diff options
Diffstat (limited to 'www/posts/gemini')
| -rw-r--r-- | www/posts/gemini/2021-02-08/how-to-host-your-own-gemini-site-in-the-cloud/index.html | 6 | ||||
| -rw-r--r-- | www/posts/gemini/atom.xml | 6 |
2 files changed, 6 insertions, 6 deletions
diff --git a/www/posts/gemini/2021-02-08/how-to-host-your-own-gemini-site-in-the-cloud/index.html b/www/posts/gemini/2021-02-08/how-to-host-your-own-gemini-site-in-the-cloud/index.html index ffd73e0..f736543 100644 --- a/www/posts/gemini/2021-02-08/how-to-host-your-own-gemini-site-in-the-cloud/index.html +++ b/www/posts/gemini/2021-02-08/how-to-host-your-own-gemini-site-in-the-cloud/index.html @@ -18,14 +18,14 @@ <link href="/posts/php/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About PHP"/> </head> <body> - <section><h1>How to Host Your Own Gemini Site in the Cloud</h1><blockquote>Mon 8th February 2021 By David T. Sadler.</blockquote><p>So I have a Gemini site over at gemini://davidtsadler.co.uk and I thought I'd write up how I achieved this in case anyone was interested in doing the same.</p><p>I would say that from purchasing the domain name to having a complete server hosting the site took about 30 minutes in total.</p><h2>Purchasing a Domain Name</h2><p>I decided that for the moment I would keep my traditional "Big Web" content hosted at davidtsadler.com and use a different domain name for my new Gemini site. Since this meant purchasing a new one I popped over to Gandi.net to acquire davidtsadler.co.uk. Side note: I used to own this but decided not to renew it for some crazy reason.</p><h2>Creating a cloud sever</h2><p>My cloud provider of choice is Hetzner and creating a new server is done in eight steps.</p><h3>1. Location</h3><p>Hetzner provide a few locations in Europe as to where the server is hosted. For this server I chose Helsinki.</p><h3>2. Image</h3><p>I chose Ubuntu 20.04 as the operating system as this is the one I'm most familiar with.</p><h3>3. Type</h3><p>As this server is only going to a host a Gemini site I don't need a overly powerful system so I chose their most basic CX11 configuration. For €2.99 a month this gives me:</p><ul><li>1 virtual CPU.</li><li>2GB ram.</li><li>20GB SSD .</li><li>20 TB of network traffic a month.</li></ul><h3>4. Volume</h3><p>You have the option of attaching additional storage to the server. I skipped this step as for the time been the 20GB SSD that comes with the server should be enough for my needs.</p><h3>5. Network.</h3><p>I skipped this step as its not needed.</p><h3>6. Additional features</h3><p>Again I skipped this step but select any if you believe that you will need them.</p><h3>7. SSH Key</h3><p>When a server is created a root user is added and a password is emailed to you so that you can login. However if you provide a SSH key it will be installed on the server instead of creating a password.</p><p>I like to use separate keys for each server that I manage so I tend store the them in a directory named after the hostname.</p><pre><code class="shell">$ mkdir ~/.ssh/davidtsadler.co.uk + <section><h1>How to Host Your Own Gemini Site in the Cloud</h1><blockquote>Mon 8th February 2021 By David T. Sadler.</blockquote><p>So I have a Gemini site over at gemini://davidtsadler.co.uk and I thought I'd write up how I achieved this in case anyone was interested in doing the same.</p><p>I would say that from purchasing the domain name to having a complete server hosting the site took about 30 minutes in total.</p><h2>Purchasing a Domain Name</h2><p>I decided that for the moment I would keep my traditional "Big Web" content hosted at davidtsadler.com and use a different domain name for my new Gemini site. Since this meant purchasing a new one I popped over to Gandi.net to acquire davidtsadler.co.uk. Side note: I used to own this but decided not to renew it for some crazy reason.</p><h2>Creating a cloud sever</h2><p>My cloud provider of choice is Hetzner and creating a new server is done in eight steps.</p><h3>1. Location</h3><p>Hetzner provide a few locations in Europe as to where the server is hosted. For this server I chose Helsinki.</p><h3>2. Image</h3><p>I chose Ubuntu 20.04 as the operating system as this is the one I'm most familiar with.</p><h3>3. Type</h3><p>As this server is only going to a host a Gemini site I don't need a overly powerful system so I chose their most basic CX11 configuration. For €2.99 a month this gives me:</p><ul><li>1 virtual CPU.</li><li>2GB ram.</li><li>20GB SSD .</li><li>20 TB of network traffic a month.</li></ul><h3>4. Volume</h3><p>You have the option of attaching additional storage to the server. I skipped this step as for the time been the 20GB SSD that comes with the server should be enough for my needs.</p><h3>5. Network.</h3><p>I skipped this step as its not needed.</p><h3>6. Additional features</h3><p>Again I skipped this step but select any if you believe that you will need them.</p><h3>7. SSH Key</h3><p>When a server is created a root user is added and a password is emailed to you so that you can login. However if you provide a SSH key it will be installed on the server instead of creating a password.</p><p>I like to use separate keys for each server that I manage so I tend store the them in a directory named after the hostname.</p><pre><code class="shell">$ mkdir ~/.ssh/davidtsadler.co.uk $ ssh-keygen -t rsa -b 4096 -f ~/.ssh/davidtsadler.co.uk/id_rsa</code></pre><p>The SSH key is added by clicking + ADD SSH KEY and then copying and pasting the contents of the id_rsa.pub file.</p><h3>8. Name</h3><p>I name my servers after the hostname so for this I called it davidtsadler.co.uk. I then created the server by clicking CREATE & BUY NOW.</p><h2>SSH</h2><p>Once the server was created I took the allocated IP address and ensured that I could access it via SSH using the key that I had provided.</p><pre><code class="shell">$ ssh root@135.181.201.71 -i ~/.ssh/davidtsadler.co.uk/id_rsa</code></pre><h2>Resolve the Domain Name to the Server</h2><p>In my Gandi.net account I went to the DNS Records section for the domain name I had purchased. There I deleted everything except for the @ (A) and www (CNAME) records which was configured as follows:</p><ul><li>@ (A) 135.181.201.71</li><li>www (CNAME) davidtsadler.co.uk.</li></ul><p>The A record is configured with the IPv4 address of my new server and the CNAME with the domain name. Note that the CNAME must end with a period!</p><p>After saving the changes it was just a matter of waiting for it to propagate through the DNS system. At which point I could use the domain name when logging in via SSH.</p><pre><code class="shell">$ ssh root@davidtsadler.co.uk -i ~/.ssh/davidtsadler.co.uk/id_rsa</code></pre><h2>Securing the Server</h2><p>At a bare minimum I setup a firewall and harden SSH. I may at a later date go further, such as installing fail2ban.</p><h3>Configure a Firewall</h3><p>This setup will deny any incoming requests unless they were first initiated by a request from the server. Since I need to be able to access the server I allow SSH. The Gemini protocol uses port 1965 so that is also allowed.</p><pre><code class="shell">$ ufw default allow outgoing $ ufw default deny incoming $ ufw allow OpenSSH $ ufw allow 1965 $ ufw enable</code></pre><h3>Harden SSH</h3><p>I edited the /etc/ssh/sshd_config file.</p><pre><code class="shell">$ vim /etc/ssh/sshd_config</code></pre><p>I added the two below options so that the root user is not allowed to access the sever via SSH and other users may only access using keys.</p><pre>PermitRootLogin no -PasswordAuthentication no</pre><p>Since I'd made changes to the configuration I needed to restart the SSH service.</p><pre><code class="shell">$ service sshd restart</code></pre><h3>Create non-root User</h3><p>Whenever I access a server I like to login as a non-root user that is able to run sudo on the system.</p><pre><code class="shell">$ adduser gemini +PasswordAuthentication no</pre><p>Since I'd made changes to the configuration I needed to restart the SSH service.</p><pre><code class="shell">$ service sshd restart</code></pre><h3>Create non-root User</h3><p>Whenever I access a server I like to login as a non-root user that is able to run sudo on the system.</p><pre><code class="shell">$ adduser gemini $ usermod -aG sudo gemini</code></pre><p>As the SSH key is already on the server I can copy it to the non-root user account.</p><pre><code class="shell">$ rsync --archive --chown=gemini:gemini ~/.ssh /home/gemini</code></pre><p>On my local system I confirm that I can log in as the new user without a password.</p><pre><code class="shell">$ ssh gemini@davidtsadler.co.uk -i ~/.ssh/davidtsadler.co.uk/id_rsa</code></pre><p>I also confirm that I have sudo access.</p><pre><code class="shell">$ sudo ls</code></pre><h2>Installing a Gemini Site and Server</h2><h3>Directory structure</h3><p>I decided to go with a very simple directory structure. Each site will be a sub-directory in ~/sites that will be named after the domain name. Then each site will have the following sub-directories. The idea is that I may want to host more than one site in the future.</p><ul><li>bin This will contain the Gemini server binary.</li><li>certs TLS certificates for the site are kept here.</li><li>public This will contain the .gmi files of the site.</li><li>scripts Contains scripts used to start the Gemini server.</li></ul><p>I created the directory structure with the below command.</p><pre><code class="shell">$ mkdir -p ~/sites/davidtsadler.co.uk/{bin,certs,public,scripts}</code></pre><h3>Install certificates</h3><p>Sine the Gemini protocol encourages using a self-signed certificate I installed one with the openssl command.</p><pre><code class="shell">$ openssl req -x509 \ -newkey rsa:4096 \ @@ -75,7 +75,7 @@ WantedBy=default.target</pre><p>I then started this service and confirmed it was $ sudo systemctl status agate.service -Active: active (running)</pre><p>The final step was to have this service start when the system is rebooted.</p><pre>$ sudo systemctl enable agate.service</pre><h2>Conclusion</h2><p>Setting up a Gemini site was easy to do and I hope this guide shows it. I have several ideas about how I'm going to use this new site and I'm excited to see where this leads to.</p><h3>Links</h3><a href="https://www.gandi.net/">Gandi.net - My domain registrar of choice.</a><a href="https://hetzner.cloud/?ref=Gf3UFbRaixBK">Hetzner - My cloud server provider.</a><a href="https://github.com/mbrubeck/agate/">Agate - A simple Gemini server.</a><a href="gemini://davidtsadler.co.uk/">davidtsadler.co.uk - My Gemini site.</a><a href="/posts/gemini/">Gemini - Read More Posts.</a><p>I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to.</p><a href="mailto:david@davidtsadler.com">Email david@davidtsadler.com</a><h3>License</h3><a href="https://creativecommons.org/licenses/by-sa/4.0/">The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.</a><p>Copyright © 2021 David T. Sadler.</p><a href="/">Return to Homepage.</a></section> +Active: active (running)</pre><p>The final step was to have this service start when the system is rebooted.</p><pre>$ sudo systemctl enable agate.service</pre><h2>Conclusion</h2><p>Setting up a Gemini site was easy to do and I hope this guide shows it. I have several ideas about how I'm going to use this new site and I'm excited to see where this leads to.</p><h3>Links</h3><a href="https://www.gandi.net/">Gandi.net - My domain registrar of choice.</a><a href="https://hetzner.cloud/?ref=Gf3UFbRaixBK">Hetzner - My cloud server provider.</a><a href="https://github.com/mbrubeck/agate/">Agate - A simple Gemini server.</a><a href="gemini://davidtsadler.co.uk/">davidtsadler.co.uk - My Gemini site.</a><a href="/posts/gemini/">Gemini - Read More Posts.</a><p>I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to.</p><a href="mailto:david@davidtsadler.com">Email david@davidtsadler.com</a><h3>License</h3><a href="https://creativecommons.org/licenses/by-sa/4.0/">The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.</a><p>Copyright © 2021 David T. Sadler.</p><a href="/">Return to Homepage.</a></section> <script defer src="/js/highlight.min.js"></script> <script defer src="/js/site.js"></script> </body> diff --git a/www/posts/gemini/atom.xml b/www/posts/gemini/atom.xml index 0ed5bc9..9201e6e 100644 --- a/www/posts/gemini/atom.xml +++ b/www/posts/gemini/atom.xml @@ -12,14 +12,14 @@ <author><name>David T. Sadler.</name></author> <published>2021-02-08T12:00:00Z</published> <updated>2021-02-08T12:00:00Z</updated> - <content type="html"><h1>How to Host Your Own Gemini Site in the Cloud</h1><blockquote>Mon 8th February 2021 By David T. Sadler.</blockquote><p>So I have a Gemini site over at gemini://davidtsadler.co.uk and I thought I'd write up how I achieved this in case anyone was interested in doing the same.</p><p>I would say that from purchasing the domain name to having a complete server hosting the site took about 30 minutes in total.</p><h2>Purchasing a Domain Name</h2><p>I decided that for the moment I would keep my traditional &quot;Big Web&quot; content hosted at davidtsadler.com and use a different domain name for my new Gemini site. Since this meant purchasing a new one I popped over to Gandi.net to acquire davidtsadler.co.uk. Side note: I used to own this but decided not to renew it for some crazy reason.</p><h2>Creating a cloud sever</h2><p>My cloud provider of choice is Hetzner and creating a new server is done in eight steps.</p><h3>1. Location</h3><p>Hetzner provide a few locations in Europe as to where the server is hosted. For this server I chose Helsinki.</p><h3>2. Image</h3><p>I chose Ubuntu 20.04 as the operating system as this is the one I'm most familiar with.</p><h3>3. Type</h3><p>As this server is only going to a host a Gemini site I don't need a overly powerful system so I chose their most basic CX11 configuration. For €2.99 a month this gives me:</p><ul><li>1 virtual CPU.</li><li>2GB ram.</li><li>20GB SSD .</li><li>20 TB of network traffic a month.</li></ul><h3>4. Volume</h3><p>You have the option of attaching additional storage to the server. I skipped this step as for the time been the 20GB SSD that comes with the server should be enough for my needs.</p><h3>5. Network.</h3><p>I skipped this step as its not needed.</p><h3>6. Additional features</h3><p>Again I skipped this step but select any if you believe that you will need them.</p><h3>7. SSH Key</h3><p>When a server is created a root user is added and a password is emailed to you so that you can login. However if you provide a SSH key it will be installed on the server instead of creating a password.</p><p>I like to use separate keys for each server that I manage so I tend store the them in a directory named after the hostname.</p><pre><code class="shell">$ mkdir ~/.ssh/davidtsadler.co.uk + <content type="html"><h1>How to Host Your Own Gemini Site in the Cloud</h1><blockquote>Mon 8th February 2021 By David T. Sadler.</blockquote><p>So I have a Gemini site over at gemini://davidtsadler.co.uk and I thought I&#039;d write up how I achieved this in case anyone was interested in doing the same.</p><p>I would say that from purchasing the domain name to having a complete server hosting the site took about 30 minutes in total.</p><h2>Purchasing a Domain Name</h2><p>I decided that for the moment I would keep my traditional &quot;Big Web&quot; content hosted at davidtsadler.com and use a different domain name for my new Gemini site. Since this meant purchasing a new one I popped over to Gandi.net to acquire davidtsadler.co.uk. Side note: I used to own this but decided not to renew it for some crazy reason.</p><h2>Creating a cloud sever</h2><p>My cloud provider of choice is Hetzner and creating a new server is done in eight steps.</p><h3>1. Location</h3><p>Hetzner provide a few locations in Europe as to where the server is hosted. For this server I chose Helsinki.</p><h3>2. Image</h3><p>I chose Ubuntu 20.04 as the operating system as this is the one I&#039;m most familiar with.</p><h3>3. Type</h3><p>As this server is only going to a host a Gemini site I don&#039;t need a overly powerful system so I chose their most basic CX11 configuration. For €2.99 a month this gives me:</p><ul><li>1 virtual CPU.</li><li>2GB ram.</li><li>20GB SSD .</li><li>20 TB of network traffic a month.</li></ul><h3>4. Volume</h3><p>You have the option of attaching additional storage to the server. I skipped this step as for the time been the 20GB SSD that comes with the server should be enough for my needs.</p><h3>5. Network.</h3><p>I skipped this step as its not needed.</p><h3>6. Additional features</h3><p>Again I skipped this step but select any if you believe that you will need them.</p><h3>7. SSH Key</h3><p>When a server is created a root user is added and a password is emailed to you so that you can login. However if you provide a SSH key it will be installed on the server instead of creating a password.</p><p>I like to use separate keys for each server that I manage so I tend store the them in a directory named after the hostname.</p><pre><code class="shell">$ mkdir ~/.ssh/davidtsadler.co.uk $ ssh-keygen -t rsa -b 4096 -f ~/.ssh/davidtsadler.co.uk/id_rsa</code></pre><p>The SSH key is added by clicking + ADD SSH KEY and then copying and pasting the contents of the id_rsa.pub file.</p><h3>8. Name</h3><p>I name my servers after the hostname so for this I called it davidtsadler.co.uk. I then created the server by clicking CREATE &amp; BUY NOW.</p><h2>SSH</h2><p>Once the server was created I took the allocated IP address and ensured that I could access it via SSH using the key that I had provided.</p><pre><code class="shell">$ ssh root@135.181.201.71 -i ~/.ssh/davidtsadler.co.uk/id_rsa</code></pre><h2>Resolve the Domain Name to the Server</h2><p>In my Gandi.net account I went to the DNS Records section for the domain name I had purchased. There I deleted everything except for the @ (A) and www (CNAME) records which was configured as follows:</p><ul><li>@ (A) 135.181.201.71</li><li>www (CNAME) davidtsadler.co.uk.</li></ul><p>The A record is configured with the IPv4 address of my new server and the CNAME with the domain name. Note that the CNAME must end with a period!</p><p>After saving the changes it was just a matter of waiting for it to propagate through the DNS system. At which point I could use the domain name when logging in via SSH.</p><pre><code class="shell">$ ssh root@davidtsadler.co.uk -i ~/.ssh/davidtsadler.co.uk/id_rsa</code></pre><h2>Securing the Server</h2><p>At a bare minimum I setup a firewall and harden SSH. I may at a later date go further, such as installing fail2ban.</p><h3>Configure a Firewall</h3><p>This setup will deny any incoming requests unless they were first initiated by a request from the server. Since I need to be able to access the server I allow SSH. The Gemini protocol uses port 1965 so that is also allowed.</p><pre><code class="shell">$ ufw default allow outgoing $ ufw default deny incoming $ ufw allow OpenSSH $ ufw allow 1965 $ ufw enable</code></pre><h3>Harden SSH</h3><p>I edited the /etc/ssh/sshd_config file.</p><pre><code class="shell">$ vim /etc/ssh/sshd_config</code></pre><p>I added the two below options so that the root user is not allowed to access the sever via SSH and other users may only access using keys.</p><pre>PermitRootLogin no -PasswordAuthentication no</pre><p>Since I'd made changes to the configuration I needed to restart the SSH service.</p><pre><code class="shell">$ service sshd restart</code></pre><h3>Create non-root User</h3><p>Whenever I access a server I like to login as a non-root user that is able to run sudo on the system.</p><pre><code class="shell">$ adduser gemini +PasswordAuthentication no</pre><p>Since I&#039;d made changes to the configuration I needed to restart the SSH service.</p><pre><code class="shell">$ service sshd restart</code></pre><h3>Create non-root User</h3><p>Whenever I access a server I like to login as a non-root user that is able to run sudo on the system.</p><pre><code class="shell">$ adduser gemini $ usermod -aG sudo gemini</code></pre><p>As the SSH key is already on the server I can copy it to the non-root user account.</p><pre><code class="shell">$ rsync --archive --chown=gemini:gemini ~/.ssh /home/gemini</code></pre><p>On my local system I confirm that I can log in as the new user without a password.</p><pre><code class="shell">$ ssh gemini@davidtsadler.co.uk -i ~/.ssh/davidtsadler.co.uk/id_rsa</code></pre><p>I also confirm that I have sudo access.</p><pre><code class="shell">$ sudo ls</code></pre><h2>Installing a Gemini Site and Server</h2><h3>Directory structure</h3><p>I decided to go with a very simple directory structure. Each site will be a sub-directory in ~/sites that will be named after the domain name. Then each site will have the following sub-directories. The idea is that I may want to host more than one site in the future.</p><ul><li>bin This will contain the Gemini server binary.</li><li>certs TLS certificates for the site are kept here.</li><li>public This will contain the .gmi files of the site.</li><li>scripts Contains scripts used to start the Gemini server.</li></ul><p>I created the directory structure with the below command.</p><pre><code class="shell">$ mkdir -p ~/sites/davidtsadler.co.uk/{bin,certs,public,scripts}</code></pre><h3>Install certificates</h3><p>Sine the Gemini protocol encourages using a self-signed certificate I installed one with the openssl command.</p><pre><code class="shell">$ openssl req -x509 \ -newkey rsa:4096 \ @@ -69,6 +69,6 @@ WantedBy=default.target</pre><p>I then started this service and conf $ sudo systemctl status agate.service -Active: active (running)</pre><p>The final step was to have this service start when the system is rebooted.</p><pre>$ sudo systemctl enable agate.service</pre><h2>Conclusion</h2><p>Setting up a Gemini site was easy to do and I hope this guide shows it. I have several ideas about how I'm going to use this new site and I'm excited to see where this leads to.</p><h3>Links</h3><a href="https://www.gandi.net/">Gandi.net - My domain registrar of choice.</a><a href="https://hetzner.cloud/?ref=Gf3UFbRaixBK">Hetzner - My cloud server provider.</a><a href="https://github.com/mbrubeck/agate/">Agate - A simple Gemini server.</a><a href="gemini://davidtsadler.co.uk/">davidtsadler.co.uk - My Gemini site.</a><a href="/posts/gemini/">Gemini - Read More Posts.</a><p>I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to.</p><a href="mailto:david@davidtsadler.com">Email david@davidtsadler.com</a><h3>License</h3><a href="https://creativecommons.org/licenses/by-sa/4.0/">The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.</a><p>Copyright © 2021 David T. Sadler.</p><a href="/">Return to Homepage.</a></content> +Active: active (running)</pre><p>The final step was to have this service start when the system is rebooted.</p><pre>$ sudo systemctl enable agate.service</pre><h2>Conclusion</h2><p>Setting up a Gemini site was easy to do and I hope this guide shows it. I have several ideas about how I&#039;m going to use this new site and I&#039;m excited to see where this leads to.</p><h3>Links</h3><a href="https://www.gandi.net/">Gandi.net - My domain registrar of choice.</a><a href="https://hetzner.cloud/?ref=Gf3UFbRaixBK">Hetzner - My cloud server provider.</a><a href="https://github.com/mbrubeck/agate/">Agate - A simple Gemini server.</a><a href="gemini://davidtsadler.co.uk/">davidtsadler.co.uk - My Gemini site.</a><a href="/posts/gemini/">Gemini - Read More Posts.</a><p>I don&#039;t have comments as I don&#039;t want to manage them. You can however contact me at the below address if you want to.</p><a href="mailto:david@davidtsadler.com">Email david@davidtsadler.com</a><h3>License</h3><a href="https://creativecommons.org/licenses/by-sa/4.0/">The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.</a><p>Copyright © 2021 David T. Sadler.</p><a href="/">Return to Homepage.</a></content> </entry> </feed>
\ No newline at end of file |