Fossil on NearlyFreeSpeech.net

2021-Jun-10

How to setup Fossil SCM as a web content management system on NearlyFreeSpeech.net. Also see notes at the end. 

On your local machine 

Create the fossil repository and run through the initial setup using the fossil ui locally and taking these minimum recommended preparation steps.

fossil init mysite.fossil
fossil ui 

1. Fossil creates only one user in a new repository and gives it the all-powerful Setup capability . The 10-digit random password generated for that user is fairly strong against remote attack, even without explicit password guess rate limiting, but because that user has so much power, you may want to give it a much stronger password under Admin >> Users . 
2. Run the Admin >> Security-Audit tool to verify that other security-related permissions and settings are as you want them. 

On NearlyFreeSpeech.net 

All commands are from an SSH shell session.

Enable TLS (https) for the domain

Only needed if your site is not *.nfshost.com. Run (might need to do it twice):

cd ~ 
tls-setup.sh 

 #

Compile latest version of Fossil

Optional, only if you want to use a newer version than /usr/local/bin/fossil 

Download source tarball from https://fossil-scm.org/home/uv/download.html 

mkdir src 
cd src 
wget https://fossil-scm.org/home/uv/ fossil-src-2.21.tar.gz 
tar xzf fossil-src*.tar.gz 

(nb: don't fossil clone https://fossil-scm.org/ . It's ~50 MB instead of 5 and the rebuild step takes a long time.) 

Compile and install

./configure --prefix=/home/protected 
make 
make install 

Upload mysite.fossil to NFS and configure for web server

Upload mysite.fossil somewhere under /home/protected using whatever method you like.

Allow fossil to modify the repository and create it's journalling files in the repos folder:

cd /home/protected 
chgrp web repos repos/mysite.fossil 
chmod g+w repos 

If using custom fossil, allow the web server to run the fossil program:

cd /home/protected 
chgrp web bin bin/fossil 
chmod g+x bin/fossil 

Create the cgi to allow browser access to fossil ui and save as /home/public/cms.cgi

#!/home/protected/bin/fossil 
repository: /home/protected/repos/mysite.fossil 

Access your site! 

• https://mysite.ca/cms.cgi 

Fossil on NearlyFreeSpeech.net

How do I set up HTTPS (TLS) for my web site? 

From < https://faq.nearlyfreespeech.net/full/sslcertificates#sslcertificates > 

I'm not sure if I did something wrong or just hit some weird edge case, but I had to run tls-seup.sh twice before it completed successfully. The only difference between the two runs (on my part) was changing current directory from /home/protected to /home/private.

From < https://members.nearlyfreespeech.net/forums/viewtopic.php?t=10951 > 

/home/protected : this directory is available for data files and other content that should be indirectly accessible via the web. For example, putting configuration and permanent data files that are used by PHP or CGI scripts into this directory makes them accessible to the script, but prevents them from being directly downloaded over the web.

From < https://members.nearlyfreespeech.net/wiki/HowTo/DirectoryStructure > 

How To Configure A Fossil Server 

From < https://fossil-scm.org/home/doc/trunk/www/server/ >