mirror of
https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.git
synced 2024-11-18 14:49:16 +00:00
297 lines
10 KiB
Markdown
297 lines
10 KiB
Markdown
---
|
|
title: Second
|
|
images: ["brand.png"]
|
|
---
|
|
|
|
<div class="margin-16 boxes">
|
|
<div class="max-width">
|
|
<h2 class="install-page-header">
|
|
Deployment and setup
|
|
</h2>
|
|
<div class="blue-border">
|
|
<p></p>
|
|
<p class="bottom-p">
|
|
SelfPrivacy-server is created step by step within an hour. Sounds scary, but believe me,
|
|
you shouldn't be a PhD to accomplish that. It's as simple as purchase in the e-shop.
|
|
</p>
|
|
<ul>
|
|
<li>
|
|
<!--1. -->Searching for passport and card with balance of $10-15 and $5 per month
|
|
</li>
|
|
<li>
|
|
<!--2. -->Accounts registration
|
|
</li>
|
|
<li>
|
|
<!--3. -->Protecting accounts
|
|
</li>
|
|
<li>
|
|
<!--4. -->Domain purchasing
|
|
</li>
|
|
<li>
|
|
<!--5. -->Connecting Domain to DNS Server
|
|
</li>
|
|
<li>
|
|
<!--6. -->🔑 Generating tokens
|
|
</li>
|
|
<li>
|
|
<!--7. -->Installation
|
|
</li>
|
|
<li>
|
|
<!--8. -->Connecting to the services 🎉
|
|
</li>
|
|
</ul>
|
|
<p class="bottom-p">
|
|
If you delegate this process to someone else, you will lose privacy. For 100% independence
|
|
and control
|
|
we recommend to do everything on your own.
|
|
</p>
|
|
</div>
|
|
<div class="blue-border">
|
|
<p class="top-p">
|
|
Accounts registration
|
|
</p>
|
|
<p class="bottom-p">
|
|
For stability and privacy, SelfPrivacy requires many accounts. If you hold everything in one
|
|
place,
|
|
you'll get the same you've been running from — all data in hands of one corporation🤦
|
|
</p>
|
|
<p class="bottom-p">
|
|
That's why, different parts of the system will be in different places. Let's register:
|
|
</p>
|
|
<ul>
|
|
<li>
|
|
<a href="https://accounts.hetzner.com/signUp">Hetzner </a>is a virtual server hosting. Our
|
|
data and SelfPrivacy services will live here.
|
|
</li>
|
|
<li>
|
|
<a href="https://www.namecheap.com/myaccount/signup/">NameCheap</a> or any other
|
|
registrar, to purchase your personal address on the Internet —
|
|
the domain that will point to the server.
|
|
</li>
|
|
<li>
|
|
<a href="https://dash.cloudflare.com/sign-up">CloudFlare </a>is a DNS server, where your
|
|
personal
|
|
address(domain) works.
|
|
</li>
|
|
<li>
|
|
<a
|
|
href="https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct&src=default">
|
|
Backblaze </a>is an IaaS, that provides free storage for your encrypted backups.
|
|
</li>
|
|
</ul>
|
|
<p class="bottom-p">
|
|
Registration is trivial, but sometimes account activation may take up to few days or requires
|
|
additional documents.
|
|
Therefore, use real documents and fill out everything carefully.
|
|
Providers protect themselves from spam in such way. Nothing personal )
|
|
</p>
|
|
</div>
|
|
<div class="blue-border">
|
|
<p class="top-p">
|
|
Protecting accounts
|
|
</p>
|
|
<p class="bottom-p">
|
|
Most often, systems are hacked through the weakest part. In order for accounts not to be such
|
|
a part, passwords must be different and complex. TwinkleTwinkleLittleStar is a great example of a
|
|
bad password.
|
|
A good one 🌈 is a
|
|
passphrase:
|
|
</p>
|
|
<p class="code-p">
|
|
expert repose postwar anytime glimpse freestyle liability effects
|
|
</p>
|
|
<p class="bottom-p">or</p>
|
|
<p class="code-p">
|
|
}Rj;EtG:,M!bc4/|
|
|
</p>
|
|
<p class="bottom-p">
|
|
How to remember such complicated password? No way! Passwords do not need to be remembered, they must
|
|
be
|
|
created and stored in the <a href="https://keepassxc.org/download/">password manager</a>. Though,
|
|
you'll
|
|
have to remember at least one — password from the password manager.
|
|
</p>
|
|
<p class="bottom-p">
|
|
Be sure to enable additional account protection - the second factor (MFA, 2FA).
|
|
Without this simple step, your data will not be safe.
|
|
</p>
|
|
<p class="bottom-p">
|
|
I know it was difficult, but now your data is better protected than 95% of users.
|
|
You can be proud of yourself! I'm proud of you 🤗
|
|
</p>
|
|
</div>
|
|
<h2>
|
|
Domain purchasing
|
|
</h2>
|
|
<p class="top-header-p">
|
|
Enabled 2FA? Then let's proceed to the most interesting part!
|
|
</p>
|
|
<div class="blue-border-img">
|
|
<img src="/images/screencasts/nc-buy-domain.gif" alt="gif">
|
|
</div>
|
|
<p class="bottom-p pb-25">
|
|
<i>Domain</i> — it's a piece of Internet, which you can name like your home pet. Potential for
|
|
creativity is huge.
|
|
Your only limitations are 63 symbols length + .com .org .icu or other domain zones. Feel free to choose
|
|
among hundreds of others.
|
|
You can choose your surname as a domain, like this: jackson.live or carson.health, or it can be
|
|
something creative,
|
|
like: unicorn-land.shop
|
|
</p>
|
|
<div class="blue-border">
|
|
<p class="top-p">
|
|
Advices
|
|
</p>
|
|
<ul>
|
|
<li>Be sure to look at the annual renewal price, it can exceed the purchase price many times.</li>
|
|
<li>Normal domain price is $8-10 per year. The cheapest are Chinese .icu and .cyou - $4-6.</li>
|
|
<li>A good name is convenient, both on the phone to dictate, and on the business card to indicate.
|
|
</li>
|
|
<li>The last name in the domain is good in that you can distribute mail to all namesakes, for
|
|
example:
|
|
name.secondname@surname.com, ns@surname.com or name@surname.com</li>
|
|
<li>
|
|
During domain registration, make sure to enter your real e-mail address, otherwise your
|
|
registration can be
|
|
canceled. And if you can't extend the domain, the system won't work as intended.
|
|
</li>
|
|
<li>Did I talk about the 2FA?</li>
|
|
</ul>
|
|
</div>
|
|
<p class="top-header-p">
|
|
Connecting Domain to DNS Server
|
|
</p>
|
|
<p class="bottom-p">
|
|
After acquisition, add your domain into CloudFlare:
|
|
</p>
|
|
<div class="blue-border-img">
|
|
<img src="/images/screencasts/add-domain-to-cf.gif" alt="gif">
|
|
</div>
|
|
<p class="bottom-p">
|
|
Using <span class="color-blue">ruleit.stream</span> as example, we chose free service plan
|
|
and got nameservers: <span class="color-blue">gail.ns.cloudflare.com</span> and <span
|
|
class="color-blue">mattns.cloudflare.com</span>, which must be registered with our registrar.
|
|
In our case <span class="color-blue">NameCheap:</span>
|
|
</p>
|
|
<div class="blue-border-img">
|
|
<img src="/images/screencasts/nc-to-cf.gif" alt="gif">
|
|
</div>
|
|
<p class="bottom-p">
|
|
At the same time, we check that we include auto-renewal and protection of personal data — <span
|
|
class="color-blue">WhoisGuard</span>.
|
|
After a few minutes or, in the worst case, up to 2 days, the settings will be applied.
|
|
</p>
|
|
<h2>
|
|
🔑 Generating tokens
|
|
</h2>
|
|
<div class="blue-border">
|
|
<p class="top-p">
|
|
API tokens
|
|
</p>
|
|
<p class="bottom-p">
|
|
<i>API tokens</i> are almost the same as login and password, only for a program, not a person.
|
|
SelfPrivacy application uses them to manage services in all accounts instead of you. Convenient!
|
|
</p>
|
|
<p class="bottom-p">
|
|
Tokens should be stored in the <a href="https://keepassxc.org/download/">password manager</a>
|
|
</p>
|
|
<p class="bottom-p">
|
|
We do not need a token for the NameCheap. But we will need one for the CloudFlare
|
|
to use it for domain management.
|
|
</p>
|
|
<p class="header-p">
|
|
CloudFlare
|
|
</p>
|
|
<ul>
|
|
<li>Visit the following <a href="https://dash.cloudflare.com/">link</a>.</li>
|
|
<li>In the right corner, we click on the profile icon (a man in a circle). For the mobile version
|
|
of the site, in
|
|
the upper left corner, click the <b>Menu</b> button (three horizontal bars), in the dropdown
|
|
menu,
|
|
click on <b>My Profile</b>
|
|
</li>
|
|
<li>We have four configuration categories to choose from: <b>Communication, Authentication, API
|
|
Tokens, Session.</b> Choose <b>API Tokens.</b>
|
|
</li>
|
|
<li>The first item is the <b>Create Token</b> button. With complete self-confidence and a desire
|
|
to gain privacy, we press it.
|
|
</li>
|
|
<li>We go down to the bottom and see the <b>Create Custom Token</b> field and
|
|
the <b>Get Started</b> button on the right side. We press.</li>
|
|
<li>In the <b>Token Name</b> field, we give our token a name. You can quote and treat this as
|
|
the name of a pet:)</li>
|
|
<li>Next we have <b>Permissions</b>. In the leftmost field, select <b>Zone</b>. In the longest
|
|
field, center, select
|
|
<b>DNS</b>. In the rightmost field, select <b>Edit</b>.
|
|
</li>
|
|
<li>Next, right under this line, click <b>Add More</b>. Similar field will appear.</li>
|
|
<li>In the leftmost field of the new line, we select, similar to the last line — <b>Zone</b>. In the
|
|
center — a little different.
|
|
Here we choose the same as in the left — <b>Zone</b>. In the rightmost field, select
|
|
<b>Read</b>.
|
|
</li>
|
|
<li>Next we look at <b>Zone Resources</b>. Under this inscription there is a line with two fields.
|
|
The left must have <b>Include</b> and the right must have <b>Specific Zone</b>. Once you select
|
|
<b>Specific Zone</b>, another field appears on the right. We choose our domain in it.
|
|
</li>
|
|
<li>We flick to the bottom and press the blue <b>Continue to Summary</b> button.</li>
|
|
<li>We're checking to see if we got everything right. A similar string must be present: Domain —
|
|
<b>DNS:Edit, Zone:Read.</b>
|
|
</li>
|
|
<li>Click on <b>Create Token.</b></li>
|
|
<li>We copy the created token, and save it in a reliable place (preferably in the <a
|
|
href="https://keepassxc.org/download/">password manager</a>).</li>
|
|
</ul>
|
|
<img src="/images/screencasts/CloudFlare.gif" alt="gif">
|
|
<p class="header-p">
|
|
Hetzner
|
|
</p>
|
|
<ul>
|
|
<li>Visit the following <a href="https://console.hetzner.cloud/">link</a> and authorize in the
|
|
previously created account.</li>
|
|
<li>We go into the project we created. If there is none, then we create.</li>
|
|
<li>Point the mouse to the side panel. It should open by showing us menu items. We are interested
|
|
in the latter — <b>Security</b> (with a key icon).
|
|
</li>
|
|
<li>Next, at the top of the interface we see approximately the following list: <b>SSH Keys,
|
|
API Tokens,
|
|
Certificates, Members.</b> We need the <b>API Tokens</b>. Click on it.
|
|
</li>
|
|
<li>On the right side of the interface, we will be waiting for the <b>Generate API token</b> button.
|
|
If you use
|
|
the mobile version of the site — in the lower right corner you will see a <b>red plus</b>
|
|
button. We press.
|
|
</li>
|
|
<li>In the <b>Description</b> field, give our token a name (this can be any name that
|
|
you like, it does not essentially change).</li>
|
|
<li>Under <b>Description</b>, you can select <b>permissions</b>. Select <b>Read & Write</b>.
|
|
</li>
|
|
<li>Click <b>Generate API Token.</b></li>
|
|
<li>After that, your key will be displayed. We write it in a safe place, or even better, we save it
|
|
in the
|
|
<a href="https://keepassxc.org/download/">password manager</a>.
|
|
</li>
|
|
</ul>
|
|
<img src="/images/screencasts/Hetzner.gif" alt="gif">
|
|
<p class="header-p">
|
|
Backblaze B2
|
|
</p>
|
|
<ul>
|
|
<li>Visit the following <a href="https://secure.backblaze.com/user_overview.htm">link</a></li>
|
|
<li>On the left side of the interface, select <b>App Keys</b> in the <b>B2 Cloud Storage</b>
|
|
subcategory.
|
|
</li>
|
|
<li>Click on the blue <b>Generate New Master Application Key</b> button.</li>
|
|
<li>In the appeared pop-up window confirm the generation.</li>
|
|
<li>Save <i>keyID</i> and <i>applicationKey</i> in the safe place. For example - in the
|
|
<a href="https://keepassxc.org/download/">password manager</a> :)
|
|
</li>
|
|
</ul>
|
|
<img src="/images/screencasts/Backblaze.gif" alt="gif">
|
|
<p class="header-p">
|
|
🎉 Congratulations. Now you are ready to use private services.
|
|
</p>
|
|
</div>
|
|
</div>
|
|
</div>
|