ShareLaTeX configuration in Fedora 33

This page is a guide to the installation and configuration of ShareLaTeX in a Linux machine.
It is specifically addressed to Fedora 33 but it may be useful for other distributions, too.

This has been written by Juan Domingo, University of Valencia. For questions, send me an email to
J1u2a3n4D5o6m7i8n9go#uv.es
getting rid of the numbers and substituting the hash by the @ symbol. Nevertheless, I will not always be able to answer quickly.

The guide assumes basic knowledge of Linux (console use and bash commands) and software management
(use of dnf or your distribution package management system).

In this example the ShareLaTeX instance will run under docker and will be accessible from outside by secure http (https)
Therefore, docker installation, nginx installation and configuration to serve pages by https (including certificate request and management) are covered, too.
Nevertheless, you may choose to provide the service by http (not the best idea nowadays, but it's up to you).
In such a case, you should:

Either, have a http server (nginx or apache) up and running, and add a virtual server that maps a suitable request,
like http://myhost.mydomain/sharelatex to http://localhost:4665

Or don't set up a web server at all and rely on the server included into ShareLaTeX, mapping the port 80 of the container to the same port of your machine.
Notice that, if you do this, your machine will not be able to hold any web page or provide other services.
If this is your case, this may sound tempting, since it does not need server configuration, but remember that http is not ciphered and
anyone with a sniffer could get the user name and password of any user (even the admin) and have access to your documents.

The message is: if you don't need all these steps, and you know what you are doing, go directly to the section you need.

From now on, everything should be done with root privileges, so become root (su -) or precede all commands with sudo.

Install the web server (nginx) and a certificate

This is covered in a separate document here.
If you have nginx already installed or you don't need https, you can skip this step (but you will have to change the nginx configuration file later, anyway).

Install docker

This is covered in a separate document here. If you have docker already installed, you can skip this step, but there are
many chances something goes wrong because any incompatibility between my procedure and standard installation of docker done by your distribution.
In such a case, please, don't blame me...

Finally, install ShareLaTeX

For the rest of this section I am indebted to Hongjian Wang by his page on this topic which provides very good information.

The steps are:

Create a folder in a partition with sufficient room to store the data for ShareLaTeX
This is only to keep the data: user database, document database and the documents themselves. The container will not be here,
since it is managed by docker. But we will put here the ShareLaTeX creation and configuration folder, too.
In our example this folder will be /home/SHARELATEX
mkdir /home/SHARELATEX

If git is not installed in your system, install it:
dnf -y install git
Then, go to the installation directory and download the docker image of ShareLaTeX:
cd /home/SHARELATEX
git clone https://github.com/sharelatex/sharelatex

A folder with name sharelatex (lower case) should have been created and contain the configuration file,
which in our case is /home/SHARELATEX/sharelatex/docker-compose.yml. Edit it with your_favourite_editor
but WARNING: do not use tabs and make sure your editor does not use them silently. .yml files must be indented with spaces.

In this file, change the following lines:

Under the sharelatex: section:
```
ports:
   - 80:80
```
by
```
ports:
   - 127.0.0.1:4665:80
```
(Exception: if you chose not to use your web server but that of ShareLaTeX, don't change this line.)
By the way, 4665 could be any other port number between 1024 and 65535 you wish, as long as no other service in you machine is using it.

Also, change
```
volumes:
   - ~/sharelatex_data:/var/lib/sharelatex
```
by
```
volumes:
   - /home/SHARELATEX/sharelatex_data:/var/lib/sharelatex
```
and also in this section, set the values of these variables (un-commenting them if needed):

SHARELATEX_APP_NAME: ShareLaTeX private (or any other name you wish...)
SHARELATEX_SITE_URL: http://myhost.mydomain (yes, it is http. Later in the server we'll map it to https).
SHARELATEX_ADMIN_EMAIL: your.email@your.domain (set here the mail of the person who will maintain ShareLaTeX).
SHARELATEX_EMAIL_FROM_ADDRESS: an.email@at.your.domain (this one is the address from which the messages sent by
ShareLaTeX will say to come from. Only needed if you configure the mail sender; I haven't done and it is not covered in this tutorial. Sorry.)

Now, under section mongo: change:
```
volumes:
   - ~/mongo_data:/data/db
```
by
```
volumes:
   - /home/SHARELATEX/mongo_data:/data/db
```
and finally, under section redis: change:
```
volumes:
   - ~/redis_data:/data
```
by
```
volumes:
   - /home/SHARELATEX/redis_data:/data
```
This will make the folders inside the container which have the important information live really outside, where
they will be available for us to see them and make backups. This is the reason I choose to map them to a folder outside
the root partition: have all of them grouped and be sure them not to be accidentally erased by a system reinstall.
But in any case, do NOT change the internal paths (those after the : )
Now, cross your fingers and run the containers:
cd /home/SHARELATEX/sharelatex
docker-compose up
If everything works, you will see a lot of messages informing of the start and state of each of the three containers
and you will not get console input (we haven't sent this command to the background).
Open a web browser and point to http://localhost:4665. You should see the welcome page of ShareLaTeX.
Now, press Ctrl-C in the console and stop the containers. Messages of graceful stopping should appear.

The next step (unless you have chosen not to use a web server) is to configure it. If you have decided to use apache
or nginx in http, it's up to you. If you are following the standard path, then first be sure nginx is stopped:
systemctl stop nginx
Now, edit the section on servers of file /etc/nginx/nginx.conf and suppress everything under that section
(including the test configuration added by certbot) substituting it by this, except that the words marked in red must
obviously contain your server name and domain name. Anyway, test that the key files provided by certbot are really
where this file says they must be.

server {
    if ($host = ) {
       return 301 https://$host$request_uri;
    }
    
       
        listen	     80 default_server;
        listen       [::]:80 default_server;
        server_name  myhost.mydomain
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }
        
        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
	
# Settings for a TLS enabled server.
#
server {
        listen       443 ssl http2 default_server;
        listen       [::]:443 ssl http2 default_server;
        server_name  myhost.mydomain
        root         /usr/share/nginx/html;
        
        # Check these files exist and are in these paths (or change the paths here...)
        ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/mydomain/privkey.pem;    # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf;              # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;                # managed by Certbot

        proxy_set_header X-Forwarded-For $remote_addr;

        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

        server_tokens off;

        add_header X-Frame-Options SAMEORIGIN;
        add_header X-Content-Type-Options nosniff;
        client_max_body_size 50M;

    location / {
        proxy_pass http://localhost:4665;

        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_read_timeout 3m;
        proxy_send_timeout 3m;

        access_log      /var/log/nginx/sharelatex.access.log;
        error_log       /var/log/nginx/sharelatex.error.log;
        
     }
     
     error_page 404 /404.html;
            location = /40x.html {
        }
        
     error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }


   }
}

Now, start the ShareLaTeX container with
docker-compose -f /home/SHARELATEX/sharelatex/docker-compose.yml up
and go to another console to start again nginx with
systemctl start nginx
Test with a browser (if you can, from another machine) that the service is
running by going to https://myserver.mydomain and also to http://myserver.mydomain
The http access should redirect you automatically to the https page.

Now, we must configure ShareLaTeX. If you had no previous installations, open a browser to
https://myhost.mydomain/launchpad
and create the administrative user. Then simply go to https://myhost.mydomain/, log in with it and create new users.

Alternatively, if you had a previous ShareLaTeX installation, even of a former version (it was my case, and it worked!)
chances are you can migrate all you users, passwords and projects from it. To do so, and with the container stopped
(press Ctrl-C in the console you run it) change temporarily the names of the folders
/home/SHARELATEX/mongo_data
/home/SHARELATEX/redis_data
/home/SHARELATEX/sharelatex_data
to any other names, like the_old_name.orig just to revert the situation if something goes wrong and copy in their places
the corresponding directories of your original installation. Check that the owners and permissions of each are as those in the new
installation and if not, use chown -R user:group folder and chmod -R new_mode folder to change them as needed.
Install the LaTeX packages you wish. To do so, the container must be up. It is was not, run it:
docker-compose -f /home/SHARELATEX/sharelatex/docker-compose.yml up
If you don't know which packages your users may need, there is no other alternative than install them all:
docker exec sharelatex tlmgr update --self
docker exec sharelatex tlmgr install scheme-full
docker commit sharelatex sharelatex/sharelatex:full-texlive-install
In my case there were 4015 packages and it took a couple of hours.
The last line consolidates the changes by creating a new container with everything installed (but it is really big, 7.78 GB).
If you want to install just some packages, follow the directions in this page, but I haven't tested it and I don't know exactly
how consolidation will work with the incremental addition of packages.
Remember that the nginx server should be up all the time, so enable it and start it now:
systemctl enable nginx
systemctl restart nginx
and also the ShareLaTeX container (and its companions, mongo and redis) must be running which, as stated before, is done by
docker-compose -f /home/SHARELATEX/sharelatex/docker-compose.yml up
It would be nice to run this automatically at reboot, as if it was a service, so why not create one?
If you want that, see the directions here.

Optional: program your security copies. The data of ShareLaTeX, including user names and passwords, file modifications and
of course the LaTeX source files and graphic files are stored into the mongo_data, redis_data and sharelatex_data
Remember that we put all these things, together with the creation folder we downloaded from git and our modifications to docker-compose.yml
under folder /home/SHARELATEX, so this is what we want to keep updated and that's to be done with rsync
Let's assume that the destination directory is /d/SHARELATEX_BACKUP where you know to have room. Then, do
dnf -y install rsync (just in case you had not installed before)
rsync -a /home/SHARELATEX/ /d/SHARELATEX_BACKUP
Look at the / at the end of source but not at the end of destination; this will end with folders /d/SHARELATEX_BACKUP/mongo_data etc..
If you want to have the copy stored in another machine, you can do
rsync -a /home/SHARELATEX/ youruser@yourremotemachine:/d/SHARELATEX_BACKUP
assuming you have an account on that machine and you have configured ssh to log into it without password (by pre-stored keys)
See directions to do so for example in this page.
And, to be done automatically, the simplest way is to put the rsync command in a file, let's say /usr/local/bin/sharealatexcopy.sh and do:
chown root:root /usr/local/bin/sharelatexcopy.sh
chmod 0755 /usr/local/bin/sharelatexcopy.sh
ln -s /usr/local/bin/sharelatexcopy.sh /etc/cron.daily/sharelatexcopy.sh
which will launch the command once a day (or you can put the link in cron.hourly, cron.weekly or corn.monthly according to your needs).
Obviously, the cron daemon must be enabled and running, which is the default in all distributions I know.