mirror of
https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.git
synced 2024-11-18 22:59:17 +00:00
265 lines
10 KiB
Markdown
265 lines
10 KiB
Markdown
---
|
||
categories: ["Tutorials"]
|
||
tags: []
|
||
title: "Getting Started"
|
||
linkTitle: "Getting Started"
|
||
weight: 1
|
||
description: >
|
||
How do you deploy and set up SelfPrivacy server?
|
||
---
|
||
|
||
The SelfPrivacy server is created step by step within an hour. Sounds scary, but believe me,
|
||
you don't need a PhD to do it. It's as easy as shopping in an e-shop.
|
||
|
||
- Finding a passport and card with a balance of $10-15 and $5 per month
|
||
- Registration of accounts
|
||
- Domain purchasing
|
||
- Connecting Domain to DNS Server
|
||
- Generating tokens
|
||
- Installation
|
||
- Connecting to the services
|
||
|
||
**If you delegate this process to someone else, you will lose your privacy.**
|
||
For 100% independence and control we recommend doing everything yourself.
|
||
|
||
|
||
## Accounts registration
|
||
|
||
For stability, SelfPrivacy needs many accounts. We don't want to trust all the data to one company,
|
||
so we'd rather distribute parts of the system to different places.
|
||
|
||
{{% alert title="Protecting accounts" color="warning" %}}
|
||
**Systems are hacked through the weakest link.** To prevent accounts from being such a link, passwords must be different
|
||
for each account and must be complex. `Qwerty123` or `VerySecurePassw0rd` are very bad passwords.
|
||
An example of a good password is a passphrase:
|
||
|
||
```expert repose postwar anytime glimpse freestyle liability effects```
|
||
|
||
or
|
||
|
||
```}Rj;EtG:,M!bc4/|```
|
||
|
||
How can you remember such a complicated password? Absolutely not!
|
||
Passwords do not need to be remembered, they need to be created and
|
||
stored in a [password manager](https://keepassxc.org/download/).
|
||
However, you'll need to remember at least one — password from the password manager.
|
||
|
||
{{% /alert %}}
|
||
|
||
### Accounts to create:
|
||
* [Hetzner](https://www.hetzner.com) or [DigitalOcean](https://www.digitalocean.com) — virtual hosting servers.
|
||
Whichever one you choose, your data and SelfPrivacy services will live on it.
|
||
* [NameCheap](https://www.namecheap.com/), [Porkbun](https://porkbun.com) or any other registrar,
|
||
to purchase your personal address on the Internet — the domain that will point to the server.
|
||
* [deSEC](https://desec.io/) or [CloudFlare](https://cloudflare.com) (not recommended) is a DNS server, where your personal address (domain) works.
|
||
* [Backblaze](https://www.backblaze.com/) is an IaaS, that provides free storage for your encrypted backups.
|
||
|
||
Registration is trivial, but sometimes account activation can take up to several days or require additional documents.
|
||
Therefore, use real documents and fill everything out carefully. Providers protect themselves from spam this way.
|
||
Nothing personal :)
|
||
|
||
**Be sure to enable additional account protection — the second factor (MFA, 2FA).**
|
||
Without this simple step, your data will not be safe.
|
||
|
||
I know it was hard, but now your data is better protected than 95% of users.
|
||
You should be proud of yourself! I'm proud of you 🤗
|
||
|
||
|
||
## Purchasing a domain
|
||
|
||
Enabled 2FA? Then let's get to the most interesting part!
|
||
|
||
**_Domain_ — it's a piece of the Internet, that you can name like your home pet.**
|
||
The potential for creativity is enormous. Your only limitations are 63 character length + .com .org .icu or
|
||
other domain zones.
|
||
Feel free to choose from hundreds of others. You can choose your last name as a domain, like this:
|
||
jackson.live or carson.health, or it can be something creative, like: unicorn-land.shop
|
||
|
||
### Advice:
|
||
- **Be sure to look at the annual renewal price,** it can be many times the purchase price.
|
||
- **Normal domain price is $8-10 per year.**
|
||
* **When registering a domain, make sure you enter your real email address, otherwise your registration may be
|
||
cancelled.** And if you can't renew the domain, the system won't work as intended.
|
||
- A good name comes in handy, both on the phone to dictate, and on your business card.
|
||
- **Did I mention the 2FA?**
|
||
|
||
|
||
## Connecting Domain to DNS Server
|
||
|
||
Once purchased, add your domain to CloudFlare:
|
||
|
||
![gif](/images/screencasts/add-domain-to-cf.gif)
|
||
|
||
Using ruleit.stream as an example, we chose the free service plan and got nameservers: **gail.ns.cloudflare.com**
|
||
and **mattns.cloudflare.com**, which need to be registered with our registrar. For example, with NameCheap:
|
||
|
||
![gif](/images/screencasts/nc-to-cf.gif)
|
||
|
||
At the same time, we check that we include auto-renewal and personal data protection — WhoisGuard.
|
||
After a few minutes or, in the worst case, up to 2 days, the settings will be applied.
|
||
|
||
|
||
## Generating tokens
|
||
|
||
**_API tokens_ are almost the same as login and password, only for a program, not a person.**
|
||
SelfPrivacy application uses them to manage services in all accounts instead of you. Convenient!
|
||
|
||
We do not need a token for your domain registrar. But we need a DNS provider token to manage the domain.
|
||
|
||
|
||
SelfPrivacy supports two providers to choose from: the popular [Cloudflare](https://www.cloudflare.com/) and the privacy-focused [deSEC](https://desec.io/).
|
||
|
||
{{< tabpane text=true >}}
|
||
{{% tab "deSEC" %}}
|
||
### If you have chosen deSEC: How to get a token
|
||
|
||
1. Log in [here](https://desec.io/login).
|
||
|
||
2. Go to the [Domains page](https://desec.io/domains).
|
||
|
||
3. Go to the **Token management** tab.
|
||
|
||
4. Click on the round "plus" button in the upper right corner.
|
||
|
||
{{< imgproc desec-tokenmanagment Fill "626x287" />}}
|
||
|
||
|
||
5. "**Generate New Token**" dialogue must be displayed. Enter any **Token name** you wish. Advanced settings are not required, so do not touch anything there.
|
||
|
||
6. Click on **Save**.
|
||
|
||
7. Make sure you save the token's "**secret value**" as it will only be displayed once.
|
||
|
||
{{< imgproc dncsec-copy Fill "626x287" />}}
|
||
|
||
|
||
8. Now you can safely **close** the dialogue.
|
||
|
||
{{% /tab %}}
|
||
|
||
{{% tab "Cloudflare" %}}
|
||
|
||
### If you have chosen Cloudflare: How to get a token
|
||
|
||
{{< video src="Cloudflare" muted="true" autoplay="true" autoplay="true" loop="true" >}}
|
||
|
||
1. Visit the following [link](https://dash.cloudflare.com/) and log in to the account you created earlier.
|
||
|
||
2. Click on the profile icon in the upper right corner (for the mobile version of the site:
|
||
click on the **menu** button with three horizontal bars in the upper left corner).
|
||
From the menu that appears, click **My Profile**.
|
||
|
||
{{< imgproc cloudflare-my-profile Fill "626x287" />}}
|
||
|
||
|
||
3. We have four configuration categories to choose from: **Preferences**, **Authentication**,
|
||
**API Tokens** and **Sessions**. Select **API Tokens**.
|
||
|
||
4. The first item we see is the **Create Token** button. Click it.
|
||
|
||
5. Scroll down until you see the **Create Custom Token** field and the **Get Started** button on the right side.
|
||
Press it.
|
||
|
||
6. In the **Token Name** field, give your token a name. You can create your own name and treat it like a pet name :)
|
||
|
||
7. Next, we have **Permissions**. In the first field, choose **Zone**.
|
||
In the second field, in the middle, select **DNS**. In the last field, select **Edit**.
|
||
|
||
8. Click on the blue label at the bottom **+ Add more** (just below the left field that we filled in earlier).
|
||
Voila, we have new fields. Let's fill them in the same way as in the previous section, in the first field
|
||
we choose **Zone**, in the second one also **Zone**. And in the third one we press **Read**. Let's check what we have:
|
||
|
||
{{< imgproc cloudflare-permissions Fill "628x203" />}}
|
||
Your selection must look like this.
|
||
|
||
|
||
9. Next, look at **Zone Resources**. Below this heading there is a line with two fields.
|
||
The first should be **Include**, and the second should be **Specific Zone**.
|
||
Once you select **Specific Zone**, another field will appear on the right. Here you select our domain.
|
||
|
||
10. Scroll to the bottom and click the blue button **Continue to Summary**.
|
||
|
||
11. Check that you have selected everything correctly. You should see a line like this:
|
||
your.domain - **DNS:Edit, Zone:Read**.
|
||
|
||
12. Press **Create Token**.
|
||
|
||
13. Copy the created token.
|
||
|
||
{{% /tab %}}
|
||
{{< /tabpane >}}
|
||
|
||
### How to get server provider token
|
||
{{< alert title="Don't keep your eggs in one basket" color="warning" >}}
|
||
If you are planning to use DigitalOcean to handle both server and DNS (which is not recommended),
|
||
you **must use a separate project for DNS records**.
|
||
|
||
DigitalOcean only gives tokens that provide full access to everything in the project. While server provider token stays
|
||
on your device, the token for DNS management will be stored on your new server. This way, if your server is compromised,
|
||
the attacker will be able to do more harm than just change your DNS records.
|
||
|
||
*Note: using DigitalOcean as DNS provider is not yet released, but already available on nightly channel.*
|
||
{{< /alert >}}
|
||
{{< tabpane text=true >}}
|
||
|
||
{{% tab "Hetzner" %}}
|
||
![gif](/images/screencasts/Hetzner.gif)
|
||
|
||
1. Visit the following [link](https://console.hetzner.cloud/). Authorize the account you created earlier.
|
||
|
||
2. Open the project you created. If none exists, create one.
|
||
|
||
3. Point the mouse at the side panel.
|
||
It should open and show you menu items. We are interested in the last one — **Security** (with a key icon).
|
||
|
||
4. Next, at the top of the interface we see something like the following list:
|
||
**SSH Keys, API Tokens, Certificates, Members.** We need the **API Tokens**. Click on it.
|
||
|
||
5. On the right side of the interface you will see the **Generate API token** button.
|
||
If you are using the mobile version of the site — in the lower right corner you will see a **red plus** button.
|
||
Press it.
|
||
|
||
6. In the **Description** field, give your token a name
|
||
(this can be any name that you like, it does not change anything in essence).
|
||
|
||
7. Under **Description**, select **permissions**. Select **Read & Write**.
|
||
|
||
8. Click **Generate API Token.**
|
||
|
||
9. Сopy the token
|
||
{{% /tab %}}
|
||
|
||
{{% tab "DigitalOcean" %}}
|
||
|
||
{{< video src="do" muted="true" autoplay="true" autoplay="true" loop="true" >}}
|
||
|
||
1. Follow this [link](https://cloud.digitalocean.com/account/) and log in to the previously created account.
|
||
|
||
2. In the left menu look for **API** — the last item at the bottom.
|
||
|
||
3. Click **Generate New Token** in **Personal Access Tokens** menu.
|
||
|
||
4. Copy the token.
|
||
|
||
{{% /tab %}}
|
||
|
||
{{< /tabpane >}}
|
||
|
||
|
||
## How to get Backblaze token
|
||
|
||
{{< video src="Backblaze" muted="true" autoplay="true" autoplay="true" loop="true" >}}
|
||
|
||
1. Visit the following [link](https://secure.backblaze.com/user_overview.htm) and log in to the previously created account.
|
||
|
||
2. On the left side of the interface, select **App Keys** in the **B2 Cloud Storage** subcategory.
|
||
|
||
3. Click on the blue **Generate New Master Application Key** button.
|
||
|
||
4. In the appeared pop-up window confirm the generation.
|
||
|
||
5. Copy **keyID** and **applicationKey**.
|
||
|
||
---
|
||
|
||
🎉 Congratulations! Now you are ready to use private services. |