diff options
| author | jvoisin | 2019-03-01 10:06:24 -0800 |
|---|---|---|
| committer | jvoisin | 2019-03-01 10:06:24 -0800 |
| commit | bb5997ff03ac578879f772ad5a91492446843787 (patch) | |
| tree | f313e1c46f1fe8447825f4bf737a74b54f6db0ac | |
| parent | e22db3f5b040d2dc13b68af37a0c64440cd08e3e (diff) | |
| parent | 95fd501a963f633e8b63960220935a1dbcf595f3 (diff) | |
Merge branch 'mention_ansible_role' into 'master'
Mention Ansible Role in README.md
See merge request jvoisin/mat2-web!5
| -rw-r--r-- | README.md | 13 |
1 files changed, 12 insertions, 1 deletions
| @@ -56,10 +56,21 @@ systemctl restart nginx/apache/… | |||
| 56 | 56 | ||
| 57 | It should now be working. | 57 | It should now be working. |
| 58 | 58 | ||
| 59 | You should add `find /var/www/mat2-web/uploads/* -mtime +1 -exec rm {} \;` | 59 | You should add `find /var/www/mat2-web/uploads/ -type f -mtime +1 -exec rm {} \;` |
| 60 | in a crontab to remove files that people might have uploaded but never | 60 | in a crontab to remove files that people might have uploaded but never |
| 61 | downloaded. | 61 | downloaded. |
| 62 | 62 | ||
| 63 | # Deploy via Ansible | ||
| 64 | |||
| 65 | If you happen to use Ansible, there's an Ansible role to deploy mat2-web on | ||
| 66 | Debian: [ansible-role-mat2-web](https://github.com/systemli/ansible-role-mat2-web) | ||
| 67 | |||
| 68 | The role install mat2-web as uWSGI service (run as dedicated system user), | ||
| 69 | installs bubblewrap for mat2 sandboxing and creates a garbage collector | ||
| 70 | cronjob to remove leftover files . Besides, it supports to create a dm-crypt | ||
| 71 | volume with random key for the uploads folder in order to protect the uploaded | ||
| 72 | files. | ||
| 73 | |||
| 63 | # Threat model | 74 | # Threat model |
| 64 | 75 | ||
| 65 | - An attacker in possession of the very same file that a user wants to clean, | 76 | - An attacker in possession of the very same file that a user wants to clean, |