SelfPrivacy/selfprivacy.org
1
0
Fork 0
mirror of https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.git synced 2025-01-16 05:46:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
selfprivacy.org/content/en/docs/Getting started/_index.md
dettlaff c531231e76 fix: docs missing pics (#174) 
Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org/pulls/174
Reviewed-by: Inex Code <inex.code@selfprivacy.org>
Co-authored-by: dettlaff <dettlaff@riseup.net>
Co-committed-by: dettlaff <dettlaff@riseup.net>
2024-08-16 14:07:04 +03:00

368 lines
15 KiB
Markdown
Raw Blame History

---
title: "Getting Started"
linkTitle: "Getting Started"
weight: 1
description: >
How do you deploy and set up SelfPrivacy server?
aliases:
- /en/second
---
The SelfPrivacy server is created step by step within an hour. Sounds scary, but believe me,
you don't need a PhD to do it. It's as easy as shopping in an e-shop.
* Finding a passport and card with a balance of $10-15 and $5 per month
* Registration of accounts
* Domain purchasing
* Connecting Domain to DNS Server
* Generating tokens
* Installation
* Connecting to the services
**If you delegate this process to someone else, you will lose your privacy.**
For 100% independence and control we recommend doing everything yourself.
## Accounts registration
For stability, SelfPrivacy needs many accounts. We don't want to trust all the data to one company,
so we'd rather distribute parts of the system to different places.
{{% alert title="Protecting accounts" color="warning" %}}
**Systems are hacked through the weakest link.** To prevent accounts from being such a link, passwords must be different
for each account and must be complex. `Qwerty123` or `VerySecurePassw0rd` are very bad passwords.
An example of a good password is a passphrase:
```expert repose postwar anytime glimpse freestyle liability effects```
or
```}Rj;EtG:,M!bc4/|```
How can you remember such a complicated password? Absolutely not!
Passwords do not need to be remembered, they need to be created and
stored in a password manager, such as [KeePassXC](https://keepassxc.org/download/).
However, you'll need to remember at least one — password from the password manager.
{{% /alert %}}
### Accounts to create
* [Hetzner](https://www.hetzner.com) or [DigitalOcean](https://www.digitalocean.com) — virtual hosting servers.
Whichever one you choose, your data and SelfPrivacy services will live on it.
* Any domain registrar, such as [Porkbun](https://porkbun.com) (cryptocurrency payments accepted), to purchase your personal address on the Internet — the domain that will point to the server.
* For DNS server where your domain operates, choose from: [deSEC](https://desec.io/), [DigitalOcean DNS](https://docs.digitalocean.com/products/networking/dns/), or [CloudFlare](https://cloudflare.com) (not recommended).
* [Backblaze](https://www.backblaze.com/) — an IaaS provider, for storing your encrypted backups.
Registration is trivial, but sometimes account activation can take up to several days or require additional documents. Therefore, use real documents and fill everything out carefully.
Providers protect themselves from spam this way, nothing personal :)
**Be sure to enable additional account protection — the second factor (MFA, 2FA).**
Without this simple step, your data will not be safe.
I know it was hard, but now your data is better protected than 95% of users.
You should be proud of yourself! I'm proud of you 🤗
## Purchasing a Domain
Enabled 2FA? Seriously! Let's move on to the interesting part!
**_Domain_ — it's a piece of the Internet that you can name.**
The potential for creativity is enormous, you're allowed up to 63 characters + several hundred variations of domain extension such as .com, .org, .icu, etc.
Visit your domain registrar. As an example, we will use [Porkbun](https://porkbun.com).
Select a domain. You could opt for something simple like your surname, such as _smith.live_ or _doe.health_, or go for something more creative like _oops-happens.shop_.
### Recommendations
* **Always check the annual renewal price,** as it can significantly exceed the initial purchase cost.
* **A normal domain price is $8-10 per year.**
* **When registering a domain, you must provide a real email and phone number, otherwise, your registration could be revoked.** If you can't renew the domain, the system will not function as intended.
* **Choose a name that's easy to dictate over the phone and to put on a business card.**
* **Did I mention 2FA?**
## Connecting Domain to DNS Server
{{< tabpane text=true >}}
{{% tab "deSEC" %}}
### If you chose deSEC: How to add a domain
1. Go to [this link](https://desec.io/domains) and log in to your account.
2. Click on the **plus** button.
{{< imgproc dns_add_domain Fill "626x287" />}}
3. Enter your domain name. Click **Save**.
4. Copy the names obtained in the **Nameservers** field.
{{< imgproc dns_add_domain2 Fill "626x287" />}}
For the example domain cat-meowmeow.corp, we obtained the nameservers: **ns1.desec.io** and **ns2.desec.org**. The nameservers you receive might be different.
{{% /tab %}}
{{% tab "Cloudflare" %}}
### If you chose Cloudflare: How to add a domain
1. Go to [this link](https://dash.cloudflare.com) and log in to your account.
2. On the left menu, click **Websites**, then the blue **Get started** button.
{{< imgproc dns_add_domain_cloudflare Fill "626x287" />}}
3. Select the **Free** plan and click **Continue**.
{{< imgproc dns_add_domain_cloudflare2 Fill "626x287" />}}
4. On the **Review DNS records** tab, don't change anything. Click **Continue**.
{{< imgproc dns_add_domain_cloudflare3 Fill "626x287" />}}
5. In step 3, copy the **nameservers**. Then click **Continue**.
{{< imgproc dns_add_domain_cloudflare4 Fill "626x287" />}}
6. On the final page, click **Finish later**.
{{< imgproc dns_add_domain_cloudflare5 Fill "626x287" />}}
Just now we selected the free plan and obtained the nameservers: **alberto.ns.cloudflare.com** and **michelle.ns.cloudflare.com**. The nameservers you receive might be different.
{{% /tab %}}
{{% tab "DigitalOcean DNS (not recommended)" %}}
### If you chose DigitalOcean DNS: How to add a domain
If you plan to use DigitalOcean for both the server and DNS (which we do not recommend), you **will need to create a separate project (in the DigitalOcean interface) for DNS records**.
DigitalOcean provides only tokens that give full access to everything in the project.
The token for the server remains on your device, but the token for DNS records will be sent to your new server.
If the DNS token has access to the server itself, in the event of a breach, the attacker could destroy the server.
1. Create a new project, then go to manage the new project.
2. Click the **Create** button at the top, and select **Domain/DNS**.
{{< imgproc docean_create_domain Fill "626x287" />}}
3. Enter your domain name and select the project created for domain management.
{{< imgproc docean_project Fill "626x287" />}}
4. Click **Add Domain**.
You will get the nameservers, which will be needed in the next step.
{{% /tab %}}
{{< /tabpane >}}
## Use the obtained nameservers with your registrar
DigitalOcean has a [good guide](https://docs.digitalocean.com/products/networking/dns/getting-started/dns-registrars/#instructions) for many popular registrars. Even if you are not using DigitalOcean for DNS, this guide can help you!
Here are the instructions for [Porkbun](https://porkbun.com), but you can use your domain registrar; the steps should be roughly similar.
1. Go to the domain management panel.
{{< imgproc porkbun Fill "626x287" />}}
2. Hover over the purchased domain and click **DNS**.
{{< imgproc porkbun2 Fill "626x287" />}}
3. In the domain management panel, find the **Authoritative nameservers** setting.
{{< imgproc porkbun3 Fill "626x287" />}}
4. Click **Edit**.
5. Enter the nameservers obtained in the previous step.
Within a few minutes or, in the worst case, up to two days, the settings will take effect.
## Generating tokens
**_API tokens_ are almost the same as login and password, only for a program, not a person.**
SelfPrivacy application uses them to manage services in all accounts instead of you. Convenient!
We do not need a token for your domain registrar. But we need a DNS provider token to manage the domain.
{{< tabpane text=true >}}
{{% tab "deSEC" %}}
### If you have chosen deSEC: How to get a token
1. Log in [here](https://desec.io/login).
2. Go to the [Domains page](https://desec.io/domains).
3. Go to the **Token management** tab.
4. Click on the round "plus" button in the upper right corner.
{{< imgproc desec-tokenmanagment Fill "626x287" />}}
5. "**Generate New Token**" dialogue must be displayed. Enter any **Token name** you wish. Advanced settings are not required, so do not touch anything there.
6. Click on **Save**.
7. Make sure you save the token's "**secret value**" as it will only be displayed once.
{{< imgproc dncsec-copy Fill "626x287" />}}
8. Now you can safely **close** the dialogue.
{{% /tab %}}
{{% tab "Cloudflare" %}}
### If you have chosen Cloudflare: How to get a token
{{< video src="Cloudflare" muted="true" autoplay="true" autoplay="true" loop="true" >}}
1. Visit the following [link](https://dash.cloudflare.com/) and log in to the account you created earlier.
2. Click on the profile icon in the upper right corner (for the mobile version of the site:
click on the **menu** button with three horizontal bars in the upper left corner).
From the menu that appears, click **My Profile**.
{{< imgproc cloudflare-my-profile Fill "626x287" />}}
3. We have four configuration categories to choose from: **Preferences**, **Authentication**,
**API Tokens** and **Sessions**. Select **API Tokens**.
4. The first item we see is the **Create Token** button. Click it.
5. Scroll down until you see the **Create Custom Token** field and the **Get Started** button on the right side.
Press it.
6. In the **Token Name** field, give your token a name. You can create your own name and treat it like a pet name :)
7. Next, we have **Permissions**. In the first field, choose **Zone**.
In the second field, in the middle, select **DNS**. In the last field, select **Edit**.
8. Click on the blue label at the bottom **+ Add more** (just below the left field that we filled in earlier).
Voila, we have new fields. Let's fill them in the same way as in the previous section, in the first field
we choose **Zone**, in the second one also **Zone**. And in the third one we press **Read**. Let's check what we have:
{{< imgproc cloudflare-permissions Fill "628x203" />}}
Your selection must look like this.
9. Next, look at **Zone Resources**. Below this heading there is a line with two fields.
The first should be **Include**, and the second should be **Specific Zone**.
Once you select **Specific Zone**, another field will appear on the right. Here you select our domain.
10. Scroll to the bottom and click the blue button **Continue to Summary**.
11. Check that you have selected everything correctly. You should see a line like this:
your.domain - **DNS:Edit, Zone:Read**.
12. Press **Create Token**.
13. Copy the created token.
{{% /tab %}}
{{% tab "DigitalOcean DNS" %}}
### If you chose DigitalOcean DNS: How to get a token
The instructions for obtaining a token for DigitalOcean DNS are similar to those used for DigitalOcean hosting servers. However, for managing DNS, you need to create a separate project. Be careful in the project selection menu to avoid confusion. Tokens from different projects should not be the same.
{{< video src="do" muted="true" autoplay="true" loop="true" >}}
1. Go to [this link](https://cloud.digitalocean.com/account/) and log in to the previously created account.
2. In the left menu, go to the **API** page - the last item at the very bottom.
3. Click **Generate New Token** in the **Personal Access Tokens** menu.
4. **Copy the token**.
{{% /tab %}}
{{< /tabpane >}}
### How to get server provider token
{{< tabpane text=true >}}
{{% tab "Hetzner" %}}
### If you chose Hetzner
1. Visit the following [link](https://console.hetzner.cloud/). Authorize the account you created earlier.
2. Open the project you created. If none exists, create one.
3. _Point the mouse at the side panel._ It should open and show you menu items. We are interested in the last one — **Security** (with a key icon).
{{< imgproc hetzner Fill "626x287" />}}
4. Next, at the top of the interface we see something like the following list:
**SSH Keys, API Tokens, Certificates, Members.**
We need the **API Tokens**. Click on it.
5. On the right side of the interface you will see the **Generate API token** button. Press it.
{{< imgproc hetzner2 Fill "626x287" />}}
6. In the **Description** field, give your token a name (this can be any name that you like, it does not change anything in essence).
7. Under **Description**, select **permissions**. Select **Read & Write**.
8. Click **Generate API Token.**
9. A window with your token will appear, save it.
{{< imgproc hetzner3 Fill "626x287" />}}
{{% /tab %}}
{{% tab "DigitalOcean" %}}
### If you chose DigitalOcean
{{< video src="do" muted="true" autoplay="true" loop="true" >}}
1. Go to [this link](https://cloud.digitalocean.com/account/) and log in to the previously created account.
2. In the left menu, go to the **API** page - the last item at the very bottom.
3. Click **Generate New Token** in the **Personal Access Tokens** menu.
4. **Copy** the token.
{{% /tab %}}
{{< /tabpane >}}
## How to get Backblaze token
{{< video src="Backblaze" muted="true" autoplay="true" autoplay="true" loop="true" >}}
1. Visit the following [link](https://secure.backblaze.com/user_overview.htm) and log in to the previously created account.
2. On the left side of the interface, select **App Keys** in the **B2 Cloud Storage** subcategory.
3. Click on the blue **Generate New Master Application Key** button.
4. In the appeared pop-up window confirm the generation.
5. Copy **keyID** and **applicationKey**.
---
## Open the Application
Enter the setup wizard. It's time to use the tokens we obtained earlier.
The application will prompt you to choose the server location and specifications. We recommend selecting a server closer to your current location.
If you have around 5 users, a server with minimal specifications will be sufficient.
The application will prompt you to create a master account that will act as the administrator. Save the account password in a password manager, such as [KeePassXC](https://keepassxc.org/download/).
At the end, click "Create Server", the process may take up to 30 minutes.
If something goes wrong, contact the [support chats]({{< relref "/docs/FAQ/_index.md#how-to-get-help" >}}).
---
🎉 Congratulations! You are now ready to use private services.
---
### After installation, we recommend creating a server recovery key
If something happens to your device, with the recovery key, you can seamlessly connect to the old server.
In the app, go to the "More" menu, then "Recovery Key". Click "Generate Key".
You will see a list of words — this will be your key. Save it in a password manager, such as [KeePassXC](https://keepassxc.org/download/).
For security reasons, the application does not allow copying the key.
**Remember, possessing this key gives an attacker full access to your server.**
Reference in a new issue View git blame Copy permalink