ISP, DNS notes
parent
8871cb787b
commit
c49366ff7d
|
@ -34,6 +34,10 @@ System will be built from these main parts:
|
|||
|
||||
* Node.
|
||||
|
||||
* Certbot.
|
||||
|
||||
* DNS.
|
||||
|
||||
* All the way down to Grub and below...
|
||||
|
||||
# Upstream
|
||||
|
@ -54,17 +58,96 @@ but it takes awhile to compile, so more CPU/RAM will speed that up.
|
|||
For this example, we'll set up at OVH, which is the same Internet company
|
||||
that lichess.org uses.
|
||||
|
||||
## Setup at OVH
|
||||
Go here and create an account. They may have regional websites as well:
|
||||
You will also need a domain and someone providing domain name service (DNS).
|
||||
OVH provides this service (presumably?) or I recommend Njalla.
|
||||
|
||||
* https://njal.la/
|
||||
|
||||
## Register at ISP
|
||||
Go to OVH (or ISP of your choice) and create an account.
|
||||
They may have regional websites as well:
|
||||
|
||||
* https://ovh.com/
|
||||
|
||||
## Register DNS
|
||||
Since it takes awhile to spread across the Internet, it is best to first
|
||||
register your domain so that process can happen in the background while
|
||||
you are setting up the server.
|
||||
|
||||
For this example, we'll use the domain `mychestserver.org`.
|
||||
|
||||
## Set up Workstation SSH Keys
|
||||
To connect to the server, you will need SSH keys. They'll be needed at time
|
||||
of server creation, so we'll make them now. This is an example how to create
|
||||
keys on a Debian stable workstation, where the username is "debian" and
|
||||
the workstation name is "workstation". For OVH, we're creating `ecdsa` keys,
|
||||
which is inferior to `ed25519` keys. Last I tested, OVH doesn't accept the
|
||||
latter.
|
||||
|
||||
|
||||
```
|
||||
# Run command to create keys.
|
||||
# Note the location where you saved the key.
|
||||
# Just hit "enter" for a passphrase.
|
||||
|
||||
debian@workstation:~$ ssh-keygen -t ecdsa
|
||||
Generating public/private ecdsa key pair.
|
||||
Enter file in which to save the key (/home/debian/.ssh/id_ecdsa): /home/debian/.ssh/id_ecdsa-chess
|
||||
Enter passphrase (empty for no passphrase):
|
||||
Enter same passphrase again:
|
||||
Your identification has been saved in /home/debian/.ssh/id_ecdsa-chess
|
||||
Your public key has been saved in /home/debian/.ssh/id_ecdsa-chess.pub
|
||||
The key fingerprint is:
|
||||
SHA256:M2qUpyl31CCUcn3t2+vM6Cn4JaZIVvnFJICtTQiTQmY debian@workstation
|
||||
The key's randomart image is:
|
||||
+---[ECDSA 256]---+
|
||||
| .E oo.*. . |
|
||||
| o. oo= +.. . |
|
||||
| . o.+..... |
|
||||
| .o.+ +. |
|
||||
| o S . oo |
|
||||
| . B + .. . |
|
||||
| . O ..+ . . |
|
||||
| * o.o.o =. |
|
||||
| . ...o+.+ |
|
||||
+----[SHA256]-----+
|
||||
```
|
||||
|
||||
## Upload SSH key to ISP
|
||||
|
||||
## Create Virtual Machine at ISP
|
||||
OVH sells dedicated "bare metal" servers called the "Bare Metal Cloud".
|
||||
They also sell virtual machine instances under the "Public Cloud".
|
||||
The bare metal servers can be better, but they are generally more expensive,
|
||||
a bit more complex to set up and maintain. So for this example, we
|
||||
will set up a virtual machine in the "Public Cloud".
|
||||
|
||||
|
||||
In OVH dashboard click on "Public Cloud", then in left column near the top
|
||||
under "Compute", click "Instances". Then under the new "Instances" window,
|
||||
click "Create an Instance".
|
||||
|
||||
* Select a Model: "Discovery" tab, then select D2-8. There are some options
|
||||
with 4 gigs of RAM and fewer CPUs, which could be used, but kind of slow.
|
||||
This option is ~$20USD/month.
|
||||
|
||||
* Select a Region: The lichess.org server is in various data centers around
|
||||
Norther France, such as Gravelines (GRA). If you want to be close to that
|
||||
for some reason, you can select that. Or you could select a server that
|
||||
is regionally close to you and your users in another part of the world.
|
||||
For this example, we'll select Gravelines GRA3.
|
||||
|
||||
* Select an Image: Under "Unix Distributions" tab, select "Debian 11".
|
||||
|
||||
*
|
||||
|
||||
# Installation
|
||||
|
||||
# Configuration
|
||||
|
||||
## DNS Configuration
|
||||
Set up forward & reverse DNS.
|
||||
|
||||
# Usage
|
||||
|
||||
# Lila
|
||||
|
@ -79,3 +162,13 @@ vim ./src/main/resources/application.conf
|
|||
# set
|
||||
csrf.origin = "https://deepcrayon.fish"
|
||||
```
|
||||
|
||||
# Misc
|
||||
Potentially include items such as:
|
||||
|
||||
* Local firewall.
|
||||
|
||||
* Securing ssh.
|
||||
|
||||
* Locking down system overall.
|
||||
|
||||
|
|
Loading…
Reference in New Issue