2021-12-22 10:53:20 -07:00
|
|
|
# HOWTO Set up Your Own Chess Server
|
|
|
|
This document shows how to install a chess server.
|
2021-12-22 11:57:50 -07:00
|
|
|
The free software application Lila, written by the fine developers at
|
|
|
|
https://lichess.org, will be used.
|
2021-12-22 10:53:20 -07:00
|
|
|
|
|
|
|
# Overview
|
2021-12-22 11:57:50 -07:00
|
|
|
System will be built from these main parts listed below. You don't
|
|
|
|
need to know all of these, but knowing some system administration
|
|
|
|
will help.
|
2021-12-22 10:53:20 -07:00
|
|
|
|
|
|
|
* OVH ISP.
|
2021-12-22 11:58:38 -07:00
|
|
|
* Debian stable (Bullseye/11).
|
2021-12-22 10:53:20 -07:00
|
|
|
* Lila.
|
|
|
|
* Lila-ws.
|
|
|
|
* Apache.
|
|
|
|
* MongoDB.
|
|
|
|
* Redis.
|
2021-12-22 11:57:50 -07:00
|
|
|
* Scala.
|
2021-12-22 10:53:20 -07:00
|
|
|
* Java.
|
|
|
|
* SBT.
|
|
|
|
* Yarn.
|
|
|
|
* Python.
|
|
|
|
* Git.
|
|
|
|
* Node.
|
2021-12-22 11:37:55 -07:00
|
|
|
* Certbot.
|
|
|
|
* DNS.
|
2021-12-22 11:57:50 -07:00
|
|
|
* All the way down to GRUB and below...
|
2021-12-22 10:53:20 -07:00
|
|
|
|
2021-12-22 13:22:07 -07:00
|
|
|
For a high volume service, some of these services can be broken out
|
|
|
|
across multiple servers. For this example, we'll use just one "blank"
|
|
|
|
virtual server with nothing else on it.
|
|
|
|
|
2021-12-22 10:53:20 -07:00
|
|
|
# Upstream
|
|
|
|
The best current upstream document describing the process is here:
|
|
|
|
|
|
|
|
https://github.com/ornicar/lila/wiki/Lichess-Development-Onboarding
|
|
|
|
|
|
|
|
Main upstream repos:
|
|
|
|
|
|
|
|
* https://github.com/ornicar/lila
|
2021-12-22 11:57:50 -07:00
|
|
|
* https://github.com/ornicar/lila-ws
|
2021-12-22 10:53:20 -07:00
|
|
|
|
2021-12-22 13:43:01 -07:00
|
|
|
|
|
|
|
# Donate
|
|
|
|
Be sure to donate to lichess for their great website and for
|
|
|
|
making free software:
|
|
|
|
|
|
|
|
* https://lichess.org/patron
|
|
|
|
|
|
|
|
|
2021-12-22 10:53:20 -07:00
|
|
|
# Pre-Installation Setup
|
|
|
|
First, you need to have a location to host the server. You will want a server
|
|
|
|
with a minimum of 4 gigs of RAM. When the server is running, usage is low,
|
|
|
|
but it takes awhile to compile, so more CPU/RAM will speed that up.
|
|
|
|
|
|
|
|
For this example, we'll set up at OVH, which is the same Internet company
|
|
|
|
that lichess.org uses.
|
|
|
|
|
2021-12-22 11:37:55 -07:00
|
|
|
You will also need a domain and someone providing domain name service (DNS).
|
|
|
|
OVH provides this service (presumably?) or I recommend Njalla.
|
|
|
|
|
2021-12-22 12:22:52 -07:00
|
|
|
|
2021-12-22 11:37:55 -07:00
|
|
|
## Register DNS
|
|
|
|
Since it takes awhile to spread across the Internet, it is best to first
|
|
|
|
register your domain so that process can happen in the background while
|
|
|
|
you are setting up the server.
|
|
|
|
|
2021-12-22 12:22:52 -07:00
|
|
|
For this example, we'll use the domain `mychestserver.org` with the final
|
|
|
|
example server URL being:
|
|
|
|
|
|
|
|
* https://www.mychestserver.org
|
2021-12-22 11:37:55 -07:00
|
|
|
|
2021-12-22 11:57:50 -07:00
|
|
|
Go to your registrar, and register your domain, such as:
|
|
|
|
|
|
|
|
* https://njal.la/
|
|
|
|
|
2021-12-22 12:22:52 -07:00
|
|
|
|
2021-12-22 11:57:50 -07:00
|
|
|
## Register at ISP
|
|
|
|
Go to OVH (or ISP of your choice) and create an account to host your server.
|
|
|
|
OVH may have regional websites as well:
|
|
|
|
|
|
|
|
* https://ovh.com/
|
|
|
|
|
2021-12-22 12:22:52 -07:00
|
|
|
|
2021-12-22 11:37:55 -07:00
|
|
|
## Set up Workstation SSH Keys
|
|
|
|
To connect to the server, you will need SSH keys. They'll be needed at time
|
|
|
|
of server creation, so we'll make them now. This is an example how to create
|
|
|
|
keys on a Debian stable workstation, where the username is "debian" and
|
|
|
|
the workstation name is "workstation". For OVH, we're creating `ecdsa` keys,
|
|
|
|
which is inferior to `ed25519` keys. Last I tested, OVH doesn't accept the
|
|
|
|
latter.
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
# Run command to create keys.
|
|
|
|
# Note the location where you saved the key.
|
|
|
|
# Just hit "enter" for a passphrase.
|
|
|
|
|
|
|
|
debian@workstation:~$ ssh-keygen -t ecdsa
|
|
|
|
Generating public/private ecdsa key pair.
|
|
|
|
Enter file in which to save the key (/home/debian/.ssh/id_ecdsa): /home/debian/.ssh/id_ecdsa-chess
|
|
|
|
Enter passphrase (empty for no passphrase):
|
|
|
|
Enter same passphrase again:
|
|
|
|
Your identification has been saved in /home/debian/.ssh/id_ecdsa-chess
|
|
|
|
Your public key has been saved in /home/debian/.ssh/id_ecdsa-chess.pub
|
|
|
|
The key fingerprint is:
|
|
|
|
SHA256:M2qUpyl31CCUcn3t2+vM6Cn4JaZIVvnFJICtTQiTQmY debian@workstation
|
|
|
|
The key's randomart image is:
|
|
|
|
+---[ECDSA 256]---+
|
|
|
|
| .E oo.*. . |
|
|
|
|
| o. oo= +.. . |
|
|
|
|
| . o.+..... |
|
|
|
|
| .o.+ +. |
|
|
|
|
| o S . oo |
|
|
|
|
| . B + .. . |
|
|
|
|
| . O ..+ . . |
|
|
|
|
| * o.o.o =. |
|
|
|
|
| . ...o+.+ |
|
|
|
|
+----[SHA256]-----+
|
|
|
|
```
|
|
|
|
|
2021-12-22 12:22:52 -07:00
|
|
|
|
2021-12-22 11:37:55 -07:00
|
|
|
## Upload SSH key to ISP
|
2021-12-22 11:57:50 -07:00
|
|
|
Take SSH the key you just created above and upload it to OVH.
|
|
|
|
Go to `Public Cloud`, then near the bottom left column, under
|
|
|
|
`Project Management` click `SSH Keys`.
|
|
|
|
Under the new `SSH Keys` window, click `Add and SSH Key` button.
|
2021-12-22 12:22:52 -07:00
|
|
|
Paste the PUBLIC key created above, ending with `.pub` extension,
|
|
|
|
into the `Key` section of the `Add an SSH key` popup window.
|
2021-12-22 11:57:50 -07:00
|
|
|
|
|
|
|
Take this output and paste into that form in the browser:
|
|
|
|
|
|
|
|
```
|
|
|
|
cat /home/debian/.ssh/id_ecdsa-chess.pub
|
|
|
|
```
|
|
|
|
|
|
|
|
It should look like a tangled mess like this (note, the `debian@workstation` field
|
|
|
|
at the end is informational and can be something depending on your user/workstaion):
|
|
|
|
|
|
|
|
```
|
|
|
|
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC16EdTLECoLqSnmM/aSKrskLYN5ygu2dVvSAfiu4SAHPElrY6wqgUq6kzzsbbnko+VqyGzZ4tTWMml/AlBrQaw= debian@workstation
|
|
|
|
```
|
|
|
|
|
|
|
|
In the `Name` field, enter `mychestkey`.
|
|
|
|
|
|
|
|
Click `Add` to save the key at OVH. You should now see it in the list.
|
2021-12-22 11:37:55 -07:00
|
|
|
|
2021-12-22 12:22:52 -07:00
|
|
|
|
2021-12-22 11:37:55 -07:00
|
|
|
## Create Virtual Machine at ISP
|
2021-12-22 11:57:50 -07:00
|
|
|
OVH sells dedicated "bare metal" servers called the `Bare Metal Cloud`.
|
|
|
|
They also sell virtual machine instances under the `Public Cloud`.
|
2021-12-22 11:37:55 -07:00
|
|
|
The bare metal servers can be better, but they are generally more expensive,
|
|
|
|
a bit more complex to set up and maintain. So for this example, we
|
2021-12-22 11:57:50 -07:00
|
|
|
will set up a virtual machine in the `Public Cloud`.
|
2021-12-22 10:53:20 -07:00
|
|
|
|
|
|
|
|
2021-12-22 11:57:50 -07:00
|
|
|
In OVH `Dashboard` click on `Public Cloud`, then in left column near the top
|
2021-12-22 13:44:19 -07:00
|
|
|
under `Compute`, click `Instances`. Then under the new `Instances` window,
|
2021-12-22 11:57:50 -07:00
|
|
|
click `Create an Instance`.
|
2021-12-22 11:37:55 -07:00
|
|
|
|
2021-12-22 11:57:50 -07:00
|
|
|
* `Select a Model`: `Discovery` tab, then select D2-8. There are some options
|
2021-12-22 11:37:55 -07:00
|
|
|
with 4 gigs of RAM and fewer CPUs, which could be used, but kind of slow.
|
|
|
|
This option is ~$20USD/month.
|
|
|
|
|
2021-12-22 11:57:50 -07:00
|
|
|
* `Select a Region`: The https://lichess.org server is in various data centers around
|
2021-12-22 11:37:55 -07:00
|
|
|
Norther France, such as Gravelines (GRA). If you want to be close to that
|
|
|
|
for some reason, you can select that. Or you could select a server that
|
|
|
|
is regionally close to you and your users in another part of the world.
|
2021-12-22 11:57:50 -07:00
|
|
|
For this example, we'll select Gravelines GRA3. Click `Next`.
|
|
|
|
|
|
|
|
* `Select an Image`: Under `Unix Distributions` tab, select `Debian 11`.
|
|
|
|
|
|
|
|
* `Select an Image`: Under `SSH key` at the bottom of the section, select the
|
|
|
|
`mychestkey` you created and uploaded above. Click `Next`
|
2021-12-22 11:37:55 -07:00
|
|
|
|
2021-12-22 11:57:50 -07:00
|
|
|
* `Configure your instance`: Just one instance. We'll use `mychestserver` for
|
|
|
|
the name, use yours as appropriate. We won't do any of `Post-installation
|
|
|
|
script`, `Private Networks`, or `Backups`, although they could be used.
|
|
|
|
Click `Next`.
|
2021-12-22 11:37:55 -07:00
|
|
|
|
2021-12-22 11:57:50 -07:00
|
|
|
* `Billing Period`: As you like. This is just a test, so here just using
|
|
|
|
`Hourly` at $0.03886/hour. Click `Create an instance` to create the
|
|
|
|
virtual computer, which also starts billing.
|
2021-12-22 11:37:55 -07:00
|
|
|
|
2021-12-22 12:22:52 -07:00
|
|
|
* OVH will say `Launching Instance` and a few minutes later, your server
|
|
|
|
should be ready and in `Activated` status when viewed under the `Instances`
|
|
|
|
tab under `Public Cloud`.
|
|
|
|
|
|
|
|
|
|
|
|
## Forward DNS Configuration
|
|
|
|
Set up forward DNS with the new IP address OVH gave you for your
|
|
|
|
instance. Look at the `Public IP` of your new server `Activated`
|
|
|
|
server instance. In this example, it is `147.135.193.212`. That is the
|
|
|
|
network address of your new server. We want to add it to DNS, so add
|
|
|
|
it to OVH (?) or Njalla's records. For this example, this URL was used:
|
|
|
|
|
|
|
|
* https://njal.la/domains/mychestserver.org/
|
|
|
|
|
|
|
|
Click `Manage` for the domain, then `+ Add Record`.
|
|
|
|
|
|
|
|
* `Type`: Use `A` record.
|
|
|
|
|
|
|
|
* `Name`: Use `www`.
|
|
|
|
|
|
|
|
* `IPv4 Address`: Use the `Public IP` OVH gave you for your instance. In
|
|
|
|
this example, `147.135.193.212`.
|
|
|
|
|
|
|
|
* `TTL`: Lets do something short for now, use `5m`. Click `Add`.
|
|
|
|
|
|
|
|
That will take anywhere from a few seconds to an hour to be picked up by
|
|
|
|
nameservers around the world. It is best if you *don't` query it for now
|
|
|
|
(wait ~15+ minutes) or servers may cache a negative answer, which you'll
|
|
|
|
have to outwait.
|
|
|
|
|
|
|
|
|
|
|
|
## Reverse DNS Configuration
|
|
|
|
Set up reverse DNS with the new IP address OVH gave you for your
|
|
|
|
instance. Look at the `Public IP` of your new server `Activated`
|
|
|
|
server instance. In this example, it is `147.135.193.212`.
|
|
|
|
|
|
|
|
In the OVH `Dashboard` under your `Instances`, click on your instance,
|
|
|
|
such as the example `mychestserver`. On the right hand side under
|
|
|
|
`Networks` in the `IPv4` section there is a button with three dots.
|
|
|
|
Click it and select `Change reverse DNS`. Find your `Public IP` address
|
|
|
|
in the list, our example `147.135.193.212`. In the `Reverse DNS`
|
|
|
|
column, click the edit pencil box icon. Enter your full domain name,
|
|
|
|
such as our example `www.mychestserver.org` and click the check mark
|
|
|
|
to save it.
|
|
|
|
|
|
|
|
|
|
|
|
## Set up SSH on Workstation
|
|
|
|
Back on your workstation, set up your SSH configuration with the key
|
2021-12-22 12:40:18 -07:00
|
|
|
you created and the new `Public IP`. Edit the file `~/.ssh/config`.
|
2021-12-22 12:22:52 -07:00
|
|
|
|
2021-12-22 12:40:18 -07:00
|
|
|
```
|
|
|
|
vim ~/.ssh/config
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
Add using your name and `Public IP` instead of this example.
|
|
|
|
Also, use the path to the *private* workstation SSH key created earlier.
|
|
|
|
Add to `~/.ssh/config`:
|
|
|
|
|
|
|
|
```
|
|
|
|
Host mychestserver
|
|
|
|
Hostname 147.135.193.212
|
|
|
|
User debian
|
|
|
|
Port 22
|
|
|
|
Identityfile ~/.ssh/id_ecdsa-chess
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
# Login
|
|
|
|
Now from your workstation, log into the server and check that all
|
|
|
|
is ok:
|
|
|
|
|
|
|
|
```
|
2021-12-22 12:40:54 -07:00
|
|
|
ssh mychestserver
|
2021-12-22 12:40:18 -07:00
|
|
|
```
|
|
|
|
|
|
|
|
It should look something like this:
|
|
|
|
|
|
|
|
```
|
|
|
|
debian@workstation:~$ ssh mychestserver
|
|
|
|
Host key fingerprint is SHA256:WgtWRY7N3POEhSqhhS6aq7Wac1sR7AQ+abQTpgXiQvU
|
|
|
|
+---[ECDSA 256]---+
|
|
|
|
|SSB. . .S .. |
|
|
|
|
|+* *. . SB ..S |
|
|
|
|
|o.B +E oo.=.+ . |
|
|
|
|
|.. =..o.. . + |
|
|
|
|
| bb.b S. . |
|
|
|
|
| o o + . |
|
|
|
|
| ... . . |
|
|
|
|
|.ooo |
|
|
|
|
|+=o. |
|
|
|
|
+----[SHA256]-----+
|
|
|
|
Linux mychestserver 5.10.0-8-cloud-amd64 #1 SMP Debian 5.10.46-5 (2021-09-23) x86_64
|
|
|
|
|
|
|
|
The programs included with the Debian GNU/Linux system are free software;
|
|
|
|
the exact distribution terms for each program are described in the
|
|
|
|
individual files in /usr/share/doc/*/copyright.
|
|
|
|
|
|
|
|
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
|
|
|
|
permitted by applicable law.
|
|
|
|
debian@mychestserver:~$
|
|
|
|
```
|
|
|
|
|
|
|
|
You can check all is happy with commands like:
|
|
|
|
|
|
|
|
```
|
|
|
|
free -h
|
|
|
|
df -h
|
|
|
|
cat /proc/cpuinfo
|
|
|
|
dpkg -l
|
|
|
|
uname -a
|
|
|
|
dmesg -T
|
|
|
|
```
|
|
|
|
|
2021-12-22 12:51:37 -07:00
|
|
|
# Update Server
|
|
|
|
First, set new passwords for user `debian` and then `root` on the server,
|
|
|
|
using sudo as root... Looks something like this:
|
|
|
|
|
|
|
|
```
|
|
|
|
debian@mychestserver:~$ sudo passwd debian
|
|
|
|
New password:
|
|
|
|
Retype new password:
|
|
|
|
passwd: password updated successfully
|
|
|
|
debian@mychestserver:~$ sudo passwd
|
|
|
|
New password:
|
|
|
|
Retype new password:
|
|
|
|
passwd: password updated successfully
|
|
|
|
```
|
|
|
|
|
|
|
|
Now, update to latest Debian packages.
|
|
|
|
|
|
|
|
```
|
|
|
|
sudo apt update
|
|
|
|
sudo apt upgrade
|
|
|
|
sudo apt clean
|
|
|
|
```
|
|
|
|
|
|
|
|
Reboot server to newly updated system.
|
2021-12-22 13:20:33 -07:00
|
|
|
It should take less than a minute to reboot.
|
2021-12-22 12:51:37 -07:00
|
|
|
|
|
|
|
```
|
|
|
|
reboot
|
|
|
|
```
|
|
|
|
|
2021-12-22 12:40:18 -07:00
|
|
|
# Install
|
2021-12-22 13:20:33 -07:00
|
|
|
Log back into the new server:
|
2021-12-22 12:51:37 -07:00
|
|
|
|
|
|
|
```
|
|
|
|
debian@workstation:~$ ssh mychestserver
|
|
|
|
```
|
2021-12-22 10:53:20 -07:00
|
|
|
|
|
|
|
|
2021-12-22 13:20:33 -07:00
|
|
|
## Install Debian Dependencies
|
|
|
|
Install the following dependencies from Debian's repos:
|
|
|
|
|
|
|
|
```
|
|
|
|
sudo apt update
|
|
|
|
|
|
|
|
sudo apt install git openjdk-11-jre-headless python2 redis-server
|
|
|
|
```
|
|
|
|
|
|
|
|
Note: Docs say `python2` is needed, but is that still correct?
|
|
|
|
|
|
|
|
## Install External Dependencies
|
|
|
|
Lila has quite a few dependencies, many of which are outside
|
|
|
|
of distribution's repositories. Sometimes the dependency exists
|
|
|
|
in the repo, but it is the wrong version. So we'll need to install
|
|
|
|
these dependencies:
|
|
|
|
|
|
|
|
* `mongodb`
|
|
|
|
* `node`
|
|
|
|
* `sbt`
|
|
|
|
* `yarn`
|
|
|
|
|
|
|
|
|
|
|
|
### Install MongoDB
|
2021-12-22 13:32:10 -07:00
|
|
|
Install MongoDB thusly.
|
|
|
|
|
|
|
|
Note, they don't have a Debian Bullseye repo, but the Debian
|
|
|
|
Buster repo works.
|
|
|
|
|
|
|
|
```
|
|
|
|
# Get APT Key
|
|
|
|
wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | sudo apt-key add -
|
|
|
|
|
|
|
|
# Add Repository
|
|
|
|
echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/5.0 main" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list
|
2021-12-22 10:53:20 -07:00
|
|
|
|
2021-12-22 13:32:10 -07:00
|
|
|
# Update Apt
|
|
|
|
sudo apt update
|
|
|
|
|
|
|
|
# Install MongoDB Server
|
|
|
|
sudo apt install mongodb-org
|
|
|
|
|
|
|
|
# Be clean
|
|
|
|
sudo apt clean
|
|
|
|
|
|
|
|
# Start mongodb server
|
|
|
|
sudo systemctl start mongod.service
|
|
|
|
|
|
|
|
# Enable mongodb server on boot
|
|
|
|
sudo systemctl enable mongod.service
|
|
|
|
|
|
|
|
# Logs are here:
|
|
|
|
sudo tail -f /var/log/mongodb/mongod.log
|
|
|
|
```
|
2021-12-22 13:20:33 -07:00
|
|
|
|
|
|
|
### Install Node
|
2021-12-22 13:32:34 -07:00
|
|
|
Install Node thusly:
|
2021-12-22 13:20:33 -07:00
|
|
|
|
|
|
|
|
|
|
|
### Install SBT
|
2021-12-22 13:32:34 -07:00
|
|
|
Install SBT thusly:
|
2021-12-22 13:20:33 -07:00
|
|
|
|
|
|
|
|
|
|
|
### Install Yarn
|
2021-12-22 13:32:34 -07:00
|
|
|
Install Yarn thusly:
|
2021-12-22 13:20:33 -07:00
|
|
|
|
|
|
|
|
|
|
|
## Install Lila
|
2021-12-22 10:53:20 -07:00
|
|
|
|
|
|
|
* https://github.com/ornicar/lila
|
2021-12-22 10:04:40 -07:00
|
|
|
|
2021-12-22 13:20:33 -07:00
|
|
|
|
|
|
|
## Install lila-ws
|
2021-12-22 10:53:20 -07:00
|
|
|
* https://github.com/ornicar/lila-ws
|
|
|
|
|
2021-12-22 10:04:40 -07:00
|
|
|
```
|
|
|
|
vim ./src/main/resources/application.conf
|
|
|
|
# set
|
|
|
|
csrf.origin = "https://deepcrayon.fish"
|
|
|
|
```
|
2021-12-22 11:37:55 -07:00
|
|
|
|
2021-12-22 13:32:10 -07:00
|
|
|
|
2021-12-22 13:20:33 -07:00
|
|
|
# Configure
|
|
|
|
Configure thusly...
|
|
|
|
|
2021-12-22 13:32:10 -07:00
|
|
|
|
2021-12-22 13:20:33 -07:00
|
|
|
# Use
|
|
|
|
Use thusly...
|
|
|
|
|
2021-12-22 13:32:10 -07:00
|
|
|
|
2021-12-22 11:37:55 -07:00
|
|
|
# Misc
|
|
|
|
Potentially include items such as:
|
|
|
|
|
|
|
|
* Local firewall.
|
|
|
|
* Securing ssh.
|
|
|
|
* Locking down system overall.
|
2021-12-22 12:51:37 -07:00
|
|
|
* Set locale.
|
|
|
|
* Set timezone.
|
|
|
|
* Disable IPv6.
|
2021-12-22 13:20:33 -07:00
|
|
|
* Lila secrets & salts.
|
2021-12-22 13:32:10 -07:00
|
|
|
* Turn off unneeded services.
|
2021-12-22 13:41:08 -07:00
|
|
|
* Forums.
|
|
|
|
* Irwin.
|
|
|
|
* Mail.
|
|
|
|
* Bots.
|
|
|
|
|