ISP, DNS notes
parent
8871cb787b
commit
c49366ff7d
|
@ -34,6 +34,10 @@ System will be built from these main parts:
|
||||||
|
|
||||||
* Node.
|
* Node.
|
||||||
|
|
||||||
|
* Certbot.
|
||||||
|
|
||||||
|
* DNS.
|
||||||
|
|
||||||
* All the way down to Grub and below...
|
* All the way down to Grub and below...
|
||||||
|
|
||||||
# Upstream
|
# Upstream
|
||||||
|
@ -54,17 +58,96 @@ but it takes awhile to compile, so more CPU/RAM will speed that up.
|
||||||
For this example, we'll set up at OVH, which is the same Internet company
|
For this example, we'll set up at OVH, which is the same Internet company
|
||||||
that lichess.org uses.
|
that lichess.org uses.
|
||||||
|
|
||||||
## Setup at OVH
|
You will also need a domain and someone providing domain name service (DNS).
|
||||||
Go here and create an account. They may have regional websites as well:
|
OVH provides this service (presumably?) or I recommend Njalla.
|
||||||
|
|
||||||
|
* https://njal.la/
|
||||||
|
|
||||||
|
## Register at ISP
|
||||||
|
Go to OVH (or ISP of your choice) and create an account.
|
||||||
|
They may have regional websites as well:
|
||||||
|
|
||||||
* https://ovh.com/
|
* https://ovh.com/
|
||||||
|
|
||||||
|
## Register DNS
|
||||||
|
Since it takes awhile to spread across the Internet, it is best to first
|
||||||
|
register your domain so that process can happen in the background while
|
||||||
|
you are setting up the server.
|
||||||
|
|
||||||
|
For this example, we'll use the domain `mychestserver.org`.
|
||||||
|
|
||||||
|
## Set up Workstation SSH Keys
|
||||||
|
To connect to the server, you will need SSH keys. They'll be needed at time
|
||||||
|
of server creation, so we'll make them now. This is an example how to create
|
||||||
|
keys on a Debian stable workstation, where the username is "debian" and
|
||||||
|
the workstation name is "workstation". For OVH, we're creating `ecdsa` keys,
|
||||||
|
which is inferior to `ed25519` keys. Last I tested, OVH doesn't accept the
|
||||||
|
latter.
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
# Run command to create keys.
|
||||||
|
# Note the location where you saved the key.
|
||||||
|
# Just hit "enter" for a passphrase.
|
||||||
|
|
||||||
|
debian@workstation:~$ ssh-keygen -t ecdsa
|
||||||
|
Generating public/private ecdsa key pair.
|
||||||
|
Enter file in which to save the key (/home/debian/.ssh/id_ecdsa): /home/debian/.ssh/id_ecdsa-chess
|
||||||
|
Enter passphrase (empty for no passphrase):
|
||||||
|
Enter same passphrase again:
|
||||||
|
Your identification has been saved in /home/debian/.ssh/id_ecdsa-chess
|
||||||
|
Your public key has been saved in /home/debian/.ssh/id_ecdsa-chess.pub
|
||||||
|
The key fingerprint is:
|
||||||
|
SHA256:M2qUpyl31CCUcn3t2+vM6Cn4JaZIVvnFJICtTQiTQmY debian@workstation
|
||||||
|
The key's randomart image is:
|
||||||
|
+---[ECDSA 256]---+
|
||||||
|
| .E oo.*. . |
|
||||||
|
| o. oo= +.. . |
|
||||||
|
| . o.+..... |
|
||||||
|
| .o.+ +. |
|
||||||
|
| o S . oo |
|
||||||
|
| . B + .. . |
|
||||||
|
| . O ..+ . . |
|
||||||
|
| * o.o.o =. |
|
||||||
|
| . ...o+.+ |
|
||||||
|
+----[SHA256]-----+
|
||||||
|
```
|
||||||
|
|
||||||
|
## Upload SSH key to ISP
|
||||||
|
|
||||||
|
## Create Virtual Machine at ISP
|
||||||
|
OVH sells dedicated "bare metal" servers called the "Bare Metal Cloud".
|
||||||
|
They also sell virtual machine instances under the "Public Cloud".
|
||||||
|
The bare metal servers can be better, but they are generally more expensive,
|
||||||
|
a bit more complex to set up and maintain. So for this example, we
|
||||||
|
will set up a virtual machine in the "Public Cloud".
|
||||||
|
|
||||||
|
|
||||||
|
In OVH dashboard click on "Public Cloud", then in left column near the top
|
||||||
|
under "Compute", click "Instances". Then under the new "Instances" window,
|
||||||
|
click "Create an Instance".
|
||||||
|
|
||||||
|
* Select a Model: "Discovery" tab, then select D2-8. There are some options
|
||||||
|
with 4 gigs of RAM and fewer CPUs, which could be used, but kind of slow.
|
||||||
|
This option is ~$20USD/month.
|
||||||
|
|
||||||
|
* Select a Region: The lichess.org server is in various data centers around
|
||||||
|
Norther France, such as Gravelines (GRA). If you want to be close to that
|
||||||
|
for some reason, you can select that. Or you could select a server that
|
||||||
|
is regionally close to you and your users in another part of the world.
|
||||||
|
For this example, we'll select Gravelines GRA3.
|
||||||
|
|
||||||
|
* Select an Image: Under "Unix Distributions" tab, select "Debian 11".
|
||||||
|
|
||||||
|
*
|
||||||
|
|
||||||
# Installation
|
# Installation
|
||||||
|
|
||||||
# Configuration
|
# Configuration
|
||||||
|
|
||||||
|
## DNS Configuration
|
||||||
|
Set up forward & reverse DNS.
|
||||||
|
|
||||||
# Usage
|
# Usage
|
||||||
|
|
||||||
# Lila
|
# Lila
|
||||||
|
@ -79,3 +162,13 @@ vim ./src/main/resources/application.conf
|
||||||
# set
|
# set
|
||||||
csrf.origin = "https://deepcrayon.fish"
|
csrf.origin = "https://deepcrayon.fish"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
# Misc
|
||||||
|
Potentially include items such as:
|
||||||
|
|
||||||
|
* Local firewall.
|
||||||
|
|
||||||
|
* Securing ssh.
|
||||||
|
|
||||||
|
* Locking down system overall.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue