Skip to content

Instantly share code, notes, and snippets.

Last active December 16, 2022 20:17
Show Gist options
  • Save ewingson/c6e97a996aa51eac9f7fd1b7eaf14dc4 to your computer and use it in GitHub Desktop.
Save ewingson/c6e97a996aa51eac9f7fd1b7eaf14dc4 to your computer and use it in GitHub Desktop.

Documentation install

  • install environment (Debian 10,
  • change and note password (Kundenadmin)
  • ssh into the machine as root
  • apt-get update
  • apt-get upgrade
  • apt-get install curl nano nginx
  • systemctl stop apache2
  • systemctl start nginx
  • adduser --system --ingroup www-data --no-create-home solid
  • wget (deprecated, should be replaced by certbot)
  • mv certbot-auto /usr/local/bin/certbot-auto
  • chown root /usr/local/bin/certbot-auto
  • chmod 755 /usr/local/bin/certbot-auto
  • cd /usr/local/bin/
  • ./certbot-auto certonly \ --manual \ --preferred-challenges=dns \ --email \ --server \ --agree-tos \ -d -d *
  • DNS-Challenge
  • chmod -R 755 /etc/letsencrypt/live/ /etc/letsencrypt/archive/
  • curl -sL | sudo bash -
  • apt-get install nodejs
  • node -v
  • npm -v
  • npm install -g solid-server
  • solid init
$ solid init
* ? Path to the folder you want to serve. Default is (./data) /var/www/html/data
? SSL port to run on. Default is (8443) 8443
? Solid server uri (with protocol, hostname and port)
? Enable WebID authentication Yes
? Serve Solid on URL path /
? Path to the config directory (for example: /etc/solid-server) (./config) /var/www/html/config
? Path to the config file (for example: ./config.json) (./config.json) /var/www/html/config.json
? Path to the server metadata db directory (for users/apps etc) (./.db) /var/www/html/.db
? Path to the SSL private key in PEM format /etc/letsencrypt/archive/
? Path to the SSL certificate key in PEM format /etc/letsencrypt/archive/
? Enable multi-user mode Yes
? Do you want to set up an email service (y/N) N
? A name for your server (not required)
? A description of your server (not requred) undefined
? A logo (not required) undefined
? Do you want to enforce Terms & Conditions for your service (y/N) N
? Do you want to disable password strength checking (y/N) N
? The support email you provide for your users (not required)
config created on /root/config.json

"useEmail": true, "email": { "host": "", "port": "465", "sender": "", "secure": true, "auth": { "user": "apikey", "pass": "xxxxxx" } }

  • copy to /var/www/html/config.json
  • create /lib/systemd/system/solid.service
Description=solid - Social Linked Data

ExecStart=/usr/bin/solid start

  • ln -s /lib/systemd/system/solid.service /etc/systemd/system/
  • chown solid:www-data /var/www/html/config.json
  • cd /var/www/html
  • chown -R solid:www-data config data .db
  • create /etc/nginx/sites-available/default
# Nginx configuration for Solid on Port 8443

## Redirects all HTTP traffic to the HTTPS host
server {
  ## In case of conflict, either remove "default_server" from the listen line below,
  ## or delete the /etc/nginx/sites-enabled/default file.
  listen [::]:80;
  server_tokens off; ## Don't show the nginx version number, a security best practice
  return 301 https://$http_host$request_uri;
  access_log  /var/log/nginx/solid_access.log;
  error_log   /var/log/nginx/solid_error.log;

server {
  listen *:443 ssl;
  listen [::]:443 ssl;
  server_tokens off;

  access_log  /var/log/nginx/solid_ssl_access.log;
  error_log   /var/log/nginx/solid_ssl_error.log;

ssl_certificate /etc/letsencrypt/archive/;
ssl_certificate_key /etc/letsencrypt/archive/;

root /var/www/html; #webroot

  ## [Optional] Enable HTTP Strict Transport Security
  ## HSTS is a feature improving protection against MITM attacks
  ## For more information see:
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

  location / {
    proxy_pass https://localhost:8443;

    gzip off;
    proxy_redirect off;

    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    proxy_http_version 1.1;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-Ssl     on;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

  • systemctl restart nginx
  • nano /var/www/html/config/templates/new-account/settings/serverSide.ttl
@prefix dct: <>.
@prefix pim: <>.
@prefix solid: <>.

  a pim:ConfigurationFile;

  dct:description "Administrative settings for the POD that the user can only read." .

    solid:storageQuota "250000000" .
  • systemctl start solid.service
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment