Hosting and serving: Difference between revisions
(14 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
== Different server practices == | == Different server practices == | ||
self-hosting, | self-hosting, [https://homebrewserver.club/ home brewing], DIY/DIWO servers | ||
federated networks of servers, Fediverse, Activity Pub Protocol | federated networks of servers, Fediverse, Activity Pub Protocol | ||
Line 27: | Line 27: | ||
A server is someone else computer. that is connected to the network | A server is someone else computer. that is connected to the network | ||
“There is no cloud, just other people’s computers” | <blockquote>“There is no cloud, just other people’s computers”</blockquote> | ||
Free Software Foundation, https://fsf.org | <small>-- Free Software Foundation, https://fsf.org</small> | ||
returns data after request | returns data after request | ||
Line 37: | Line 37: | ||
See: inspector > Network > Request + inspector > Network > Response | See: inspector > Network > Request + inspector > Network > Response | ||
=== Renting a physical server === | |||
=== Renting a physical "dedicated" server === | |||
expensive, around 100 or more per month | expensive, around 100 or more per month | ||
Line 51: | Line 52: | ||
Companies that offer VPS services: | Companies that offer VPS services: | ||
https://www.ovhcloud.com/ | * https://www.ovhcloud.com/ | ||
* https://gandi.net/ | |||
https://gandi.net/ | * https://greenhost.net/ | ||
* https://servus.at (requires membership i think) | |||
https://greenhost.net/ | * https://www.chatons.org/search/by-service?service_type_target_id=162&field_alternatives_aux_services_target_id=All&field_software_target_id=All&field_is_shared_value=All&title= | ||
* https://uberspace.de/en/ | |||
https://servus.at | |||
https://www.chatons.org/search/by-service?service_type_target_id=162&field_alternatives_aux_services_target_id=All&field_software_target_id=All&field_is_shared_value=All&title= | |||
https://uberspace.de/en/ | |||
saving computing resources, reliability | saving computing resources, reliability | ||
Line 93: | Line 89: | ||
We need a computer + operating system basicially. | We need a computer + operating system basicially. | ||
== | == sandbox for today == | ||
Het IPv4-adres van uw VPS: 141.95.17.44 | Het IPv4-adres van uw VPS: 141.95.17.44 | ||
Line 108: | Line 104: | ||
'''SSH''' = secure shell | '''SSH''' = secure shell | ||
$ ssh debian@141.95.17.44 | $ ssh debian@141.95.17.44 | ||
'''TOFU''' = Trust on first use (i love tofu) | '''TOFU''' = Trust on first use (i love tofu) | ||
Line 118: | Line 114: | ||
'''TEMPE = '''Trust except malicious pep e | '''TEMPE = '''Trust except malicious pep e | ||
$ whoami | $ whoami | ||
Q. Jian, how can I record the history of terminal? | Q. Jian, how can I record the history of terminal? | ||
Line 124: | Line 120: | ||
history log..? the command is called history | history log..? the command is called history | ||
$ sudo adduser USERNAME | $ sudo adduser USERNAME | ||
'''sudo''' = super user do | '''sudo''' = super user do | ||
Line 130: | Line 126: | ||
Now switch to your own user! | Now switch to your own user! | ||
$ exit | $ exit | ||
And log in again, now with your own user. | And log in again, now with your own user. | ||
$ ssh USERNAME@141.95.17.44 | $ ssh USERNAME@141.95.17.44 | ||
will add you in sudo group_sudo have big big power… eheh | will add you in sudo group_sudo have big big power… eheh | ||
$ cat /etc/group | $ cat /etc/group | ||
<pre> | <pre>* note for chae: /**etc**/: getting all the configuration of the following. Interesting. </pre> | ||
Imagine that you are now in 1970s, and you are working on a mainframe computer. It’s a very busy time, time sharing day in and out. And you want to tell everyone that you want to reboot the mainframe, what do you do? | Imagine that you are now in 1970s, and you are working on a mainframe computer. It’s a very busy time, time sharing day in and out. And you want to tell everyone that you want to reboot the mainframe, what do you do? | ||
'''wall''': send a message to all the users being logged in | '''wall''': send a message to all the users being logged in | ||
$ wall Hello everyone! | $ wall Hello everyone! | ||
there is always something wrong | |||
'''tricks and tips in case you need a joke or smth like that''' | |||
$ cowsay | |||
$ figlet | |||
$ toilet | |||
$ lolcat | |||
$ sl | |||
ssh is a protocol (make a connection to another ___sudo ) and also the name of the program | |||
== security == | |||
=== change the default SSH port === | |||
$ cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak | |||
$ sudo systemctl restart sshd.service | |||
$ ssh <user>@<host> -p <port> | |||
$ sudo nano /etc/ssh/sshd_config | |||
* We changed the SSH port to 42123 | |||
* To connect with SSH using this port: | |||
to get out: CTRL + x | |||
$ ssh USERNAME@141.95.17.44 -p 42123 | |||
now you need to specify the port number(which is -p 42123) as well. | |||
===disable root logins=== | |||
$ sudo nano /etc/ssh/sshd_config | |||
PermitRootLogin no | |||
before it was commented out, but now we enable it. | |||
===use strong passwords=== | |||
tip: use a password manager! | |||
Q. what is a password manager? | |||
===start using SSH keys=== | |||
$ ssh-keygen -t ed25519 | |||
$ ssh-copy-id -i ~/.ssh/YOURKEY.pub -p 42123 USERNAME@141.95.17.44 | |||
type your user pwd | |||
<code>/.ssh/</code> is the default folder to store ssh keys | |||
for '''Windows''': | |||
<code>ssh-copy-id</code> does not work in the Windows Powershell. | |||
Instead you can use the following commands to add your ssh key to the server: | |||
From your own computer: | |||
$ scp -P 42123 ~/.ssh/YOURKEY.pub USERNAME@141.95.17.44: | |||
(the colon at the end is important!!) | |||
$ ssh USERNAME@141.95.17.44 | |||
$ ls | |||
Now you see your key in your home folder. | |||
Move it to a folder called </code>.ssh</code>. Which we first need to make. | |||
$ mkdir .ssh | |||
$ mv YOURKEY.pub .ssh | |||
Also you need to add your key to a file called “authenticated hosts” | |||
$ cat YOURKEY.pub | |||
See also [[SSH]] | |||
====Make a SSH config file==== | |||
$ | $ nano ~/.ssh/config | ||
Host xpubtest | |||
HostName 141.95.17.44 | |||
User joak | |||
Port 42123 | |||
IdentityFile ~/.ssh/joak_xpub_test | |||
(control x to get out) | |||
====allow only login via SSH keys==== | |||
$ sudo nano /etc/ssh/sshd_config | |||
PubkeyAuthentication yes | |||
PasswordAuthentication no | |||
===keep the server software updated=== | |||
$ sudo apt update | |||
$ sudo apt upgrade | |||
using autoupdate | |||
$ sudo apt install unattended-upgrades | |||
$ sudo dpkg-reconfigure –priority=low unattended-upgrades | |||
$ sudo systemctl status unattended-upgrades.service | |||
===use SFTP instead of FTP=== | |||
example filezilla | |||
===install fail2ban=== | |||
$ | $ sudo apt install fail2ban | ||
$ sudo nano /etc/fail2ban/jail.local | |||
== What to do with our servers? == | == What to do with our servers? == | ||
Line 278: | Line 275: | ||
Let’s serve some websites. | Let’s serve some websites. | ||
$ sudo apt install nginx | $ sudo apt install nginx | ||
By default it only serves from the following folder: | By default it only serves from the following folder: | ||
$ nano /var/www/html | |||
To configure the public_html folders on the webserver: | To configure the public_html folders on the webserver: | ||
$ sudo nano /etc/nginx/sites-enabled/default | $ sudo nano /etc/nginx/sites-enabled/default | ||
location ~ ^/~(.+?)(/.*)?$ { | |||
alias /home/$1/public\_html$2; | |||
index index.html index.htm; | |||
autoindex on; | |||
} | |||
After changing the nginx config file, you need to reload nginx: | |||
$ sudo service nginx reload | |||
$ sudo service nginx reload | |||
== Command line tools == | == Command line tools == | ||
Line 305: | Line 301: | ||
Q: How do I know where i am? | Q: How do I know where i am? | ||
$ pwd | $ pwd | ||
'''pwd''' = print current working directory | '''pwd''' = print current working directory | ||
Line 311: | Line 307: | ||
Moving around: | Moving around: | ||
$ cd (change directory) | $ cd (change directory) | ||
$ ls (list) | |||
For more, see [[Shell Cheat Sheet]]. | |||
==Questions== | |||
===Q. how do we set a terminal background color for a different server?=== | |||
Add this to your <code>~/.ssh/config</code> file, to one of your server configs: | |||
$ nano ~/.ssh/config | |||
localcommand xtermcontrol --bg "#dabbff" | |||
You can change the hex color. | |||
And add this to your <code>~/.bashrc</code>: | |||
function ssh(){ | |||
BG=$(xtermcontrol --get-bg) | |||
$(which ssh) "$@" | |||
xtermcontrol --bg="$BG" | |||
} | |||
===Q: Who is Debian?=== | |||
Debian is a Linux distribution which is used quite a lot as OS for servers, because of its reliability. | |||
Who is behind Debian? ombination of volunteers + companies. | |||
===Q: How to get out of wall?=== | |||
to get outside of the wall, ctl C | |||
==Links== | |||
This wiki page emerged from: https://pad.xpub.nl/p/hosting-and-serving | |||
[[Category:Cookbook]] |
Latest revision as of 13:20, 16 September 2024
Hosting and Serving
Different server practices
self-hosting, home brewing, DIY/DIWO servers
federated networks of servers, Fediverse, Activity Pub Protocol
“autonomous”/“radical”/“community”/“feminist”/“art“ servers
- https://riseup.net/en/security/resources/radical-servers
- https://gendersec.tacticaltech.org/wiki/index.php/Servers:_From_autonomous_servers_to_feminist_servers
- https://web.archive.org/web/20220321111153/http://feral.earth/
A traversal Network of Feminist Servers (ATNOFS), https://hub.vvvvvvaria.org/rosa/atnofs/
A catalog of formats for digital discomfort..., by Jara Rocha
Are you being served?, multidisciplinary festival/work days organised by Constant in December 2013
Artists running there own personal server (at home or rented from a data center) to publish their web pages and projects.
Shared servers! Like the Sandbox servers in XPUB.
What is a server?
A server is someone else computer. that is connected to the network
“There is no cloud, just other people’s computers”
-- Free Software Foundation, https://fsf.org
returns data after request
For example, when loading the https://xpub.nl web page, you are sending a request to the XPUB server.
See: inspector > Network > Request + inspector > Network > Response
Renting a physical "dedicated" server
expensive, around 100 or more per month
Renting a VPS (virtual private server)
Virtual Private Server
HTTP(port80)/HTTPS(port 443)
Protocol you need to surf the web
Companies that offer VPS services:
- https://www.ovhcloud.com/
- https://gandi.net/
- https://greenhost.net/
- https://servus.at (requires membership i think)
- https://www.chatons.org/search/by-service?service_type_target_id=162&field_alternatives_aux_services_target_id=All&field_software_target_id=All&field_is_shared_value=All&title=
- https://uberspace.de/en/
saving computing resources, reliability
Homebrewing
Self hosting at home or somewhere physically (needs hardware, electricty, internet connection, …)
Maybe not the most environmental friendly server, as running it in a data center costs less energy.
port forwarding
it is good but not so reliable
is it environmental friendly or not . it is something we can discuss on
it can create the possibility to learn by doing, to take it slow
Use the XPUB hub (VPN)
soupboat uses this to connect
https://pzwiki.wdka.nl/mediadesign/HUB
soupboat connects through the xpub.hub to the public internet
HOW DO WE RUN A SERVER?
We need a computer + operating system basicially.
sandbox for today
Het IPv4-adres van uw VPS: 141.95.17.44
De naam van uw VPS: vps-cdfc3f33.vps.ovh.net
Het volgende administrator-account is geconfigureerd op de VPS:
- Gebruikersnaam: debian
- Wachtwoord/password: rkknFKKZQJ54
Connect to the server with SSH
SSH = secure shell
$ ssh debian@141.95.17.44
TOFU = Trust on first use (i love tofu)
It’s not trustworthy to use easy password. eheh.. so do not use easy password
so many cooking ref. -> another reason why we should cook
TEMPE = Trust except malicious pep e
$ whoami
Q. Jian, how can I record the history of terminal?
history log..? the command is called history
$ sudo adduser USERNAME
sudo = super user do
Now switch to your own user!
$ exit
And log in again, now with your own user.
$ ssh USERNAME@141.95.17.44
will add you in sudo group_sudo have big big power… eheh
$ cat /etc/group
* note for chae: /**etc**/: getting all the configuration of the following. Interesting.
Imagine that you are now in 1970s, and you are working on a mainframe computer. It’s a very busy time, time sharing day in and out. And you want to tell everyone that you want to reboot the mainframe, what do you do?
wall: send a message to all the users being logged in
$ wall Hello everyone!
there is always something wrong
tricks and tips in case you need a joke or smth like that
$ cowsay
$ figlet
$ toilet
$ lolcat
$ sl
ssh is a protocol (make a connection to another ___sudo ) and also the name of the program
security
change the default SSH port
$ cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak $ sudo systemctl restart sshd.service $ ssh <user>@<host> -p <port> $ sudo nano /etc/ssh/sshd_config
- We changed the SSH port to 42123
- To connect with SSH using this port:
to get out: CTRL + x
$ ssh USERNAME@141.95.17.44 -p 42123
now you need to specify the port number(which is -p 42123) as well.
disable root logins
$ sudo nano /etc/ssh/sshd_config
PermitRootLogin no
before it was commented out, but now we enable it.
use strong passwords
tip: use a password manager!
Q. what is a password manager?
start using SSH keys
$ ssh-keygen -t ed25519
$ ssh-copy-id -i ~/.ssh/YOURKEY.pub -p 42123 USERNAME@141.95.17.44
type your user pwd
/.ssh/
is the default folder to store ssh keys
for Windows:
ssh-copy-id
does not work in the Windows Powershell.
Instead you can use the following commands to add your ssh key to the server:
From your own computer:
$ scp -P 42123 ~/.ssh/YOURKEY.pub USERNAME@141.95.17.44:
(the colon at the end is important!!)
$ ssh USERNAME@141.95.17.44 $ ls
Now you see your key in your home folder.
Move it to a folder called .ssh. Which we first need to make.
$ mkdir .ssh
$ mv YOURKEY.pub .ssh
Also you need to add your key to a file called “authenticated hosts”
$ cat YOURKEY.pub
See also SSH
Make a SSH config file
$ nano ~/.ssh/config
Host xpubtest HostName 141.95.17.44 User joak Port 42123 IdentityFile ~/.ssh/joak_xpub_test
(control x to get out)
allow only login via SSH keys
$ sudo nano /etc/ssh/sshd_config
PubkeyAuthentication yes PasswordAuthentication no
keep the server software updated
$ sudo apt update $ sudo apt upgrade
using autoupdate
$ sudo apt install unattended-upgrades $ sudo dpkg-reconfigure –priority=low unattended-upgrades $ sudo systemctl status unattended-upgrades.service
use SFTP instead of FTP
example filezilla
install fail2ban
$ sudo apt install fail2ban
$ sudo nano /etc/fail2ban/jail.local
What to do with our servers?
Let’s serve some websites.
$ sudo apt install nginx
By default it only serves from the following folder:
$ nano /var/www/html
To configure the public_html folders on the webserver:
$ sudo nano /etc/nginx/sites-enabled/default
location ~ ^/~(.+?)(/.*)?$ { alias /home/$1/public\_html$2; index index.html index.htm; autoindex on; }
After changing the nginx config file, you need to reload nginx:
$ sudo service nginx reload
Command line tools
https://pzwiki.wdka.nl/mediadesign/Shell_Cheat_Sheet
Q: How do I know where i am?
$ pwd
pwd = print current working directory
Moving around:
$ cd (change directory)
$ ls (list)
For more, see Shell Cheat Sheet.
Questions
Q. how do we set a terminal background color for a different server?
Add this to your ~/.ssh/config
file, to one of your server configs:
$ nano ~/.ssh/config
localcommand xtermcontrol --bg "#dabbff"
You can change the hex color.
And add this to your ~/.bashrc
:
function ssh(){ BG=$(xtermcontrol --get-bg) $(which ssh) "$@" xtermcontrol --bg="$BG" }
Q: Who is Debian?
Debian is a Linux distribution which is used quite a lot as OS for servers, because of its reliability.
Who is behind Debian? ombination of volunteers + companies.
Q: How to get out of wall?
to get outside of the wall, ctl C
Links
This wiki page emerged from: https://pad.xpub.nl/p/hosting-and-serving