Telegram
en ru

Deployment and setup

SelfPrivacy-server takes about an hour to be created. Sounds scary, but believe me, no PhD required to accomplish that. It's as simple as purchase in the e-shop.

  • Searching for ID and a card with balance of $10-15
  • Registering your accounts
  • Securing your accounts
  • Purchasing a domain
  • Pointing your domain to a DNS server
  • 🔑 Generating tokens
  • Installation
  • Connecting to the services 🎉

If you delegate this process to someone else, you'll loose your privacy. For the 100% independency and control we recommend to do everything on your own.

Account registration

SelfPrivacy makes use of many different accounts for the reliablity. If you hold everything in one place, you'll get the same you've been running from. All data in hands of one corporation🤦

That's why, different parts of your system will be in different places. Let's register:

  • Hetzner is a virtual server hosting. Here will be a home for all of yor data.
  • NameCheap or any other registrar, to buy your personal address on the Internet, that will point directly to your server.
  • CloudFlare is a DNS server, where your personal address(domain) works.
  • Backblaze is an IaaS, that provides free storage for your encrypted backups.

Registration is trivial, but sometimes account activation may take up to few days, but not longer. That's why please be advised to use real data. Providers protect themselves from spam in such way. Nothing personal.

Protecting your accounts

Systems are being compromised by the weakest part. That's why, password for all your accounts should be different and complicated. TwinkleTwinkleLittleStar is a great example of a bad password. A good one 🌈 is a passphrase:

expert repose postwar anytime glimpse freestyle liability effects

or

}Rj;EtG:,M!bc4/|

How to remember such complicated password? No way! No need to remember passwords. They should be created and stored in the password manager. Though, you'll have to remember at least one... Main password for the password manager.

Additional protection for your accounts should be enabled in the mandatory order. It called multifactor authentication(MFA, 2FA). Without this simple step, all your data will be insecure.

It may have been complicated a bit, but now you're protected better than 95% of users. You can be proud of yourself🤗

Getting a domain

Enabled 2FA? Then let's proceed to the most interesting part!

gif

Domain — it's a piece of Internet, which you can name like your home pet. Potential for creativity is huge. Your only limitations are 63 symbols length + .com .org .icu or other domain zones. Feel free to choose among hundreds of others. You can choose your surname as a domain, like this: jackson.live or carson.health, or it can be something creative, like: unicorn-land.shop

Advices

  • Attentively check price for the annual domain prolongation. It may drastically differ from the initial acquision price.
  • Average domain price is around $8-10 anually. The most cheap are .icu and .cyou — $4-6.
  • Memorable domain name can be easily shared during phone call or written on the business card.
  • Surname in the domain is good as you can share your domain with everyone who carries your surname, like this: name.secondname@surname.com or ns@surname.com or name@surname.com
  • During domain registration, make sure to enter your real e-mail address, otherwise your registration can be canceled. If you wont be able to prolong your domain, nothing will work as intended.
  • Did I mentioned 2FA?

Connecting your domain to the DNS server

After acquision, add your domain itno CloudFlare:

gif

Using ruleit.stream as example, we picked free service plan and got nameservers: gail.ns.cloudflare.com and mattns.cloudflare.com, that should be defined at your registrar. In our case it's NameCheap:

gif

By the way, be adviced to check if automatic prolongation and domain theft protection is enabled. In a few minutes, or a few days in a worst scenario settings will apply.

🔑 Generating tokens

API tokens

API tokens are almost the same as login and password, but designed to be used by programs, rather then humans. SelfPivacy Manager uses them to manage your services on your demand.

Tokens should be stored in the password manager

We do not need a token for the NameCheap. But we will need one for the CloudFlare to use it for domain management.

CloudFlare

  • Visit the following link
  • In the upper right corner, click on the profile icon(circled human icon). For the mobile version of the site, in upper left corner, press Menu button(three horisontal bars). In the dropdown menu, click on My Profile
  • We are presented with four settings: Communication, Authentication, API Tokens, Session. Choose API Tokens.
  • The first thing we'll see is a Create Token button. With full confidence in yourself🤗 push this button.
  • If you scroll down to the end of the page, you'll see Create Custom Token field and Get Started button. Click it.
  • In the Token Name field, give your token a name, because tokens feel sad when they're unnamed :)
  • Next we have Permissions. first field please specify: Zone. In the most wide, central field please specify: DNS. In the last field, specify: Edit
  • Next, right under this filed, click on Add More. Similar field will appear.
  • In the first field, we select Zone, the same way as in previous step. A the central field, situation slightly differs this time. Here we pick the same as in left field - Zone. At the right field, pick Read.
  • Next, please take a look at the Zone Resources. Under this sign, there's string with two fiels. In the left one should be Include, and in the right one - Specific Zone. As soon as you pick Specific Zone, another one field will appear. Select your domain there.
  • Scroll to the very end of the page and click big and blue Continue to Summary. button.
  • Check if everything picked correctly. Similar string should be shown: your.domain - DNS:Edit, Zone:Read.
  • Click Create Token.
  • Copy newly created token and save it in reliable place(preferrably - in the password manager).
gif

Hetzner

  • Visit the followinglink and sign into newly created account.
  • Enter into previously created project. If you haven't created one, then please proceed.
  • Hover side panel with mouse cursor. Panel should expand and show us a menu. We're interested in the last one — Security (icon of a key).
  • Next, in the upper part of an interface, we can see approximately the following: SSH Keys, API Tokens, Certificates, Members. You need API Tokens. Click on it.
  • In the right part of the interface, there should be Generate API token button. If you're using mobile version og a webpage, in the lower right corner you'll see red cross. Push that button.
  • In the Description field, give our token a name (this can be any name that you like. It doesn't influence the essence.
  • Under the Description field we can see a possibility to choose permissions. Pick Read & Write.
  • Click Generate API Token.
  • After that, our key will be shown. Store it in the reliable place, or in the password manager, which is better.
gif

Backblaze B2

  • Visit the following link
  • In the left part of an interface click on the App Keys in the B2 Cloud Storage subcategory.
  • Click on the blue Generate New Master Application Key button.
  • In the appeared pop-up window confirm the generation.
  • Save keyID and applicationKey in the reliable place. For example - in the password manager :)
gif

🎉 My congratulations. You're now ready to use your private services.