3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-12-22 10:42:52 +01:00

make systemd and letsencrypt two separate manual sections

This commit is contained in:
Shivaram Lingamneni 2021-03-01 22:21:53 -05:00
parent 96f575c739
commit 72f41f6b3f

View File

@ -26,7 +26,8 @@ _Copyright © Daniel Oaks <daniel@danieloaks.net>, Shivaram Lingamneni <slingamn
- [Becoming an operator](#becoming-an-operator)
- [Rehashing](#rehashing)
- [Environment variables](#environment-variables)
- [Productionizing](#productionizing)
- [Productionizing with systemd](#productionizing-with-systemd)
- [Using valid TLS certificates](#using-valid-tls-certificates)
- [Upgrading to a new version of Oragono](#upgrading-to-a-new-version-of-oragono)
- [Features](#features)
- [User Accounts](#user-accounts)
@ -174,7 +175,7 @@ Oragono can also be configured using environment variables, using the following
However, settings that were overridden using this technique cannot be rehashed --- changing them will require restarting the server.
## Productionizing
## Productionizing with systemd
The recommended way to operate oragono as a service on Linux is via systemd. This provides a standard interface for starting, stopping, and rehashing (via `systemctl reload`) the service. It also captures oragono's loglines (sent to stderr in the default configuration) and writes them to the system journal.
@ -189,6 +190,12 @@ The only major distribution that currently packages Oragono is Arch Linux; the a
1. `systemctl start oragono.service`
1. Confirm that the service started correctly with `systemctl status oragono.service`
On a non-systemd system, oragono can be configured to log to a file and used [logrotate(8)](https://linux.die.net/man/8/logrotate), since it will reopen its log files (as well as rehashing the config file) upon receiving a SIGHUP. To rehash manually outside the context of log rotation, you can use `killall -HUP oragono` or `pkill -HUP oragono`.
## Using valid TLS certificates
The other major hurdle for productionizing (but one well worth the effort) is obtaining valid TLS certificates for your domain, if you haven't already done so:
1. The simplest way to get valid TLS certificates is from [Let's Encrypt](https://letsencrypt.org/) with [Certbot](https://certbot.eff.org/). The correct procedure will depend on whether you are already running a web server on port 80. If you are, follow the guides on the Certbot website; if you aren't, you can use `certbot certonly --standalone --preferred-challenges http -d example.com` (replace `example.com` with your domain).
@ -211,8 +218,6 @@ Executing this script manually will install the certificates for the first time
If you are using Certbot 0.29.0 or higher, you can also change the ownership of the files under `/etc/letsencrypt` so that the oragono user can read them, as described in the [UnrealIRCd documentation](https://www.unrealircd.org/docs/Setting_up_certbot_for_use_with_UnrealIRCd#Tweaking_permissions_on_the_key_file).
On a non-systemd system, oragono can be configured to log to a file and used [logrotate(8)](https://linux.die.net/man/8/logrotate), since it will reopen its log files (as well as rehashing the config file) upon receiving a SIGHUP. To rehash manually outside the context of log rotation, you can use `killall -HUP oragono` or `pkill -HUP oragono`.
## Upgrading to a new version of Oragono