration file `config/defaults.yml` provides good defaults for most values. You can override these defaults by creating a file `config/config.yml`. @@ -167,3 +163,17 @@ To run an individual test: or ruby -Itest certs/test/unit/client_certificate_test.rb +Known problems +--------------------------- + +* Client certificates are generated without a CSR. The problem is that + this makes the web application extremely vulnerable to denial of + service attacks. This is not an issue unless the provider enables the + possibility of anonymously fetching a client certificate without + authenticating first. + +* By its very nature, the user database is vulnerable to enumeration + attacks. These are very hard to prevent, because our protocol is + designed to allow query of a user database via proxy in order to + provide network perspective. + diff --git a/doc/DEPLOY.md b/doc/DEPLOY.md index 33d5598..4d59701 100644 --- a/doc/DEPLOY.md +++ b/doc/DEPLOY.md @@ -1,5 +1,10 @@ # Deployment # +LEAP Web is provisioned and run as part of the overall [LEAP platform](https://leap.se/en/docs/platform). +We strongly recomment using the whole Platform and following its instructions. +If you want to directly deploy the webapp never the less these instructions are +for you. + These instructions are targeting a Debian GNU/Linux system. You might need to change the commands to match your own needs. @@ -10,9 +15,9 @@ change the commands to match your own needs. The following packages need to be installed: * git -* ruby1.9 -* rubygems1.9 +* ruby (2.1.5) * couchdb (if you want to use a local couch) +* bundler ### Setup Capistrano ### diff --git a/doc/DEVELOP.md b/doc/DEVELOP.md index cdd0867..e0c07d6 100644 --- a/doc/DEVELOP.md +++ b/doc/DEVELOP.md @@ -7,17 +7,24 @@ control checks. This is handy for local development. However, there is the risk that running tests with Couch in Admin Party yields false results. -You have two options: +We recommend keeping the default CouchDB configuration locally and testing +the more complex setup with access control in Continuous Integration. -1) Use Admin Party and accept the risk -2) Stop Admin Party by creating user accounts & security docs by running the -following script: +Please see .travis.yml for the configuration of our CI runs. - test/travis/setup_couch.sh +In order to prepare you local couch for development run +``` +bin/rake db:rotate +bin/rake db:migrate +``` -### Database configuration +### Customized database configuration (advanced) + +If you want to stop Admin Party mode you need to create user accounts & +security docs. You can use the following script as a guideline: + test/travis/setup_couch.sh -Copy & adapt the default database configuration: +Afterwards copy & adapt the default database configuration: ``` mv config/couchdb.example.yml config/couchdb.yml @@ -37,14 +44,14 @@ Some tips on modifying the views: ## Engines ## -Leap Web contains some. They live in their own subdirectory and are included through bundler via their path. This way changes to the engines immediately affect the server as if they were in the main `app` directory. +We use engines to separate optional functionality from the core. They live in their own subdirectory and are included through bundler via their path. This way changes to the engines immediately affect the server as if they were in the main `app` directory. Currently Leap Web includes 2 Engines: * [support](https://github.com/leapcode/leap_web/blob/master/engines/support) - Help ticket management * [billing](https://github.com/leapcode/leap_web/blob/master/engines/billing) - Billing System -## Creating a new engine ## +## Creating a new engine (advanced) ## If you want to add functionality to the webapp but keep it easy to remove you might consider adding an engine. This only makes sense if your engine really is a plugin - so no other pieces of code depend on it. @@ -99,7 +106,7 @@ For example: visit robot_path(@robot, :locale => nil) end -## Debugging +## Debugging Production (advanced) Sometimes bugs only show up when deployed to the live production server. Debugging can be tricky, because the open source mod_passenger does not support debugger. You can't just run diff --git a/doc/TROUBLESHOOT.md b/doc/TROUBLESHOOT.md index f3db006..0e2957d 100644 --- a/doc/TROUBLESHOOT.md +++ b/doc/TROUBLESHOOT.md @@ -13,15 +13,19 @@ Here are some less common issues you might run into when installing Leap Web. Make sure bundler is installed. `gem list bundler` should list `bundler`. You also need to be able to access the `bundler` executable in your PATH. -## Outdated version of rubygems ## +## Incompatible ruby version ## -### Error Messages ### +### Detecting the problem ### +The rubyversion we use for development and testing is noted in the file + + .ruby-version -`bundler requires rubygems >= 1.3.6` +It should match what `ruby --version` prints. ### Solution ### -`gem update --system` will install the latest rubygems +Install the matching ruby version. For some operation systems this may require +the use of rbenv or rvm. ## Missing development tools ## @@ -42,5 +46,7 @@ Some gem dependencies might not compile because they lack the needed c libraries ### Solution ### Install the libraries in question including their development files. +Usually the missing library is mentioned in the error message. Searching the +internet for similar errors is a good starting point aswell. -- cgit v1.2.3