selfprivacy.org/en/second.html

409 lines
18 KiB
HTML
Raw Normal View History

2021-11-02 09:56:22 +00:00
<!doctype html>
<html class="no-js" lang="">
<head>
<meta charset="utf-8">
<title></title>
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta property="og:title" content="">
<meta property="og:type" content="">
<meta property="og:url" content="">
<meta property="og:image" content="">
<!-- Place favicon.ico in the root directory -->
<link rel="stylesheet" href="../font/stylesheet.css">
<link rel="stylesheet" href="../css/normalize.css">
<link rel="stylesheet" href="../css/main.css">
<link rel="icon" type="image/png" href="../favicon.png" />
<meta name="theme-color" content="#fafafa">
</head>
<body>
<!-- Add your site or application content here -->
<div class="nav">
<div class="flex-box-wrap max-width">
<div class="w-25">
<div class="nav-logo-box">
<img src="../img/Logo.png" alt="">
</div>
</div>
<div class="w-50">
<div>
<a class="telegram-btn" href="https://t.me/selfprivacy">
Telegram
</a>
</div>
</div>
<div class="w-25">
<div class="flex-box-wrap jc-fe">
<a href="https://selfprivacy.org/en/index.html">en</a>
<a href="https://selfprivacy.org/">ru</a>
<a class="nav-yellow-link" href="https://social.selfprivacy.org">
<img src="../img/Twitter%20Logo.svg" alt="">
</a>
<a class="nav-yellow-link" href="https://git.selfprivacy.org">
<img src="../img/Vector.svg" alt="">
</a>
</div>
</div>
</div>
</div>
<div class="margin-16 boxes">
<div class="max-width">
<h2 class="install-page-header">
Deployment and setup
</h2>
<div class="blue-border">
<p></p>
<p class="bottom-p">
SelfPrivacy-server takes about an hour to be created. Sounds scary, but believe me, no PhD
required to accomplish that. It's as simple as purchase in the e-shop.
</p>
<ul>
<li>
<!--1. -->Searching for ID and a card with balance of $10-15
</li>
<li>
<!--2. -->Registering your accounts
</li>
<li>
<!--3. -->Securing your accounts
</li>
<li>
<!--4. -->Purchasing a domain
</li>
<li>
<!--5. -->Pointing your domain to a DNS server
</li>
<li>
<!--6. -->🔑 Generating tokens
</li>
<li>
<!--7. -->Installation
</li>
<li>
<!--8. -->Connecting to the services 🎉
</li>
</ul>
<p class="bottom-p">
If you delegate this process to someone else, you'll loose your privacy. For the 100% independency
and control
we recommend to do everything on your own.
</p>
</div>
<div class="blue-border">
<p class="top-p">
Account registration
</p>
<p class="bottom-p">
SelfPrivacy makes use of many different accounts for the reliablity. If you hold everything in one
place,
you'll get the same you've been running from. All data in hands of one corporation🤦
</p>
<p class="bottom-p">
That's why, different parts of your system will be in different places. Let's register:
</p>
<ul>
<li>
<a href="https://accounts.hetzner.com/signUp">Hetzner </a>is a virtual server hosting. Here
will be a home for all of yor data.
</li>
<li>
<a href="https://www.namecheap.com/myaccount/signup/">NameCheap</a> or any other
registrar, to buy your personal address on the Internet, that will point directly to your
server.
</li>
<li>
<a href="https://dash.cloudflare.com/sign-up">CloudFlare </a>is a DNS server, where your
personal
address(domain) works.
</li>
<li>
<a
href="https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct&src=default">
Backblaze </a>is an IaaS, that provides free storage for your encrypted backups.
</li>
</ul>
<p class="bottom-p">
Registration is trivial, but sometimes account activation may take up to few days, but not longer.
That's why please be advised to use real data.
Providers protect themselves from spam in such way. Nothing personal.
</p>
</div>
<div class="blue-border">
<p class="top-p">
Protecting your accounts
</p>
<p class="bottom-p">
Systems are being compromised by the weakest part. That's why, password for all your accounts
should be different and complicated. TwinkleTwinkleLittleStar is a great example of a bad password.
A good one 🌈 is a
passphrase:
</p>
<p class="code-p">
expert repose postwar anytime glimpse freestyle liability effects
</p>
<p class="bottom-p">or</p>
<p class="code-p">
}Rj;EtG:,M!bc4/|
</p>
<p class="bottom-p">
How to remember such complicated password? No way! No need to remember passwords. They should be
created and stored in the <a href="https://keepassxc.org/download/">password manager</a>. Though,
you'll
have to remember at least one... Main password for the password manager.
</p>
<p class="bottom-p">
Additional protection for your accounts should be enabled in the mandatory order.
It called multifactor authentication(MFA, 2FA).
Without this simple step, all your data will be insecure.
</p>
<p class="bottom-p">
It may have been complicated a bit, but now you're protected better than 95% of users.
You can be proud of yourself🤗
</p>
</div>
<h2>
Getting a domain
</h2>
<p class="top-header-p">
Enabled 2FA? Then let's proceed to the most interesting part!
</p>
<div class="blue-border-img">
<img src="../img/nc-buy-domain.gif" alt="gif">
</div>
<p class="bottom-p pb-25">
<i>Domain</i> — it's a piece of Internet, which you can name like your home pet. Potential for
creativity is huge.
Your only limitations are 63 symbols length + .com .org .icu or other domain zones. Feel free to choose
among hundreds of others.
You can choose your surname as a domain, like this: jackson.live or carson.health, or it can be
something creative,
like: unicorn-land.shop
</p>
<div class="blue-border">
<p class="top-p">
Advices
</p>
<ul>
<li>Attentively check price for the annual domain prolongation. It may drastically differ from the
initial acquision price.</li>
<li>Average domain price is around $8-10 anually. The most cheap are .icu and .cyou — $4-6.</li>
<li>Memorable domain name can be easily shared during phone call or written on the business card.
</li>
<li>Surname in the domain is good as you can share your domain with everyone who carries your
surname, like this:
name.secondname@surname.com or ns@surname.com or name@surname.com</li>
<li>During domain registration, make sure to enter your real e-mail address, otherwise your
registration can be
canceled. If you wont be able to prolong your domain, nothing will work as intended.</li>
<li>Did I mentioned 2FA?</li>
</ul>
</div>
<p class="top-header-p">
Connecting your domain to the DNS server
</p>
<p class="bottom-p">
After acquision, add your domain itno CloudFlare:
</p>
<div class="blue-border-img">
<img src="../img/add-domain-to-cf.gif" alt="gif">
</div>
<p class="bottom-p">
Using <span class="color-blue">ruleit.stream</span> as example, we picked free service plan
and got nameservers: <span class="color-blue">gail.ns.cloudflare.com</span> and <span
class="color-blue">mattns.cloudflare.com</span>, that should be defined at your registrar.
In our case it's <span class="color-blue">NameCheap:</span>
</p>
<div class="blue-border-img">
<img src="../img/nc-to-cf.gif" alt="gif">
</div>
<p class="bottom-p">
By the way, be adviced to check if automatic prolongation and domain theft protection is enabled.
In a few minutes, or a few days in a worst scenario
settings will apply.
</p>
<h2>
🔑 Generating tokens
</h2>
<div class="blue-border">
<p class="top-p">
API tokens
</p>
<p class="bottom-p">
<i>API tokens</i> are almost the same as login and password, but designed to be used by
programs, rather then humans. SelfPivacy Manager uses them to manage your services on your demand.
</p>
<p class="bottom-p">
Tokens should be stored in the <a href="https://keepassxc.org/download/">password manager</a>
</p>
<p class="bottom-p">
We do not need a token for the NameCheap. But we will need one for the CloudFlare
to use it for domain management.
</p>
<p class="header-p">
CloudFlare
</p>
<ul>
<li>Visit the following <a href="https://dash.cloudflare.com/">link</a></li>
<li>In the upper right corner, click on the profile icon(circled human icon). For the mobile version
of the site, in
upper left corner, press <b>Menu</b> button(three horisontal bars). In the dropdown menu,
click on <b>My Profile</b></li>
<li>We are presented with four settings: <b>Communication, Authentication, API
Tokens, Session. Choose API Tokens.</b></li>
<li>The first thing we'll see is a <b>Create Token</b> button. With full confidence in yourself🤗
push this button.</li>
<li>If you scroll down to the end of the page, you'll see <b>Create Custom Token</b> field and
<b>Get Started</b>
button. Click it.</li>
<li>In the <b>Token Name</b> field, give your token a name, because tokens feel sad when they're
unnamed :)</li>
<li>Next we have Permissions. first field please specify: Zone. In the most wide, central field
please specify: DNS. In the last field, specify: Edit</li>
<li>Next, right under this filed, click on <b>Add More</b>. Similar field will appear.</li>
<li>In the first field, we select <b>Zone</b>, the same way as in previous step.
A the central field, situation slightly differs this time. Here we pick the same as in left
field - <b>Zone</b>. At the right
field, pick <b>Read</b>.</li>
<li>Next, please take a look at the <b>Zone Resources</b>. Under this sign, there's string with two
fiels.
In the left one should be <b>Include</b>, and in the right one - <b>Specific Zone</b>. As soon
as you pick
<b>Specific Zone</b>, another one field will appear. Select your domain there.
</li>
<li>Scroll to the very end of the page and click big and blue <b>Continue to Summary.</b> button.
</li>
<li>Check if everything picked correctly. Similar string should be shown: your.domain -
<b>DNS:Edit, Zone:Read.</b>
</li>
<li>Click <b>Create Token.</b></li>
<li>Copy newly created token and save it in reliable place(preferrably - in the password manager).
</li>
</ul>
<img src="../img/CloudFlare.gif" alt="gif">
<p class="header-p">
Hetzner
</p>
<ul>
<li>Visit the following<a href="https://console.hetzner.cloud/">link</a> and sign into
newly created account.</li>
<li>Enter into previously created project. If you haven't created one, then please proceed.</li>
<li>Hover side panel with mouse cursor. Panel should expand and show us a menu. We're interested
in the last one — <b>Security</b> (icon of a key).</li>
<li>Next, in the upper part of an interface, we can see approximately the following: <b>SSH Keys,
API Tokens,
Certificates, Members.</b> You need <b>API Tokens</b>. Click on it.</li>
<li>In the right part of the interface, there should be <b>Generate API token</b> button. If you're
using
mobile version og a webpage, in the lower right corner you'll see <b>red cross</b>. Push that
button.</li>
<li>In the <b>Description</b> field, give our token a name (this can be any name that
you like. It doesn't influence the essence.</li>
<li>Under the <b>Description</b> field we can see a possibility to choose <b>permissions</b>. Pick
<b>Read & Write</b>.
</li>
<li>Click <b>Generate API Token.</b></li>
<li>After that, our key will be shown. Store it in the reliable place, or in the password
manager, which is better.</li>
</ul>
<img src="../img/Hetzner.gif" alt="gif">
<p class="header-p">
Backblaze B2
</p>
<ul>
<li>Visit the following <a href="https://secure.backblaze.com/user_overview.htm">link</a></li>
<li>In the left part of an interface click on the <b>App Keys</b> in the <b>B2 Cloud Storage</b>
subcategory.</li>
<li>Click on the blue <b>Generate New Master Application Key</b> button.</li>
<li>In the appeared pop-up window confirm the generation.</li>
<li>Save keyID and applicationKey in the reliable place. For example - in the password manager :)
</li>
</ul>
<img src="../img/Backblaze.GIF" alt="gif">
<p class="header-p">
🎉 My congratulations. You're now ready to use your private services.
</p>
</div>
</div>
</div>
<footer>
<a href="https://social.selfprivacy.org">
<img src="img/Twitter-Logo.svg" alt="">
</a>
<a href="https://t.me/selfprivacy">
<img src="img/Telegram%20Logo.svg" alt="">
</a>
<a href="https://git.selfprivacy.org">
<img src="img/GitHub%20Logo.svg" alt="">
</a>
</footer>
<!--<script src="js/vendor/modernizr-3.11.2.min.js"></script>
<script src="js/plugins.js"></script>
<script src="js/main.js"></script>
-->
<!-- Google Analytics: change UA-XXXXX-Y to be your site's ID. -->
<!--<script>
window.ga = function () { ga.q.push(arguments) }; ga.q = []; ga.l = +new Date;
ga('create', 'UA-XXXXX-Y', 'auto'); ga('set', 'anonymizeIp', true); ga('set', 'transport', 'beacon'); ga('send', 'pageview')
</script>
<script src="https://www.google-analytics.com/analytics.js" async></script>-->
</body>
</html>