@@ -24,7 +24,7 @@ The machine you want to deploy LEAF-Writer on also needs to have `git` installed
...
@@ -24,7 +24,7 @@ The machine you want to deploy LEAF-Writer on also needs to have `git` installed
10. Build and run LEAF-Writer and all its dependencies by running: `sudo docker compose --env-file leafwriter.env -f docker-compose.yml up` If you feel brave enough, you can add the `-d` option to directly launch the containers in the background. It is, however, advisable to first launch LEAF-Writer with enabled output stream to see if any problems are identifiable by the logs. You should, therefore, probably continue the rest of the steps in a second terminal and once everything is up and running switch to the detached mode. You can do this by exiting the containers with `Ctr+c`, run `sudo docker compose --env-file leafwriter.env -f docker-compose.yml down` and then `sudo docker compose --env-file leafwriter.env -f docker-compose.yml up -d`
10. Build and run LEAF-Writer and all its dependencies by running: `sudo docker compose --env-file leafwriter.env -f docker-compose.yml up` If you feel brave enough, you can add the `-d` option to directly launch the containers in the background. It is, however, advisable to first launch LEAF-Writer with enabled output stream to see if any problems are identifiable by the logs. You should, therefore, probably continue the rest of the steps in a second terminal and once everything is up and running switch to the detached mode. You can do this by exiting the containers with `Ctr+c`, run `sudo docker compose --env-file leafwriter.env -f docker-compose.yml down` and then `sudo docker compose --env-file leafwriter.env -f docker-compose.yml up -d`
11. The following steps will guide you through setting up a nginx-based reverse proxy to serve LEAF-Writer with SSL encryption to the web. This assumes that you have a fresh install of nginx that does not serve any other sites and has a default structure for configuration files. If this does not reflect your setup, see the section for reverse proxy settings below to gather all necessary information so you can setup the reverse proxy properly within your larger environment or for your desired web server.
11. The following steps will guide you through setting up a nginx-based reverse proxy to serve LEAF-Writer with SSL encryption to the web. This assumes that you have a fresh install of nginx that does not serve any other sites and has a default structure for configuration files. If this does not reflect your setup, see the section for reverse proxy settings below to gather all necessary information so you can setup the reverse proxy properly within your larger environment or for your desired web server.
12. Make sure that the default / placeholder website is removed. On Debian-based distributions you can generally just remove the symlink in the `/etc/nginx/sites-enabled` directory, on other systems you may have to edit a file called `nginx.conf`. If in doubt, consult the documentation of your operating system.
12. Make sure that the default / placeholder website is removed. On Debian-based distributions you can generally just remove the symlink in the `/etc/nginx/sites-enabled` directory, on other systems you may have to edit a file called `nginx.conf`. If in doubt, consult the documentation of your operating system.
13. Copy the files`leafwriter.conf` in the directory `leafwriter-configuration-files/nginx-sample-conf` to the configuration directory for your nginx installation. On Debian-based systems this is `/etc/nginx/sites-available` on other distributions it may be something like `/etc/nginx/conf.d`. Make sure that the files in this directory are loaded by e.g. on Debian-based distributions adding a symlink in the `/etc/nginx/sites-enabled` directory. Open the file you just copied and adjust the `server_name` to point to the domain you want to serve LEAF-Writer on.
13. Copy the file `leafwriter.conf` in the directory `leafwriter-configuration-files/nginx-sample-conf` to the configuration directory for your nginx installation. On Debian-based systems this is `/etc/nginx/sites-available` on other distributions it may be something like `/etc/nginx/conf.d`. Make sure that the files in this directory are loaded by e.g. on Debian-based distributions adding a symlink in the `/etc/nginx/sites-enabled` directory. Open the file you just copied and adjust the `server_name` to point to the domain you want to serve LEAF-Writer on.
14. Reload nginx
14. Reload nginx
15. Add the SSL-certificate. If you use certbot and nginx run: `sudo certbot -d docker.leafwriter-playground.users.h-da.cloud --nginx`
15. Add the SSL-certificate. If you use certbot and nginx run: `sudo certbot -d docker.leafwriter-playground.users.h-da.cloud --nginx`
16. Check if LEAF-Writer is reachable from the internet. On some distributions your web server may actually not have the permissions to talk to the locally served LEAF-Writer server. [This link](https://stackoverflow.com/questions/25235453/nginx-proxy-server-localhost-permission-denied) may help you to adjust the permissions.
16. Check if LEAF-Writer is reachable from the internet. On some distributions your web server may actually not have the permissions to talk to the locally served LEAF-Writer server. [This link](https://stackoverflow.com/questions/25235453/nginx-proxy-server-localhost-permission-denied) may help you to adjust the permissions.
...
@@ -37,3 +37,18 @@ The machine you want to deploy LEAF-Writer on also needs to have `git` installed
...
@@ -37,3 +37,18 @@ The machine you want to deploy LEAF-Writer on also needs to have `git` installed
LEAF-Writer can query a number of databases to link annotations to identifiers provided by authorities like GND, Wikidata and so on. For geographic information the authority provider is [Geonames](https://www.geonames.org). To query the Geonames API a username is necessary. The username is used to enforce a rate limit and is just appended as plain text to the query, which is not very secure. This username can hardly be kept a secret and if you search this repository, you will find ours. However, it would not be nice to reuse the username of somebody else and add additional queries to their rate limit. Therefore, when deploying LEAF-Writer you must obtain your own Geonames username, by creating [an account](https://www.geonames.org/login). After completing the procedure you take the username you choose and put it in the `leafwriter.env`-file as `GEONAMES_USERNAME`.
LEAF-Writer can query a number of databases to link annotations to identifiers provided by authorities like GND, Wikidata and so on. For geographic information the authority provider is [Geonames](https://www.geonames.org). To query the Geonames API a username is necessary. The username is used to enforce a rate limit and is just appended as plain text to the query, which is not very secure. This username can hardly be kept a secret and if you search this repository, you will find ours. However, it would not be nice to reuse the username of somebody else and add additional queries to their rate limit. Therefore, when deploying LEAF-Writer you must obtain your own Geonames username, by creating [an account](https://www.geonames.org/login). After completing the procedure you take the username you choose and put it in the `leafwriter.env`-file as `GEONAMES_USERNAME`.
# Reverse proxy settings
# Reverse proxy settings
A sample configuration file for a nginx-based reverse proxy can be found in the folder `leafwriter-configuration-files/nginx-sample-conf` as part of the [configuration files repository](https://code.fbi.h-da.de/leaf-writer-x/dependencies/leafwriter-configuration-files). Since there are many different webservers that can be used as a reverse proxy, it is impossible to provide configuration files for all of them.
Independently of the actual server you are using, he following options have to be set:
- Upstream source: `http://localhost:5000`
- Headers to be set by the proxy server:
-`Host`
-`X-Real-IP`
-`X-Forwarded-For`
-`X-Forwarded-Host`
-`X-Forwarded-Server`
-`X-Forwarded-Port`
-`X-Forwarded-Proto`
You are advised to also check the file`leafwriter.conf` in the directory `leafwriter-configuration-files/nginx-sample-conf` to compare with your configuration.
