💾 Archived View for rawtext.club › ~sloum › geminilist › 002691.gmi captured on 2020-09-24 at 01:01:40. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Nathan Galt mailinglists at ngalt.com
Sat Sep 12 21:01:48 BST 2020
- - - - - - - - - - - - - - - - - - -
I’m setting up a capsule on a VPS served up with Molly Brown. I’d like to get some feedback on what I should be doing, in case I’m doing something egregiously wrong. The capsule isn’t intended to be permanent, at least not yet, so I’m giving it the domain name of beepbeepbeep.example.
(It was only after I decided I should post this that I remembered that the best way to get good advice on the Internet is to post bad advice…)
I wasn’t sure how to make/get certs, so I stumbled around and found this:
https://github.com/michael-lazar/jetforce#tls-certificates
And then there’s also
sudo certbot certonly --standalone
as shown on <https://certbot.eff.org/lets-encrypt/ubuntufocal-other>.
I’m waffling back and forth on whether I should stick everything in some unprivileged user’s home directory (much like I do here) or if I should put things in “proper” places like /var/gemini. Opinions welcome. I do not intend for humans other than me to be inside this server ever.
Without further ado, the commands I used just now:
- - - - - - - - - 8< - - - - - - - - -
apt install --yes fish batln -s /usr/bin/batcat /usr/local/bin/bat
mkdir /etc/skel/.sshcp ~/.ssh/authorized_keys /etc/skel/.ssh/
addgroup certview
snap install --classic certbotcertbot certonly --standalone \ --non-interactive \ --agree-tos \ --domains "gemini.beepbeepbeep.example" \ --register-unsafely-without-email
chmod 0755 /etc/letsencrypt/{live,archive}chmod g+r /etc/letsencrypt/archive/gemini.beepbeepbeep.example/privkey1.pemchgrp certview /etc/letsencrypt/archive/gemini.beepbeepbeep.example/privkey1.pem
cat << 'EOF' > /etc/molly.confHostname = "gemini.beepbeepbeep.example"DefaultLang = "en-US"
DocBase = "/home/griss/public"AccessLog = "/home/griss/access.log"ErrorLog = "/home/griss/error.log"
CertPath = "/etc/letsencrypt/live/gemini.beepbeepbeep.example/fullchain.pem"KeyPath = "/etc/letsencrypt/live/gemini.beepbeepbeep.example/privkey.pem"
[MimeOverrides]"atom.xml$" = "application/atom+xml"EOF
cat << 'EOF' > /etc/systemd/system/molly-brown.service[Unit]Description=Molly Brown gemini serverAfter=network.target
[Service]Type=simpleRestart=on-failureUser=grissExecStart=/home/griss/go/bin/molly-brown
NoNewPrivileges=trueProtectSystem=strictReadWritePaths=/home/griss/access.log /home/griss/error.log
[Install]WantedBy=multi-user.targetEOF
systemctl enable molly-brown.service
wget https://golang.org/dl/go1.15.2.linux-amd64.tar.gztar xf go*mv go go-distmkdir go
./go-dist/bin/go get tildegit.org/solderpunk/molly-brown
mkdir public
printf "# It works!\n\nYour Gemini capsule is up and running.\n"
public/index.gmi