Hosting and serving
Hosting and Serving
Different server practices
self-hosting, home brewing, DIY/DIWO servers
federated networks of servers, Fediverse, Activity Pub Protocol
“autonomous”/“radical”/“community”/“feminist”/“art“ servers
- https://riseup.net/en/security/resources/radical-servers
- https://gendersec.tacticaltech.org/wiki/index.php/Servers:_From_autonomous_servers_to_feminist_servers
- https://web.archive.org/web/20220321111153/http://feral.earth/
A traversal Network of Feminist Servers (ATNOFS), https://hub.vvvvvvaria.org/rosa/atnofs/
A catalog of formats for digital discomfort..., by Jara Rocha
Are you being served?, multidisciplinary festival/work days organised by Constant in December 2013
Artists running there own personal server (at home or rented from a data center) to publish their web pages and projects.
Shared servers! Like the Sandbox servers in XPUB.
What is a server?
A server is someone else computer. that is connected to the network
“There is no cloud, just other people’s computers”
-- Free Software Foundation, https://fsf.org
returns data after request
For example, when loading the https://xpub.nl web page, you are sending a request to the XPUB server.
See: inspector > Network > Request + inspector > Network > Response
Renting a physical server
expensive, around 100 or more per month
Renting a VPS (virtual private server)
Virtual Private Server
HTTP(port80)/HTTPS(port 443)
Protocol you need to surf the web
Companies that offer VPS services:
- https://www.ovhcloud.com/
- https://gandi.net/
- https://greenhost.net/
- https://servus.at (requires membership i think)
- https://www.chatons.org/search/by-service?service_type_target_id=162&field_alternatives_aux_services_target_id=All&field_software_target_id=All&field_is_shared_value=All&title=
- https://uberspace.de/en/Gus
saving computing resources, reliability
Homebrewing
Self hosting at home or somewhere physically (needs hardware, electricty, internet connection, …)
Maybe not the most environmental friendly server, as running it in a data center costs less energy.
port forwarding
it is good but not so reliable
is it environmental friendly or not . it is something we can discuss on
it can create the possibility to learn by doing, to take it slow
Use the XPUB hub (VPN)
soupboat uses this to connect
https://pzwiki.wdka.nl/mediadesign/HUB
soupboat connects through the xpub.hub to the public internet
HOW DO WE RUN A SERVER?
We need a computer + operating system basicially.
sandbox
Het IPv4-adres van uw VPS: 141.95.17.44
De naam van uw VPS: vps-cdfc3f33.vps.ovh.net
Het volgende administrator-account is geconfigureerd op de VPS:
- Gebruikersnaam: debian
- Wachtwoord/password: rkknFKKZQJ54
Connect to the server with SSH
SSH = secure shell
$ ssh debian@141.95.17.44
TOFU = Trust on first use (i love tofu)
It’s not trustworthy to use easy password. eheh.. so do not use easy password
so many cooking ref. -> another reason why we should cook
TEMPE = Trust except malicious pep e
$ whoami
Q. Jian, how can I record the history of terminal?
history log..? the command is called history
$ sudo adduser USERNAME
sudo = super user do
Now switch to your own user!
$ exit
And log in again, now with your own user.
$ ssh USERNAME@141.95.17.44
will add you in sudo group_sudo have big big power… eheh
$ cat /etc/group
* note for chae: /**etc**/: getting all the configuration of the following. Interesting.
Imagine that you are now in 1970s, and you are working on a mainframe computer. It’s a very busy time, time sharing day in and out. And you want to tell everyone that you want to reboot the mainframe, what do you do?
wall: send a message to all the users being logged in
$ wall Hello everyone!
Q: Who is Debian? Debian is a Linux distribution which is used quite a lot as OS for servers, because of its reliability.
Who is behind Debian? ombination of volunteers + companies.
there is always something wrong
tricks and tips in case you need a joke or smth like that
$ cowsay
$ figlet
$ toilet
$ lolcat
$ sl
Q: How to get out of wall?
to get outside of the wall, ctl C
ssh is a protocol (make a connection to another ___sudo ) and also the name of the program
security
- change the default SSH port
- $ cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
- $ sudo systemctl restart sshd.service
- $ ssh <user>@<host> -p <port>
- $ sudo nano /etc/ssh/sshd_config
- We changed the SSH port to 42123
- To connect with SSH using this port:
- to get out contrl+x
* $ ssh USERNAME@141.95.17.44 -p 42123 * now you need to specify the port number(which is -p 42123) as well.
disable root logins
- $ sudo nano /etc/ssh/sshd_config
PermitRootLogin no
- before it was commented out, but now we enable it.
use strong passwords
- tip: use a password manager!
- Q. what is a password manager?
start using SSH keys
- $ ssh-keygen -t ed25519
- $ ssh-copy-id -i ~/.ssh/YOURKEY.pub -p 42123 USERNAME@141.95.17.44
- type your user pwd
- “/.ssh/” is the default folder to store ssh keys
- for Windows:
- “ssh-copy-id” does not work in the Windows Powershell.
- Instead you can use the following commands to add your ssh key to the server:
- From your own computer:
- $ scp -P 42123 ~/.ssh/YOURKEY.pub USERNAME@141.95.17.44:
- (the colon at the end is important!!)
- $ ssh USERNAME@141.95.17.44
- $ ls
- Now you see your key in your home folder.
- Move it to a folder called “.ssh”. Which we first need to make.
- $ mkdir .ssh
- $ mv YOURKEY.pub .ssh
- Also you need to add your key to a file called “authenticated hosts”
- $ cat YOURKEY.pub >>
- From your own computer:
- (More details about SSH keys: https://www.ssh.com/academy/ssh/keygen#sec-Choosing-an-Algorithm-and-Key-Size))
- $ nano ~/.ssh/config
- Host xpubtest
- HostName 141.95.17.44
- User joak
- Port 42123
- IdentityFile ~/.ssh/joak_xpub_test
- (control x to get out)
allow only login via SSH keys
- $ sudo nano /etc/ssh/sshd_config
PubkeyAuthentication yes
PasswordAuthentication no
keep the server software updated
- $ sudo apt update
- $ sudo apt upgrade
using autoupdate
- $ sudo apt install unattended-upgrades
- $ sudo dpkg-reconfigure –priority=low unattended-upgrades
- $ sudo systemctl status unattended-upgrades.service
use SFTP instead of FTP - example filezilla
install fail2ban
- $ sudo apt install fail2ban
- $ sudo nano /etc/fail2ban/jail.local
Q. how do we set a background color for different server / port?
Add this to your .ssh/config file:
$ nano ~/.ssh
- LocalCommand setterm –term linux –background white –foreground black –clear ##
What to do with our servers?
Let’s serve some websites.
$ sudo apt install nginx
By default it only serves from the following folder:
- $ nano /var/www/html
To configure the public_html folders on the webserver:
$ sudo nano /etc/nginx/sites-enabled/default
location ~ ^/~(.+?)(/.*)?$ { alias /home/$1/public\_html$2; index index.html index.htm; autoindex on; }
$ sudo service nginx reload
Command line tools
https://pzwiki.wdka.nl/mediadesign/Shell_Cheat_Sheet
Q: How do I know where i am?
$ pwd
pwd = print current working directory
Moving around:
$ cd (change directory)
$ ls (list)