Skip to content

Instantly share code, notes, and snippets.

@ewingson

ewingson/Documentation solidweb.org install.md

Last active December 16, 2022 20:17
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ewingson/c6e97a996aa51eac9f7fd1b7eaf14dc4 to your computer and use it in GitHub Desktop.
Save ewingson/c6e97a996aa51eac9f7fd1b7eaf14dc4 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Documentation solidweb.org install.md

Documentation solidweb.org install

  • install environment (Debian 10, https://kis.hosteurope.de)
  • change and note password (Kundenadmin)
  • ssh into the machine as root
  • apt-get update
  • apt-get upgrade
  • apt-get install curl nano nginx
  • systemctl stop apache2
  • systemctl start nginx
  • adduser --system --ingroup www-data --no-create-home solid
  • wget https://dl.eff.org/certbot-auto (deprecated, should be replaced by certbot)
  • mv certbot-auto /usr/local/bin/certbot-auto
  • chown root /usr/local/bin/certbot-auto
  • chmod 755 /usr/local/bin/certbot-auto
  • cd /usr/local/bin/
  • ./certbot-auto certonly \ --manual \ --preferred-challenges=dns \ --email evemat@web.de \ --server https://acme-v02.api.letsencrypt.org/directory \ --agree-tos \ -d solidweb.org -d *.solidweb.org
  • DNS-Challenge
  • chmod -R 755 /etc/letsencrypt/live/ /etc/letsencrypt/archive/
  • curl -sL https://deb.nodesource.com/setup_16.x | sudo bash -
  • apt-get install nodejs
  • node -v
  • npm -v
  • npm install -g solid-server
  • solid init
$ solid init
* ? Path to the folder you want to serve. Default is (./data) /var/www/html/data
? SSL port to run on. Default is (8443) 8443
? Solid server uri (with protocol, hostname and port) https://solidweb.org
? Enable WebID authentication Yes
? Serve Solid on URL path /
? Path to the config directory (for example: /etc/solid-server) (./config) /var/www/html/config
? Path to the config file (for example: ./config.json) (./config.json) /var/www/html/config.json
? Path to the server metadata db directory (for users/apps etc) (./.db) /var/www/html/.db
? Path to the SSL private key in PEM format /etc/letsencrypt/archive/solidweb.org/privkey1.pem
? Path to the SSL certificate key in PEM format /etc/letsencrypt/archive/solidweb.org/fullchain1.pem
? Enable multi-user mode Yes
? Do you want to set up an email service (y/N) N
? A name for your server (not required) solidweb.org
? A description of your server (not requred) undefined
? A logo (not required) undefined
? Do you want to enforce Terms & Conditions for your service (y/N) N
? Do you want to disable password strength checking (y/N) N
? The support email you provide for your users (not required) meisdata@gmail.com
config created on /root/config.json

"useEmail": true, "email": { "host": "smtp.sendgrid.net", "port": "465", "sender": "me@evering.eu", "secure": true, "auth": { "user": "apikey", "pass": "xxxxxx" } }

  • copy to /var/www/html/config.json
  • create /lib/systemd/system/solid.service
[Unit]
Description=solid - Social Linked Data
Documentation=https://solid.inrupt.com/docs/
After=network.target

[Service]
Type=simple
User=solid
WorkingDirectory=/var/www/html
ExecStart=/usr/bin/solid start
Restart=on-failure

[Install]
WantedBy=multi-user.target
  • ln -s /lib/systemd/system/solid.service /etc/systemd/system/multi-user.target.wants/
  • chown solid:www-data /var/www/html/config.json
  • cd /var/www/html
  • chown -R solid:www-data config data .db
  • create /etc/nginx/sites-available/default
# Nginx configuration for Solid on Port 8443

## Redirects all HTTP traffic to the HTTPS host
server {
  ## In case of conflict, either remove "default_server" from the listen line below,
  ## or delete the /etc/nginx/sites-enabled/default file.
  listen 0.0.0.0:80;
  listen [::]:80;
  server_name solidweb.org;
  server_tokens off; ## Don't show the nginx version number, a security best practice
  return 301 https://$http_host$request_uri;
  access_log  /var/log/nginx/solid_access.log;
  error_log   /var/log/nginx/solid_error.log;
}

server {
  listen *:443 ssl;
  listen [::]:443 ssl;
  server_name solidweb.org;
  server_tokens off;

  access_log  /var/log/nginx/solid_ssl_access.log;
  error_log   /var/log/nginx/solid_ssl_error.log;

ssl_certificate /etc/letsencrypt/archive/solidweb.org/fullchain1.pem;
ssl_certificate_key /etc/letsencrypt/archive/solidweb.org/privkey1.pem;

root /var/www/html; #webroot

  ## [Optional] Enable HTTP Strict Transport Security
  ## HSTS is a feature improving protection against MITM attacks
  ## For more information see: https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

  location / {
    proxy_pass https://localhost:8443;

    gzip off;
    proxy_redirect off;

    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    proxy_http_version 1.1;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-Ssl     on;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }

}
  • systemctl restart nginx
  • nano /var/www/html/config/templates/new-account/settings/serverSide.ttl
@prefix dct: <http://purl.org/dc/terms/>.
@prefix pim: <http://www.w3.org/ns/pim/space#>.
@prefix solid: <http://www.w3.org/ns/solid/terms#>.

<>
  a pim:ConfigurationFile;

  dct:description "Administrative settings for the POD that the user can only read." .

</>
    solid:storageQuota "250000000" .
  • systemctl start solid.service
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment