Hosting and serving

From XPUB & Lens-Based wiki

Hosting and Serving

Different server practices

self-hosting, home brewing, DIY/DIWO servers

federated networks of servers, Fediverse, Activity Pub Protocol

“autonomous”/“radical”/“community”/“feminist”/“art“ servers

A traversal Network of Feminist Servers (ATNOFS), https://hub.vvvvvvaria.org/rosa/atnofs/

A catalog of formats for digital discomfort..., by Jara Rocha

Are you being served?, multidisciplinary festival/work days organised by Constant in December 2013

Artists running there own personal server (at home or rented from a data center) to publish their web pages and projects.

Shared servers! Like the Sandbox servers in XPUB.

What is a server?

A server is someone else computer. that is connected to the network

“There is no cloud, just other people’s computers”

-- Free Software Foundation, https://fsf.org

returns data after request

For example, when loading the https://xpub.nl web page, you are sending a request to the XPUB server.

See: inspector > Network > Request + inspector > Network > Response

Renting a physical server

expensive, around 100 or more per month

Renting a VPS (virtual private server)

Virtual Private Server

HTTP(port80)/HTTPS(port 443)

Protocol you need to surf the web

Companies that offer VPS services:

saving computing resources, reliability

Homebrewing

Self hosting at home or somewhere physically (needs hardware, electricty, internet connection, …)

Maybe not the most environmental friendly server, as running it in a data center costs less energy.

port forwarding

it is good but not so reliable

is it environmental friendly or not . it is something we can discuss on

it can create the possibility to learn by doing, to take it slow

Use the XPUB hub (VPN)

soupboat uses this to connect

https://hub.xpub.nl/

https://pzwiki.wdka.nl/mediadesign/HUB

soupboat connects through the xpub.hub to the public internet

HOW DO WE RUN A SERVER?

We need a computer + operating system basicially.

sandbox

Het IPv4-adres van uw VPS: 141.95.17.44

De naam van uw VPS: vps-cdfc3f33.vps.ovh.net

Het volgende administrator-account is geconfigureerd op de VPS:

  • Gebruikersnaam: debian
  • Wachtwoord/password: rkknFKKZQJ54

Connect to the server with SSH

SSH = secure shell

$ ssh debian@141.95.17.44

TOFU = Trust on first use (i love tofu)

It’s not trustworthy to use easy password. eheh.. so do not use easy password

so many cooking ref. -> another reason why we should cook

TEMPE = Trust except malicious pep e

$ whoami

Q. Jian, how can I record the history of terminal?

history log..? the command is called history

$ sudo adduser USERNAME

sudo = super user do

Now switch to your own user!

$ exit

And log in again, now with your own user.

$ ssh USERNAME@141.95.17.44

will add you in sudo group_sudo have big big power… eheh

$ cat /etc/group
* note for chae: /**etc**/: getting all the configuration of the following. Interesting. 

Imagine that you are now in 1970s, and you are working on a mainframe computer. It’s a very busy time, time sharing day in and out. And you want to tell everyone that you want to reboot the mainframe, what do you do?

wall: send a message to all the users being logged in

$ wall Hello everyone!

Q: Who is Debian? Debian is a Linux distribution which is used quite a lot as OS for servers, because of its reliability.

Who is behind Debian? ombination of volunteers + companies.

there is always something wrong

tricks and tips in case you need a joke or smth like that

$ cowsay
$ figlet
$ toilet
$ lolcat
$ sl

Q: How to get out of wall?

to get outside of the wall, ctl C

ssh is a protocol (make a connection to another ___sudo ) and also the name of the program

security

  • change the default SSH port
    • $ cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
    • $ sudo systemctl restart sshd.service
    • $ ssh <user>@<host> -p <port>
    • $ sudo nano /etc/ssh/sshd_config
    • We changed the SSH port to 42123
    • To connect with SSH using this port:
  • to get out contrl+x
   * $ ssh USERNAME@141.95.17.44 -p 42123
       * now you need to specify the port number(which is -p 42123) as well.
  • disable root logins

    • $ sudo nano /etc/ssh/sshd_config
    • PermitRootLogin no

    • before it was commented out, but now we enable it.
  • use strong passwords

    • tip: use a password manager!
    • Q. what is a password manager?
  • start using SSH keys

    • $ ssh-keygen -t ed25519
    • $ ssh-copy-id -i ~/.ssh/YOURKEY.pub -p 42123 USERNAME@141.95.17.44
    • type your user pwd
    • “/.ssh/” is the default folder to store ssh keys
    • for Windows:
    • “ssh-copy-id” does not work in the Windows Powershell.
    • Instead you can use the following commands to add your ssh key to the server:
      • From your own computer:
        • $ scp -P 42123 ~/.ssh/YOURKEY.pub USERNAME@141.95.17.44:
        • (the colon at the end is important!!)
        • $ ssh USERNAME@141.95.17.44
        • $ ls
        • Now you see your key in your home folder.
        • Move it to a folder called “.ssh”. Which we first need to make.
        • $ mkdir .ssh
        • $ mv YOURKEY.pub .ssh
        • Also you need to add your key to a file called “authenticated hosts”
        • $ cat YOURKEY.pub >>
    • (More details about SSH keys: https://www.ssh.com/academy/ssh/keygen#sec-Choosing-an-Algorithm-and-Key-Size))
    • $ nano ~/.ssh/config
    • Host xpubtest
    • HostName 141.95.17.44
    • User joak
    • Port 42123
    • IdentityFile ~/.ssh/joak_xpub_test
    • (control x to get out)
  • allow only login via SSH keys

    • $ sudo nano /etc/ssh/sshd_config
    • PubkeyAuthentication yes

    • PasswordAuthentication no

  • keep the server software updated

    • $ sudo apt update
    • $ sudo apt upgrade
  • using autoupdate

    • $ sudo apt install unattended-upgrades
    • $ sudo dpkg-reconfigure –priority=low unattended-upgrades
    • $ sudo systemctl status unattended-upgrades.service
  • use SFTP instead of FTP - example filezilla

  • install fail2ban

    • $ sudo apt install fail2ban
    • $ sudo nano /etc/fail2ban/jail.local

Q. how do we set a background color for different server / port?

Add this to your .ssh/config file:

$ nano ~/.ssh

  • LocalCommand setterm –term linux –background white –foreground black –clear ##

What to do with our servers?

Let’s serve some websites.

$ sudo apt install nginx

By default it only serves from the following folder:

  • $ nano /var/www/html

To configure the public_html folders on the webserver:

$ sudo nano /etc/nginx/sites-enabled/default

    location ~ ^/~(.+?)(/.*)?$ {

            alias /home/$1/public\_html$2;

            index index.html index.htm;

            autoindex on;

    }

$ sudo service nginx reload

Command line tools

https://pzwiki.wdka.nl/mediadesign/Shell_Cheat_Sheet

Q: How do I know where i am?

$ pwd

pwd = print current working directory

Moving around:

$ cd (change directory)

$ ls (list)