Date: Fri, 29 Dec 2023 23:18:01 -0500 Subject: updated wiki on how to make server --- site/server/cgit/index.html | 776 ++++++++++++++++++++++++++++++++++++++++++ site/server/ddns/index.html | 612 +++++++++++++++++++++++++++++++++ site/server/server/index.html | 726 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 2114 insertions(+) create mode 100644 site/server/cgit/index.html create mode 100644 site/server/ddns/index.html create mode 100644 site/server/server/index.html (limited to 'site/server') diff --git a/site/server/cgit/index.html b/site/server/cgit/index.html new file mode 100644 index 0000000..a01b653 --- /dev/null +++ b/site/server/cgit/index.html @@ -0,0 +1,776 @@ + + + + + + + + + + + + + + + + + + + + + + + + + Cgit with gitolite - Joshua's Wiki + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

+ + + + Skip to content + + +

+ +

+ + + + + + +

+ + + + + + + + + + +

+ + Joshua's Wiki + +

+ + + Cgit with gitolite + + +

+ + + + + + + + + + + + + +

+ +

+ + + + + + +

+ + + +

+ + + + +

+ + + + + + + + Joshua's Wiki + + +

+ + + + + Home + + + + +
+ + + + + + + + + + + + Server + + + + + + +
+ + + Server + +
- + + + + + Server Setup + + + + +
- + + + + + + + + + + + + Cgit with gitolite + + + + + + + + + + + Cgit with gitolite + + + + + + + +
  + + + + + + + + + Table of contents + +
  - + + + Setup + + + +
  - + + + Gitolite + + + +
    +
    + +
    + + + Configuration with cgit + + + +
    + +
    + + + Usage + + + +
    + +
    + + + Repository ignore + + + +
    + +
    + + + Adding Hooks to gitolite + + + +
    + +
    +
    + +
  - + + + Cgit + + + +
    +
    + +
    + + + Running cgit with caddy + + + +
    + +
    +
    + +
  - + + + Cgit configuration + + + +
  - + + + References + + + +
  + +
  + +
- + + + + + DDNS + + + + +
+
+ +
+ + + + + About + + + + +

+ + + +

+ + +

+ + + + + + + + + Table of contents + +

+ + + Setup + + + +
+ + + Gitolite + + + +
+
- + + + Configuration with cgit + + + +
- + + + Usage + + + +
- + + + Repository ignore + + + +
- + + + Adding Hooks to gitolite + + + +
+
+ +
+ + + Cgit + + + +
+
- + + + Running cgit with caddy + + + +
+
+ +
+ + + Cgit configuration + + + +
+ + + References + + + +

+ +

+ + + +

+ + + + +

Cgit with gitolite and caddy

Setup

Install dependencies.

# apt install cgit python-is-python3 python3-pygments python3-markdown docutils-common groff perl
+

Make a git user.

sudo adduser --system --shell /bin/bash --group --disabled-password --home /home/git git
+

Allow ssh passwordless login.

usermod -p '*' username
+

Gitolite

Install the gitolite package from the repository directly.

Configuration with cgit

Configuration of gitolite is done by modifying $HOME/.gitolite.rc.

To work correctly with cgit, gitweb and cgit configuration options need to work with gitolite.

Change:

GIT_CONFIG_KEYS  =>  '',
+

To:

GIT_CONFIG_KEYS  =>  '.*',
+

To have permissions work correctly,

Change:

UMASK  =>  0077,
+

To:

UMASK  =>  0027,
+

In the ENABLE field, add gitweb and cgit to the list.

Usage

Detailed usage of gitolite can be found here

Repository ignore

After cgit is configured, cgit can be told to ignore a repo with this syntax.

repo gitolite-admin
+    config cgit.ignore=1
+

Adding Hooks to gitolite

This page details how to add hooks to your repositories.

Example hook that updates a website every git push. Make sure this directory is owned by git.

#!/bin/sh
+GIT_WORK_TREE=/desired/website/directory git checkout -f
+

Cgit

Running cgit with caddy

Install the fcgiwrap package.

Create a systemd service that wraps cgit with FastCGI.

# systemctl edit --full --force cgit.service
+

+ + +

[Unit]
+Description=CGI web interface to the Git SCM
+After=network.target
+
+[Service]
+Type=exec
+ExecStart=fcgiwrap -f -p "/usr/lib/cgit/cgit.cgi" -s tcp:127.0.0.1:8999
+
+[Install]
+WantedBy=multi-user.target
+

+ + +

# systemctl start cgit
+

Add cgit configuration to caddy.

git.joshuayun.com {
+        handle_path /cgit-css/* {
+                root * /usr/share/cgit/
+                file_server
+        }
+
+        handle {
+                reverse_proxy localhost:8999 {
+                        transport fastcgi {
+                                env DOCUMENT_ROOT /usr/lib/cgit/
+                                env SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi
+                        }
+                }
+        }
+}
+

Cgit configuration

More detailed documentation can be found on the cgitrc(5) manual.

enable-git-config is used to allow for gitweb.* configurations in gitolite, e.g. description, owner.

enable-git-config=1
+

project-list sets where cgit looks for projects, this list is the one updated by gitolite

project-list=/home/git/projects.list
+

scan-path sets where the actual git repositories live

scan-path=/home/git/repositories
+

References

SixFoisNeuf Used this blog to run cgit using fcgiwrap rather than a caddy plugin. The entire cgit with caddy section was using his work.

Mateja Maric Used this blog to help configure cgitrc, gitolite.rc

Luke Hsiao Used the git user creation command from this blog.

Omar Polo (yumh) Used this blog to help configure cgitrc for hidden repos.

Bryan Brattlof Not much used here, kept as reference.

+ + + + + + + + + + + + + +

+ + + +

+ +

+ + + +

+ + + + + + + + + + \ No newline at end of file diff --git a/site/server/ddns/index.html b/site/server/ddns/index.html new file mode 100644 index 0000000..a81e917 --- /dev/null +++ b/site/server/ddns/index.html @@ -0,0 +1,612 @@ + + + + + + + + + + + + + + + + + + + + + + + + + DDNS - Joshua's Wiki + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

+ + + + Skip to content + + +

+ +

+ + + + + + +

+ + + + + + + + + + +

+ + Joshua's Wiki + +

+ + + DDNS + + +

+ + + + + + + + + + + + + +

+ +

+ + + + + + +

+ + + +

+ + + + +

+ + + + + + + + Joshua's Wiki + + +

+ + + + + Home + + + + +
+ + + + + + + + + + + + Server + + + + + + +
+ + + Server + +
- + + + + + Server Setup + + + + +
- + + + + + Cgit with gitolite + + + + +
- + + + + + + + + + + + + DDNS + + + + + + + + + + + DDNS + + + + + + + +
  + + + + + + + + + Table of contents + +
  - + + + Porkbun API + + + +
  - + + + ddns-updater + + + +
    +
    + +
    + + + Docker install + + + +
    + +
    + + + Setup + + + +
    + +
    + + + Usage + + + +
    + +
    +
    + +
  + +
  + +
+
+ +
+ + + + + About + + + + +

+ + + +

+ + + + +

DDNS Setup

Porkbun API

Follow this porkbun guide on enabling the api for your domain.

ddns-updater

ddns-updater is the program used to update Porkbun's A record of your domain.

Docker install

Install the docker package from official docker repositories.

Setup

Create a directory with config.json inside, and make sure that its owner has a uid of 1000.

mkdir data
+touch data/config.json
+# Owned by user ID of Docker container (1000)
+chown -R 1000 data
+# all access (for creating json database file data/updates.json)
+chmod 700 data
+# read access only
+chmod 400 data/config.json
+

Configuration for porkbun in config.json

{
+  "settings": [
+    {
+      "provider": "porkbun",
+      "domain": "domain.com",
+      "host": "@",
+      "api_key": "PORKBUN SECRET KEY",
+      "secret_api_key": "PORKBUN API KEY",
+      "ip_version": "ipv4"
+    }
+  ]
+}
+

Optional "ttl" paramter specifing A record TTL not included.

Usage

docker run -d -p 8000:8000/tcp -v "$(pwd)"/data:/updater/data qmcgaw/ddns-updater
+

This will start a docker container that will start updating the DNS records. +Status updates can be seen in a web server by going to localhost:8000.

+ + + + + + + + + + + + + +

+ + + +

+ +

+ + + +

+ + + + + + + + + + \ No newline at end of file diff --git a/site/server/server/index.html b/site/server/server/index.html new file mode 100644 index 0000000..b6ecf70 --- /dev/null +++ b/site/server/server/index.html @@ -0,0 +1,726 @@ + + + + + + + + + + + + + + + + + + + + + + + + + Server Setup - Joshua's Wiki + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

+ + + + Skip to content + + +

+ +

+ + + + + + +

+ + + + + + + + + + +

+ + Joshua's Wiki + +

+ + + Server Setup + + +

+ + + + + + + + + + + + + +

+ +

+ + + + + + +

+ + + +

+ + + + +

+ + + + + + + + Joshua's Wiki + + +

+ + + + + Home + + + + +
+ + + + + + + + + + + + Server + + + + + + +
+ + + Server + +
- + + + + + + + + + + + + Server Setup + + + + + + + + + + + Server Setup + + + + + + + +
  + + + + + + + + + Table of contents + +
  - + + + Linux Distribution Used + + + +
  - + + + SSH + + + +
    +
    + +
    + + + Optional security enhancements + + + +
    + +
    +
    + +
  - + + + DDNS + + + +
  - + + + Caddy + + + +
  - + + + Cgit & gitolite + + + +
  - + + + Radicale + + + +
  - + + + Webdav + + + +
  + +
  + +
- + + + + + Cgit with gitolite + + + + +
- + + + + + DDNS + + + + +
+
+ +
+ + + + + About + + + + +

+ + + +

+ + +

+ + + + + + + + + Table of contents + +

+ + + Linux Distribution Used + + + +
+ + + SSH + + + +
+
- + + + Optional security enhancements + + + +
+
+ +
+ + + DDNS + + + +
+ + + Caddy + + + +
+ + + Cgit & gitolite + + + +
+ + + Radicale + + + +
+ + + Webdav + + + +

+ +

+ + + +

+ + + + +

Homelab Server Setup

This page describes how I setup my personal webserver

I'm hosting a website, wiki, caldav using Radicale, git using cgit and Gitolite, and webdav support

Linux Distribution Used

Debian 12 Bookworm.

Update the system.

# apt update
+# apt upgrade
+

SSH

Generate ssh keys

ssh-keygen -t [keytype]
+

Add ssh keys to ~/.ssh/authorized_keys

ssh-copy-id -i /path/to/pubkey [user@]machine
+

Optional security enhancements

Change the port in /etc/sshd_config to a nonstandard port to harden security.

Port 1234
+

Disable password login in /etc/sshd_config/

PubkeyAuthentication yes
+ChallengeResponseAuthentication no
+PasswordAuthentication no
+KbdInteractiveAuthentication no
+UsePAM no
+

Disable XForwarding

X11Forwarding no
+

Disable remote root login

PermitRootLogin no
+

DDNS

Setup Dyanmic DNS (ddns) with Porkbun and ddns-updater.

Caddy

Install the Caddy package from Caddy directly.

Cgit & gitolite

Setup cgit with gitolite and caddy.

Radicale

Install the Radicale package.

Start the Radicale service.

systemctl enable radicale.service
+systemctl start radicale.service
+

Generate secure passwords using htpasswd.

# Create a new htpasswd file with the user "user1"
+$ htpasswd -c /path/to/users user1
+New password:
+Re-type new password:
+# Add another user
+$ htpasswd /path/to/users user2
+New password:
+Re-type new password:
+

Edit configuration to add users

[auth]
+type = htpasswd
+htpasswd_filename = /path/to/users
+# encryption method used in the htpasswd file
+htpasswd_encryption = md5
+

Add configuration to caddy.

caldav.joshuayun.com {
+    handle_path /* {
+        reverse_proxy localhost:5232 {
+        header_up X-Script-Name /radicale
+        }
+    }
+    handle_path /radicale/* {
+        reverse_proxy localhost:5232 {
+            header_up X-Script-Name /radicale
+        }
+    }
+}
+

Webdav

Add the Webdav module to Caddy.

sudo caddy add-package github.com/mholt/caddy-webdav
+sudo systemctl restart caddy
+

Add Webdav to the Caddy configuration

Example configuration with protected file browsing, see the github for more configurations.

webdav.joshuayun.com {
+    @get method GET
+    root * WEBDAV_PATH
+    route {
+        basicauth {
+            joshua CADDY_HASH
+        }
+        file_server @get browse
+        webdav
+    }
+}
+

To generate the hash:

caddy hash-password
+

+ + + + + + + + + + + + + +

+ + + +

+ +

+ + + +

+ + + + + + + + + + \ No newline at end of file -- cgit v1.2.3