Server Setup

Admin notes on the openclonk.org server.


Applications

Each application (e.g., mwforum, mediawiki, ...) runs under its own user and is managed by a systemd user instance.


Adding a new application

Create a new user:
# adduser $APP

Enable systemd user units without logging in:
# loginctl enable-linger $APP

Create unit files:
# sudo -iu $APP
$ mkdir -p ~/.config/systemd/user
$ vim ~/.config/systemd/user/$APP.service
$ systemctl --user enable --now $APP.service

Allow nginx access to files in /home/$APP by adding nginx to the app's group:
# usermod -aG $APP nginx
Note: SELinux only allows nginx access to files in /home/$APP/www

Listen on Unix socket for nginx:
# echo "d /run/$APP 0750 $APP $APP" > /etc/tmpfiles.d/$APP.conf
# semanage fcontext -a -t httpd_var_run_t "/var/run/$APP(/.*)?"
# systemd-tmpfiles --create
Now let the application create its socket in /run/$APP/
Retrieved from "https://wiki.openclonk.org/index.php?title=Server_Setup&oldid=1929"