2021-12-22 10:53:20 -07:00
|
|
|
# HOWTO Set up Your Own Chess Server
|
|
|
|
This document shows how to install a chess server.
|
2021-12-22 11:57:50 -07:00
|
|
|
The free software application Lila, written by the fine developers at
|
|
|
|
https://lichess.org, will be used.
|
2021-12-22 10:53:20 -07:00
|
|
|
|
|
|
|
# Overview
|
2021-12-22 11:57:50 -07:00
|
|
|
System will be built from these main parts listed below. You don't
|
|
|
|
need to know all of these, but knowing some system administration
|
|
|
|
will help.
|
2021-12-22 10:53:20 -07:00
|
|
|
|
|
|
|
* OVH ISP.
|
2021-12-22 11:58:38 -07:00
|
|
|
* Debian stable (Bullseye/11).
|
2021-12-22 10:53:20 -07:00
|
|
|
* Lila.
|
|
|
|
* Lila-ws.
|
|
|
|
* Apache.
|
|
|
|
* MongoDB.
|
|
|
|
* Redis.
|
2021-12-22 11:57:50 -07:00
|
|
|
* Scala.
|
2021-12-22 10:53:20 -07:00
|
|
|
* Java.
|
|
|
|
* SBT.
|
|
|
|
* Yarn.
|
|
|
|
* Python.
|
|
|
|
* Git.
|
|
|
|
* Node.
|
2021-12-22 11:37:55 -07:00
|
|
|
* Certbot.
|
|
|
|
* DNS.
|
2021-12-22 11:57:50 -07:00
|
|
|
* All the way down to GRUB and below...
|
2021-12-22 10:53:20 -07:00
|
|
|
|
2021-12-22 13:22:07 -07:00
|
|
|
For a high volume service, some of these services can be broken out
|
|
|
|
across multiple servers. For this example, we'll use just one "blank"
|
2021-12-22 14:57:15 -07:00
|
|
|
remote virtual server with nothing else on it.
|
2021-12-22 13:22:07 -07:00
|
|
|
|
2021-12-22 10:53:20 -07:00
|
|
|
# Upstream
|
|
|
|
The best current upstream document describing the process is here:
|
|
|
|
|
|
|
|
https://github.com/ornicar/lila/wiki/Lichess-Development-Onboarding
|
|
|
|
|
|
|
|
Main upstream repos:
|
|
|
|
|
|
|
|
* https://github.com/ornicar/lila
|
2021-12-22 11:57:50 -07:00
|
|
|
* https://github.com/ornicar/lila-ws
|
2021-12-22 10:53:20 -07:00
|
|
|
|
2021-12-22 13:43:01 -07:00
|
|
|
|
|
|
|
# Donate
|
|
|
|
Be sure to donate to lichess for their great website and for
|
|
|
|
making free software:
|
|
|
|
|
|
|
|
* https://lichess.org/patron
|
|
|
|
|
|
|
|
|
2021-12-22 10:53:20 -07:00
|
|
|
# Pre-Installation Setup
|
|
|
|
First, you need to have a location to host the server. You will want a server
|
|
|
|
with a minimum of 4 gigs of RAM. When the server is running, usage is low,
|
|
|
|
but it takes awhile to compile, so more CPU/RAM will speed that up.
|
|
|
|
|
|
|
|
For this example, we'll set up at OVH, which is the same Internet company
|
|
|
|
that lichess.org uses.
|
|
|
|
|
2021-12-22 11:37:55 -07:00
|
|
|
You will also need a domain and someone providing domain name service (DNS).
|
|
|
|
OVH provides this service (presumably?) or I recommend Njalla.
|
|
|
|
|
2021-12-22 12:22:52 -07:00
|
|
|
|
2021-12-22 11:37:55 -07:00
|
|
|
## Register DNS
|
|
|
|
Since it takes awhile to spread across the Internet, it is best to first
|
|
|
|
register your domain so that process can happen in the background while
|
|
|
|
you are setting up the server.
|
|
|
|
|
2021-12-22 12:22:52 -07:00
|
|
|
For this example, we'll use the domain `mychestserver.org` with the final
|
|
|
|
example server URL being:
|
|
|
|
|
|
|
|
* https://www.mychestserver.org
|
2021-12-22 11:37:55 -07:00
|
|
|
|
2021-12-22 11:57:50 -07:00
|
|
|
Go to your registrar, and register your domain, such as:
|
|
|
|
|
|
|
|
* https://njal.la/
|
|
|
|
|
2021-12-22 12:22:52 -07:00
|
|
|
|
2021-12-22 11:57:50 -07:00
|
|
|
## Register at ISP
|
|
|
|
Go to OVH (or ISP of your choice) and create an account to host your server.
|
|
|
|
OVH may have regional websites as well:
|
|
|
|
|
|
|
|
* https://ovh.com/
|
|
|
|
|
2021-12-22 16:05:06 -07:00
|
|
|
You'll probably need to set up billing of some sort at this point.
|
|
|
|
|
2021-12-22 12:22:52 -07:00
|
|
|
|
2021-12-22 11:37:55 -07:00
|
|
|
## Set up Workstation SSH Keys
|
|
|
|
To connect to the server, you will need SSH keys. They'll be needed at time
|
|
|
|
of server creation, so we'll make them now. This is an example how to create
|
|
|
|
keys on a Debian stable workstation, where the username is "debian" and
|
|
|
|
the workstation name is "workstation". For OVH, we're creating `ecdsa` keys,
|
|
|
|
which is inferior to `ed25519` keys. Last I tested, OVH doesn't accept the
|
|
|
|
latter.
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
# Run command to create keys.
|
|
|
|
# Note the location where you saved the key.
|
|
|
|
# Just hit "enter" for a passphrase.
|
|
|
|
|
|
|
|
debian@workstation:~$ ssh-keygen -t ecdsa
|
|
|
|
Generating public/private ecdsa key pair.
|
|
|
|
Enter file in which to save the key (/home/debian/.ssh/id_ecdsa): /home/debian/.ssh/id_ecdsa-chess
|
|
|
|
Enter passphrase (empty for no passphrase):
|
|
|
|
Enter same passphrase again:
|
|
|
|
Your identification has been saved in /home/debian/.ssh/id_ecdsa-chess
|
|
|
|
Your public key has been saved in /home/debian/.ssh/id_ecdsa-chess.pub
|
|
|
|
The key fingerprint is:
|
|
|
|
SHA256:M2qUpyl31CCUcn3t2+vM6Cn4JaZIVvnFJICtTQiTQmY debian@workstation
|
|
|
|
The key's randomart image is:
|
|
|
|
+---[ECDSA 256]---+
|
|
|
|
| .E oo.*. . |
|
|
|
|
| o. oo= +.. . |
|
|
|
|
| . o.+..... |
|
|
|
|
| .o.+ +. |
|
|
|
|
| o S . oo |
|
|
|
|
| . B + .. . |
|
|
|
|
| . O ..+ . . |
|
|
|
|
| * o.o.o =. |
|
|
|
|
| . ...o+.+ |
|
|
|
|
+----[SHA256]-----+
|
|
|
|
```
|
|
|
|
|
2021-12-22 12:22:52 -07:00
|
|
|
|
2021-12-22 11:37:55 -07:00
|
|
|
## Upload SSH key to ISP
|
2021-12-22 11:57:50 -07:00
|
|
|
Take SSH the key you just created above and upload it to OVH.
|
|
|
|
Go to `Public Cloud`, then near the bottom left column, under
|
|
|
|
`Project Management` click `SSH Keys`.
|
2021-12-22 16:06:23 -07:00
|
|
|
Under the new `SSH Keys` window, click `Add an SSH Key` button.
|
2021-12-22 12:22:52 -07:00
|
|
|
Paste the PUBLIC key created above, ending with `.pub` extension,
|
|
|
|
into the `Key` section of the `Add an SSH key` popup window.
|
2021-12-22 11:57:50 -07:00
|
|
|
|
2021-12-22 16:06:57 -07:00
|
|
|
Take this output and paste into the OVH form in the browser:
|
2021-12-22 11:57:50 -07:00
|
|
|
|
|
|
|
```
|
|
|
|
cat /home/debian/.ssh/id_ecdsa-chess.pub
|
|
|
|
```
|
|
|
|
|
|
|
|
It should look like a tangled mess like this (note, the `debian@workstation` field
|
|
|
|
at the end is informational and can be something depending on your user/workstaion):
|
|
|
|
|
|
|
|
```
|
|
|
|
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC16EdTLECoLqSnmM/aSKrskLYN5ygu2dVvSAfiu4SAHPElrY6wqgUq6kzzsbbnko+VqyGzZ4tTWMml/AlBrQaw= debian@workstation
|
|
|
|
```
|
|
|
|
|
|
|
|
In the `Name` field, enter `mychestkey`.
|
|
|
|
|
|
|
|
Click `Add` to save the key at OVH. You should now see it in the list.
|
2021-12-22 11:37:55 -07:00
|
|
|
|
2021-12-22 12:22:52 -07:00
|
|
|
|
2021-12-22 11:37:55 -07:00
|
|
|
## Create Virtual Machine at ISP
|
2021-12-22 11:57:50 -07:00
|
|
|
OVH sells dedicated "bare metal" servers called the `Bare Metal Cloud`.
|
|
|
|
They also sell virtual machine instances under the `Public Cloud`.
|
2021-12-22 11:37:55 -07:00
|
|
|
The bare metal servers can be better, but they are generally more expensive,
|
|
|
|
a bit more complex to set up and maintain. So for this example, we
|
2021-12-22 11:57:50 -07:00
|
|
|
will set up a virtual machine in the `Public Cloud`.
|
2021-12-22 10:53:20 -07:00
|
|
|
|
|
|
|
|
2021-12-22 11:57:50 -07:00
|
|
|
In OVH `Dashboard` click on `Public Cloud`, then in left column near the top
|
2021-12-22 13:44:19 -07:00
|
|
|
under `Compute`, click `Instances`. Then under the new `Instances` window,
|
2021-12-22 11:57:50 -07:00
|
|
|
click `Create an Instance`.
|
2021-12-22 11:37:55 -07:00
|
|
|
|
2021-12-22 11:57:50 -07:00
|
|
|
* `Select a Model`: `Discovery` tab, then select D2-8. There are some options
|
2021-12-22 11:37:55 -07:00
|
|
|
with 4 gigs of RAM and fewer CPUs, which could be used, but kind of slow.
|
|
|
|
This option is ~$20USD/month.
|
|
|
|
|
2021-12-22 11:57:50 -07:00
|
|
|
* `Select a Region`: The https://lichess.org server is in various data centers around
|
2021-12-22 13:45:10 -07:00
|
|
|
Northern France, such as Gravelines (GRA). If you want to be close to that
|
2021-12-22 11:37:55 -07:00
|
|
|
for some reason, you can select that. Or you could select a server that
|
|
|
|
is regionally close to you and your users in another part of the world.
|
2021-12-22 11:57:50 -07:00
|
|
|
For this example, we'll select Gravelines GRA3. Click `Next`.
|
|
|
|
|
|
|
|
* `Select an Image`: Under `Unix Distributions` tab, select `Debian 11`.
|
|
|
|
|
|
|
|
* `Select an Image`: Under `SSH key` at the bottom of the section, select the
|
|
|
|
`mychestkey` you created and uploaded above. Click `Next`
|
2021-12-22 11:37:55 -07:00
|
|
|
|
2021-12-22 11:57:50 -07:00
|
|
|
* `Configure your instance`: Just one instance. We'll use `mychestserver` for
|
|
|
|
the name, use yours as appropriate. We won't do any of `Post-installation
|
|
|
|
script`, `Private Networks`, or `Backups`, although they could be used.
|
|
|
|
Click `Next`.
|
2021-12-22 11:37:55 -07:00
|
|
|
|
2021-12-22 11:57:50 -07:00
|
|
|
* `Billing Period`: As you like. This is just a test, so here just using
|
|
|
|
`Hourly` at $0.03886/hour. Click `Create an instance` to create the
|
|
|
|
virtual computer, which also starts billing.
|
2021-12-22 11:37:55 -07:00
|
|
|
|
2021-12-22 12:22:52 -07:00
|
|
|
* OVH will say `Launching Instance` and a few minutes later, your server
|
|
|
|
should be ready and in `Activated` status when viewed under the `Instances`
|
|
|
|
tab under `Public Cloud`.
|
|
|
|
|
|
|
|
|
|
|
|
## Forward DNS Configuration
|
|
|
|
Set up forward DNS with the new IP address OVH gave you for your
|
|
|
|
instance. Look at the `Public IP` of your new server `Activated`
|
|
|
|
server instance. In this example, it is `147.135.193.212`. That is the
|
|
|
|
network address of your new server. We want to add it to DNS, so add
|
2021-12-22 16:10:02 -07:00
|
|
|
it to OVH (?) or Njalla's records. For this example, this URL was used
|
|
|
|
to manage the domain:
|
2021-12-22 12:22:52 -07:00
|
|
|
|
|
|
|
* https://njal.la/domains/mychestserver.org/
|
|
|
|
|
|
|
|
Click `Manage` for the domain, then `+ Add Record`.
|
|
|
|
|
|
|
|
* `Type`: Use `A` record.
|
|
|
|
|
|
|
|
* `Name`: Use `www`.
|
|
|
|
|
|
|
|
* `IPv4 Address`: Use the `Public IP` OVH gave you for your instance. In
|
|
|
|
this example, `147.135.193.212`.
|
|
|
|
|
|
|
|
* `TTL`: Lets do something short for now, use `5m`. Click `Add`.
|
|
|
|
|
|
|
|
That will take anywhere from a few seconds to an hour to be picked up by
|
2021-12-22 14:53:02 -07:00
|
|
|
nameservers around the world. It is best if you *don't* query it for now
|
2021-12-22 12:22:52 -07:00
|
|
|
(wait ~15+ minutes) or servers may cache a negative answer, which you'll
|
|
|
|
have to outwait.
|
|
|
|
|
|
|
|
|
|
|
|
## Reverse DNS Configuration
|
|
|
|
Set up reverse DNS with the new IP address OVH gave you for your
|
|
|
|
instance. Look at the `Public IP` of your new server `Activated`
|
|
|
|
server instance. In this example, it is `147.135.193.212`.
|
|
|
|
|
|
|
|
In the OVH `Dashboard` under your `Instances`, click on your instance,
|
|
|
|
such as the example `mychestserver`. On the right hand side under
|
|
|
|
`Networks` in the `IPv4` section there is a button with three dots.
|
|
|
|
Click it and select `Change reverse DNS`. Find your `Public IP` address
|
|
|
|
in the list, our example `147.135.193.212`. In the `Reverse DNS`
|
|
|
|
column, click the edit pencil box icon. Enter your full domain name,
|
|
|
|
such as our example `www.mychestserver.org` and click the check mark
|
|
|
|
to save it.
|
|
|
|
|
|
|
|
|
|
|
|
## Set up SSH on Workstation
|
|
|
|
Back on your workstation, set up your SSH configuration with the key
|
2021-12-22 12:40:18 -07:00
|
|
|
you created and the new `Public IP`. Edit the file `~/.ssh/config`.
|
2021-12-22 12:22:52 -07:00
|
|
|
|
2021-12-22 12:40:18 -07:00
|
|
|
```
|
|
|
|
vim ~/.ssh/config
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
Add using your name and `Public IP` instead of this example.
|
|
|
|
Also, use the path to the *private* workstation SSH key created earlier.
|
|
|
|
Add to `~/.ssh/config`:
|
|
|
|
|
|
|
|
```
|
|
|
|
Host mychestserver
|
|
|
|
Hostname 147.135.193.212
|
|
|
|
User debian
|
|
|
|
Port 22
|
|
|
|
Identityfile ~/.ssh/id_ecdsa-chess
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
# Login
|
|
|
|
Now from your workstation, log into the server and check that all
|
|
|
|
is ok:
|
|
|
|
|
|
|
|
```
|
2021-12-22 12:40:54 -07:00
|
|
|
ssh mychestserver
|
2021-12-22 12:40:18 -07:00
|
|
|
```
|
|
|
|
|
|
|
|
It should look something like this:
|
|
|
|
|
|
|
|
```
|
|
|
|
debian@workstation:~$ ssh mychestserver
|
|
|
|
Host key fingerprint is SHA256:WgtWRY7N3POEhSqhhS6aq7Wac1sR7AQ+abQTpgXiQvU
|
|
|
|
+---[ECDSA 256]---+
|
|
|
|
|SSB. . .S .. |
|
|
|
|
|+* *. . SB ..S |
|
|
|
|
|o.B +E oo.=.+ . |
|
|
|
|
|.. =..o.. . + |
|
|
|
|
| bb.b S. . |
|
|
|
|
| o o + . |
|
|
|
|
| ... . . |
|
|
|
|
|.ooo |
|
|
|
|
|+=o. |
|
|
|
|
+----[SHA256]-----+
|
|
|
|
Linux mychestserver 5.10.0-8-cloud-amd64 #1 SMP Debian 5.10.46-5 (2021-09-23) x86_64
|
|
|
|
|
|
|
|
The programs included with the Debian GNU/Linux system are free software;
|
|
|
|
the exact distribution terms for each program are described in the
|
|
|
|
individual files in /usr/share/doc/*/copyright.
|
|
|
|
|
|
|
|
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
|
|
|
|
permitted by applicable law.
|
|
|
|
debian@mychestserver:~$
|
|
|
|
```
|
|
|
|
|
|
|
|
You can check all is happy with commands like:
|
|
|
|
|
|
|
|
```
|
|
|
|
free -h
|
|
|
|
df -h
|
|
|
|
cat /proc/cpuinfo
|
|
|
|
dpkg -l
|
|
|
|
uname -a
|
|
|
|
dmesg -T
|
|
|
|
```
|
|
|
|
|
2021-12-22 12:51:37 -07:00
|
|
|
# Update Server
|
|
|
|
First, set new passwords for user `debian` and then `root` on the server,
|
|
|
|
using sudo as root... Looks something like this:
|
|
|
|
|
|
|
|
```
|
|
|
|
debian@mychestserver:~$ sudo passwd debian
|
|
|
|
New password:
|
|
|
|
Retype new password:
|
|
|
|
passwd: password updated successfully
|
|
|
|
debian@mychestserver:~$ sudo passwd
|
|
|
|
New password:
|
|
|
|
Retype new password:
|
|
|
|
passwd: password updated successfully
|
|
|
|
```
|
|
|
|
|
|
|
|
Now, update to latest Debian packages.
|
2021-12-22 16:12:16 -07:00
|
|
|
This should take around ten minutes.
|
2021-12-22 12:51:37 -07:00
|
|
|
|
|
|
|
```
|
|
|
|
sudo apt update
|
|
|
|
sudo apt upgrade
|
|
|
|
sudo apt clean
|
|
|
|
```
|
|
|
|
|
|
|
|
Reboot server to newly updated system.
|
2021-12-22 13:20:33 -07:00
|
|
|
It should take less than a minute to reboot.
|
2021-12-22 12:51:37 -07:00
|
|
|
|
|
|
|
```
|
|
|
|
reboot
|
|
|
|
```
|
|
|
|
|
2021-12-22 16:15:51 -07:00
|
|
|
|
2021-12-22 16:17:12 -07:00
|
|
|
## View Server Console
|
2021-12-22 16:15:51 -07:00
|
|
|
It generally isn't needed unless something goes wrong,
|
2021-12-22 16:17:12 -07:00
|
|
|
but you can also see your server's console to make sure
|
2021-12-22 16:15:51 -07:00
|
|
|
reboots or whatever are working ok. In your workstation
|
|
|
|
browser, go to the OVH web page.
|
|
|
|
Under `Public Cloud`, `Compute`, `Instances`, click on
|
|
|
|
your instance, such as `mychestserver`.
|
|
|
|
Near the center top, there is a tab that reads
|
|
|
|
`VNC Console`. Click it. There you can see your server's
|
|
|
|
console.
|
|
|
|
|
|
|
|
|
2021-12-22 12:40:18 -07:00
|
|
|
# Install
|
2021-12-22 13:20:33 -07:00
|
|
|
Log back into the new server:
|
2021-12-22 12:51:37 -07:00
|
|
|
|
|
|
|
```
|
|
|
|
debian@workstation:~$ ssh mychestserver
|
|
|
|
```
|
2021-12-22 10:53:20 -07:00
|
|
|
|
|
|
|
|
2021-12-22 13:20:33 -07:00
|
|
|
## Install Debian Dependencies
|
|
|
|
Install the following dependencies from Debian's repos:
|
|
|
|
|
|
|
|
```
|
|
|
|
sudo apt update
|
|
|
|
|
2021-12-22 14:23:52 -07:00
|
|
|
sudo apt install \
|
|
|
|
apache2 \
|
|
|
|
build-essential \
|
|
|
|
git \
|
|
|
|
openjdk-11-jre-headless \
|
|
|
|
python-is-python3 \
|
|
|
|
python2 \
|
|
|
|
python3-certbot-apache \
|
|
|
|
redis-server
|
|
|
|
|
|
|
|
sudo apt clean
|
2021-12-22 13:20:33 -07:00
|
|
|
```
|
|
|
|
|
|
|
|
Note: Docs say `python2` is needed, but is that still correct?
|
|
|
|
|
|
|
|
## Install External Dependencies
|
|
|
|
Lila has quite a few dependencies, many of which are outside
|
2021-12-22 13:52:59 -07:00
|
|
|
of distributions' repositories. Sometimes the dependency exists
|
2021-12-22 13:20:33 -07:00
|
|
|
in the repo, but it is the wrong version. So we'll need to install
|
2021-12-22 13:52:59 -07:00
|
|
|
these dependencies from external repositories:
|
2021-12-22 13:20:33 -07:00
|
|
|
|
|
|
|
* `mongodb`
|
|
|
|
* `node`
|
|
|
|
* `sbt`
|
|
|
|
* `yarn`
|
|
|
|
|
|
|
|
|
|
|
|
### Install MongoDB
|
2021-12-22 13:32:10 -07:00
|
|
|
Install MongoDB thusly.
|
|
|
|
|
|
|
|
Note, they don't have a Debian Bullseye repo, but the Debian
|
|
|
|
Buster repo works.
|
|
|
|
|
|
|
|
```
|
|
|
|
# Get APT Key
|
|
|
|
wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | sudo apt-key add -
|
|
|
|
|
|
|
|
# Add Repository
|
|
|
|
echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/5.0 main" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list
|
2021-12-22 10:53:20 -07:00
|
|
|
|
2021-12-22 13:32:10 -07:00
|
|
|
# Update Apt
|
|
|
|
sudo apt update
|
|
|
|
|
|
|
|
# Install MongoDB Server
|
|
|
|
sudo apt install mongodb-org
|
|
|
|
|
|
|
|
# Be clean
|
|
|
|
sudo apt clean
|
|
|
|
|
|
|
|
# Start mongodb server
|
|
|
|
sudo systemctl start mongod.service
|
|
|
|
|
|
|
|
# Enable mongodb server on boot
|
|
|
|
sudo systemctl enable mongod.service
|
|
|
|
|
|
|
|
# Logs are here:
|
|
|
|
sudo tail -f /var/log/mongodb/mongod.log
|
|
|
|
```
|
2021-12-22 13:20:33 -07:00
|
|
|
|
|
|
|
### Install Node
|
2021-12-22 13:32:34 -07:00
|
|
|
Install Node thusly:
|
2021-12-22 13:20:33 -07:00
|
|
|
|
2021-12-22 13:52:59 -07:00
|
|
|
```
|
|
|
|
# Setup repos with their script
|
|
|
|
curl -fsSL https://deb.nodesource.com/setup_12.x | sudo bash -
|
|
|
|
|
|
|
|
# Install it
|
|
|
|
sudo apt install nodejs
|
|
|
|
|
|
|
|
sudo apt clean
|
|
|
|
```
|
2021-12-22 13:20:33 -07:00
|
|
|
|
2021-12-22 13:56:56 -07:00
|
|
|
|
2021-12-22 13:20:33 -07:00
|
|
|
### Install SBT
|
2021-12-22 13:32:34 -07:00
|
|
|
Install SBT thusly:
|
2021-12-22 13:20:33 -07:00
|
|
|
|
2021-12-22 13:56:56 -07:00
|
|
|
```
|
|
|
|
# Set up repos
|
|
|
|
echo "deb https://repo.scala-sbt.org/scalasbt/debian all main" | sudo tee /etc/apt/sources.list.d/sbt.list
|
|
|
|
|
|
|
|
echo "deb https://repo.scala-sbt.org/scalasbt/debian /" | sudo tee /etc/apt/sources.list.d/sbt_old.list
|
|
|
|
|
|
|
|
# Add repo key
|
|
|
|
curl -sL "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x2EE0EA64E40A89B84B2DF73499E82A75642AC823" | sudo apt-key add
|
|
|
|
|
|
|
|
# Update repo, install, and clean.
|
|
|
|
sudo apt update
|
|
|
|
|
|
|
|
sudo apt install sbt
|
|
|
|
|
|
|
|
sudo apt clean
|
|
|
|
```
|
|
|
|
|
2021-12-22 13:20:33 -07:00
|
|
|
|
|
|
|
### Install Yarn
|
2021-12-22 13:32:34 -07:00
|
|
|
Install Yarn thusly:
|
2021-12-22 13:20:33 -07:00
|
|
|
|
2021-12-22 14:03:19 -07:00
|
|
|
```
|
|
|
|
# Set up repos
|
|
|
|
echo "deb [signed-by=/usr/share/keyrings/yarnkey.gpg] https://dl.yarnpkg.com/debian stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
|
|
|
|
|
|
|
|
# Add repo key
|
|
|
|
curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | sudo tee /usr/share/keyrings/yarnkey.gpg >/dev/null
|
|
|
|
|
|
|
|
# Update repo, install, and clean.
|
|
|
|
sudo apt update
|
|
|
|
|
|
|
|
sudo apt install yarn
|
|
|
|
|
|
|
|
sudo apt clean
|
|
|
|
|
|
|
|
# Check OK:
|
|
|
|
debian@mychestserver:~$ yarn --version
|
|
|
|
1.22.17
|
|
|
|
```
|
|
|
|
|
2021-12-22 13:20:33 -07:00
|
|
|
|
2021-12-22 14:23:52 -07:00
|
|
|
## Set up Webserver
|
|
|
|
It is a bit easier to set up the webserver and get its SSL certificates
|
|
|
|
confirmed all working correctly before installing Lila, to
|
|
|
|
lessen any complications.
|
|
|
|
|
|
|
|
|
|
|
|
The webserver directories will be owned by user `debian`.
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
# User debian owns webserver files
|
|
|
|
sudo chown -R debian:debian /var/www
|
|
|
|
|
|
|
|
# Quick words for the webserver for testing
|
|
|
|
echo "mychestserver web" > /var/www/html/index.html
|
|
|
|
|
|
|
|
# Start webserver
|
|
|
|
sudo systemctl start apache2
|
|
|
|
|
|
|
|
# Logs are:
|
|
|
|
sudo tail -f /var/log/apache2/*.log
|
|
|
|
```
|
|
|
|
|
|
|
|
In your browser, you should now be able to see your website
|
|
|
|
in insecure plaintext on port 80. Go to your site with your
|
|
|
|
workstation's browser to check.
|
|
|
|
It should say like "mychestserver web".
|
|
|
|
|
|
|
|
* http://www.mychestserver.org
|
|
|
|
|
|
|
|
Note, your browser may try to send you to the `https` URL,
|
|
|
|
but that is set up below with `certbot`.
|
|
|
|
|
|
|
|
```
|
|
|
|
# Set up SSL certificates
|
|
|
|
sudo certbot
|
|
|
|
```
|
|
|
|
|
|
|
|
It should look something like this:
|
|
|
|
|
|
|
|
```
|
|
|
|
debian@mychestserver:~$ sudo certbot
|
|
|
|
Saving debug log to /var/log/letsencrypt/letsencrypt.log
|
|
|
|
Plugins selected: Authenticator apache, Installer apache
|
|
|
|
Enter email address (used for urgent renewal and security notices)
|
|
|
|
(Enter 'c' to cancel): webmaster@mychestserver.org
|
|
|
|
|
|
|
|
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
Please read the Terms of Service at
|
|
|
|
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
|
|
|
|
agree in order to register with the ACME server. Do you agree?
|
|
|
|
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
(Y)es/(N)o: y
|
|
|
|
|
|
|
|
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
Would you be willing, once your first certificate is successfully issued, to
|
|
|
|
share your email address with the Electronic Frontier Foundation, a founding
|
|
|
|
partner of the Let's Encrypt project and the non-profit organization that
|
|
|
|
develops Certbot? We'd like to send you email about our work encrypting the web,
|
|
|
|
EFF news, campaigns, and ways to support digital freedom.
|
|
|
|
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
(Y)es/(N)o: n
|
|
|
|
Account registered.
|
|
|
|
No names were found in your configuration files. Please enter in your domain
|
|
|
|
name(s) (comma and/or space separated) (Enter 'c' to cancel): www.mychestserver.org
|
|
|
|
Requesting a certificate for www.mychestserver.org
|
|
|
|
Performing the following challenges:
|
|
|
|
http-01 challenge for www.mychestserver.org
|
|
|
|
Enabled Apache rewrite module
|
|
|
|
Waiting for verification...
|
|
|
|
Cleaning up challenges
|
|
|
|
Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
|
|
|
|
Enabled Apache socache_shmcb module
|
|
|
|
Enabled Apache ssl module
|
|
|
|
Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
|
|
|
|
Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf
|
|
|
|
Enabled Apache rewrite module
|
|
|
|
Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf
|
|
|
|
|
|
|
|
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
Congratulations! You have successfully enabled https://www.mychestserver.org
|
|
|
|
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
|
|
|
|
IMPORTANT NOTES:
|
|
|
|
- Congratulations! Your certificate and chain have been saved at:
|
|
|
|
/etc/letsencrypt/live/www.mychestserver.org/fullchain.pem
|
|
|
|
Your key file has been saved at:
|
|
|
|
/etc/letsencrypt/live/www.mychestserver.org/privkey.pem
|
|
|
|
Your certificate will expire on 2022-03-22. To obtain a new or
|
|
|
|
tweaked version of this certificate in the future, simply run
|
|
|
|
certbot again with the "certonly" option. To non-interactively
|
|
|
|
renew *all* of your certificates, run "certbot renew"
|
|
|
|
- If you like Certbot, please consider supporting our work by:
|
|
|
|
|
|
|
|
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
|
|
|
|
Donating to EFF: https://eff.org/donate-le
|
|
|
|
```
|
|
|
|
|
|
|
|
Then restart your web server:
|
|
|
|
|
|
|
|
```
|
|
|
|
sudo systemctl restart apache2
|
|
|
|
```
|
|
|
|
|
|
|
|
Now go to your website, and you should see that `https` encrypted
|
|
|
|
SSL is now working and you can view the certificate in your
|
|
|
|
workstation's web browser:
|
|
|
|
|
|
|
|
* https://www.mychestserver.org/
|
|
|
|
|
|
|
|
|
|
|
|
Lets also enable some Apache modules we'll need later.
|
|
|
|
|
|
|
|
```
|
|
|
|
# Enable Apache modules
|
|
|
|
sudo a2enmod headers http2 proxy proxy_http proxy_http2 proxy_wstunnel
|
|
|
|
|
|
|
|
# Restart Apache
|
|
|
|
sudo systemctl restart apache2
|
|
|
|
|
|
|
|
# Enable Apache to start on boot
|
|
|
|
sudo systemctl enable apache2
|
|
|
|
```
|
|
|
|
|
|
|
|
|
2021-12-22 13:20:33 -07:00
|
|
|
## Install Lila
|
2021-12-22 14:23:52 -07:00
|
|
|
Now we can actually install lila! See here:
|
2021-12-22 10:53:20 -07:00
|
|
|
|
|
|
|
* https://github.com/ornicar/lila
|
2021-12-22 10:04:40 -07:00
|
|
|
|
2021-12-22 14:36:41 -07:00
|
|
|
We'll install it in the Apache web tree.
|
|
|
|
Install thusly on server as `debian` user.
|
2021-12-22 14:23:52 -07:00
|
|
|
|
|
|
|
```
|
2021-12-22 14:36:41 -07:00
|
|
|
# Remove old directory
|
|
|
|
rm -rf /var/www/html
|
2021-12-22 14:23:52 -07:00
|
|
|
|
2021-12-22 14:36:41 -07:00
|
|
|
# Go to web directory
|
|
|
|
cd /var/www
|
2021-12-22 14:23:52 -07:00
|
|
|
|
2021-12-22 14:36:41 -07:00
|
|
|
# Clone the Lila git repository to the `html` directory
|
|
|
|
git clone --recursive https://github.com/ornicar/lila.git html
|
2021-12-22 14:23:52 -07:00
|
|
|
```
|
2021-12-22 13:20:33 -07:00
|
|
|
|
2021-12-22 14:36:41 -07:00
|
|
|
## Create MongoDB
|
|
|
|
Create a new MongoDB database.
|
|
|
|
|
|
|
|
```
|
|
|
|
# Go to new cloned dir
|
|
|
|
cd /var/www/html
|
|
|
|
|
|
|
|
# Create MongoDB database indexes
|
|
|
|
mongo lichess bin/mongodb/indexes.js
|
|
|
|
```
|
|
|
|
|
|
|
|
Creating the MongoDB database should look something like this:
|
|
|
|
|
|
|
|
```
|
|
|
|
debian@mychestserver:/var/www/html$ mongo lichess bin/mongodb/indexes.js
|
|
|
|
MongoDB shell version v5.0.5
|
|
|
|
connecting to: mongodb://127.0.0.1:27017/lichess?compressors=disabled&gssapiServiceName=mongodb
|
|
|
|
Implicit session: session { "id" : UUID("7b35e8f2-528c-4136-8b8f-7e9e21200857") }
|
|
|
|
MongoDB server version: 5.0.5
|
|
|
|
```
|
|
|
|
|
|
|
|
|
2021-12-22 14:53:02 -07:00
|
|
|
## Build Lila CSS and JS
|
|
|
|
Build the Lila CSS and JS files. This will take around ten minutes.
|
|
|
|
|
|
|
|
```
|
|
|
|
cd /var/www/html
|
|
|
|
./ui/build
|
|
|
|
```
|
|
|
|
|
|
|
|
It should look something like this:
|
|
|
|
|
|
|
|
```
|
|
|
|
debian@mychestserver:/var/www/html$ ./ui/build
|
|
|
|
building ui modules with target=dev and mode=build
|
|
|
|
node: v12.22.8
|
|
|
|
yarn: 1.22.17
|
|
|
|
yarn install v1.22.17
|
|
|
|
[1/5] Validating package.json...
|
|
|
|
[2/5] Resolving packages...
|
|
|
|
[3/5] Fetching packages...
|
|
|
|
[4/5] Linking dependencies...
|
|
|
|
[5/5] Building fresh packages...
|
|
|
|
Done in 37.56s.
|
|
|
|
For faster builds, install GNU parallel.
|
|
|
|
|
|
|
|
### ui/common ###
|
|
|
|
yarn run v1.22.17
|
|
|
|
$ $npm_execpath run compile
|
|
|
|
$ tsc
|
|
|
|
Done in 5.45s.
|
|
|
|
|
|
|
|
### ui/chess ###
|
|
|
|
yarn run v1.22.17
|
|
|
|
$ $npm_execpath run compile
|
|
|
|
$ tsc --incremental
|
|
|
|
Done in 4.38s.
|
|
|
|
|
2021-12-22 15:55:42 -07:00
|
|
|
...
|
2021-12-22 14:53:02 -07:00
|
|
|
|
|
|
|
### ui/puzzle plugin dashboard ###
|
|
|
|
yarn run v1.22.17
|
|
|
|
$ rollup --config --config-plugin dashboard
|
|
|
|
|
|
|
|
src/dashboard.ts → ../../public/compiled/puzzle.dashboard.js...
|
|
|
|
created ../../public/compiled/puzzle.dashboard.js in 6.2s
|
|
|
|
Done in 6.90s.
|
|
|
|
```
|
|
|
|
|
2021-12-22 14:57:15 -07:00
|
|
|
## Start Lila Console
|
|
|
|
With everything built in the UI ok above,
|
|
|
|
start the Lila console thusly:
|
|
|
|
|
|
|
|
```
|
|
|
|
cd /var/www/html
|
|
|
|
./lila
|
|
|
|
```
|
|
|
|
|
|
|
|
It should look something like this:
|
|
|
|
|
|
|
|
```
|
|
|
|
debian@mychestserver:/var/www/html$ ./lila
|
|
|
|
|\_ _ _ _
|
|
|
|
/o \ | (_) ___| |__ ___ ___ ___ ___ _ __ __ _
|
|
|
|
(_. || | | |/ __| '_ \ / _ \/ __/ __| / _ \| '__/ _` |
|
|
|
|
/__\ | | | (__| | | | __/\__ \__ \| (_) | | | (_| |
|
|
|
|
)___( |_|_|\___|_| |_|\___||___/___(_)___/|_| \__, |
|
|
|
|
|___/
|
|
|
|
Java 11.0.13
|
|
|
|
sbt -Dreactivemongo.api.bson.document.strict=false
|
|
|
|
downloading sbt launcher 1.5.8
|
|
|
|
copying runtime jar...
|
|
|
|
[info] [launcher] getting org.scala-sbt sbt 1.5.8 (this may take some time)...
|
|
|
|
[info] [launcher] getting Scala 2.12.14 (for sbt)...
|
|
|
|
[info] welcome to sbt 1.5.8 (Debian Java 11.0.13)
|
|
|
|
[info] loading settings for project html-build from plugins.sbt ...
|
|
|
|
[info] loading project definition from /var/www/html/project
|
|
|
|
[info] Updating
|
|
|
|
https://repo1.maven.org/maven2/ch/epfl/scala/sbt-bloop_2.12_1.0/1.4.11/sbt-bloop-1.4.11.pom
|
|
|
|
100.0% [##########] 2.7 KiB (13.4 KiB / s)
|
|
|
|
https://repo1.maven.org/maven2/org/scalameta/sbt-scalafmt_2.12_1.0/2.4.5/sbt-scalafmt-2.4.5.pom
|
|
|
|
100.0% [##########] 2.7 KiB (13.4 KiB / s)
|
2021-12-22 15:57:11 -07:00
|
|
|
|
|
|
|
...
|
|
|
|
|
2021-12-22 14:57:15 -07:00
|
|
|
https://repo.scala-sbt.org/scalasbt/sbt-plugin-releases/com.typesafe.sbt/sbt-web/scala_2.12/sbt_1.0/1.4.4/docs/sbt-web-javadoc.jar
|
|
|
|
100.0% [##########] 1.3 MiB (643.2 KiB / s)
|
|
|
|
[info] Fetched artifacts of
|
|
|
|
[info] compiling 3 Scala sources to /var/www/html/project/target/scala-2.12/sbt-1.0/classes ...
|
|
|
|
[info] Non-compiled module 'compiler-bridge_2.12' for Scala 2.12.14. Compiling...
|
|
|
|
[info] Compilation completed in 14.772s.
|
|
|
|
[warn] one feature warning; re-run with -feature for details
|
|
|
|
[warn] one warning found
|
|
|
|
[info] loading settings for project lila from build.sbt ...
|
|
|
|
[info] resolving key references (67100 settings) ...
|
|
|
|
[info] set current project to lila (in build file:/var/www/html/)
|
|
|
|
[info] sbt server started at local:///home/debian/.sbt/1.0/server/22a4d6cb6dbbe2874385/sock
|
|
|
|
[info] started sbt server
|
|
|
|
[lila] $
|
|
|
|
```
|
|
|
|
|
2021-12-22 15:08:04 -07:00
|
|
|
## Compile Lila
|
|
|
|
At the `lila` prompt created by running Lila in the above step,
|
|
|
|
compile Lila thusly:
|
|
|
|
|
|
|
|
```
|
|
|
|
compile
|
|
|
|
```
|
|
|
|
|
|
|
|
It should look like:
|
|
|
|
|
|
|
|
```
|
|
|
|
[lila] $ compile
|
|
|
|
|
|
|
|
...
|
|
|
|
|
|
|
|
# lots of output, running for around five minutes.
|
|
|
|
|
|
|
|
...
|
|
|
|
|
|
|
|
|
|
|
|
https://repo1.maven.org/maven2/org/specs2/specs2-common_2.13/4.8.1/specs2-common_2.13-4.8.1.jar
|
|
|
|
100.0% [##########] 2.0 MiB (12.2 MiB / s)
|
|
|
|
https://raw.githubusercontent.com/ornicar/lila-maven/master/com/typesafe/play/play-logback_2.13/2.8.8-lila_1.8/play-logback_2.13-2.8.8-lila_1.8.jar
|
|
|
|
100.0% [##########] 9.5 KiB (50.2 KiB / s)
|
|
|
|
[info] Fetched artifacts of
|
|
|
|
[info] compiling 9 Scala sources and 4 Java sources to /var/www/html/modules/rating/target/scala-2.13/classes ...
|
|
|
|
[info] compiling 26 Scala sources and 1 Java source to /var/www/html/modules/user/target/scala-2.13/classes ...
|
|
|
|
|
|
|
|
...
|
|
|
|
|
|
|
|
|
|
|
|
[info] compiling 22 Scala sources to /var/www/html/modules/api/target/scala-2.13/classes ...
|
|
|
|
[info] compiling 342 Scala sources and 1 Java source to /var/www/html/target/scala-2.13/classes ...
|
|
|
|
[success] Total time: 335 s (05:35), completed Dec 22, 2021, 10:04:55 PM
|
|
|
|
[lila] $
|
|
|
|
```
|
|
|
|
|
2021-12-22 14:53:02 -07:00
|
|
|
|
2021-12-22 15:11:17 -07:00
|
|
|
## Run Lila
|
|
|
|
Run Lila thusly, from the `lila` prompt, after compiling above.
|
|
|
|
|
|
|
|
```
|
|
|
|
[lila] $ run
|
|
|
|
```
|
|
|
|
|
|
|
|
After a minute or so, you should have output similar to this:
|
|
|
|
|
|
|
|
```
|
|
|
|
[lila] $ run
|
|
|
|
[warn] Compile / run / javaOptions will be ignored, Compile / run / fork is set to false
|
|
|
|
[info] running play.core.server.ProdServerStart
|
|
|
|
[info] boot - lila Dev / java 11.0.13, memory: 2048MB
|
|
|
|
[info] reactivemongo.api.Driver - [Supervisor-1] Creating connection: main
|
|
|
|
[info] e.r.StaticListenerBinder - Starting connection listener ...
|
|
|
|
[info] r.c.actors.MongoDBSystem - [Supervisor-1/main] Starting the MongoDBSystem
|
|
|
|
[info] r.core.netty.Pack - Instantiated reactivemongo.core.netty.Pack
|
|
|
|
[info] db.main - MongoDB connected to mongodb://127.0.0.1:27017?appName=lila in 1089 ms
|
|
|
|
[info] boot - Loaded lila modules in 7217 ms
|
|
|
|
[info] play.api.Play - Application started (Dev) (no global state)
|
|
|
|
[info] p.c.server.AkkaHttpServer - Listening for HTTP on /0:0:0:0:0:0:0:0:9663
|
2021-12-22 15:18:33 -07:00
|
|
|
[info] reactivemongo.api.Driver - [Supervisor-1] Creating connection: insight
|
|
|
|
[info] e.r.StaticListenerBinder - Starting connection listener ...
|
|
|
|
[info] r.c.actors.MongoDBSystem - [Supervisor-1/insight] Starting the MongoDBSystem
|
|
|
|
[info] r.core.netty.Pack - Instantiated reactivemongo.core.netty.Pack
|
2021-12-22 15:11:17 -07:00
|
|
|
```
|
|
|
|
|
|
|
|
If you are at this point, the Lila server is now running, but the
|
|
|
|
full setup isn't complete.
|
|
|
|
|
|
|
|
|
2021-12-22 15:18:33 -07:00
|
|
|
## Connect to Lila via SSH Tunnel
|
|
|
|
The Lila server is now running, but can only be tested via `localhost`
|
|
|
|
since it hasn't been configured yet. You can set up an SSH tunnel
|
|
|
|
on your workstation to connect to the server. For example, open a new
|
|
|
|
terminal on your workstation and run this, using the name of your
|
|
|
|
server in your `~/.ssh/config` file.
|
|
|
|
|
|
|
|
```
|
|
|
|
ssh -N -C -L 9663:localhost:9663 mychestserver
|
|
|
|
```
|
|
|
|
|
|
|
|
Note, this command will just "hang" and not necessarily return
|
|
|
|
any output. When you want to end the tunnel, just hit
|
|
|
|
`CTRL-c` and it will stop.
|
|
|
|
|
|
|
|
|
|
|
|
Now the tunnel is up, you can access the Lila server via SSH
|
|
|
|
in your web browser. Go to this URL on your workstation:
|
|
|
|
|
|
|
|
* http://localhost:9663/
|
|
|
|
|
|
|
|
You should get the world famous lichess.org front page! :)
|
|
|
|
|
2021-12-22 15:19:39 -07:00
|
|
|
Note, not everything is working yet, and you will get `Reconnecting`
|
|
|
|
in your browser until we set up the websockets proxy.
|
2021-12-22 15:18:33 -07:00
|
|
|
|
2021-12-22 15:40:17 -07:00
|
|
|
|
2021-12-22 13:20:33 -07:00
|
|
|
## Install lila-ws
|
2021-12-22 15:40:17 -07:00
|
|
|
Set up the `lila-ws` web sockets server thusly. We will run it from
|
|
|
|
users `debian` home directory...
|
|
|
|
|
|
|
|
Since Lila is currently running in one terminal, open another
|
|
|
|
terminal to install `lila-ws`.
|
|
|
|
|
2021-12-22 10:53:20 -07:00
|
|
|
* https://github.com/ornicar/lila-ws
|
|
|
|
|
2021-12-22 15:40:17 -07:00
|
|
|
```
|
|
|
|
# Log into server from your workstation:
|
|
|
|
ssh mychestserver
|
|
|
|
|
|
|
|
# You should be in your homedir
|
|
|
|
cd
|
|
|
|
|
|
|
|
# Clone lila-ws
|
|
|
|
git clone https://github.com/ornicar/lila-ws
|
|
|
|
|
|
|
|
# Go there
|
|
|
|
cd lila-ws/
|
|
|
|
|
|
|
|
# And run lila web sockets server
|
|
|
|
sbt run
|
|
|
|
```
|
|
|
|
|
|
|
|
Should look like this:
|
|
|
|
|
|
|
|
```
|
|
|
|
debian@workstation:~$ ssh mychestserver
|
|
|
|
Last login: Wed Dec 22 20:17:10 2021 from 143.131.13.195
|
|
|
|
debian@mychestserver:~$ cd
|
|
|
|
debian@mychestserver:~$ git clone https://github.com/ornicar/lila-ws
|
|
|
|
Cloning into 'lila-ws'...
|
|
|
|
remote: Enumerating objects: 5577, done.
|
|
|
|
remote: Counting objects: 100% (665/665), done.
|
|
|
|
remote: Compressing objects: 100% (400/400), done.
|
|
|
|
remote: Total 5577 (delta 314), reused 500 (delta 229), pack-reused 4912
|
|
|
|
Receiving objects: 100% (5577/5577), 1.04 MiB | 8.55 MiB/s, done.
|
|
|
|
Resolving deltas: 100% (3494/3494), done.
|
|
|
|
debian@mychestserver:~$ cd lila-ws/
|
|
|
|
debian@mychestserver:~/lila-ws$ sbt run
|
|
|
|
[info] [launcher] getting org.scala-sbt sbt 1.5.7 (this may take some time)...
|
|
|
|
[info] welcome to sbt 1.5.7 (Debian Java 11.0.13)
|
|
|
|
[info] loading settings for project lila-ws-build from plugins.sbt ...
|
|
|
|
[info] loading project definition from /home/debian/lila-ws/project
|
|
|
|
[info] Updating
|
|
|
|
https://repo1.maven.org/maven2/com/github/sbt/sbt-native-packager_2.12_1.0/1.9.7/sbt-native-packager-1.9.7.pom
|
|
|
|
100.0% [##########] 3.7 KiB (24.6 KiB / s)
|
|
|
|
[info] Resolved dependencies
|
|
|
|
[info] Fetching artifacts of
|
|
|
|
https://repo1.maven.org/maven2/com/github/sbt/sbt-native-packager_2.12_1.0/1.9.7/sbt-native-packager-1.9.7.jar
|
|
|
|
100.0% [##########] 860.6 KiB (5.8 MiB / s)
|
|
|
|
https://repo1.maven.org/maven2/net/java/dev/jna/jna/4.5.0/jna-4.5.0.jar
|
|
|
|
100.0% [##########] 1.4 MiB (7.4 MiB / s)
|
|
|
|
[info] Fetched artifacts of
|
|
|
|
[info] loading settings for project lila-ws from build.sbt ...
|
|
|
|
[info] set current project to lila-ws (in build file:/home/debian/lila-ws/)
|
|
|
|
[info] Updating
|
|
|
|
https://repo1.maven.org/maven2/com/typesafe/scala-logging/scala-logging_2.13/3.9.4/scala-logging_2.13-3.9.4.pom
|
|
|
|
100.0% [##########] 2.6 KiB (34.3 KiB / s)
|
|
|
|
https://repo1.maven.org/maven2/io/kamon/kamon-influxdb_2.13/2.4.2/kamon-influxdb_2.13-2.4.2.pom
|
|
|
|
100.0% [##########] 2.6 KiB (82.7 KiB / s)
|
|
|
|
https://repo1.maven.org/maven2/ch/qos/logback/logback-classic/1.2.9/logback-classic-1.2.9.pom
|
|
|
|
100.0% [##########] 9.5 KiB (71.9 KiB / s)
|
|
|
|
https://repo1.maven.org/maven2/com/typesafe/akka/akka-actor-typed_2.13/2.6.18/akka-actor-typed_2.13-2.6.18.pom
|
|
|
|
|
|
|
|
...
|
|
|
|
|
|
|
|
https://raw.githubusercontent.com/ornicar/lila-maven/master/org/lichess/scalachess_2.13/10.2.0/scalachess_2.13-10.2.0.jar
|
|
|
|
100.0% [##########] 1.1 MiB (2.2 MiB / s)
|
|
|
|
[info] Fetched artifacts of
|
|
|
|
[info] compiling 61 Scala sources to /home/debian/lila-ws/target/scala-2.13/classes ...
|
|
|
|
[info] Non-compiled module 'compiler-bridge_2.13' for Scala 2.13.7. Compiling...
|
|
|
|
[info] Compilation completed in 11.272s.
|
|
|
|
[warn] /home/debian/lila-ws/src/main/scala/actor/ClientActor.scala:63:5: match may not be exhaustive.
|
|
|
|
[warn] It would fail on the following inputs: Unexpected(_), WrongHole
|
|
|
|
[warn] msg match {
|
|
|
|
[warn] ^
|
|
|
|
[warn] one warning found
|
|
|
|
[warn] Compile / run / javaOptions will be ignored, Compile / run / fork is set to false
|
|
|
|
[info] running lila.ws.Boot
|
|
|
|
SLF4J: A number (1) of logging calls during the initialization phase have been intercepted and are
|
|
|
|
SLF4J: now being replayed. These are subject to the filtering rules of the underlying logging system.
|
|
|
|
SLF4J: See also http://www.slf4j.org/codes.html#replay
|
|
|
|
INFO r.api.Driver [clients-akka.actor.default-dispatcher-6] [Supervisor-1] Creating connection: Connection-2
|
|
|
|
INFO r.api.Driver [clients-akka.actor.default-dispatcher-3] [Supervisor-1] Creating connection: Connection-1
|
|
|
|
INFO r.c.a.MongoDBSystem [reactivemongo-akka.actor.default-dispatcher-6] [Supervisor-1/Connection-1] Starting the MongoDBSystem
|
|
|
|
INFO r.c.a.MongoDBSystem [reactivemongo-akka.actor.default-dispatcher-7] [Supervisor-1/Connection-2] Starting the MongoDBSystem
|
|
|
|
INFO r.core.netty.Pack [reactivemongo-akka.actor.default-dispatcher-6] Netty EPoll successfully loaded (shaded: true)
|
|
|
|
INFO r.core.netty.Pack [reactivemongo-akka.actor.default-dispatcher-7] Netty EPoll successfully loaded (shaded: true)
|
|
|
|
INFO r.core.netty.Pack [reactivemongo-akka.actor.default-dispatcher-7] Instantiated reactivemongo.core.netty.Pack
|
|
|
|
INFO r.core.netty.Pack [reactivemongo-akka.actor.default-dispatcher-6] Instantiated reactivemongo.core.netty.Pack
|
|
|
|
INFO lila.ws.Lila [clients-akka.actor.default-dispatcher-7] Redis connection took 1374 ms
|
|
|
|
INFO lila.ws.Monitor$ [run-main-0] lila-ws netty epoll=false kamon=false
|
|
|
|
INFO lila.ws.Monitor$ [run-main-0] Java version: 11.0.13, memory: 1024MB
|
|
|
|
INFO l.w.n.NettyServer [run-main-0] Start
|
|
|
|
INFO l.w.n.NettyServer [run-main-0] Listening to 9664
|
|
|
|
```
|
|
|
|
|
2021-12-22 15:42:44 -07:00
|
|
|
|
|
|
|
Note, if you go to your workstation's browser and view the site via
|
|
|
|
the SSH tunnel again, the "Reconnecting" alert in the bottom left
|
|
|
|
shouldn't appear anymore.
|
|
|
|
|
|
|
|
* http://localhost:9663/
|
|
|
|
|
|
|
|
|
2021-12-22 15:54:19 -07:00
|
|
|
## Set up Apache Web Reverse Proxy
|
|
|
|
Now that the site is nominally working, we can set up the Apache
|
|
|
|
web server as a reverse proxy so we can access the site at an
|
|
|
|
encrypted URL, such as:
|
|
|
|
|
|
|
|
* https://www.mychestserver.org
|
|
|
|
|
|
|
|
|
|
|
|
Note, setting this up will re-break the web sockets until we
|
|
|
|
update that lila-ws configuration below.
|
|
|
|
|
|
|
|
Open yet another terminal on your workstation and ssh into the
|
|
|
|
server again, ala:
|
|
|
|
|
|
|
|
```
|
|
|
|
ssh mychestserver
|
|
|
|
```
|
|
|
|
|
|
|
|
Using your favorite text editor, such as vim, edit the Apache configuration
|
|
|
|
file:
|
|
|
|
|
|
|
|
```
|
|
|
|
sudo vim /etc/apache2/sites-enabled/000-default-le-ssl.conf
|
|
|
|
```
|
|
|
|
|
|
|
|
The full configuration file should look like this:
|
|
|
|
|
|
|
|
```
|
|
|
|
<IfModule mod_ssl.c>
|
|
|
|
<VirtualHost *:443>
|
|
|
|
ProxyRequests On
|
|
|
|
ProxyVia On
|
|
|
|
ServerAdmin webmaster@localhost
|
|
|
|
DocumentRoot /var/www/html
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
|
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
|
|
|
RewriteEngine on
|
|
|
|
AllowEncodedSlashes NoDecode
|
|
|
|
ProxyPass / http://localhost:9663/ nocanon
|
|
|
|
ProxyPassReverse / http://localhost:9663/
|
|
|
|
RewriteCond %{HTTP:Upgrade} =websocket [NC]
|
|
|
|
RewriteRule /(.*) ws://localhost:9664/$1 [P,L]
|
|
|
|
Header set "Access-Control-Allow-Origin" "https://www.mychestserver.org"
|
|
|
|
Header set "Access-Control-Allow-Methods" "POST, GET, OPTIONS"
|
|
|
|
ServerName www.mychestserver.org
|
|
|
|
SSLCertificateFile /etc/letsencrypt/live/www.mychestserver.org/fullchain.pem
|
|
|
|
SSLCertificateKeyFile /etc/letsencrypt/live/www.mychestserver.org/privkey.pem
|
|
|
|
Include /etc/letsencrypt/options-ssl-apache.conf
|
2021-12-22 18:53:45 -07:00
|
|
|
ProxyPreserveHost On
|
|
|
|
SSLProtocol -All TLSv1.3 TLSv1.2 -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
|
|
|
|
SSLCipherSuite AES256+EECDH
|
|
|
|
SSLHonorCipherOrder on
|
|
|
|
SSLCompression off
|
|
|
|
SSLVerifyClient None
|
|
|
|
SSLSessionTickets Off
|
|
|
|
SSLOptions +StrictRequire
|
2021-12-22 15:54:19 -07:00
|
|
|
</VirtualHost>
|
|
|
|
</IfModule>
|
|
|
|
```
|
|
|
|
|
|
|
|
Then restart the webserver with the new config:
|
|
|
|
|
|
|
|
```
|
|
|
|
sudo systemctl restart apache2.service
|
|
|
|
|
|
|
|
# Logs are:
|
|
|
|
sudo tail -f /var/log/apache2/*.log
|
|
|
|
```
|
|
|
|
|
|
|
|
Now you should be able to go to this page, but note,
|
|
|
|
everything will be broken! We're going to have to
|
|
|
|
configure Lila below for the domain. But you can see that
|
|
|
|
the Apache proxy part is at least redirecting to the
|
|
|
|
Lila server.
|
|
|
|
|
|
|
|
In your workstation browser, check:
|
|
|
|
|
|
|
|
* https://www.mychestserver.org/
|
|
|
|
|
|
|
|
|
2021-12-22 17:36:19 -07:00
|
|
|
# Configure
|
|
|
|
Now that the dependencies are in place, and the site is sort of
|
|
|
|
working, it is time to configure Lila and the web sockets
|
|
|
|
daemon to use the correct domain. This will require recompiling.
|
|
|
|
|
|
|
|
|
2021-12-22 15:40:17 -07:00
|
|
|
## Configure Web Sockets lila-ws
|
|
|
|
Configure `lila-ws` thusly:
|
|
|
|
|
|
|
|
|
2021-12-22 10:04:40 -07:00
|
|
|
```
|
2021-12-22 17:36:19 -07:00
|
|
|
# Go to Lila web sockets source dir
|
|
|
|
cd ~/lila-ws/
|
|
|
|
|
|
|
|
# Edit the configuration file
|
2021-12-22 10:04:40 -07:00
|
|
|
vim ./src/main/resources/application.conf
|
2021-12-22 17:36:19 -07:00
|
|
|
|
|
|
|
# In the configuration, set this line
|
2021-12-22 15:59:33 -07:00
|
|
|
csrf.origin = "https://www.mychestserver.org"
|
2021-12-22 10:04:40 -07:00
|
|
|
```
|
2021-12-22 11:37:55 -07:00
|
|
|
|
2021-12-22 17:36:19 -07:00
|
|
|
Now that you have changed the configuration, you need to
|
|
|
|
restart the `lila-ws` daemon. Later, we'll set up a
|
|
|
|
system service, but for now, we'll just hammer it with
|
|
|
|
`CTRL-c` and restart it. So if you still have the lila-ws
|
|
|
|
running from earlier, go to that window and hit `CTRL-c`.
|
|
|
|
This window probably has a last line like this:
|
2021-12-22 13:32:10 -07:00
|
|
|
|
2021-12-22 17:36:19 -07:00
|
|
|
```
|
|
|
|
INFO l.w.n.NettyServer [run-main-0] Listening to 9664
|
|
|
|
```
|
|
|
|
|
|
|
|
Stopping it looks like:
|
|
|
|
|
|
|
|
```
|
|
|
|
INFO l.w.n.NettyServer [run-main-0] Listening to 9664
|
|
|
|
^C
|
|
|
|
[warn] Canceling execution...
|
|
|
|
Cancelled: run
|
|
|
|
[error] Cancelled: run
|
|
|
|
[error] Use 'last' for the full log.
|
|
|
|
```
|
|
|
|
|
|
|
|
Then just re-run it like:
|
|
|
|
|
|
|
|
```
|
|
|
|
sbt run
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
## Configure Lila
|
|
|
|
To configure Lila to use your domain and the web sockets
|
|
|
|
server, do the following. Log into the server and run:
|
|
|
|
|
|
|
|
```
|
|
|
|
# Go to the lila git root dir
|
|
|
|
cd /var/www/html/
|
|
|
|
|
|
|
|
# Edit using your favorite editor
|
|
|
|
vim conf/base.conf
|
|
|
|
|
|
|
|
# Update the following section from this:
|
|
|
|
|
|
|
|
net {
|
|
|
|
domain = "localhost:9663"
|
|
|
|
socket.domains = [ "localhost:9664" ]
|
|
|
|
asset.domain = ${net.domain}
|
|
|
|
asset.base_url = "http://"${net.asset.domain}
|
|
|
|
asset.minified = false
|
|
|
|
base_url = "http://"${net.domain}
|
|
|
|
email = ""
|
|
|
|
crawlable = false
|
|
|
|
ratelimit = true
|
|
|
|
prodDomain = "lichess.org"
|
|
|
|
http.log = true
|
|
|
|
stage.banner = false
|
|
|
|
}
|
|
|
|
|
|
|
|
# To this:
|
|
|
|
|
|
|
|
net {
|
|
|
|
domain = "www.mychestserver.org"
|
|
|
|
socket.domains = [ "www.mychestserver.org" ]
|
|
|
|
asset.domain = ${net.domain}
|
|
|
|
asset.base_url = "https://"${net.asset.domain}
|
|
|
|
asset.minified = false
|
|
|
|
base_url = "https://"${net.domain}
|
|
|
|
email = "gm@mychestserver.org"
|
|
|
|
crawlable = false
|
|
|
|
ratelimit = true
|
|
|
|
prodDomain = "www.mychestserver.org"
|
|
|
|
http.log = true
|
|
|
|
stage.banner = false
|
|
|
|
}
|
2021-12-22 18:29:54 -07:00
|
|
|
|
|
|
|
# Also change this line ( XXX needed?)
|
|
|
|
cookieName = "lila2"
|
|
|
|
|
|
|
|
# To something unique
|
|
|
|
cookieName = "mychestserver"
|
|
|
|
|
|
|
|
# And change the User Agent ( XXX probably not needed)
|
|
|
|
# From:
|
|
|
|
useragent = "lichess.org"
|
|
|
|
|
|
|
|
# To:
|
|
|
|
useragent = "www.mychestserver.org"
|
|
|
|
|
2021-12-22 17:36:19 -07:00
|
|
|
```
|
|
|
|
|
|
|
|
Note, there are many other sections in `conf/base.conf` that should be
|
|
|
|
edited, but this is minimally viable.
|
|
|
|
|
|
|
|
Now restart Lila. If you still are running it in a window, you
|
|
|
|
can `CTRL-c` that, which leaves you at `lila` prompt. Then quit,
|
|
|
|
recompile, and run.
|
|
|
|
|
|
|
|
```
|
|
|
|
# Looks like this
|
|
|
|
|
|
|
|
[info] http - 200 browser GET / Lobby.home 206ms
|
|
|
|
^C
|
|
|
|
[warn] Canceling execution...
|
|
|
|
Cancelled: run
|
|
|
|
[error] Cancelled: run
|
|
|
|
[error] Use 'last' for the full log.
|
|
|
|
[lila] $
|
|
|
|
[lila] $ exit
|
|
|
|
[info] shutting down sbt server
|
|
|
|
...
|
|
|
|
[info] shutdown - <194ms> service-stop Closing mongodb driver
|
|
|
|
[info] p.c.server.AkkaHttpServer - Running provided shutdown stop hooks
|
|
|
|
```
|
|
|
|
|
2021-12-22 18:29:54 -07:00
|
|
|
|
|
|
|
## Rebuild Static Pages for Domain
|
2021-12-22 17:36:19 -07:00
|
|
|
I think you have to rebuild the static bits now...
|
|
|
|
XXX probably need to patch foo.scala with the base URL?
|
|
|
|
|
|
|
|
```
|
|
|
|
cd /var/www/html
|
2021-12-22 18:29:54 -07:00
|
|
|
|
|
|
|
# Then rebuild
|
2021-12-22 17:36:19 -07:00
|
|
|
./ui/build
|
|
|
|
```
|
|
|
|
|
2021-12-22 18:29:54 -07:00
|
|
|
## Re-Run Lila
|
2021-12-22 17:36:19 -07:00
|
|
|
|
2021-12-22 18:29:54 -07:00
|
|
|
Then re-run `lila` at the server prompt.
|
2021-12-22 17:36:19 -07:00
|
|
|
Looks like:
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
debian@mychestserver:/var/www/html$ ./lila
|
|
|
|
|\_ _ _ _
|
|
|
|
/o \ | (_) ___| |__ ___ ___ ___ ___ _ __ __ _
|
|
|
|
(_. || | | |/ __| '_ \ / _ \/ __/ __| / _ \| '__/ _` |
|
|
|
|
/__\ | | | (__| | | | __/\__ \__ \| (_) | | | (_| |
|
|
|
|
)___( |_|_|\___|_| |_|\___||___/___(_)___/|_| \__, |
|
|
|
|
|___/
|
|
|
|
Java 11.0.13
|
|
|
|
sbt -Dreactivemongo.api.bson.document.strict=false
|
|
|
|
[info] welcome to sbt 1.5.8 (Debian Java 11.0.13)
|
|
|
|
[info] loading settings for project html-build from plugins.sbt ...
|
|
|
|
[info] loading project definition from /var/www/html/project
|
|
|
|
[info] loading settings for project lila from build.sbt ...
|
|
|
|
[info] resolving key references (67100 settings) ...
|
|
|
|
[info] set current project to lila (in build file:/var/www/html/)
|
|
|
|
[info] sbt server started at local:///home/debian/.sbt/1.0/server/22a4d6cb6dbbe2874385/sock
|
|
|
|
[info] started sbt server
|
|
|
|
[lila] $
|
|
|
|
```
|
|
|
|
|
|
|
|
Now recompile:
|
|
|
|
|
|
|
|
```
|
|
|
|
[lila] $ compile
|
|
|
|
[success] Total time: 22 s, completed Dec 23, 2021, 12:25:50 AM
|
|
|
|
```
|
|
|
|
|
|
|
|
And finally run it:
|
|
|
|
|
|
|
|
```
|
|
|
|
[lila] $ run
|
|
|
|
```
|
|
|
|
|
|
|
|
In less than a minute, should look like this:
|
|
|
|
|
|
|
|
```
|
|
|
|
[lila] $ run
|
|
|
|
[warn] Compile / run / javaOptions will be ignored, Compile / run / fork is set to false
|
|
|
|
[info] running play.core.server.ProdServerStart
|
|
|
|
[info] boot - lila Dev / java 11.0.13, memory: 2048MB
|
|
|
|
[info] reactivemongo.api.Driver - [Supervisor-1] Creating connection: main
|
|
|
|
[info] e.r.StaticListenerBinder - Starting connection listener ...
|
|
|
|
[info] r.c.actors.MongoDBSystem - [Supervisor-1/main] Starting the MongoDBSystem
|
|
|
|
[info] r.core.netty.Pack - Instantiated reactivemongo.core.netty.Pack
|
|
|
|
[info] db.main - MongoDB connected to mongodb://127.0.0.1:27017?appName=lila in 871 ms
|
|
|
|
[info] boot - <0ms> RoundSocket Done loading 0/0 round games
|
|
|
|
[info] boot - Loaded lila modules in 7350 ms
|
|
|
|
[info] play.api.Play - Application started (Dev) (no global state)
|
|
|
|
[info] p.c.server.AkkaHttpServer - Listening for HTTP on /0:0:0:0:0:0:0:0:9663
|
|
|
|
```
|
|
|
|
|
|
|
|
Now go test in your workstation browser:
|
|
|
|
|
|
|
|
* https://www.mychestserver.org
|
2021-12-22 13:20:33 -07:00
|
|
|
|
2021-12-22 13:32:10 -07:00
|
|
|
|
2021-12-22 13:20:33 -07:00
|
|
|
# Use
|
|
|
|
Use thusly...
|
|
|
|
|
2021-12-22 17:36:19 -07:00
|
|
|
|
2021-12-22 16:31:03 -07:00
|
|
|
# Patch
|
|
|
|
Example Lila patch:
|
|
|
|
|
|
|
|
https://spacecruft.org/deepcrayon/lila/commit/d0fb110e218292921e35e8fe8181d7e7ea8883e4
|
2021-12-22 13:32:10 -07:00
|
|
|
|
2021-12-22 17:36:19 -07:00
|
|
|
|
2021-12-22 11:37:55 -07:00
|
|
|
# Misc
|
|
|
|
Potentially include items such as:
|
|
|
|
|
|
|
|
* Local firewall.
|
|
|
|
* Securing ssh.
|
|
|
|
* Locking down system overall.
|
2021-12-22 12:51:37 -07:00
|
|
|
* Set locale.
|
|
|
|
* Set timezone.
|
|
|
|
* Disable IPv6.
|
2021-12-22 13:20:33 -07:00
|
|
|
* Lila secrets & salts.
|
2021-12-22 13:32:10 -07:00
|
|
|
* Turn off unneeded services.
|
2021-12-22 13:41:08 -07:00
|
|
|
* Forums.
|
|
|
|
* Irwin.
|
|
|
|
* Mail.
|
|
|
|
* Bots.
|
2021-12-22 14:57:15 -07:00
|
|
|
* git branches
|
2021-12-22 15:54:19 -07:00
|
|
|
* Apache SSL tweaks.
|
|
|
|
* Apache redirects to only use parts of site.
|