selfprivacy.org/content/en/docs/Getting started/_index.md

265 lines
10 KiB
Markdown
Raw Normal View History

2023-01-11 16:53:46 +00:00
---
title: "Getting Started"
linkTitle: "Getting Started"
2024-06-06 22:55:16 +00:00
weight: 1
2023-01-11 16:53:46 +00:00
description: >
How do you deploy and set up SelfPrivacy server?
2023-10-09 19:56:15 +00:00
aliases:
- /en/second
2023-01-11 16:53:46 +00:00
---
The SelfPrivacy server is created step by step within an hour. Sounds scary, but believe me,
you don't need a PhD to do it. It's as easy as shopping in an e-shop.
2023-01-11 16:53:46 +00:00
- Finding a passport and card with a balance of $10-15 and $5 per month
- Registration of accounts
- Domain purchasing
- Connecting Domain to DNS Server
- Generating tokens
- Installation
- Connecting to the services
2023-01-11 16:53:46 +00:00
**If you delegate this process to someone else, you will lose your privacy.**
For 100% independence and control we recommend doing everything yourself.
2023-01-11 16:53:46 +00:00
## Accounts registration
2023-01-11 16:53:46 +00:00
For stability, SelfPrivacy needs many accounts. We don't want to trust all the data to one company,
so we'd rather distribute parts of the system to different places.
2023-01-11 16:53:46 +00:00
{{% alert title="Protecting accounts" color="warning" %}}
**Systems are hacked through the weakest link.** To prevent accounts from being such a link, passwords must be different
2023-01-20 14:14:38 +00:00
for each account and must be complex. `Qwerty123` or `VerySecurePassw0rd` are very bad passwords.
An example of a good password is a passphrase:
2023-01-11 16:53:46 +00:00
```expert repose postwar anytime glimpse freestyle liability effects```
or
2023-01-11 16:53:46 +00:00
```}Rj;EtG:,M!bc4/|```
How can you remember such a complicated password? Absolutely not!
Passwords do not need to be remembered, they need to be created and
stored in a [password manager](https://keepassxc.org/download/).
However, you'll need to remember at least one — password from the password manager.
2023-01-11 16:53:46 +00:00
{{% /alert %}}
### Accounts to create:
* [Hetzner](https://www.hetzner.com) or [DigitalOcean](https://www.digitalocean.com) — virtual hosting servers.
Whichever one you choose, your data and SelfPrivacy services will live on it.
* [NameCheap](https://www.namecheap.com/), [Porkbun](https://porkbun.com) or any other registrar,
to purchase your personal address on the Internet — the domain that will point to the server.
* [deSEC](https://desec.io/) or [CloudFlare](https://cloudflare.com) (not recommended) is a DNS server, where your personal address (domain) works.
* [Backblaze](https://www.backblaze.com/) is an IaaS, that provides free storage for your encrypted backups.
2023-01-11 16:53:46 +00:00
Registration is trivial, but sometimes account activation can take up to several days or require additional documents.
Therefore, use real documents and fill everything out carefully. Providers protect themselves from spam this way.
Nothing personal :)
2023-01-11 16:53:46 +00:00
**Be sure to enable additional account protection — the second factor (MFA, 2FA).**
Without this simple step, your data will not be safe.
2023-01-11 16:53:46 +00:00
I know it was hard, but now your data is better protected than 95% of users.
You should be proud of yourself! I'm proud of you 🤗
2023-01-11 16:53:46 +00:00
## Purchasing a domain
2023-01-11 16:53:46 +00:00
Enabled 2FA? Then let's get to the most interesting part!
2023-01-11 16:53:46 +00:00
**_Domain_ — it's a piece of the Internet, that you can name like your home pet.**
The potential for creativity is enormous. Your only limitations are 63 character length + .com .org .icu or
other domain zones.
Feel free to choose from hundreds of others. You can choose your last name as a domain, like this:
jackson.live or carson.health, or it can be something creative, like: unicorn-land.shop
2023-01-11 16:53:46 +00:00
### Advice:
- **Be sure to look at the annual renewal price,** it can be many times the purchase price.
2023-05-16 14:58:55 +00:00
- **Normal domain price is $8-10 per year.**
* **When registering a domain, make sure you enter your real email address, otherwise your registration may be
cancelled.** And if you can't renew the domain, the system won't work as intended.
- A good name comes in handy, both on the phone to dictate, and on your business card.
- **Did I mention the 2FA?**
2023-01-11 16:53:46 +00:00
## Connecting Domain to DNS Server
2023-01-11 16:53:46 +00:00
Once purchased, add your domain to CloudFlare:
2023-01-11 16:53:46 +00:00
![gif](/images/screencasts/add-domain-to-cf.gif)
2023-01-11 16:53:46 +00:00
Using ruleit.stream as an example, we chose the free service plan and got nameservers: **gail.ns.cloudflare.com**
and **mattns.cloudflare.com**, which need to be registered with our registrar. For example, with NameCheap:
2023-01-11 16:53:46 +00:00
![gif](/images/screencasts/nc-to-cf.gif)
2023-01-11 16:53:46 +00:00
At the same time, we check that we include auto-renewal and personal data protection — WhoisGuard.
After a few minutes or, in the worst case, up to 2 days, the settings will be applied.
2023-01-11 16:53:46 +00:00
## Generating tokens
2023-01-11 16:53:46 +00:00
**_API tokens_ are almost the same as login and password, only for a program, not a person.**
SelfPrivacy application uses them to manage services in all accounts instead of you. Convenient!
2023-01-11 16:53:46 +00:00
2023-05-19 09:56:21 +00:00
We do not need a token for your domain registrar. But we need a DNS provider token to manage the domain.
2023-01-11 16:53:46 +00:00
2023-08-30 09:28:46 +00:00
SelfPrivacy supports two providers to choose from: the popular [Cloudflare](https://www.cloudflare.com/) and the privacy-focused [deSEC](https://desec.io/).
2023-05-19 09:56:21 +00:00
2023-06-10 01:27:56 +00:00
{{< tabpane text=true >}}
{{% tab "deSEC" %}}
2023-09-01 15:42:08 +00:00
### If you have chosen deSEC: How to get a token
2023-05-19 09:56:21 +00:00
2023-08-30 09:28:46 +00:00
1. Log in [here](https://desec.io/login).
2023-05-19 09:56:21 +00:00
2023-08-30 17:01:06 +00:00
2. Go to the [Domains page](https://desec.io/domains).
2023-05-19 09:56:21 +00:00
2023-08-30 17:01:06 +00:00
3. Go to the **Token management** tab.
2023-05-19 09:56:21 +00:00
4. Click on the round "plus" button in the upper right corner.
2023-08-30 17:17:25 +00:00
{{< imgproc desec-tokenmanagment Fill "626x287" />}}
2023-05-19 09:56:21 +00:00
5. "**Generate New Token**" dialogue must be displayed. Enter any **Token name** you wish. Advanced settings are not required, so do not touch anything there.
6. Click on **Save**.
7. Make sure you save the token's "**secret value**" as it will only be displayed once.
2023-08-30 17:17:25 +00:00
{{< imgproc dncsec-copy Fill "626x287" />}}
2023-05-19 09:56:21 +00:00
8. Now you can safely **close** the dialogue.
2023-06-10 01:27:56 +00:00
{{% /tab %}}
{{% tab "Cloudflare" %}}
2023-05-19 09:56:21 +00:00
2023-09-01 15:42:08 +00:00
### If you have chosen Cloudflare: How to get a token
2023-01-11 16:53:46 +00:00
{{< video src="Cloudflare" muted="true" autoplay="true" autoplay="true" loop="true" >}}
2023-01-11 16:53:46 +00:00
1. Visit the following [link](https://dash.cloudflare.com/) and log in to the account you created earlier.
2023-01-11 16:53:46 +00:00
2. Click on the profile icon in the upper right corner (for the mobile version of the site:
click on the **menu** button with three horizontal bars in the upper left corner).
From the menu that appears, click **My Profile**.
2023-01-11 16:53:46 +00:00
2023-08-30 17:17:25 +00:00
{{< imgproc cloudflare-my-profile Fill "626x287" />}}
2023-01-11 16:53:46 +00:00
3. We have four configuration categories to choose from: **Preferences**, **Authentication**,
**API Tokens** and **Sessions**. Select **API Tokens**.
2023-01-11 16:53:46 +00:00
4. The first item we see is the **Create Token** button. Click it.
2023-01-11 16:53:46 +00:00
5. Scroll down until you see the **Create Custom Token** field and the **Get Started** button on the right side.
Press it.
2023-01-11 16:53:46 +00:00
6. In the **Token Name** field, give your token a name. You can create your own name and treat it like a pet name :)
2023-01-11 16:53:46 +00:00
7. Next, we have **Permissions**. In the first field, choose **Zone**.
In the second field, in the middle, select **DNS**. In the last field, select **Edit**.
2023-01-11 16:53:46 +00:00
8. Click on the blue label at the bottom **+ Add more** (just below the left field that we filled in earlier).
Voila, we have new fields. Let's fill them in the same way as in the previous section, in the first field
we choose **Zone**, in the second one also **Zone**. And in the third one we press **Read**. Let's check what we have:
2023-01-11 16:53:46 +00:00
2023-08-30 17:17:25 +00:00
{{< imgproc cloudflare-permissions Fill "628x203" />}}
Your selection must look like this.
2023-08-30 17:17:25 +00:00
2023-01-11 16:53:46 +00:00
9. Next, look at **Zone Resources**. Below this heading there is a line with two fields.
The first should be **Include**, and the second should be **Specific Zone**.
Once you select **Specific Zone**, another field will appear on the right. Here you select our domain.
2023-01-11 16:53:46 +00:00
10. Scroll to the bottom and click the blue button **Continue to Summary**.
2023-01-11 16:53:46 +00:00
11. Check that you have selected everything correctly. You should see a line like this:
your.domain - **DNS:Edit, Zone:Read**.
2023-01-11 16:53:46 +00:00
12. Press **Create Token**.
2023-01-11 16:53:46 +00:00
13. Copy the created token.
2023-01-11 16:53:46 +00:00
2023-06-10 01:27:56 +00:00
{{% /tab %}}
{{< /tabpane >}}
2023-01-11 16:53:46 +00:00
### How to get server provider token
{{< alert title="Don't keep your eggs in one basket" color="warning" >}}
If you are planning to use DigitalOcean to handle both server and DNS (which is not recommended),
you **must use a separate project for DNS records**.
2023-01-11 16:53:46 +00:00
DigitalOcean only gives tokens that provide full access to everything in the project. While server provider token stays
on your device, the token for DNS management will be stored on your new server. This way, if your server is compromised,
the attacker will be able to do more harm than just change your DNS records.
2023-01-11 16:53:46 +00:00
*Note: using DigitalOcean as DNS provider is not yet released, but already available on nightly channel.*
{{< /alert >}}
{{< tabpane text=true >}}
2023-01-11 16:53:46 +00:00
{{% tab "Hetzner" %}}
2023-01-11 16:53:46 +00:00
![gif](/images/screencasts/Hetzner.gif)
1. Visit the following [link](https://console.hetzner.cloud/). Authorize the account you created earlier.
2. Open the project you created. If none exists, create one.
2023-01-11 16:53:46 +00:00
3. Point the mouse at the side panel.
It should open and show you menu items. We are interested in the last one — **Security** (with a key icon).
2023-01-11 16:53:46 +00:00
4. Next, at the top of the interface we see something like the following list:
**SSH Keys, API Tokens, Certificates, Members.** We need the **API Tokens**. Click on it.
2023-01-11 16:53:46 +00:00
5. On the right side of the interface you will see the **Generate API token** button.
If you are using the mobile version of the site — in the lower right corner you will see a **red plus** button.
Press it.
2023-01-11 16:53:46 +00:00
6. In the **Description** field, give your token a name
(this can be any name that you like, it does not change anything in essence).
2023-01-11 16:53:46 +00:00
7. Under **Description**, select **permissions**. Select **Read & Write**.
2023-01-11 16:53:46 +00:00
8. Click **Generate API Token.**
2023-01-11 16:53:46 +00:00
9. Сopy the token
{{% /tab %}}
2023-01-11 16:53:46 +00:00
{{% tab "DigitalOcean" %}}
2023-01-11 16:53:46 +00:00
{{< video src="do" muted="true" autoplay="true" autoplay="true" loop="true" >}}
2023-01-11 16:53:46 +00:00
1. Follow this [link](https://cloud.digitalocean.com/account/) and log in to the previously created account.
2023-01-11 16:53:46 +00:00
2. In the left menu look for **API** — the last item at the bottom.
2023-01-11 16:53:46 +00:00
3. Click **Generate New Token** in **Personal Access Tokens** menu.
2023-01-11 16:53:46 +00:00
4. Copy the token.
2023-01-11 16:53:46 +00:00
{{% /tab %}}
2023-01-11 16:53:46 +00:00
{{< /tabpane >}}
2023-01-11 16:53:46 +00:00
## How to get Backblaze token
2023-01-11 16:53:46 +00:00
{{< video src="Backblaze" muted="true" autoplay="true" autoplay="true" loop="true" >}}
2023-01-11 16:53:46 +00:00
1. Visit the following [link](https://secure.backblaze.com/user_overview.htm) and log in to the previously created account.
2. On the left side of the interface, select **App Keys** in the **B2 Cloud Storage** subcategory.
3. Click on the blue **Generate New Master Application Key** button.
4. In the appeared pop-up window confirm the generation.
5. Copy **keyID** and **applicationKey**.
---
2023-01-11 16:53:46 +00:00
🎉 Congratulations! Now you are ready to use private services.