From be0a9dfcbd5ea62eca32f3cebb104ae39855a4f2 Mon Sep 17 00:00:00 2001 From: joshua Date: Fri, 29 Dec 2023 23:18:01 -0500 Subject: updated wiki on how to make server --- site/server/cgit/index.html | 776 ++++++++++++++++++++++++++++++++++++++++++ site/server/ddns/index.html | 612 +++++++++++++++++++++++++++++++++ site/server/server/index.html | 726 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 2114 insertions(+) create mode 100644 site/server/cgit/index.html create mode 100644 site/server/ddns/index.html create mode 100644 site/server/server/index.html (limited to 'site/server') diff --git a/site/server/cgit/index.html b/site/server/cgit/index.html new file mode 100644 index 0000000..a01b653 --- /dev/null +++ b/site/server/cgit/index.html @@ -0,0 +1,776 @@ + + + + + + + + + + + + + + + + + + + + + + + + + Cgit with gitolite - Joshua's Wiki + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + +
+ + +
+ +
+ + + + + + +
+
+ + + +
+
+
+ + + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + +

Cgit with gitolite and caddy

+

Setup

+

Install dependencies.

+
# apt install cgit python-is-python3 python3-pygments python3-markdown docutils-common groff perl
+
+

Make a git user.

+
sudo adduser --system --shell /bin/bash --group --disabled-password --home /home/git git
+
+

Allow ssh passwordless login.

+
usermod -p '*' username
+
+

Gitolite

+

Install the gitolite package from the repository directly.

+

Configuration with cgit

+

Configuration of gitolite is done by modifying $HOME/.gitolite.rc.

+

To work correctly with cgit, gitweb and cgit configuration options need to work with gitolite.

+

Change:

+
GIT_CONFIG_KEYS  =>  '',
+
+

To:

+
GIT_CONFIG_KEYS  =>  '.*',
+
+

To have permissions work correctly,

+

Change:

+
UMASK  =>  0077,
+
+

To:

+
UMASK  =>  0027,
+
+

In the ENABLE field, add gitweb and cgit to the list.

+

Usage

+

Detailed usage of gitolite can be found here

+

Repository ignore

+

After cgit is configured, cgit can be told to ignore a repo with this syntax.

+
repo gitolite-admin
+    config cgit.ignore=1
+
+

Adding Hooks to gitolite

+

This page details how to add hooks to your repositories.

+

Example hook that updates a website every git push. Make sure this directory is owned by git.

+
#!/bin/sh
+GIT_WORK_TREE=/desired/website/directory git checkout -f
+
+

Cgit

+

Running cgit with caddy

+

Install the fcgiwrap package.

+

Create a systemd service that wraps cgit with FastCGI.

+
# systemctl edit --full --force cgit.service
+
+ + +
[Unit]
+Description=CGI web interface to the Git SCM
+After=network.target
+
+[Service]
+Type=exec
+ExecStart=fcgiwrap -f -p "/usr/lib/cgit/cgit.cgi" -s tcp:127.0.0.1:8999
+
+[Install]
+WantedBy=multi-user.target
+
+ + +
# systemctl start cgit
+
+

Add cgit configuration to caddy.

+
git.joshuayun.com {
+        handle_path /cgit-css/* {
+                root * /usr/share/cgit/
+                file_server
+        }
+
+        handle {
+                reverse_proxy localhost:8999 {
+                        transport fastcgi {
+                                env DOCUMENT_ROOT /usr/lib/cgit/
+                                env SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi
+                        }
+                }
+        }
+}
+
+

Cgit configuration

+

More detailed documentation can be found on the cgitrc(5) manual.

+

enable-git-config is used to allow for gitweb.* configurations in gitolite, e.g. description, owner.

+
enable-git-config=1
+
+

project-list sets where cgit looks for projects, this list is the one updated by gitolite

+
project-list=/home/git/projects.list
+
+

scan-path sets where the actual git repositories live

+
scan-path=/home/git/repositories
+
+

References

+

SixFoisNeuf Used this blog to run cgit using fcgiwrap rather than a caddy plugin. The entire cgit with caddy section was using his work.

+

Mateja Maric Used this blog to help configure cgitrc, gitolite.rc

+

Luke Hsiao Used the git user creation command from this blog.

+

Omar Polo (yumh) Used this blog to help configure cgitrc for hidden repos.

+

Bryan Brattlof Not much used here, kept as reference.

+ + + + + + + + + + + + + +
+
+ + + +
+ +
+ + + +
+
+
+
+ + + + + + + + + + \ No newline at end of file diff --git a/site/server/ddns/index.html b/site/server/ddns/index.html new file mode 100644 index 0000000..a81e917 --- /dev/null +++ b/site/server/ddns/index.html @@ -0,0 +1,612 @@ + + + + + + + + + + + + + + + + + + + + + + + + + DDNS - Joshua's Wiki + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + +
+ + +
+ +
+ + + + + + +
+
+ + + +
+
+
+ + + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + +

DDNS Setup

+

Porkbun API

+

Follow this porkbun guide on enabling the api for your domain.

+

ddns-updater

+

ddns-updater is the program used to update Porkbun's A record of your domain.

+

Docker install

+

Install the docker package from official docker repositories.

+

Setup

+

Create a directory with config.json inside, and make sure that its owner has a uid of 1000.

+
mkdir data
+touch data/config.json
+# Owned by user ID of Docker container (1000)
+chown -R 1000 data
+# all access (for creating json database file data/updates.json)
+chmod 700 data
+# read access only
+chmod 400 data/config.json
+
+

Configuration for porkbun in config.json

+
{
+  "settings": [
+    {
+      "provider": "porkbun",
+      "domain": "domain.com",
+      "host": "@",
+      "api_key": "PORKBUN SECRET KEY",
+      "secret_api_key": "PORKBUN API KEY",
+      "ip_version": "ipv4"
+    }
+  ]
+}
+
+

Optional "ttl" paramter specifing A record TTL not included.

+

Usage

+
docker run -d -p 8000:8000/tcp -v "$(pwd)"/data:/updater/data qmcgaw/ddns-updater
+
+

This will start a docker container that will start updating the DNS records. +Status updates can be seen in a web server by going to localhost:8000.

+ + + + + + + + + + + + + +
+
+ + + +
+ +
+ + + +
+
+
+
+ + + + + + + + + + \ No newline at end of file diff --git a/site/server/server/index.html b/site/server/server/index.html new file mode 100644 index 0000000..b6ecf70 --- /dev/null +++ b/site/server/server/index.html @@ -0,0 +1,726 @@ + + + + + + + + + + + + + + + + + + + + + + + + + Server Setup - Joshua's Wiki + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + Skip to content + + +
+
+ +
+ + + + + + +
+ + +
+ +
+ + + + + + +
+
+ + + +
+
+
+ + + + + +
+
+
+ + + +
+
+
+ + + +
+
+
+ + + +
+
+ + + + +

Homelab Server Setup

+

This page describes how I setup my personal webserver

+

I'm hosting a website, wiki, caldav using Radicale, git using cgit and Gitolite, and webdav support

+

Linux Distribution Used

+

Debian 12 Bookworm.

+

Update the system.

+
# apt update
+# apt upgrade
+
+

SSH

+

Generate ssh keys

+
ssh-keygen -t [keytype]
+
+

Add ssh keys to ~/.ssh/authorized_keys

+
ssh-copy-id -i /path/to/pubkey [user@]machine
+
+

Optional security enhancements

+

Change the port in /etc/sshd_config to a nonstandard port to harden security.

+
Port 1234
+
+

Disable password login in /etc/sshd_config/

+
PubkeyAuthentication yes
+ChallengeResponseAuthentication no
+PasswordAuthentication no
+KbdInteractiveAuthentication no
+UsePAM no
+
+

Disable XForwarding

+
X11Forwarding no
+
+

Disable remote root login

+
PermitRootLogin no
+
+

DDNS

+

Setup Dyanmic DNS (ddns) with Porkbun and ddns-updater.

+

Caddy

+

Install the Caddy package from Caddy directly.

+

Cgit & gitolite

+

Setup cgit with gitolite and caddy.

+

Radicale

+

Install the Radicale package.

+

Start the Radicale service.

+
systemctl enable radicale.service
+systemctl start radicale.service
+
+

Generate secure passwords using htpasswd.

+
# Create a new htpasswd file with the user "user1"
+$ htpasswd -c /path/to/users user1
+New password:
+Re-type new password:
+# Add another user
+$ htpasswd /path/to/users user2
+New password:
+Re-type new password:
+
+

Edit configuration to add users

+
[auth]
+type = htpasswd
+htpasswd_filename = /path/to/users
+# encryption method used in the htpasswd file
+htpasswd_encryption = md5
+
+

Add configuration to caddy.

+
caldav.joshuayun.com {
+    handle_path /* {
+        reverse_proxy localhost:5232 {
+        header_up X-Script-Name /radicale
+        }
+    }
+    handle_path /radicale/* {
+        reverse_proxy localhost:5232 {
+            header_up X-Script-Name /radicale
+        }
+    }
+}
+
+

Webdav

+

Add the Webdav module to Caddy.

+
sudo caddy add-package github.com/mholt/caddy-webdav
+sudo systemctl restart caddy
+
+

Add Webdav to the Caddy configuration

+

Example configuration with protected file browsing, see the github for more configurations.

+
webdav.joshuayun.com {
+    @get method GET
+    root * WEBDAV_PATH
+    route {
+        basicauth {
+            joshua CADDY_HASH
+        }
+        file_server @get browse
+        webdav
+    }
+}
+
+

To generate the hash:

+
caddy hash-password
+
+ + + + + + + + + + + + + +
+
+ + + +
+ +
+ + + +
+
+
+
+ + + + + + + + + + \ No newline at end of file -- cgit v1.2.3