Questions About Setting Up New www Server

StevenR · October 2, 2021, 2:48pm

I just recently purchased three new domain names and bought a VPS droplet from Digital Ocean. I was really surprised. You can rent your own pc in the cloud for almost nothing. I picked a mid-sized droplet for $24.00 per month. On top of that, they gave me a $100 promotional credit just for signing up and with no commitments other than to pay for what I use.

My goal is to set up an isolated Mastadon instance and encourage discussions there that can’t be moderated by Twitter and Facebook terms and conditions and moderation. If other instances with similar rules want to federate with my instance there, that’s great. But I don’t plan for this instance to be wide open to the rest of the established fediverse because it might piss-off a lot of fediverse incumbents and motivate them to violate my instance rules. I want to see some honest discussion about Covid-19 and the vaccines; discussions that are guided by objective information and real science, and not in any way by the politics that say “get the jab or we’ll get you fired and wreck your life”. I’ll be more strict against radical scientific claims and conspiracy theories that can’t be proven. But the forum will encourage discussions that would quickly be banned by Twitter and Facebook because the goal will be to use honest information to push back against Mr. Biden’s radical forced vaccine mandates. I’ll publish and use my real name there as my user name there also. Others there will be encouraged to use their real names there also. The partison television news comments from people of both US parties might not be so welcome there if all they have to contribute is partisonism and partison ideaology. Being fired or threats of being fired and ostracised from society is a bi-partison issue. If fired people, lawyers, threatened people, employers, and real science enthusiasts want to congregate there to discuss and work out real issues, plan and promote their lawsuits, and share critical information in these efforts with others and the world, then the forum will be successful. I won’t publish anything there that I wouldn’t want my employer to see using my real name, and I work for a big company. Everyone else there will be held to that same standard as I hold myself to except using their real personal names won’t be absolutely required.

But I have a challenge. The one-click Mastadon server app that can come with your droplet is poorly documented and doesn’t allow me to pre-configure the machine before it runs only at first boot. I got as far as seeing the Mastadon login screen and not being able to get past the Mastadon Admin account login. That’s close but not close enough. But I think that the one-click Mastadon app won’t do the job by itself either. I thought I knew linux… and I do, enough to get by as a home Linux pc user. But setting up a cloud server remotely, setting up server firewalls, server email service, and several other critical services with little to no experience in that area presents a steep learning curve. I don’t understand enough about SSH keys to even set them up. I got an X server on the droplet turned on and pointing the server graphical display back to my home Linux box. I am trying to install the protonmail bridge on the server so that Mastadon can send and receive encrypted protonmail using the protonmail bridge. Just remotely executing a deb file to initiate a graphical installation of the bridge from a remote terminal is taking up a lot of time, and with no success yet. This is just one example of many of these time-sucking tasks for a newcomer when setting up this kind of a www server.

Does anyone here know the likely shortest (affordable) path to completing what I am doing with this server? I can learn by trial and error and that does work…eventually. But that is very slow. I want to have this server up for automated account generation and forum discussions within the next few weeks. If I slap it together without security or by using unacceptable “one-click” default Mastadon setup settings, I might need to take it down and start over right about the time the user base starts growing. So I am building a good server foundation first, and will probably eventually need to install Mastadon from source code, and then configure everything to do with Mastadon manually.

Any advice would be helpful.

Skalman · October 2, 2021, 3:27pm

Start by learning that part, it’s not difficult. One command (ssh-keygen) to create your keypair (your private key and the corresponding public key), then one more command (ssh-copy-id) to copy the public key to the server. That’s it, now you can login without password prompt.

My advice would be to avoid any graphical installations, better to do everything the command-line way. Then you can also save everything you did as a script with all the commands you used, so you can setup the server again from scratch by just re-executing that script.

StevenR · October 2, 2021, 4:19pm

Protonmail publishes a software bridge that decrypts and encrypts email going in and out of the machine. It is proprietary. It runs in the background. Their instalaion deb runs a graphical setup. So apparently, if I want to run the bridge, I’ll be forced to run the graphics to set it up. Any way around that?

Skalman · October 2, 2021, 4:24pm

Then my advice is: don’t use it. Find another way.

lo0 · October 3, 2021, 1:49am

For ssh key usage and other server security things you could pick up this book “ Linux Hardening in Hostile Networks: Server Security from TLS to Tor” written by Kyle Rankin

amarok · October 3, 2021, 2:55pm

github.com

ProtonMail/proton-bridge/blob/master/LICENSE

                    GNU GENERAL PUBLIC LICENSE
                       Version 3, 29 June 2007

 Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.

                            Preamble

  The GNU General Public License is a free, copyleft license for
software and other kinds of works.

  The licenses for most software and other practical works are designed
to take away your freedom to share and change the works.  By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users.  We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors.  You can apply it to
your programs, too.

This file has been truncated. show original

StevenR · October 4, 2021, 1:38am

I was able to learn a lot about encryption keys in Linux since I last posted here. I got ssh key logins working between my home Linux box and my cloud server. It’s pretty neat once you get it working. With a single short command line you’re in and connected securely. Now I’ll know how to connect my Librem 5 to my home Linux box securely. I just need to learn now how to safely leave an ssh port open on my home Linux box first.

I worked all day today trying to get the protonmail bridge working on my digital ocean droplet. I tried just building enough of Gnome (minimal) on the server to get the graphical configuration tool working so I could configure the bridge. When it finally came up, it said that it would require a graphical keyring program to be installed before it would work, I figured that enough is enough. Just getting a minimal gnome install was taking up too much of the resources for an efficient server. So I blew away the droplet, installed a new one, got the ssh keys installed again, and called it a day. I found an open-source protonmail bridge made for servers. I’ll revisit that after everything else is working. I’ll probably set up a development server later anyway, to experiment with. In the meantime, I’ll get the mastadon server working using a more traditional -unsecure- mail client.

irvinewade · October 4, 2021, 4:04am

Acknowledging the above but …

It may have been wanting seahorse, also known as “Passwords and Keys”. That is the normal Gnome password and key manager.