Update Socket.IO deployment documentation and fixCertPermissions.sh script for improved service user configuration
This commit enhances the Socket.IO deployment documentation by adding a new section on configuring the systemd service to run as `www-data`, ensuring proper permissions for SSL certificate access. It also updates the fixCertPermissions.sh script to handle cases where the service user is not defined or is set to `nobody`, defaulting to `www-data` and verifying its existence. These changes improve the overall security and functionality of the deployment process.
This commit is contained in:
Torsten Schulz (local)
30
tt-tagebuch.service
Normal file
30
tt-tagebuch.service
Normal file
@@ -0,0 +1,30 @@
|
||||
[Unit]
|
||||
Description=TT-Tagebuch Node.js Service
|
||||
After=network.target mysql.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=www-data
|
||||
Group=www-data
|
||||
WorkingDirectory=/var/www/tt-tagebuch.de/backend
|
||||
ExecStart=/usr/bin/node server.js
|
||||
Restart=always
|
||||
RestartSec=10
|
||||
StandardOutput=journal
|
||||
StandardError=journal
|
||||
SyslogIdentifier=tt-tagebuch
|
||||
|
||||
# Umgebungsvariablen
|
||||
Environment=NODE_ENV=production
|
||||
# PORT: HTTP-Server für API (wird von Apache auf Port 443 proxied)
|
||||
Environment=PORT=3050
|
||||
# HTTPS_PORT: HTTPS-Server für Socket.IO (direkt erreichbar auf Port 3051)
|
||||
Environment=HTTPS_PORT=3051
|
||||
|
||||
# Sicherheit
|
||||
NoNewPrivileges=true
|
||||
PrivateTmp=true
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
Reference in New Issue
Block a user