a81c3453b5
This commit enhances the Socket.IO deployment documentation by adding a new section on configuring the systemd service to run as `www-data`, ensuring proper permissions for SSL certificate access. It also updates the fixCertPermissions.sh script to handle cases where the service user is not defined or is set to `nobody`, defaulting to `www-data` and verifying its existence. These changes improve the overall security and functionality of the deployment process.
31 lines
658 B
Desktop File
31 lines
658 B
Desktop File
[Unit]
|
|
Description=TT-Tagebuch Node.js Service
|
|
After=network.target mysql.service
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=www-data
|
|
Group=www-data
|
|
WorkingDirectory=/var/www/tt-tagebuch.de/backend
|
|
ExecStart=/usr/bin/node server.js
|
|
Restart=always
|
|
RestartSec=10
|
|
StandardOutput=journal
|
|
StandardError=journal
|
|
SyslogIdentifier=tt-tagebuch
|
|
|
|
# Umgebungsvariablen
|
|
Environment=NODE_ENV=production
|
|
# PORT: HTTP-Server für API (wird von Apache auf Port 443 proxied)
|
|
Environment=PORT=3050
|
|
# HTTPS_PORT: HTTPS-Server für Socket.IO (direkt erreichbar auf Port 3051)
|
|
Environment=HTTPS_PORT=3051
|
|
|
|
# Sicherheit
|
|
NoNewPrivileges=true
|
|
PrivateTmp=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
|