# ParTCP Server
ParTCP server is a platform for conducting democratic decision making
processes. This is beta software right now, so expect errors and missing
features.
Technical documentation (in German only) can be found [here][1].
[1]: https://partcp.codeberg.page
## System requirements
- Linux
- OpenSSL
- Apache2 with headers and rewrite module
- PHP 8 with gettext, intl, mbstring, openssl, sodium and yaml extension
- Git (for convenient installation and upgrading only)
## Installation (for testing environments only, not for production use!)
The following instructions assume that the root directory of your web server is
`/var/www/partcp.my-community.org`, that the address is
`partcp.my-community.org` and that the web server process is running as user
`www-data`.
1. **Clone project to your web server (as root)**
```sh
$ cd /var/www
$ sudo git clone --recursive https://codeberg.org/ParTCP/partcp-server.git
$ sudo mv partcp-server partcp.my-community.org
```
2. **Make all files and directories accessible for all users**
```sh
$ cd partcp.my-community.org
$ sudo chown -R www-data .
$ sudo find . -type f -exec chmod 644 {} \;
$ sudo find . -type d -exec chmod 755 {} \;
```
3. **Create a directory for storing server keys**
Please note: If you have multiple server instances on the same machine (e.g.
for testing or development), each one needs its own key directory.
```sh
$ sudo mkdir .keys
$ sudo chown www-data .keys
$ sudo chmod 700 .keys
```
4. **Create directories for data storage**
```sh
$ sudo mkdir data
$ sudo mkdir worm
$ sudo chown www-data data worm
$ sudo chmod 755 data worm
```
5. **Adapt Apache configuration for ParTCP root directory**
```sh
$ sudo nano /etc/apache2/site-available/partcp.my-community.org.conf
```
```apache
# Make resources accessible regardless of client domain
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
Header set Access-Control-Allow-Headers "Accept, Authorization, Access-Control-Allow-Origin"
Header append Access-Control-Allow-Headers "Content-Type, Content-Length, Cookie, Origin"
Header append Access-Control-Allow-Headers "User-Agent, X-Partcp-Version, X-Partcp-Kx-Method"
# Enable auto indexing and other options
Options Indexes FollowSymLinks MultiViews
# Auto index even if index file is present, and show hidden items
DirectoryIndex disabled
IndexIgnoreReset On
# Have browsers handle YAML and Markdown files like plain text files
AddType text/plain yaml md
AddDefaultCharset utf-8
# Let all POST requests be handled by process.php script
RewriteEngine on
RewriteCond %{THE_REQUEST} ^POST [NC]
RewriteRule .* process.php
# Do not execute PHP scripts in subdirectories, deliver them as plain text instead
php_flag engine off
AddType text/plain php
AddDefaultCharset utf-8
```
6. **Reload Apache configuration**
```sh
$ sudo systemctl reload apache2
```
7. **Enable HTTPS for the new domain**
To encrypt the connection to your domain, you have to install an SSL certificate. An easy way
to accomplish this is via [Let's Encrypt](https://letsencrypt.org/getting-started).
8. **Create and edit configuration file**
```sh
$ sudo cp config-example.php config.php
$ sudo nano config.php
```
Adapt configuration parameters to your needs and finish editing by
pressing ``, ``, ``.
9. **Send test message**
Check if the server works properly by sending a "ping" message
from your local machine:
```sh
$ curl -d "Message-Type: ping" https://partcp.my-community.org
```
You should receive a response like this:
```yaml
Signature: WHM08/cytInHm2h4z64J1pUjNg2U88B1q1ovZA5ETxSkJYhJQuKjn2RoA9X6k5Y2HCOTrrVcfRpk6/agk8trAg==
Message-Type: echo
To:
From: partcp.my-community.org
Date: 2021-03-30T09:06:56+02:00
Original-Message: 'Message-Type: ping'
Verification-Result: missing signature, nothing to verify
Public-Key: >
8BbYgAcG4yPfKKhh64+uo/AxV0NkcxhIAmnnHq1aAosBJQqBJk1Fy6Hj3g6vsZxOv4W/gN4NwzLTIGerDMNxHg==
```
## Setting up a root account
1. **Install ParTCP command line client on your local machine.**
https://codeberg.org/ParTCP/partcp-cli
2. **Create local identity.**
```sh
$ partcp create_id root@partcp.my-community.org
```
3. **Create random string as credential for key submission.**
```sh
$ export credential=`openssl rand -base64 12`
```
4. **Generate credential hash code.**
```sh
$ echo -n $credential | sha256sum
```
Copy output to clipboard (without spaces and dash at the end).
5. **Register participant on the server.**
Compose `From` and `Participant-Id` elements from identity created in step 2.
````sh
$ partcp send
Signature: null
To: partcp.my-community.org
From: root@partcp.my-community.org
Message-Type: root-registration
Participant-Id: root
Credential:
````
6. **Submit the public key of the new identity to the server.**
````sh
$ partcp submit_key root@partcp.my-community.org $credential
````
7. **Appoint participant as root admin.**
````sh
$ partcp send
To: partcp.my-community.org
From: root@partcp.my-community.org
Message-Type: root-appointment
Participant-Id: root
````