💾 Archived View for brachycera.diptera.casa › gemlog › 220609.gmi captured on 2023-01-29 at 15:47:11. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-01-29)
-=-=-=-=-=-=-
09.06.22 last update: 05.10.22
Content:
I thought maybe someone with as little knowledge of the internet and command line as I had might benefit from a little tutorial and some tips by me on how I did it. A bold assumption, since about half of gemini users do "computer stuff" for a living, I know, but I'm pretty sure there are a few tech illiterates thinking "what if I hosted my own website" so if that's you and you somehow found this post: it's your lucky day.
Otherwise you can just judge my wrong obsevations I suppose.
Hosting at home is cheap and cool but if you have no idea how to prevent your home computer being hacked and/or don't love the idea of people knowing your exact location down to the postcode I wouldn't recommend it.
You do not technically need to buy a domain to run a website, all you really need is a server. So just google "cheap server" or something.
Also be adviced that every port you open is a potential security risk.
After you got your server (go look for one) you have to connect to it via Secure Shell. For now you can simply use the password from your server renting website, just type:
ssh root@(ip adress of your server)
You can also go ahead and check if your server needs any updates while you're here.
apt update apt upgrade
Millions of bots will try to log into your root account every minute so we should do some basic stuff about that. First create a new user and give him a password when prompted.
adduser john
Now open another terminal window and generate a keypair on your home computer.
ssh-keygen -t rsa -b 2048
This will create two files in a .ssh folder on your PC: "id_rsa" and "id_rsa.pub".
The first file is your private key and you should never share it. The second one you can add to your server somewhere on the website you rent it from. If you can't find your .ssh folder, turn on hidden elements in your file manager. If you can't find the option to add your key on the website, use this command on your home computer:
ssh-copy-id -i ~/.ssh/id_rsa.pub john@(ip address of your server)
Try to log into john's account via ssh and only if it works you should proceed.
Change back to the terminal where you're logged in as root. We will now disable root login and login using passwords. Open the sshd_config file with your favourite editor. nano is simplest but I'm an emacs enjoyer so:
emacs /etc/ssh/sshd_config
Make these changes and make sure they are uncommented (no # in front):
PermitRootLogin no PasswordAuthentication no
Now reload:
systemctl reload sshd
You don't have to do this as Step 2, of course, but I'm taking you on a magical journey back in time to how I did it. As I said you don't really need a domain at this point. You could easily host it on your home computer and connect to it by typing your IPv4 address into the browser or by typing your IPv6 address surrounded by [] brackets.
But I guess I'll walk you through it real quick.
You can buy a domain practically everywhere so just DuckDuckGo that (suck it, Google). Make sure not to buy any packages and just the simple domain since you'll be hosting it externally.
The site where you bought it should give you the option to change what IP addresses your domain points to under "DNS settings". Put in your servers IPv4 address (the shorter one) under "A" and IPv6 (the other one) under "AAAA".
You can test if it's done in the terminal by typing
ping example.com
But use your domain instead of example.com.
Connect to your server and install nginx.
apt install nginx
Create a file in this directory called whatever you like. Mine is called website:
emacs /etc/nginx/sites-available/website
The file will be empty because you just made it. Fill it with this
server {
listen 80 ;
listen [::]:80 ;
root /var/www/webbedsite ;
index.html ;
location / {
try_files $uri $uri/ =404 ;
}
}
You just told the server to look at /var/www/webbedsite/index.html so now you need to make that folder with mkdir. You can call it anything, it does not have to be called webbedsite.
mkdir /var/www/webbedsite
Now make the index file and fill it with some html.
emacs /var/www/webbedsite/index.html
Some example code for the site:
<html> <h1>It worked</h1> <p>This is your website. You should edit it, now that you know people can see it.</p> </html>
Now you will have to create a soft link between the file you made earlier in the sites-available directory and the sites-enabled directory for reasons you can probably comprehend by reading those names.
ln -s /etc/nginx/sites-available/website /etc/nginx/sites-enabled
Now reload or restart nginx.
systemctl reload nginx
Test if it works. If it doesn't, open port 80 in your firewall.
ufw allow 80
Your website is now running over the http protocol. I'll tell you a top secret fun fact which is that you don't really need HTTPS. It would be helpful if you think people will be sceptical of your site when they see the open lock in their browser but if you're not planning to have people put in their Emails and passwords on your website you don't actually need to do what I'm about to explain to you.
Download certbot.
apt install python3-certbot-nginx
Open port 443 (the https one)
ufw allow 443
Run certbot.
certbot --nginx --register-unsafely-without-email
Agree to the terms. You can read them if you're bored. I didn't read all of it but I don't think I sold my soul.
You'll have to renew the certificate every 3 months by running
certbot --nginx renew
If you don't wanna always log in as root you can create a separate account on the server for handling web shits.
useradd webmaster
You can link the website folder to his home directory,
ln -s /var/www/webbedsite/ /home/webmaster
and give him the rights to actually change its contents:
chown webmaster /var/www/webbedsite
Make a gemini user.
useradd gemini
I like all my public pages to be in the /var directory, so make a directory and give it to our new guy.
mkdir /var/gemini chown gemini /var/gemini -R
Log in
su - gemini
Make these folders:
mkdir {cert, server}
Go to the cert folder and certify.
cd cert openssl req -new -subj "/CN=example.org" -x509 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -days 3650 -nodes -out cert.pem -keyout key.pem
Get your server. I got agate. In the example I'll use "unknown linux" since my server runs on debian but if you have a Windows server for some reason, they have that too in the link below.
https://github.com/mbrubeck/agate/releases
We will now go into the server folder, download the server, unzip it, rename it and make it executable.
cd server
wget https://github.com/mbrubeck/agate/releases/download/v3.2.4%2Bbuild/agate.x86_64-unknown-linux-gnu.gz
gunzip agate.x86_64-unknown-linux-gnu.gz mv agate.x86_64-unknown-linux-gnu gemini-server chmod +x gemini-server
Now you need a .service file that automatically runs your server for you. You can't do that as gemini so log back into root by pressing ctrl-d.
emacs /etc/systemd/system/agate.service
Fill that baby with this:
[Unit] Description=agate After=network.target [Service] User=gemini Type=simple ExecStart=/home/gemini/server/gemini-server --content /home/gemini/content --certs /home/gemini/cert --hostname example.com [Install] WantedBy=default.target
To add subdomains or other domains in general, just hang another --hostname example.uk next to the existing one. I don't think this works with your IP address so for this adventure you do actually need a domain if I'm right.
Now do these things:
systemctl daemon-reload systemctl enable agate systemctl start agate ufw allow 1965
Earlier you told your service file the content is in /var/gemini so put it there. Of course you can also tell it to look somewhere else. For extra laziness, link it to gemini's home directory:
ln -s /var/gemini ~/content
I only got finger to make unfunny naughty jokes about it and don't use it properly but basically do this:
Install efingerd
sudo apt install efingerd
To change what someone sees when they finger your machine directly (@example.org), change this file:
emacs /etc/efingerd/list
I don't know shit about programming and refuse to learn so mine just says this:
#!/bin/sh . /etc/efingerd/log cat <<EOM Bla bla bla info about me Multiple lines of jackshit, goodbye
You can add info about individual users by creating an .efingerd file in ther home directory but I didn't. Instead I went to this file:
emacs /etc/efingerd/luser
And told it what to print when someone fingers existing users that I don't want people to finger, especially root.
if [ "$3" = "root" ]; then echo "no" fi
So anyway you gotta change this file
emacs /etc/inetd.conf
Like this
finger stream tcp4 nowait nobody /usr/sbin/tcpd /usr/sbin/efingerd finger stream tcp6 nowait nobody /usr/sbin/tcpd /usr/sbin/efingerd
And also you gotta have the finger port open
ufw allow 79
And I believe what you need to do now is reload inetd.
sudo service inetutils-inetd restart
Finger yourself to test if it works.
I feel like everyone knows how to do this but here's how to do this:
Check if you have java by running
java -version
If you don't have java, install it.
sudo apt install default-jre
To check if it worked run the thing from before again.
I personally made another minecraft user, but you don't really have to do that.
(adduser minecraft) (su - minecraft)
Download the latest server from minecraft.net
https://minecraft.net/en-us/download/server
wget https://launcher.mojang.com/v1/objects/e00c4052dac1d59a1188b2aa9d5a87113aaf1122/server.jar
Agree to the eula by opening the file thus:
emacs eula.txt
and changing "eula=false" to "eula=true".
You can now run this command as seen on the website:
java -Xmx1024M -Xms1024M -jar server.jar nogui
The minecraft server will tell you its IP address. You will probably also have to open port 25565 using ufw allow 25565.
Kinda useless to put a Minecraft server on your server and having to start it manually. Create a service file.
emacs /etc/sytsemd/sytsem/minecraft.service
Put this in him:
[Unit] Description=Start Minecraft Server After=network.target [Service] Type=simple WorkingDirectory=/home/minecraft User=minecraft ExecStart=java -Xmx1024M -Xms1024M -jar server.jar nogui [Install] WantedBy=default.target
Reload, enable and start the service.
systemctl daemon-reload systemctl enable minecraft systemctl start mincraft
And I believe that should do it :^)
Get gophernicus!
git clone -b 3.1.1 https://github.com/gophernicus/gophernicus.git cd gophernicus
./configure --listener=inetd --hostname=example.com make sudo make install
As easy as that. Your gopherhole is located in /var/gopher.
For gemini and web, I followed the guide on https://diyhosting.bhh.sh.
To get finger, I consulted the efingerd and inetd manuals.
I got the Minecraft server from its website.
Gophernicus github page. https://github.com/gophernicus/gophernicus/
If I got anything horribly wrong and you're a smart computer person who knows how it actually goes, email me or contact me via matrix (links on gemini homepage).