Update the installation instructions with something a little more hardened.

This commit is contained in:
Azareal 2018-08-22 21:02:14 +10:00
parent 146aa3aaad
commit 90114fae9e
2 changed files with 12 additions and 7 deletions

View File

@ -73,7 +73,9 @@ First, you will need to jump to the place where you want to put the code, we wil
If you place it in `/www/`, `/public_html/` or any similar folder, then there's a chance that your server might be compromised. If you place it in `/www/`, `/public_html/` or any similar folder, then there's a chance that your server might be compromised.
You can navigate to your installation of Gosora by typing the following commands into the console and hitting enter: The following commands will pull the latest copy of Gosora off the Git repository, will create a user account to run Gosora as, will set it as the owner of the files and will start the installation process.
Please type these into the console and hit enter:
cd /home/ cd /home/
@ -85,6 +87,12 @@ git clone https://github.com/Azareal/Gosora
mv Gosora src mv Gosora src
useradd gosora
chown -R gosora src
chgrp -R www-data src
cd src cd src
chmod 755 ./install-linux chmod 755 ./install-linux

View File

@ -3,22 +3,19 @@
Description=Gosora Description=Gosora
[Service] [Service]
Type=simple User=gosora
# You might want to create a user / group for Gosora and set these to further harden your system, although this this might not work right now, if we're listening directly on port 80 / 443 Group=www-data
#User=gosoraservice
#Group=gosoraservice
Restart=on-failure Restart=on-failure
RestartSec=10 RestartSec=10
# Set these to the location of Gosora # Set these to the location of Gosora
WorkingDirectory=/home/gosora/src WorkingDirectory=/home/gosora/src
AmbientCapabilities=CAP_NET_BIND_SERVICE
# Make sure you manually run pre-run-linux before you start the service # Make sure you manually run pre-run-linux before you start the service
ExecStart=/home/gosora/src/Gosora ExecStart=/home/gosora/src/Gosora
# If things don't work for some reason, try putting # in-front of the following three lines until it does and open an issue on the bug tracker
ProtectSystem=full ProtectSystem=full
PrivateDevices=true PrivateDevices=true
PrivateUsers=true
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target