PufferPanel Client node setup - johnkeates/PufferPanel GitHub Wiki

If your client environment isn't ready yet, see Client node environment setup

###1. Time to install the node itself

Installing the node requires you to setup a few files, a SSH user, sudo access for that user, pubkey authentication and a shared AES key you used on the master node.

###2. Node installation

So, let's start by getting the required files.

####2.1. Setup the scripts

This guide uses the latest version. Clone master from the repository to get started:

cd ~; git clone https://github.com/DaneEveritt/PufferPanel.git

Copy the contents of PufferPanel/scripts/ over to /srv/scripts/:

sudo cp -R ~/PufferPanel/scripts/* /srv/scripts/

####2.2. Setup the SSH user

Create a new user and record the password for later reference. You can make up your own user name, or use the one from the example. To do so, execute the following steps:

sudo useradd -d /srv/scripts/ pp_remote_user

This creates a new user called pp_remote_user and sets it's home to /srv/scripts/. Next, create a strong password, record it somewhere, and set it for the user you just created:

pwgen 20

pwgen gives you a bunch of options to choose from

sudo passwd pp_remote_user

passwd will ask you for the password twice, to confirm.

Next, we setup sudo to allow this user to perform all tasks without asking for a password. Execute:

sudo visudo

Find the line that begins with root, and below that line, add:

pp_remote_user ALL=(ALL) NOPASSWD: ALL

Press Control+X, Y, Enter to save the changes.

You will need the username and password you just created in order to connect the master node to the client node with public key authentication.

To make sure that user can write to the directories and login there, set the permissions like this:

sudo chown -R pp_remote_user:pp_remote_user /srv/scripts
sudo chmod -R 0755 /srv/scripts

####2.3. Master authentication

To allow the master to login to this node using publickey authentication, you need to copy the public key into the ~/.ssh/authorized_keys list for the user you created.

The easiest way to do this, is by using the ssh-copy-id program. You have to do this from the master node, as that's where the key lives.

Replace node1.domain.tld with your actual node FQDN, and do so in any examples from here!

Execute the following steps:

  1. Log in to the master node, you can do this from the client node if you want to
  2. Switch to the admin cp user (usually www-data for apache), for example, using sudo su www-data
  3. As this user, execute bash; cd; ssh-copy-id [email protected]
  4. Try to log in using the newly setup pubkey authentication: ssh [email protected]

If everything went well at step 4, you should be able to login from the master node as user www-data to the client node as pp_remote_user without entering a password. If you succeeded, you can log out. Because you may have multiple SSH sessions and a su session, you might need to type exit or logout multiple times to close all logins.

At this point, you are finished with the SSH and user setup.

####2.4.