From be0a9dfcbd5ea62eca32f3cebb104ae39855a4f2 Mon Sep 17 00:00:00 2001 From: joshua Date: Fri, 29 Dec 2023 23:18:01 -0500 Subject: updated wiki on how to make server --- docs/server/server.md | 130 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 130 insertions(+) create mode 100644 docs/server/server.md (limited to 'docs/server/server.md') diff --git a/docs/server/server.md b/docs/server/server.md new file mode 100644 index 0000000..a5381f4 --- /dev/null +++ b/docs/server/server.md @@ -0,0 +1,130 @@ +# Homelab Server Setup + +This page describes how I setup my personal webserver + +I'm hosting a website, wiki, caldav using Radicale, git using cgit and Gitolite, and webdav support + +## Linux Distribution Used + +Debian 12 Bookworm. + +Update the system. + + # apt update + # apt upgrade + +## SSH + +Generate ssh keys + + ssh-keygen -t [keytype] + +Add ssh keys to `~/.ssh/authorized_keys` + + ssh-copy-id -i /path/to/pubkey [user@]machine + +### Optional security enhancements + +Change the port in `/etc/sshd_config` to a nonstandard port to harden security. + + Port 1234 + +Disable password login in `/etc/sshd_config/` + + PubkeyAuthentication yes + ChallengeResponseAuthentication no + PasswordAuthentication no + KbdInteractiveAuthentication no + UsePAM no + +Disable XForwarding + + X11Forwarding no + +Disable remote root login + + PermitRootLogin no + +## DDNS + +Setup [Dyanmic DNS (ddns) with Porkbun and ddns-updater](ddns.md). + +## Caddy + +Install the [Caddy](https://caddyserver.com/docs/install#debian-ubuntu-raspbian) package from Caddy directly. + +## Cgit & gitolite + +Setup [cgit with gitolite and caddy](cgit.md). + +## Radicale + +Install the [Radicale](https://packages.debian.org/bookworm/radicale) package. + +Start the Radicale service. + + systemctl enable radicale.service + systemctl start radicale.service + +Generate secure passwords using htpasswd. + + # Create a new htpasswd file with the user "user1" + $ htpasswd -c /path/to/users user1 + New password: + Re-type new password: + # Add another user + $ htpasswd /path/to/users user2 + New password: + Re-type new password: + +Edit configuration to add users + + [auth] + type = htpasswd + htpasswd_filename = /path/to/users + # encryption method used in the htpasswd file + htpasswd_encryption = md5 + +Add configuration to caddy. + + caldav.joshuayun.com { + handle_path /* { + reverse_proxy localhost:5232 { + header_up X-Script-Name /radicale + } + } + handle_path /radicale/* { + reverse_proxy localhost:5232 { + header_up X-Script-Name /radicale + } + } + } + + +## Webdav + +Add the Webdav module to Caddy. + + sudo caddy add-package github.com/mholt/caddy-webdav + sudo systemctl restart caddy + +Add Webdav to the Caddy configuration + +Example configuration with protected file browsing, see the [github](https://github.com/mholt/caddy-webdav) for more configurations. + + + webdav.joshuayun.com { + @get method GET + root * WEBDAV_PATH + route { + basicauth { + joshua CADDY_HASH + } + file_server @get browse + webdav + } + } + +To generate the hash: + + caddy hash-password -- cgit v1.2.3