Hosting and serving: Difference between revisions

From XPUB & Lens-Based wiki
 
(11 intermediate revisions by the same user not shown)
Line 37: Line 37:
See: inspector > Network > Request + inspector > Network > Response
See: inspector > Network > Request + inspector > Network > Response


=== Renting a physical server ===
 
=== Renting a physical "dedicated" server ===


expensive, around 100 or more per month
expensive, around 100 or more per month
Line 56: Line 57:
* https://servus.at (requires membership i think)
* https://servus.at (requires membership i think)
* https://www.chatons.org/search/by-service?service_type_target_id=162&field_alternatives_aux_services_target_id=All&field_software_target_id=All&field_is_shared_value=All&title=
* https://www.chatons.org/search/by-service?service_type_target_id=162&field_alternatives_aux_services_target_id=All&field_software_target_id=All&field_is_shared_value=All&title=
* https://uberspace.de/en/Gus
* https://uberspace.de/en/


saving computing resources, reliability
saving computing resources, reliability
Line 88: Line 89:
We need a computer + operating system basicially.
We need a computer + operating system basicially.


== '''sandbox''' ==
== sandbox for today ==


Het IPv4-adres van uw VPS: 141.95.17.44
Het IPv4-adres van uw VPS: 141.95.17.44
Line 103: Line 104:
'''SSH''' = secure shell
'''SSH''' = secure shell


$ ssh debian@141.95.17.44
$ ssh debian@141.95.17.44


'''TOFU''' = Trust on first use (i love tofu)
'''TOFU''' = Trust on first use (i love tofu)
Line 113: Line 114:
'''TEMPE = '''Trust except malicious pep e
'''TEMPE = '''Trust except malicious pep e


$ whoami
$ whoami


Q. Jian, how can I record the history of terminal?
Q. Jian, how can I record the history of terminal?
Line 119: Line 120:
history log..? the command is called history
history log..? the command is called history


$ sudo adduser USERNAME
$ sudo adduser USERNAME


'''sudo''' = super user do
'''sudo''' = super user do
Line 125: Line 126:
Now switch to your own user!
Now switch to your own user!


$ exit
$ exit


And log in again, now with your own user.
And log in again, now with your own user.


$ ssh USERNAME@141.95.17.44
$ ssh USERNAME@141.95.17.44


will add you in sudo group_sudo have big big power… eheh
will add you in sudo group_sudo have big big power… eheh


$ cat /etc/group
$ cat /etc/group


<pre>   * note for chae: /**etc**/: getting all the configuration of the following. Interesting. </pre>
<pre>* note for chae: /**etc**/: getting all the configuration of the following. Interesting. </pre>
Imagine that you are now in 1970s, and you are working on a mainframe computer. It’s a very busy time, time sharing day in and out. And you want to tell everyone that you want to reboot the mainframe, what do you do?
Imagine that you are now in 1970s, and you are working on a mainframe computer. It’s a very busy time, time sharing day in and out. And you want to tell everyone that you want to reboot the mainframe, what do you do?


'''wall''': send a message to all the users being logged in
'''wall''': send a message to all the users being logged in


$ wall Hello everyone!
$ wall Hello everyone!


Q: Who is Debian? Debian is a Linux distribution which is used quite a lot as OS for servers, because of its reliability.
there is always something wrong


Who is behind Debian? ombination of volunteers + companies.
'''tricks and tips in case you need a joke or smth like that'''
 
$ cowsay
 
$ figlet
 
$ toilet
 
$ lolcat
 
$ sl
 
ssh is a protocol (make a connection to another ___sudo ) and also the name of the program
 
== security ==
 
=== change the default SSH port ===
 
$ cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
$ sudo systemctl restart sshd.service
$ ssh <user>@<host> -p <port>
$ sudo nano /etc/ssh/sshd_config
* We changed the SSH port to 42123
 
* To connect with SSH using this port:
 
to get out: CTRL + x
 
$ ssh USERNAME@141.95.17.44 -p 42123
 
now you need to specify the port number(which is -p 42123) as well.
 
===disable root logins===
 
$ sudo nano /etc/ssh/sshd_config
 
PermitRootLogin no
 
before it was commented out, but now we enable it.
 
===use strong passwords===
 
tip: use a password manager!
 
Q. what is a password manager?
 
===start using SSH keys===
 
$ ssh-keygen -t ed25519
 
$ ssh-copy-id -i ~/.ssh/YOURKEY.pub -p 42123 USERNAME@141.95.17.44
 
type your user pwd
 
<code>/.ssh/</code> is the default folder to store ssh keys
 
for '''Windows''':
 
<code>ssh-copy-id</code> does not work in the Windows Powershell.
 
Instead you can use the following commands to add your ssh key to the server:
 
From your own computer:
 
$ scp -P 42123 ~/.ssh/YOURKEY.pub USERNAME@141.95.17.44:
 
(the colon at the end is important!!)
 
$ ssh USERNAME@141.95.17.44
$ ls
 
Now you see your key in your home folder.
 
Move it to a folder called </code>.ssh</code>. Which we first need to make.
 
$ mkdir .ssh
 
$ mv YOURKEY.pub .ssh
 
Also you need to add your key to a file called “authenticated hosts”


there is always something wrong
$ cat YOURKEY.pub


'''tricks and tips in case you need a joke or smth like that'''
See also [[SSH]]


$ cowsay
====Make a SSH config file====


$ figlet
$ nano ~/.ssh/config


$ toilet
Host xpubtest
HostName 141.95.17.44
User joak
Port 42123
IdentityFile ~/.ssh/joak_xpub_test


$ lolcat
(control x to get out)


$ sl
====allow only login via SSH keys====


Q: How to get out of wall?
$ sudo nano /etc/ssh/sshd_config


to get outside of the wall, ctl C
PubkeyAuthentication yes
PasswordAuthentication no


ssh is a protocol(make a connection to another ___sudo ) and also the name of the program
===keep the server software updated===


== '''security''' ==
$ sudo apt update
$ sudo apt upgrade


* change the default SSH port
using autoupdate
** $ cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
** $ sudo systemctl restart sshd.service
** $ ssh <user>@<host> -p <port>
** $ sudo nano /etc/ssh/sshd_config
**
** We changed the SSH port to 42123
** To connect with SSH using this port:


*to get out contrl+x
$ sudo apt install unattended-upgrades
$ sudo dpkg-reconfigure –priority=low unattended-upgrades
$ sudo systemctl status unattended-upgrades.service


<pre>  * $ ssh USERNAME@141.95.17.44 -p 42123
===use SFTP instead of FTP===
      * now you need to specify the port number(which is -p 42123) as well.</pre>
<ul>
<li><p>disable root logins</p>
<ul>
<li>$ sudo nano /etc/ssh/sshd_config</li>
<li><blockquote><p>PermitRootLogin no</p></blockquote></li>
<li>before it was commented out, but now we enable it.</li>
<li></li></ul>
</li>
<li><p>use strong passwords</p>
<ul>
<li>tip: use a password manager!</li>
<li>Q. what is a password manager?</li>
<li></li></ul>
</li>
<li><p>start using SSH keys</p>
<ul>
<li>$ ssh-keygen -t ed25519</li>
<li></li>
<li>$ ssh-copy-id -i ~/.ssh/YOURKEY.pub -p 42123 USERNAME@141.95.17.44</li>
<li>type your user pwd</li>
<li>“/.ssh/” is the default folder to store ssh keys</li>
<li></li>
<li>for '''Windows''':</li>
<li></li>
<li>“ssh-copy-id” does not work in the Windows Powershell.</li>
<li>Instead you can use the following commands to add your ssh key to the server:
<ul>
<li>From your own computer:
<ul>
<li>$ scp -P 42123 ~/.ssh/YOURKEY.pub USERNAME@141.95.17.44:</li>
<li>(the colon at the end is important!!)</li>
<li>$ ssh USERNAME@141.95.17.44</li>
<li>$ ls</li>
<li>Now you see your key in your home folder.</li>
<li>Move it to a folder called “.ssh”. Which we first need to make.</li>
<li>$ mkdir .ssh</li>
<li>$ mv YOURKEY.pub .ssh</li>
<li>Also you need to add your key to a file called “authenticated hosts”</li>
<li>$ cat YOURKEY.pub &gt;&gt;</li></ul>
</li>
<li></li></ul>
</li>
<li>(More details about SSH keys: [https://www.ssh.com/academy/ssh/keygen#sec-Choosing-an-Algorithm-and-Key-Size https://www.ssh.com/academy/ssh/keygen#sec-Choosing-an-Algorithm-and-Key-Size)])</li>
<li></li>
<li>$ nano ~/.ssh/config</li>
<li>Host xpubtest</li>
<li>HostName 141.95.17.44</li>
<li>User joak</li>
<li>Port 42123</li>
<li>IdentityFile ~/.ssh/joak_xpub_test</li>
<li>(control x to get out)</li>
<li></li></ul>
</li>
<li><p>allow only login via SSH keys</p>
<ul>
<li>$ sudo nano /etc/ssh/sshd_config</li>
<li><blockquote><p>PubkeyAuthentication yes</p></blockquote></li>
<li><blockquote><p>PasswordAuthentication no</p></blockquote></li>
<li></li></ul>
</li>
<li><p>keep the server software updated</p>
<ul>
<li>$ sudo apt update</li>
<li>$ sudo apt upgrade</li>
<li></li></ul>
</li>
<li><p>using autoupdate</p>
<ul>
<li>$ sudo apt install unattended-upgrades</li>
<li>$ sudo dpkg-reconfigure –priority=low unattended-upgrades</li>
<li>$ sudo systemctl status unattended-upgrades.service</li></ul>
</li>
<li><p>use SFTP instead of FTP - example filezilla</p></li>
<li><p>install fail2ban</p>
<ul>
<li>$ sudo apt install fail2ban</li>
<li>$ sudo nano /etc/fail2ban/jail.local</li>
<li></li></ul>
</li></ul>


'''Q. how do we set a background color for different server / port? '''
example filezilla


Add this to your .ssh/config file:
===install fail2ban===


$ nano ~/.ssh
$ sudo apt install fail2ban


* LocalCommand setterm –term linux –background white –foreground black –clear ##
$ sudo nano /etc/fail2ban/jail.local


== What to do with our servers? ==
== What to do with our servers? ==
Line 273: Line 275:
Let’s serve some websites.
Let’s serve some websites.


$ sudo apt install nginx
$ sudo apt install nginx


By default it only serves from the following folder:
By default it only serves from the following folder:


* $ nano /var/www/html
$ nano /var/www/html


To configure the public_html folders on the webserver:
To configure the public_html folders on the webserver:


$ sudo nano /etc/nginx/sites-enabled/default
$ sudo nano /etc/nginx/sites-enabled/default
 
<pre>    location ~ ^/~(.+?)(/.*)?$ {
 
            alias /home/$1/public\_html$2;


            index index.html index.htm;
location ~ ^/~(.+?)(/.*)?$ {
    alias /home/$1/public\_html$2;
    index index.html index.htm;
    autoindex on;
}


            autoindex on;
After changing the nginx config file, you need to reload nginx:


    }</pre>
$ sudo service nginx reload
$ sudo service nginx reload


== Command line tools ==
== Command line tools ==
Line 300: Line 301:
Q: How do I know where i am?
Q: How do I know where i am?


$ pwd
$ pwd


'''pwd''' = print current working directory
'''pwd''' = print current working directory
Line 306: Line 307:
Moving around:
Moving around:


$ cd (change directory)
$ cd (change directory)
 
$ ls (list)
 
For more, see [[Shell Cheat Sheet]].
 
==Questions==
 
===Q. how do we set a terminal background color for a different server?===
 
Add this to your <code>~/.ssh/config</code> file, to one of your server configs:
 
$ nano ~/.ssh/config
 
localcommand xtermcontrol --bg "#dabbff"
 
You can change the hex color.
 
And add this to your <code>~/.bashrc</code>:
 
function ssh(){
  BG=$(xtermcontrol --get-bg)
  $(which ssh) "$@"
  xtermcontrol --bg="$BG"
}
 
===Q: Who is Debian?===
 
Debian is a Linux distribution which is used quite a lot as OS for servers, because of its reliability.
 
Who is behind Debian? ombination of volunteers + companies.
 
===Q: How to get out of wall?===
 
to get outside of the wall, ctl C
 
==Links==
 
This wiki page emerged from: https://pad.xpub.nl/p/hosting-and-serving


$ ls (list)
[[Category:Cookbook]]

Latest revision as of 13:20, 16 September 2024

Hosting and Serving

Different server practices

self-hosting, home brewing, DIY/DIWO servers

federated networks of servers, Fediverse, Activity Pub Protocol

“autonomous”/“radical”/“community”/“feminist”/“art“ servers

A traversal Network of Feminist Servers (ATNOFS), https://hub.vvvvvvaria.org/rosa/atnofs/

A catalog of formats for digital discomfort..., by Jara Rocha

Are you being served?, multidisciplinary festival/work days organised by Constant in December 2013

Artists running there own personal server (at home or rented from a data center) to publish their web pages and projects.

Shared servers! Like the Sandbox servers in XPUB.

What is a server?

A server is someone else computer. that is connected to the network

“There is no cloud, just other people’s computers”

-- Free Software Foundation, https://fsf.org

returns data after request

For example, when loading the https://xpub.nl web page, you are sending a request to the XPUB server.

See: inspector > Network > Request + inspector > Network > Response


Renting a physical "dedicated" server

expensive, around 100 or more per month

Renting a VPS (virtual private server)

Virtual Private Server

HTTP(port80)/HTTPS(port 443)

Protocol you need to surf the web

Companies that offer VPS services:

saving computing resources, reliability

Homebrewing

Self hosting at home or somewhere physically (needs hardware, electricty, internet connection, …)

Maybe not the most environmental friendly server, as running it in a data center costs less energy.

port forwarding

it is good but not so reliable

is it environmental friendly or not . it is something we can discuss on

it can create the possibility to learn by doing, to take it slow

Use the XPUB hub (VPN)

soupboat uses this to connect

https://hub.xpub.nl/

https://pzwiki.wdka.nl/mediadesign/HUB

soupboat connects through the xpub.hub to the public internet

HOW DO WE RUN A SERVER?

We need a computer + operating system basicially.

sandbox for today

Het IPv4-adres van uw VPS: 141.95.17.44

De naam van uw VPS: vps-cdfc3f33.vps.ovh.net

Het volgende administrator-account is geconfigureerd op de VPS:

  • Gebruikersnaam: debian
  • Wachtwoord/password: rkknFKKZQJ54

Connect to the server with SSH

SSH = secure shell

$ ssh debian@141.95.17.44

TOFU = Trust on first use (i love tofu)

It’s not trustworthy to use easy password. eheh.. so do not use easy password

so many cooking ref. -> another reason why we should cook

TEMPE = Trust except malicious pep e

$ whoami

Q. Jian, how can I record the history of terminal?

history log..? the command is called history

$ sudo adduser USERNAME

sudo = super user do

Now switch to your own user!

$ exit

And log in again, now with your own user.

$ ssh USERNAME@141.95.17.44

will add you in sudo group_sudo have big big power… eheh

$ cat /etc/group
* note for chae: /**etc**/: getting all the configuration of the following. Interesting. 

Imagine that you are now in 1970s, and you are working on a mainframe computer. It’s a very busy time, time sharing day in and out. And you want to tell everyone that you want to reboot the mainframe, what do you do?

wall: send a message to all the users being logged in

$ wall Hello everyone!

there is always something wrong

tricks and tips in case you need a joke or smth like that

$ cowsay
$ figlet
$ toilet
$ lolcat
$ sl

ssh is a protocol (make a connection to another ___sudo ) and also the name of the program

security

change the default SSH port

$ cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
$ sudo systemctl restart sshd.service
$ ssh <user>@<host> -p <port>
$ sudo nano /etc/ssh/sshd_config

  • We changed the SSH port to 42123
  • To connect with SSH using this port:

to get out: CTRL + x

$ ssh USERNAME@141.95.17.44 -p 42123

now you need to specify the port number(which is -p 42123) as well.

disable root logins

$ sudo nano /etc/ssh/sshd_config
PermitRootLogin no

before it was commented out, but now we enable it.

use strong passwords

tip: use a password manager!

Q. what is a password manager?

start using SSH keys

$ ssh-keygen -t ed25519
$ ssh-copy-id -i ~/.ssh/YOURKEY.pub -p 42123 USERNAME@141.95.17.44

type your user pwd

/.ssh/ is the default folder to store ssh keys

for Windows:

ssh-copy-id does not work in the Windows Powershell.

Instead you can use the following commands to add your ssh key to the server:

From your own computer:

$ scp -P 42123 ~/.ssh/YOURKEY.pub USERNAME@141.95.17.44:

(the colon at the end is important!!)

$ ssh USERNAME@141.95.17.44
$ ls

Now you see your key in your home folder.

Move it to a folder called .ssh. Which we first need to make.

$ mkdir .ssh

$ mv YOURKEY.pub .ssh

Also you need to add your key to a file called “authenticated hosts”

$ cat YOURKEY.pub

See also SSH

Make a SSH config file

$ nano ~/.ssh/config
Host xpubtest 
HostName 141.95.17.44 
User joak 
Port 42123 
IdentityFile ~/.ssh/joak_xpub_test 

(control x to get out)

allow only login via SSH keys

$ sudo nano /etc/ssh/sshd_config

PubkeyAuthentication yes
PasswordAuthentication no

keep the server software updated

$ sudo apt update
$ sudo apt upgrade

using autoupdate

$ sudo apt install unattended-upgrades
$ sudo dpkg-reconfigure –priority=low unattended-upgrades
$ sudo systemctl status unattended-upgrades.service

use SFTP instead of FTP

example filezilla

install fail2ban

$ sudo apt install fail2ban
$ sudo nano /etc/fail2ban/jail.local

What to do with our servers?

Let’s serve some websites.

$ sudo apt install nginx

By default it only serves from the following folder:

$ nano /var/www/html

To configure the public_html folders on the webserver:

$ sudo nano /etc/nginx/sites-enabled/default
location ~ ^/~(.+?)(/.*)?$ {
    alias /home/$1/public\_html$2;
    index index.html index.htm;
    autoindex on;
}

After changing the nginx config file, you need to reload nginx:

$ sudo service nginx reload

Command line tools

https://pzwiki.wdka.nl/mediadesign/Shell_Cheat_Sheet

Q: How do I know where i am?

$ pwd

pwd = print current working directory

Moving around:

$ cd (change directory)
$ ls (list)

For more, see Shell Cheat Sheet.

Questions

Q. how do we set a terminal background color for a different server?

Add this to your ~/.ssh/config file, to one of your server configs:

$ nano ~/.ssh/config
localcommand xtermcontrol --bg "#dabbff"

You can change the hex color.

And add this to your ~/.bashrc:

function ssh(){
  BG=$(xtermcontrol --get-bg)
  $(which ssh) "$@"
  xtermcontrol --bg="$BG"
}

Q: Who is Debian?

Debian is a Linux distribution which is used quite a lot as OS for servers, because of its reliability.

Who is behind Debian? ombination of volunteers + companies.

Q: How to get out of wall?

to get outside of the wall, ctl C

Links

This wiki page emerged from: https://pad.xpub.nl/p/hosting-and-serving