Alps is a webmail client, a program that allows you to access your email online like Gmail. It is useful to be able to access you email from a web browser because it allows you to easily access your email from any device with a web browser without much additional setup. Instructions There is no Debian package so we are going to build it from source. You need to have a newer Go compiler installed than what is in the Debian repos.| landchad.net
Transmission allows you to send and receive files via the BitTorrent protocol. This tutorial shows you how to use Transmission to run a “seedbox” - a server for downloading and seeding torrents. (For an explanation of BitTorrent, see Appendix 1.) Installation The Transmission daemon is available in the Debian repositories: apt install transmission-daemon Besides installing Transmission, this command creates: A user for running the service (debian-transmission) A default configuration file...| landchad.net
Mumble is an open source, low latency and high quality voice chat software, being the best open source alternative to TeamSpeak. VoIP communications are mandatory encrypted by default using OCB-AES128, it has integrations for gamers (like overlays), it’s stable and it’s resource friendly. The server can also be run behind Tor without any issue. Installation Mumble has a Debian repository for client and server, however it’s very outdated so we are going to build the server instead.| landchad.net
The Matrix protocol’s default implementation, Synapse, is very memory and processor hungry, mostly due to it being written in the interpreted Python programming language. This means that running Synapse on less powerful servers may take a lot of resources away from other services. If you need a more efficient and less memory-intensive but still fully functional Matrix server, then Dendrite is for you. Prerequisities DNS Records and Delegation You are not required to run a Matrix server unde...| landchad.net
DokuWiki is a simple wiki software, similar to MediaWiki. Unlike MediaWiki, it uses plain text files to store its content, not databases, making it simpler to configure than MediaWiki. It’s a good choice if you want a simple wiki engine without all the bells and whistles of MediaWiki and the additional step of setting up databases. Installation Although DokuWiki is available on the main debian repos, it is outdated and has a different directory structure, which may lead to problems with plu...| landchad.net
Hardening Postfix Put restrictions on servers sending mail to you. postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_recipient_domain' Anonymize Headers Use some regular expressions to prevent some meta data like a client’s ip address from being leaked. echo "/^Received:.*/ IGNORE /^X-Originating-IP:/ IGNORE /^User-Agent:/ IGNORE /^X-Mailer:/ IGNORE" >> /etc/postfix/header_checks Add this file to the postfix c...| landchad.net
In the article on SMTP and Postfix, we set up a simple Postfix server that we could use to programatically send mail with the mail command. In order to have a true and fully-functional mail server, users should be able to login to a mail client where they can read their inbox and send mail remotely. In order to achieve this we need Dovecot, which can store mails received by the server, authenticate user accounts and interact with mail.| landchad.net
Email is a lot like real-life mail. You can send email to anyone, but you can also write whatever return address you'd like. That is, it's pretty easy to pretend to be someone else via mail, and that was originally the case with email as well: email is just text, and you could just change your From: address to any email address you wanted! DKIM (Domain Keys Identified Mail) helps solve this issue.| landchad.net
While DNS records refer a domain name to the IP address where the the website is hosted, there is also rDNS (reverse DNS) and specifically PTR (pointer) records which do the reverse: link a server's IP to a domain name. This is important for many things, but especially email. Many email servers require that other servers that send them mail have PTR records to prevent spam. Setting your PTR Record DNS settings are set with your registrar, while rDNS settings are set with your server or VPS pr...| landchad.net
The first step to setting up an email server is having an SMTP server. SMTP sends and receives email. Whether we want a full email server or just the ability to send automated email by script, we will need SMTP, and Postfix is the standard SMTP server. Here let's set a server up. Note that our goal is to be able to send emails from our server. If you want a full email server, this is the first step, and we will address the rest later.| landchad.net
Dnsmasq is a libre DNS and DHCP system that allows anyone to run a DNS server to resolve domains. Normally to block domains and ads, users on most operating systems can edit their /etc/hosts file or use one of the many existing ad-blocking hosts collections available online. However, if you’re trying to block ads over your entire home network and do not have access to your router’s hosts file, then setting up your own DNS server can be very advantageous.| landchad.net
Looking for lightweight privacy on the go? Then consider hosting a WireGuard VPN service. In addition to this setup guide, we’ll also demonstrate how to tunnel your WireGuard traffic through a TLS WebSocket connection to circumvent some deep packet inspection systems. As an example, we’ll be using a virtual 172.16.0.0/24 network, but any private ip range will suffice. Installation On the Server Install the WireGuard management tools: apt install wireguard Enable IPv4 forwarding by uncomme...| landchad.net
A quick detour to binary You probably know that everything computers do, they do in binary (zeroes and ones) under the hood. But how does that actually work? Binary is just another numbering system like decimal (there are many others!), so while with decimal each digit can have 10 different values (0-9, hence decimal), numbers represented in binary have 2 possible values (0-1, hence binary). In binary a digit is called a bit.| landchad.net
Introduction This page is dedicated to advanced SSH usage examples. We will discuss the following concepts: config files (for client) tunneling jumping Config files Config files allow you to specify certain rules for all or chosen hosts. The file has a really simple structure. It is divided into sections which begin with the Host keyword. Sections are read one by one and the first matching section takes precedence over the remaining sections—you write more specific sections at the top and t...| landchad.net
Yarr (yet another rss reader) is a web-based feed aggregator which can be used both as a desktop application and a personal self-hosted server. It is written in Go with the frontend in Vue.js. The storage is backed by SQLite. Installing Yarr Firstly, we have to download yarr binary from github on our system wget https://github.com/nkanaev/yarr/releases/download/v2.3/yarr-v2.3-linux64.zip Unzip the archive unzip -x yarr-v2.3-linux64.zip Move the binary to your bin folder mv yarr /usr/local/bin...| landchad.net
Fosspay is a free-software web frontend for receiving donations and subscriptions, similar to Patreon or Liberapay, but which can be hosted on your own server. It can also interface with Patreon or Github Sponsors to aggregate all your donations. Stripe Setup Fosspay uses Stripe as a payment processor. You first must go to their website and create an account. Once you set everything up, you can go to https://dashboard.stripe.com/account/apikeys and get your “Publishable Key” and “Secret...| landchad.net
The point of this article is to show you how to do some commonly-desired tweaks in Nginx while in the meantime helping you understand how it works. Do not require .html in URLs If your website is using lots of .html files for pages, it's sort of overkill to make people type that in for every page they are looking for. We can remove that requirement with Nginx. Open your site's configuration file in /etc/nginx/sites-enabled/ and within the server block, there should be a location block that lo...| landchad.net
SearXNG is a free internet metasearch engine which aggregates results from more than 70 search services. This guide sets up a working instance that can be accessed using a domain over HTTPS. Features include: Self-hosted No user tracking No user profiling About 70 supported search engines Easy integration with any search engine Cookies are not used by default Secure, encrypted connections (HTTPS/SSL) Installation Install the required packages. apt install git nginx nginx-extras -y Open http a...| landchad.net
XMPP is a fantastically simple protocol that’s usually used as a messenger. It’s highly extensible, better than IRC, lighter and more decentralized than Matrix, and normie social media like Telegram can’t hold a candle to it. XMPP is so decentralized and extensible that there are many different XMPP servers. Here, let’s set up a Prosody XMPP server. Installation To install Prosody, first add the official Prosody repositories for Debian: # Install extrepo if you already haven't apt ins...| landchad.net
Coturn is a libre STUN and TURN server software that allows users of internet applications or protocols (Such as XMPP and Matrix) to perform WebRTC voice and video calls despite them being behind NATs. If you want to add video and voice calling natively to your XMPP or Matrix server (or a myriad of various other applications), you’ll need to install Coturn and configure it appropriately. Note on ejabberd If you’re installing ejabberd, then you don’t need Coturn.| landchad.net
Ejabberd is a server for the XMPP protocol written in Erlang. It’s more scalable, and easier to setup than Prosody due to having most of its modules built-in and pre-configured by default. Prerequisites Subdomains Ejabberd presumes that you have already created all the required and optional subdomains for its operation prior to running it. Depending on the usecase, you may need any or all of the following domains for XMPP functionality:| landchad.net
After you've deployed your website, you may want to consider improving its performance, accessibility, and search-engine optimization (SEO). Doing so can help make your website more user-friendly and increase its page rank in search results. Luckily, Google provides a measurement tool to help you improve these aspects. Start by entering your website's URL and click the Run Audit button (it will take 5-10 seconds to generate the report). Once the report has finished, you'll be greeted by a sco...| landchad.net
Radicale is an open source calDAV server. CalDAV is a widely supported internet standard for calendars, todo-lists and contacts. Hosting your own calDAV server allows sharing calendars between mutliple devices. More information can be found on the projects offical website: radicale.org. Installing Radicale Firstly, we have to install radicale on our system, luckily for us radicale is packaged for the most used distros. apt install radicale apache2-utils Next we need to configure Radicale.| landchad.net
Once you have your server hosting your git repositories, you might want to allow others to browse your repositories on the web. Cgit is a Free Software that allows browsing git repositories through the web. Note that Cgit is a read-only frontend for Git repositories and doesn't have issues, pull requests or user management. If that's what you want, consider installing Gitea instead. Installing cgit and fcgiwrap Install fcgiwrap NGINX doesn't have the capability to run CGI scripts by itself, i...| landchad.net
The Calibre library server is a great way to store your eBooks. It allows you to: Share your books with others. Easily transfer your books between devices and access them from anywhere. Installation Install the Calibre package. You might also want rsync to upload books. apt install -y calibre rsync mkdir /opt/calibre Either upload your existing library using rsync. For example to /opt/calibre/. cd ~/Documents rsync -avuP your-library-dir root@example.| landchad.net
Jitsi is a set of open-source projects that allows you to easily build and deploy secure video conferencing solutions. Is really easy to install, and also a really good private, federated and libre alternative to Zoom or other video conferencing software. You can create calls just by typing the URL, and loging-in is not necessary. Dependencies and Installation First, install some dependencies: apt install gpg apt-transport-https nginx python3-certbot-nginx Jitsi has its own package repository...| landchad.net
The basic website tutorial here describes how to set up a static website — one that just serves HTML files saved on your server, and until you change something manually, the same content will be served each time a given page is requested. This is perfectly enough for most personal website needs. This is how blogs should be implemented, instead of relying on bloatware like WordPress! But sometimes you genuinely do need something more.| landchad.net
Image files will usually have the most impact on the speed of your websites (aside from Ad/tracker scripts). Learn to slim down your images using the ubiquitous ImageMagick to make your websites faster on slow internet connections. For the examples, I decided to use this public domain image. There are many ways to decrease image size using ImageMagick, the simplest is to use the -quality option, which will compress the image without changing the resolution.| landchad.net
Matrix is easy-to-use, decentralized and encrypted private chat software. Matrix is federated, meaning that with a Matrix account on any server, including your own, you can talk to any other Matrix account on the internet, similar to email. Matrix also allows fully end-to-end encrypted group chats. Synapse is the name of the default Matrix server. It is written in Python. While it is requires somewhat more system resources than an XMPP server, it makes up for that in being very accessible to ...| landchad.net
Once you have a website, it is extremely important to enable encrypted connections over HTTPS/SSL. You might have no idea what that means, but it's easy to do now that we've set our web server up. Certbot is a program that automatically creates and deploys the certificates that allow encrypted connections. It used to be painful (and often expensive) to do this, but now it's all free and automatic. Why is encryption important?| landchad.net
At this point, we should have a domain name and a server and the domain name should direct to the IP address of the server with DNS records. As I said in previous articles, the instructions I will give will be for Debian. In this article, other distributions might work a little differently. Logging in to the server We first want to log into our VPS to get a command prompt where we can set up the web server.| landchad.net
The Gist Now that we have a domain and a server, we can connect the two using DNS records. DNS (domain name system) records are usually put into your registrar and direct people looking up your website to the server where your website and other things will be. Get your IPv4/IPv6 addresses from your VPS provider and put them into A/AAAA records on your registrar. Simple process, takes a minute, but here's a guide with a million images just so you know.| landchad.net
RSS Bridge is a useful utility you can use to help you avoid the big tech sites, like Facebook and Twitter, which instead of the feed you usually would see, will be a based and minimalist RSS feed. You'll need a server or VPS. Nearly any Operating system is supported but for this tutorial I'm gonna presume you're using a Debian-based OS. You'll also need a domain name pointing to your server's IP address which is explained in this tutorial.| landchad.net
The command certbot --nginx will take an unencrypted website on an Nginx configuration file, get a certificate for it and change the configuration to use that certificate and thus HTTPS. Sometimes, however, you are given an Nginx configuration template that already has encryption/HTTPS, so running the automated certbot --nginx is not possible, as it will simply give an error saying that the certicate that Nginx is looking for doesn't already exist and thus the Nginx config is broken.| landchad.net
What is Gemini? Gemini is a new internet protocol which is different from the HTTP and Gopher. It's much cleaner and has a growing community and audience of hackers. Why use gemini protocol? Gemini capsules (webpages of gemini) are lightweight, minimal, and don't use many resources to operate. It can run along with your websites. Gemini capsules use port 1965 by default. Your webserver can run at port 80 or 443 along with gemini server at port 1965.| landchad.net
Now you have a website, why not offer it in a private alternative such as the Invisible Internet? Setting up I2P There are 2 main I2P implementations, I2P and i2pd, we are using i2pd in this guide because it's easier to use in servers. Installing I2P i2pd is in most repos, in debian/ubuntu you can install it simply with apt install i2pd Enabling I2P We are going to create a user for i2pd, because i2pd finds the configuration files in its home directory.| landchad.net
The Problem Cryptocurrency can be unintuitive. After all, look at this annoying Monero address of ours: 84RXmrsE7ffCe1ADprxLMHRpmyhZuWYScDR4YghE8pFRFSyLtiZFYwD6EPijVzD3aZiEpg57MfHEr1pGJNPXyJgENMnWrSh It breaks up pages and looks ugly. When you copy and paste it to send money, you might be paranoid that you somehow added an extra character in there. That's all around a bad user experience. It would be nice... It would be nice if we could just input someone's email address or maybe a website an...| landchad.net
Hopefully by now you won't have to be sold on the invasive practices that social media companies conduct. Websites such as Facebook and Twitter aquire so much data on users that they often know more about you than you know about yourself. The simple solution to this is to not use social media. However, that just isn't an option for most people. So the next best thing is to setup a self-hosted and federalised social media site so that you have full control over your data.| landchad.net
rsync is a simple way to copy files and folders between your local computer and server. While you can install Nextcloud is a more normie-friendly Dropbox/Google Drive-like way to share files, people familiar with the command-line will find all they need in the simple rsync command. It not only makes file-transfer easy, but it allows you to build and maintain your website offline, then easily upload it to the proper directory on your server so you don't need to constantly be logged into your s...| landchad.net
What is Nextcloud? Nextcloud is a free and open source solution for cloud storage. However it can also do other things, such as manage your email, notes, calender, tasks, and can even connect to the Fediverse (think Mastodon and Pleroma). Pretty much every service that Google has to offer has a much better alternative as a Nextcloud app and this is a must-have for anyone wanting to get away from Google services but still wants a traditional cloud experience (in the likes of Google Services, a...| landchad.net
Now that you have a website, why not offer it on a private alternative such as the onion network? Setting up Tor Installing Tor First, we need to ensure that our CPU architecture is supported. Ensure that it is either amd64, arm64, or i386: dpkg --print-architecture We need to add the Tor repos to our system to get the latest version of Tor: apt install -y apt-transport-https gpg echo "deb [signed-by=/usr/share/keyrings/tor-archive-keyring.| landchad.net
Uncomplicated Firewall (UFW) is a front-facing program for the more involved iptables firewall program installed in most GNU/Linux distributions. We can use ufw to restrict machines on the internet to only access the services (SSH, websites etc) you want them to, but it can also be used to prevent programs on the computer itself from accesing parts of the internet it shouldn't. How to Get It Log into your server by pulling up a terminal and typing:| landchad.net
Let's generate and use SSH keys on our computer. This allows us to ensure our identity better than a password ever could. This allows us to do two main things: Password-less login: With SSH keys, we can permanently designate our profile on our local computer as safe for our server, allowing us to bypass password verification when logging into our server. Prevent hacking: Since we no longer need a password to log in, we can simply deactivate password logins on our server altogether, which prev...| landchad.net
Here are some important topics you should be familiar with whenever you are managing a server. Keep packages up to date. All GNU/Linux distributions use package managers to easily be able to install and update packages without manually downloading them. On Debian, which we use here for these tutorial the package manager is apt-get or apt for short. It's a good idea to use apt to keep your software reasonably up to date.| landchad.net
Monero (abbreviated XMR) is easily the cryptocurrency most actually used as such. Unlike Bitcoin, Monero is actually private and has very low transaction fees. That makes it a good idea to get a Monero wallet and add an address on your website where you can receive donations. Generate a Monero wallet Go to Monero's official site and you can download either the GUI (graphical) or CLI (command-line wallet). Some Linux distributions will have these packages in their repositories (monero and mone...| landchad.net
The Monero cryptocurrency relies on a network of decentralized nodes to store the private transaction information and maintain consensus. Running your own node will let you relay transactions and contribute to the Monero network by dedicating storage and processing power to the task. You can then connect to your node from a wallet (if you enable rps). Some other benefits of a full node are: More reliable and trusted as opposed to using a public node More secure for RPC calls for payment proce...| landchad.net
Once you have a domain name, you'll need a server to host all your website files on. In general, a server is just a computer that is constanly broadcasting some services on the internet. Servers connected to the internet can be extremely useful with or without proper websites attached to them. You can be your own website, email, file-sharing service and much more. Getting a VPS A Virtual Personal Server (VPS) is a very cheap and easy way to get a web server.| landchad.net
Terms Domain name The name of a website that you type in an address bar. This site's domain name is LandChad.net. Top-level domain (TLD) The extension of a domain name, like .com, .net, .xyz, etc. Registrar A service authorized to reserve a domain name for you. When domain names first sell, they usually sell for very cheap, but once someone buys one, they have the rights to it until they decide to sell it, often for much, much more money.| landchad.net
Introduction When you have a(n old) computer lying around, and you have cheap electricity and a good internet connection, self hosting might be a good option for you. Why would you choose selfhosting? You have control over the hardware, and you can upgrade your server in the future. For example: if you host a file server and your hard drive goes full, you can simply add another hard drive or upgrade it.| landchad.net
Creating your own chat server for you and your friends is easy, and you don't have to rely on a complicated system to get started. IRC is an old but gold protocol, and has clients for basically every operating system made since the 80s, with many powerful modern ones on Linux, Mac, and Windows. Having a chat server for you and your friends makes it impossible for a group of arbitrarily appointed moderators to deplatform you for wrong-think, and gives you greater freedom of communication.| landchad.net
Gitea allows you to self-host your git repositories similar to bare repositories, but comes with additional features that you might know from GitHub, such as issues, pull requests or multiple users. Its advantage over GitLab—another Free Software GitHub clone—is that it is much more lightweight and easier to setup. Head over to gitea.com to see what it looks like in practice. Although Gitea is lighter than Gitlab, if you have a VPS with only 512MB of RAM, you will probably have to upgrade.| landchad.net
Cron is a service that lets you run scheduled tasks on a computer. These tasks are called cronjobs. If you have already followed the initial course you will have already used cron when you set up Certbot, but we’ll explain how they work generally here. What tasks would I want to schedule? You can schedule anything! Some examples of what you might have done already include: updatedb to update your locate database to let you quicking search for files certbot to update renewing of your https c...| landchad.net
Once you have your own VPS or other Internet-available server, you can start hosting your own git repositories. The goal of this tutorial is for you to go from git clone github.com/... to git clone YourLandChadDomainName.xyz/... so you can cultivate your own homegrown, grass-fed code, rather than relying on a centralized proprietary service like GitHub. Installing git You most likely already have it installed on your server, but if not, run:| landchad.net
HTTP basic authentication will allow you to secure parts (or all) of your website with a username and password without the trouble of PHP or Javascript. This will work with any Nginx server. Installation We will be using the command htpasswd to make username and password pairs. apt install apache2-utils The apache utils include a small username-password pair encryption tool. Like the other tutorials on this site, this tutorial is for Nginx, not for Apache servers.| landchad.net
Let's now get a Bitcoin wallet and become able to receive Bitcoin funds or donations. Wallets One of the classical choices for a Bitcoin wallet is Electrum. Go to https://electrum.org to download and install it, or if you are a Linux user, it is probably included in your distribution's package repository. Mobile version? Note also that there are mobile/cell phone versions of Electrum for Android and iOS. I generally advise against using a wallet on a cell phone for security reasons, but if yo...| landchad.net
Rainloop is a webmail client, a program that allows you to access your email online like Gmail. It is useful to be able to access you email from a web browser because it allows you to easily access your email from any device with a web browser without any additional setup. If you set up Nextcloud then you do not need to install Rainloop because Nextcloud comes with a webmail client.| landchad.net
PeerTube is a self-hosted and (optionally) federated video sharing platform that saves bandwith on videos the more people watch. PeerTube instances can follow each other to share videos and grow the federated network, but you can always keep your instance to yourself if you choose to. Note on Bandwidth Video sharing is the most bandwidth intensive thing on the internet! If you plan on just having a small personal site with a few viewers and friends, that won't be a big concern, but most VPS p...| landchad.net