Hosting and serving: Difference between revisions

From XPUB & Lens-Based wiki
 
(10 intermediate revisions by the same user not shown)
Line 37: Line 37:
See: inspector > Network > Request + inspector > Network > Response
See: inspector > Network > Request + inspector > Network > Response


=== Renting a physical server ===
 
=== Renting a physical "dedicated" server ===


expensive, around 100 or more per month
expensive, around 100 or more per month
Line 56: Line 57:
* https://servus.at (requires membership i think)
* https://servus.at (requires membership i think)
* https://www.chatons.org/search/by-service?service_type_target_id=162&field_alternatives_aux_services_target_id=All&field_software_target_id=All&field_is_shared_value=All&title=
* https://www.chatons.org/search/by-service?service_type_target_id=162&field_alternatives_aux_services_target_id=All&field_software_target_id=All&field_is_shared_value=All&title=
* https://uberspace.de/en/Gus
* https://uberspace.de/en/


saving computing resources, reliability
saving computing resources, reliability
Line 88: Line 89:
We need a computer + operating system basicially.
We need a computer + operating system basicially.


== '''sandbox''' ==
== sandbox for today ==


Het IPv4-adres van uw VPS: 141.95.17.44
Het IPv4-adres van uw VPS: 141.95.17.44
Line 141: Line 142:


  $ wall Hello everyone!
  $ wall Hello everyone!
Q: Who is Debian? Debian is a Linux distribution which is used quite a lot as OS for servers, because of its reliability.
Who is behind Debian? ombination of volunteers + companies.


there is always something wrong
there is always something wrong
Line 160: Line 157:
  $ sl
  $ sl


Q: How to get out of wall?
ssh is a protocol (make a connection to another ___sudo ) and also the name of the program
 
== security ==
 
=== change the default SSH port ===
 
$ cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
$ sudo systemctl restart sshd.service
$ ssh <user>@<host> -p <port>
$ sudo nano /etc/ssh/sshd_config
* We changed the SSH port to 42123
 
* To connect with SSH using this port:
 
to get out: CTRL + x
 
$ ssh USERNAME@141.95.17.44 -p 42123
 
now you need to specify the port number(which is -p 42123) as well.
 
===disable root logins===
 
$ sudo nano /etc/ssh/sshd_config
 
PermitRootLogin no
 
before it was commented out, but now we enable it.
 
===use strong passwords===
 
tip: use a password manager!
 
Q. what is a password manager?
 
===start using SSH keys===
 
$ ssh-keygen -t ed25519
 
$ ssh-copy-id -i ~/.ssh/YOURKEY.pub -p 42123 USERNAME@141.95.17.44
 
type your user pwd
 
<code>/.ssh/</code> is the default folder to store ssh keys
 
for '''Windows''':
 
<code>ssh-copy-id</code> does not work in the Windows Powershell.
 
Instead you can use the following commands to add your ssh key to the server:
 
From your own computer:
 
$ scp -P 42123 ~/.ssh/YOURKEY.pub USERNAME@141.95.17.44:
 
(the colon at the end is important!!)
 
$ ssh USERNAME@141.95.17.44
$ ls
 
Now you see your key in your home folder.
 
Move it to a folder called </code>.ssh</code>. Which we first need to make.
 
$ mkdir .ssh


to get outside of the wall, ctl C
$ mv YOURKEY.pub .ssh
 
Also you need to add your key to a file called “authenticated hosts”
 
$ cat YOURKEY.pub
 
See also [[SSH]]
 
====Make a SSH config file====
 
$ nano ~/.ssh/config
 
Host xpubtest
HostName 141.95.17.44
User joak
Port 42123
IdentityFile ~/.ssh/joak_xpub_test
 
(control x to get out)
 
====allow only login via SSH keys====
 
$ sudo nano /etc/ssh/sshd_config
 
PubkeyAuthentication yes
PasswordAuthentication no


ssh is a protocol (make a connection to another ___sudo ) and also the name of the program
===keep the server software updated===


== '''security''' ==
$ sudo apt update
$ sudo apt upgrade


* change the default SSH port
using autoupdate
** $ cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
** $ sudo systemctl restart sshd.service
** $ ssh <user>@<host> -p <port>
** $ sudo nano /etc/ssh/sshd_config
**
** We changed the SSH port to 42123
** To connect with SSH using this port:


*to get out contrl+x
$ sudo apt install unattended-upgrades
$ sudo dpkg-reconfigure –priority=low unattended-upgrades
$ sudo systemctl status unattended-upgrades.service


<pre>  * $ ssh USERNAME@141.95.17.44 -p 42123
===use SFTP instead of FTP===
      * now you need to specify the port number(which is -p 42123) as well.</pre>
<ul>
<li><p>disable root logins</p>
<ul>
<li>$ sudo nano /etc/ssh/sshd_config</li>
<li><blockquote><p>PermitRootLogin no</p></blockquote></li>
<li>before it was commented out, but now we enable it.</li>
<li></li></ul>
</li>
<li><p>use strong passwords</p>
<ul>
<li>tip: use a password manager!</li>
<li>Q. what is a password manager?</li>
<li></li></ul>
</li>
<li><p>start using SSH keys</p>
<ul>
<li>$ ssh-keygen -t ed25519</li>
<li></li>
<li>$ ssh-copy-id -i ~/.ssh/YOURKEY.pub -p 42123 USERNAME@141.95.17.44</li>
<li>type your user pwd</li>
<li>“/.ssh/” is the default folder to store ssh keys</li>
<li></li>
<li>for '''Windows''':</li>
<li></li>
<li>“ssh-copy-id” does not work in the Windows Powershell.</li>
<li>Instead you can use the following commands to add your ssh key to the server:
<ul>
<li>From your own computer:
<ul>
<li>$ scp -P 42123 ~/.ssh/YOURKEY.pub USERNAME@141.95.17.44:</li>
<li>(the colon at the end is important!!)</li>
<li>$ ssh USERNAME@141.95.17.44</li>
<li>$ ls</li>
<li>Now you see your key in your home folder.</li>
<li>Move it to a folder called “.ssh”. Which we first need to make.</li>
<li>$ mkdir .ssh</li>
<li>$ mv YOURKEY.pub .ssh</li>
<li>Also you need to add your key to a file called “authenticated hosts”</li>
<li>$ cat YOURKEY.pub &gt;&gt;</li></ul>
</li>
<li></li></ul>
</li>
<li>(More details about SSH keys: [https://www.ssh.com/academy/ssh/keygen#sec-Choosing-an-Algorithm-and-Key-Size https://www.ssh.com/academy/ssh/keygen#sec-Choosing-an-Algorithm-and-Key-Size)])</li>
<li></li>
<li>$ nano ~/.ssh/config</li>
<li>Host xpubtest</li>
<li>HostName 141.95.17.44</li>
<li>User joak</li>
<li>Port 42123</li>
<li>IdentityFile ~/.ssh/joak_xpub_test</li>
<li>(control x to get out)</li>
<li></li></ul>
</li>
<li><p>allow only login via SSH keys</p>
<ul>
<li>$ sudo nano /etc/ssh/sshd_config</li>
<li><blockquote><p>PubkeyAuthentication yes</p></blockquote></li>
<li><blockquote><p>PasswordAuthentication no</p></blockquote></li>
<li></li></ul>
</li>
<li><p>keep the server software updated</p>
<ul>
<li>$ sudo apt update</li>
<li>$ sudo apt upgrade</li>
<li></li></ul>
</li>
<li><p>using autoupdate</p>
<ul>
<li>$ sudo apt install unattended-upgrades</li>
<li>$ sudo dpkg-reconfigure –priority=low unattended-upgrades</li>
<li>$ sudo systemctl status unattended-upgrades.service</li></ul>
</li>
<li><p>use SFTP instead of FTP - example filezilla</p></li>
<li><p>install fail2ban</p>
<ul>
<li>$ sudo apt install fail2ban</li>
<li>$ sudo nano /etc/fail2ban/jail.local</li>
<li></li></ul>
</li></ul>


'''Q. how do we set a background color for different server / port? '''
example filezilla


Add this to your .ssh/config file:
===install fail2ban===


$ nano ~/.ssh
$ sudo apt install fail2ban


* LocalCommand setterm –term linux –background white –foreground black –clear ##
$ sudo nano /etc/fail2ban/jail.local


== What to do with our servers? ==
== What to do with our servers? ==
Line 273: Line 275:
Let’s serve some websites.
Let’s serve some websites.


$ sudo apt install nginx
$ sudo apt install nginx


By default it only serves from the following folder:
By default it only serves from the following folder:


* $ nano /var/www/html
$ nano /var/www/html


To configure the public_html folders on the webserver:
To configure the public_html folders on the webserver:


$ sudo nano /etc/nginx/sites-enabled/default
$ sudo nano /etc/nginx/sites-enabled/default
 
<pre>    location ~ ^/~(.+?)(/.*)?$ {
 
            alias /home/$1/public\_html$2;


            index index.html index.htm;
location ~ ^/~(.+?)(/.*)?$ {
    alias /home/$1/public\_html$2;
    index index.html index.htm;
    autoindex on;
}


            autoindex on;
After changing the nginx config file, you need to reload nginx:


    }</pre>
$ sudo service nginx reload
$ sudo service nginx reload


== Command line tools ==
== Command line tools ==
Line 300: Line 301:
Q: How do I know where i am?
Q: How do I know where i am?


$ pwd
$ pwd


'''pwd''' = print current working directory
'''pwd''' = print current working directory
Line 306: Line 307:
Moving around:
Moving around:


$ cd (change directory)
$ cd (change directory)
 
$ ls (list)
 
For more, see [[Shell Cheat Sheet]].
 
==Questions==
 
===Q. how do we set a terminal background color for a different server?===
 
Add this to your <code>~/.ssh/config</code> file, to one of your server configs:
 
$ nano ~/.ssh/config
 
localcommand xtermcontrol --bg "#dabbff"
 
You can change the hex color.
 
And add this to your <code>~/.bashrc</code>:
 
function ssh(){
  BG=$(xtermcontrol --get-bg)
  $(which ssh) "$@"
  xtermcontrol --bg="$BG"
}
 
===Q: Who is Debian?===
 
Debian is a Linux distribution which is used quite a lot as OS for servers, because of its reliability.
 
Who is behind Debian? ombination of volunteers + companies.
 
===Q: How to get out of wall?===
 
to get outside of the wall, ctl C
 
==Links==
 
This wiki page emerged from: https://pad.xpub.nl/p/hosting-and-serving


$ ls (list)
[[Category:Cookbook]]

Latest revision as of 13:20, 16 September 2024

Hosting and Serving

Different server practices

self-hosting, home brewing, DIY/DIWO servers

federated networks of servers, Fediverse, Activity Pub Protocol

“autonomous”/“radical”/“community”/“feminist”/“art“ servers

A traversal Network of Feminist Servers (ATNOFS), https://hub.vvvvvvaria.org/rosa/atnofs/

A catalog of formats for digital discomfort..., by Jara Rocha

Are you being served?, multidisciplinary festival/work days organised by Constant in December 2013

Artists running there own personal server (at home or rented from a data center) to publish their web pages and projects.

Shared servers! Like the Sandbox servers in XPUB.

What is a server?

A server is someone else computer. that is connected to the network

“There is no cloud, just other people’s computers”

-- Free Software Foundation, https://fsf.org

returns data after request

For example, when loading the https://xpub.nl web page, you are sending a request to the XPUB server.

See: inspector > Network > Request + inspector > Network > Response


Renting a physical "dedicated" server

expensive, around 100 or more per month

Renting a VPS (virtual private server)

Virtual Private Server

HTTP(port80)/HTTPS(port 443)

Protocol you need to surf the web

Companies that offer VPS services:

saving computing resources, reliability

Homebrewing

Self hosting at home or somewhere physically (needs hardware, electricty, internet connection, …)

Maybe not the most environmental friendly server, as running it in a data center costs less energy.

port forwarding

it is good but not so reliable

is it environmental friendly or not . it is something we can discuss on

it can create the possibility to learn by doing, to take it slow

Use the XPUB hub (VPN)

soupboat uses this to connect

https://hub.xpub.nl/

https://pzwiki.wdka.nl/mediadesign/HUB

soupboat connects through the xpub.hub to the public internet

HOW DO WE RUN A SERVER?

We need a computer + operating system basicially.

sandbox for today

Het IPv4-adres van uw VPS: 141.95.17.44

De naam van uw VPS: vps-cdfc3f33.vps.ovh.net

Het volgende administrator-account is geconfigureerd op de VPS:

  • Gebruikersnaam: debian
  • Wachtwoord/password: rkknFKKZQJ54

Connect to the server with SSH

SSH = secure shell

$ ssh debian@141.95.17.44

TOFU = Trust on first use (i love tofu)

It’s not trustworthy to use easy password. eheh.. so do not use easy password

so many cooking ref. -> another reason why we should cook

TEMPE = Trust except malicious pep e

$ whoami

Q. Jian, how can I record the history of terminal?

history log..? the command is called history

$ sudo adduser USERNAME

sudo = super user do

Now switch to your own user!

$ exit

And log in again, now with your own user.

$ ssh USERNAME@141.95.17.44

will add you in sudo group_sudo have big big power… eheh

$ cat /etc/group
* note for chae: /**etc**/: getting all the configuration of the following. Interesting. 

Imagine that you are now in 1970s, and you are working on a mainframe computer. It’s a very busy time, time sharing day in and out. And you want to tell everyone that you want to reboot the mainframe, what do you do?

wall: send a message to all the users being logged in

$ wall Hello everyone!

there is always something wrong

tricks and tips in case you need a joke or smth like that

$ cowsay
$ figlet
$ toilet
$ lolcat
$ sl

ssh is a protocol (make a connection to another ___sudo ) and also the name of the program

security

change the default SSH port

$ cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
$ sudo systemctl restart sshd.service
$ ssh <user>@<host> -p <port>
$ sudo nano /etc/ssh/sshd_config

  • We changed the SSH port to 42123
  • To connect with SSH using this port:

to get out: CTRL + x

$ ssh USERNAME@141.95.17.44 -p 42123

now you need to specify the port number(which is -p 42123) as well.

disable root logins

$ sudo nano /etc/ssh/sshd_config
PermitRootLogin no

before it was commented out, but now we enable it.

use strong passwords

tip: use a password manager!

Q. what is a password manager?

start using SSH keys

$ ssh-keygen -t ed25519
$ ssh-copy-id -i ~/.ssh/YOURKEY.pub -p 42123 USERNAME@141.95.17.44

type your user pwd

/.ssh/ is the default folder to store ssh keys

for Windows:

ssh-copy-id does not work in the Windows Powershell.

Instead you can use the following commands to add your ssh key to the server:

From your own computer:

$ scp -P 42123 ~/.ssh/YOURKEY.pub USERNAME@141.95.17.44:

(the colon at the end is important!!)

$ ssh USERNAME@141.95.17.44
$ ls

Now you see your key in your home folder.

Move it to a folder called .ssh. Which we first need to make.

$ mkdir .ssh

$ mv YOURKEY.pub .ssh

Also you need to add your key to a file called “authenticated hosts”

$ cat YOURKEY.pub

See also SSH

Make a SSH config file

$ nano ~/.ssh/config
Host xpubtest 
HostName 141.95.17.44 
User joak 
Port 42123 
IdentityFile ~/.ssh/joak_xpub_test 

(control x to get out)

allow only login via SSH keys

$ sudo nano /etc/ssh/sshd_config

PubkeyAuthentication yes
PasswordAuthentication no

keep the server software updated

$ sudo apt update
$ sudo apt upgrade

using autoupdate

$ sudo apt install unattended-upgrades
$ sudo dpkg-reconfigure –priority=low unattended-upgrades
$ sudo systemctl status unattended-upgrades.service

use SFTP instead of FTP

example filezilla

install fail2ban

$ sudo apt install fail2ban
$ sudo nano /etc/fail2ban/jail.local

What to do with our servers?

Let’s serve some websites.

$ sudo apt install nginx

By default it only serves from the following folder:

$ nano /var/www/html

To configure the public_html folders on the webserver:

$ sudo nano /etc/nginx/sites-enabled/default
location ~ ^/~(.+?)(/.*)?$ {
    alias /home/$1/public\_html$2;
    index index.html index.htm;
    autoindex on;
}

After changing the nginx config file, you need to reload nginx:

$ sudo service nginx reload

Command line tools

https://pzwiki.wdka.nl/mediadesign/Shell_Cheat_Sheet

Q: How do I know where i am?

$ pwd

pwd = print current working directory

Moving around:

$ cd (change directory)
$ ls (list)

For more, see Shell Cheat Sheet.

Questions

Q. how do we set a terminal background color for a different server?

Add this to your ~/.ssh/config file, to one of your server configs:

$ nano ~/.ssh/config
localcommand xtermcontrol --bg "#dabbff"

You can change the hex color.

And add this to your ~/.bashrc:

function ssh(){
  BG=$(xtermcontrol --get-bg)
  $(which ssh) "$@"
  xtermcontrol --bg="$BG"
}

Q: Who is Debian?

Debian is a Linux distribution which is used quite a lot as OS for servers, because of its reliability.

Who is behind Debian? ombination of volunteers + companies.

Q: How to get out of wall?

to get outside of the wall, ctl C

Links

This wiki page emerged from: https://pad.xpub.nl/p/hosting-and-serving