diff options
| author | doobry | 2019-03-01 17:20:45 +0100 |
|---|---|---|
| committer | doobry | 2019-03-01 17:20:45 +0100 |
| commit | 95fd501a963f633e8b63960220935a1dbcf595f3 (patch) | |
| tree | cd639dc42733a12d75f8df4f16994b78e1245b37 /README.md | |
| parent | 3d21f613d2ad1612b21745766253034854311557 (diff) | |
Mention Ansible Role in README.md
* Improve garbage collector cronjob to limit find on files (ignore
directories).
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 13 |
1 files changed, 12 insertions, 1 deletions
| @@ -56,10 +56,21 @@ systemctl restart nginx/apache/… | |||
| 56 | 56 | ||
| 57 | It should now be working. | 57 | It should now be working. |
| 58 | 58 | ||
| 59 | You should add `find /var/www/mat2-web/uploads/* -mtime +1 -exec rm {} \;` | 59 | You should add `find /var/www/mat2-web/uploads/ -type f -mtime +1 -exec rm {} \;` |
| 60 | in a crontab to remove files that people might have uploaded but never | 60 | in a crontab to remove files that people might have uploaded but never |
| 61 | downloaded. | 61 | downloaded. |
| 62 | 62 | ||
| 63 | # Deploy via Ansible | ||
| 64 | |||
| 65 | If you happen to use Ansible, there's an Ansible role to deploy mat2-web on | ||
| 66 | Debian: [ansible-role-mat2-web](https://github.com/systemli/ansible-role-mat2-web) | ||
| 67 | |||
| 68 | The role install mat2-web as uWSGI service (run as dedicated system user), | ||
| 69 | installs bubblewrap for mat2 sandboxing and creates a garbage collector | ||
| 70 | cronjob to remove leftover files . Besides, it supports to create a dm-crypt | ||
| 71 | volume with random key for the uploads folder in order to protect the uploaded | ||
| 72 | files. | ||
| 73 | |||
| 63 | # Threat model | 74 | # Threat model |
| 64 | 75 | ||
| 65 | - An attacker in possession of the very same file that a user wants to clean, | 76 | - An attacker in possession of the very same file that a user wants to clean, |