Skip to content

Instantly share code, notes, and snippets.

Last active July 20, 2022 18:30
Show Gist options
  • Save ewingson/dbfee4d329c803aed0b0bd87e7a2fa00 to your computer and use it in GitHub Desktop.
Save ewingson/dbfee4d329c803aed0b0bd87e7a2fa00 to your computer and use it in GitHub Desktop.

Documentation CSS config v0.3

  • npm install -g npm@latest (assumes node installed)
  • npm install -g @solid/community-server
  • (actual nginx)
  • install certbot via pip
  • certbot certonly \ --manual \ --preferred-challenges=dns \ --email \ --server \ --agree-tos \ --manual-public-ip-logging-ok \ -d -d *
  • DNS-Challenge (DNS Text-Record)
  • nano /etc/nginx/sites-available/
# The local Solid server instance
upstream solid-community-server {

server {
        listen 80;
        listen [::]:80;
        server_tokens off; ## Don't show the nginx version number, a security best practice
        return 301 https://$http_host$request_uri;

# Proxy traffic for https://solid.example/ to http://localhost:3000/
server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  ssl_certificate         /etc/letsencrypt/archive/;
  ssl_certificate_key     /etc/letsencrypt/archive/;
  ssl_trusted_certificate /etc/letsencrypt/live/;

access_log /var/log/nginx/css_ssl_access.log;
error_log /var/log/nginx/css_ssl_error.log;

  # Include this for certificate renewal if you are using Let's Encrypt
  include snippets/https.conf;
    location ^~ /.well-known/acme-challenge/ {
    root /var/www/; # or a folder of your choice

  # Proxy all other trafic to the Solid server
  location / {
    # Delegate to the Solid server, passing the original host and protocol
    proxy_pass http://solid-community-server$request_uri;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;

    # Pass these headers from the Solid server back to the client
    proxy_pass_header Server;
    proxy_pass_header Set-Cookie;

    # Enable Websocket support
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
# Generated by

ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets on;

# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/letsencrypt/live/;

# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;

# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;

# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
  • nano /lib/systemd/system/communityss.service
Description=Solid - Social Linked Data

ExecStart=/usr/lib/node_modules/@solid/community-server/bin/server.js -c @css:config/file.json -b

  • ln -s /lib/systemd/system/communityss.service /etc/systemd/system/
  • nano /usr/lib/node_modules/@solid/community-server/config/identity/email/default.json
  "@context": "^1.0.0/components/context.jsonld",
  "@graph": [
      "comment": "This is an example of what an actual email sender configuration would look like.",
      "@id": "urn:solid-server:default:EmailSender",
      "@type": "BaseEmailSender",
      "args_senderName": "",
      "args_emailConfig_host": "",
      "args_emailConfig_port": 465,
      "args_emailConfig_auth_user": "apikey",
      "args_emailConfig_auth_pass": "xxxxxx"
  • nginx -t
  • systemctl restart nginx
  • systemctl start communityss.service
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment