Skip to content

Instantly share code, notes, and snippets.

@ewingson
Last active July 20, 2022 18:30
Show Gist options
  • Save ewingson/dbfee4d329c803aed0b0bd87e7a2fa00 to your computer and use it in GitHub Desktop.
Save ewingson/dbfee4d329c803aed0b0bd87e7a2fa00 to your computer and use it in GitHub Desktop.

Documentation CSS config solidweb.me v0.3

  • npm install -g npm@latest (assumes node installed)
  • npm install -g @solid/community-server
  • (actual nginx)
  • install certbot via pip
  • certbot certonly \ --manual \ --preferred-challenges=dns \ --email evemat@web.de \ --server https://acme-v02.api.letsencrypt.org/directory \ --agree-tos \ --manual-public-ip-logging-ok \ -d solidweb.me -d *.solidweb.me
  • DNS-Challenge (DNS Text-Record)
  • nano /etc/nginx/sites-available/solidweb.me.conf
# The local Solid server instance
upstream solid-community-server {
  server 127.0.0.1:3000;
}

server {
        listen 80;
        listen [::]:80;
        server_name solidweb.me;
        server_tokens off; ## Don't show the nginx version number, a security best practice
        return 301 https://$http_host$request_uri;
}

# Proxy traffic for https://solid.example/ to http://localhost:3000/
server {
  server_name solidweb.me;
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  ssl_certificate         /etc/letsencrypt/archive/solidweb.me/fullchain2.pem;
  ssl_certificate_key     /etc/letsencrypt/archive/solidweb.me/privkey2.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/solidweb.me/lets-encrypt-x3-cross-signed.pem;

access_log /var/log/nginx/css_ssl_access.log;
error_log /var/log/nginx/css_ssl_error.log;

  # Include this for certificate renewal if you are using Let's Encrypt
  include snippets/https.conf;
    location ^~ /.well-known/acme-challenge/ {
    root /var/www/solidweb.me; # or a folder of your choice
  }

  # Proxy all other trafic to the Solid server
  location / {
    # Delegate to the Solid server, passing the original host and protocol
    proxy_pass http://solid-community-server$request_uri;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;

    # Pass these headers from the Solid server back to the client
    proxy_pass_header Server;
    proxy_pass_header Set-Cookie;

    # Enable Websocket support
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }
}
# Generated by https://ssl-config.mozilla.org/

ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets on;

# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/letsencrypt/live/solidweb.me/dh2048.pem;

# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;

# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;

# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
  • nano /lib/systemd/system/communityss.service
[Unit]
Description=Solid - Social Linked Data
Documentation=https://github.com/solid/community-server
After=network.target

[Service]
Type=simple
User=root
WorkingDirectory=/var/www/solidweb.me
ExecStart=/usr/lib/node_modules/@solid/community-server/bin/server.js -c @css:config/file.json -b https://solidweb.me/
Restart=on-failure

[Install]
WantedBy=multi-user.target
  • ln -s /lib/systemd/system/communityss.service /etc/systemd/system/multi-user.target.wants/
  • nano /usr/lib/node_modules/@solid/community-server/config/identity/email/default.json
{
  "@context": "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^1.0.0/components/context.jsonld",
  "@graph": [
    {
      "comment": "This is an example of what an actual email sender configuration would look like.",
      "@id": "urn:solid-server:default:EmailSender",
      "@type": "BaseEmailSender",
      "args_senderName": "me@evering.eu",
      "args_emailConfig_host": "smtp.sendgrid.net",
      "args_emailConfig_port": 465,
      "args_emailConfig_auth_user": "apikey",
      "args_emailConfig_auth_pass": "xxxxxx"
    }
  ]
}
  • nginx -t
  • systemctl restart nginx
  • systemctl start communityss.service
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment