blob: 22dc5512a310eaf19590e49f16cba66678387528 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
# Homelab Server Setup
This page describes how I setup my personal webserver
I'm hosting a website, wiki, caldav using Radicale, git using cgit and Gitolite, and webdav support
## Linux Distribution Used
Debian 12 Bookworm.
Update the system.
# apt update
# apt upgrade
## SSH
Generate ssh keys
ssh-keygen -t [keytype]
Add ssh keys to `~/.ssh/authorized_keys`
ssh-copy-id -i /path/to/pubkey [user@]machine
### Optional security enhancements
Change the port in `/etc/sshd_config` to a nonstandard port to harden security.
Port 1234
Disable password login in `/etc/sshd_config/`
PubkeyAuthentication yes
ChallengeResponseAuthentication no
PasswordAuthentication no
KbdInteractiveAuthentication no
UsePAM no
Disable XForwarding
X11Forwarding no
Disable remote root login
PermitRootLogin no
Disable root account
$ sudo chsh -s /sbin/nologin root
## DDNS
Setup [Dyanmic DNS (ddns) with Porkbun and ddns-updater](ddns.md).
## Caddy
Install the [Caddy](https://caddyserver.com/docs/install#debian-ubuntu-raspbian) package from Caddy directly.
## Cgit & gitolite
Setup [cgit with gitolite and caddy](cgit.md).
## Radicale
Install the [Radicale](https://packages.debian.org/bookworm/radicale) package.
Start the Radicale service.
systemctl enable radicale.service
systemctl start radicale.service
Generate secure passwords using htpasswd.
# Create a new htpasswd file with the user "user1"
$ htpasswd -c /path/to/users user1
New password:
Re-type new password:
# Add another user
$ htpasswd /path/to/users user2
New password:
Re-type new password:
Edit configuration to add users
[auth]
type = htpasswd
htpasswd_filename = /path/to/users
# encryption method used in the htpasswd file
htpasswd_encryption = md5
Add configuration to caddy.
caldav.joshuayun.com {
handle_path /* {
reverse_proxy localhost:5232 {
header_up X-Script-Name /radicale
}
}
handle_path /radicale/* {
reverse_proxy localhost:5232 {
header_up X-Script-Name /radicale
}
}
}
## Webdav
Add the Webdav module to Caddy.
sudo caddy add-package github.com/mholt/caddy-webdav
sudo systemctl restart caddy
Add Webdav to the Caddy configuration
Example configuration with protected file browsing, see the [github](https://github.com/mholt/caddy-webdav) for more configurations.
webdav.joshuayun.com {
@get method GET
root * WEBDAV_PATH
route {
basicauth {
joshua CADDY_HASH
}
file_server @get browse
webdav
}
}
To generate the hash:
caddy hash-password
|
