freedombonee/website/EN/homeserver.html

511 lines
19 KiB
HTML

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2017-12-28 Thu 21:15 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>&lrm;</title>
<meta name="generator" content="Org mode" />
<meta name="author" content="Bob Mottram" />
<meta name="description" content="Turn the Beaglebone Black into a personal communications server"
/>
<meta name="keywords" content="freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber" />
<style type="text/css">
<!--/*--><![CDATA[/*><!--*/
.title { text-align: center;
margin-bottom: .2em; }
.subtitle { text-align: center;
font-size: medium;
font-weight: bold;
margin-top:0; }
.todo { font-family: monospace; color: red; }
.done { font-family: monospace; color: green; }
.priority { font-family: monospace; color: orange; }
.tag { background-color: #eee; font-family: monospace;
padding: 2px; font-size: 80%; font-weight: normal; }
.timestamp { color: #bebebe; }
.timestamp-kwd { color: #5f9ea0; }
.org-right { margin-left: auto; margin-right: 0px; text-align: right; }
.org-left { margin-left: 0px; margin-right: auto; text-align: left; }
.org-center { margin-left: auto; margin-right: auto; text-align: center; }
.underline { text-decoration: underline; }
#postamble p, #preamble p { font-size: 90%; margin: .2em; }
p.verse { margin-left: 3%; }
pre {
border: 1px solid #ccc;
box-shadow: 3px 3px 3px #eee;
padding: 8pt;
font-family: monospace;
overflow: auto;
margin: 1.2em;
}
pre.src {
position: relative;
overflow: visible;
padding-top: 1.2em;
}
pre.src:before {
display: none;
position: absolute;
background-color: white;
top: -10px;
right: 10px;
padding: 3px;
border: 1px solid black;
}
pre.src:hover:before { display: inline;}
/* Languages per Org manual */
pre.src-asymptote:before { content: 'Asymptote'; }
pre.src-awk:before { content: 'Awk'; }
pre.src-C:before { content: 'C'; }
/* pre.src-C++ doesn't work in CSS */
pre.src-clojure:before { content: 'Clojure'; }
pre.src-css:before { content: 'CSS'; }
pre.src-D:before { content: 'D'; }
pre.src-ditaa:before { content: 'ditaa'; }
pre.src-dot:before { content: 'Graphviz'; }
pre.src-calc:before { content: 'Emacs Calc'; }
pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
pre.src-fortran:before { content: 'Fortran'; }
pre.src-gnuplot:before { content: 'gnuplot'; }
pre.src-haskell:before { content: 'Haskell'; }
pre.src-hledger:before { content: 'hledger'; }
pre.src-java:before { content: 'Java'; }
pre.src-js:before { content: 'Javascript'; }
pre.src-latex:before { content: 'LaTeX'; }
pre.src-ledger:before { content: 'Ledger'; }
pre.src-lisp:before { content: 'Lisp'; }
pre.src-lilypond:before { content: 'Lilypond'; }
pre.src-lua:before { content: 'Lua'; }
pre.src-matlab:before { content: 'MATLAB'; }
pre.src-mscgen:before { content: 'Mscgen'; }
pre.src-ocaml:before { content: 'Objective Caml'; }
pre.src-octave:before { content: 'Octave'; }
pre.src-org:before { content: 'Org mode'; }
pre.src-oz:before { content: 'OZ'; }
pre.src-plantuml:before { content: 'Plantuml'; }
pre.src-processing:before { content: 'Processing.js'; }
pre.src-python:before { content: 'Python'; }
pre.src-R:before { content: 'R'; }
pre.src-ruby:before { content: 'Ruby'; }
pre.src-sass:before { content: 'Sass'; }
pre.src-scheme:before { content: 'Scheme'; }
pre.src-screen:before { content: 'Gnu Screen'; }
pre.src-sed:before { content: 'Sed'; }
pre.src-sh:before { content: 'shell'; }
pre.src-sql:before { content: 'SQL'; }
pre.src-sqlite:before { content: 'SQLite'; }
/* additional languages in org.el's org-babel-load-languages alist */
pre.src-forth:before { content: 'Forth'; }
pre.src-io:before { content: 'IO'; }
pre.src-J:before { content: 'J'; }
pre.src-makefile:before { content: 'Makefile'; }
pre.src-maxima:before { content: 'Maxima'; }
pre.src-perl:before { content: 'Perl'; }
pre.src-picolisp:before { content: 'Pico Lisp'; }
pre.src-scala:before { content: 'Scala'; }
pre.src-shell:before { content: 'Shell Script'; }
pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
/* additional language identifiers per "defun org-babel-execute"
in ob-*.el */
pre.src-cpp:before { content: 'C++'; }
pre.src-abc:before { content: 'ABC'; }
pre.src-coq:before { content: 'Coq'; }
pre.src-groovy:before { content: 'Groovy'; }
/* additional language identifiers from org-babel-shell-names in
ob-shell.el: ob-shell is the only babel language using a lambda to put
the execution function name together. */
pre.src-bash:before { content: 'bash'; }
pre.src-csh:before { content: 'csh'; }
pre.src-ash:before { content: 'ash'; }
pre.src-dash:before { content: 'dash'; }
pre.src-ksh:before { content: 'ksh'; }
pre.src-mksh:before { content: 'mksh'; }
pre.src-posh:before { content: 'posh'; }
/* Additional Emacs modes also supported by the LaTeX listings package */
pre.src-ada:before { content: 'Ada'; }
pre.src-asm:before { content: 'Assembler'; }
pre.src-caml:before { content: 'Caml'; }
pre.src-delphi:before { content: 'Delphi'; }
pre.src-html:before { content: 'HTML'; }
pre.src-idl:before { content: 'IDL'; }
pre.src-mercury:before { content: 'Mercury'; }
pre.src-metapost:before { content: 'MetaPost'; }
pre.src-modula-2:before { content: 'Modula-2'; }
pre.src-pascal:before { content: 'Pascal'; }
pre.src-ps:before { content: 'PostScript'; }
pre.src-prolog:before { content: 'Prolog'; }
pre.src-simula:before { content: 'Simula'; }
pre.src-tcl:before { content: 'tcl'; }
pre.src-tex:before { content: 'TeX'; }
pre.src-plain-tex:before { content: 'Plain TeX'; }
pre.src-verilog:before { content: 'Verilog'; }
pre.src-vhdl:before { content: 'VHDL'; }
pre.src-xml:before { content: 'XML'; }
pre.src-nxml:before { content: 'XML'; }
/* add a generic configuration mode; LaTeX export needs an additional
(add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
pre.src-conf:before { content: 'Configuration File'; }
table { border-collapse:collapse; }
caption.t-above { caption-side: top; }
caption.t-bottom { caption-side: bottom; }
td, th { vertical-align:top; }
th.org-right { text-align: center; }
th.org-left { text-align: center; }
th.org-center { text-align: center; }
td.org-right { text-align: right; }
td.org-left { text-align: left; }
td.org-center { text-align: center; }
dt { font-weight: bold; }
.footpara { display: inline; }
.footdef { margin-bottom: 1em; }
.figure { padding: 1em; }
.figure p { text-align: center; }
.inlinetask {
padding: 10px;
border: 2px solid gray;
margin: 10px;
background: #ffffcc;
}
#org-div-home-and-up
{ text-align: right; font-size: 70%; white-space: nowrap; }
textarea { overflow-x: auto; }
.linenr { font-size: smaller }
.code-highlighted { background-color: #ffff00; }
.org-info-js_info-navigation { border-style: none; }
#org-info-js_console-label
{ font-size: 10px; font-weight: bold; white-space: nowrap; }
.org-info-js_search-highlight
{ background-color: #ffff00; color: #000000; font-weight: bold; }
.org-svg { width: 90%; }
/*]]>*/-->
</style>
<link rel="stylesheet" type="text/css" href="freedombone.css" />
<script type="text/javascript">
/*
@licstart The following is the entire license notice for the
JavaScript code in this tag.
Copyright (C) 2012-2017 Free Software Foundation, Inc.
The JavaScript code in this tag is free software: you can
redistribute it and/or modify it under the terms of the GNU
General Public License (GNU GPL) as published by the Free Software
Foundation, either version 3 of the License, or (at your option)
any later version. The code is distributed WITHOUT ANY WARRANTY;
without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU GPL for more details.
As additional permission under GNU GPL version 3 section 7, you
may distribute non-source (e.g., minimized or compacted) forms of
that code without the copy of the GNU GPL normally required by
section 4, provided you include this license notice and a URL
through which recipients can access the Corresponding Source.
@licend The above is the entire license notice
for the JavaScript code in this tag.
*/
<!--/*--><![CDATA[/*><!--*/
function CodeHighlightOn(elem, id)
{
var target = document.getElementById(id);
if(null != target) {
elem.cacheClassElem = elem.className;
elem.cacheClassTarget = target.className;
target.className = "code-highlighted";
elem.className = "code-highlighted";
}
}
function CodeHighlightOff(elem, id)
{
var target = document.getElementById(id);
if(elem.cacheClassElem)
elem.className = elem.cacheClassElem;
if(elem.cacheClassTarget)
target.className = elem.cacheClassTarget;
}
/*]]>*///-->
</script>
</head>
<body>
<div id="preamble" class="status">
<a name="top" id="top"></a>
</div>
<div id="content">
<div class="org-center">
<div class="figure">
<p><img src="images/logo.png" alt="logo.png" />
</p>
</div>
</div>
<center><h1>Home Server</h1></center>
<p>
The quickest way to get started is as follows. You will need to be running a Debian based system (version 8 or later), have an old but still working laptop or netbook which you can use as a server, and 8GB or larger USB thumb drive and an ethernet cable to connect the laptop to your internet router.
</p>
<p>
First install freedombone onto your local system (not the target hardware that you want to run Freedombone on). On a debian based distro:
</p>
<div class="org-src-container">
<pre class="src src-bash">sudo apt-get install git
git clone https://github.com/bashrc/freedombone
<span class="org-builtin">cd</span> freedombone
git checkout stretch
sudo make install
freedombone-image --setup debian
freedombone-image -t i386 --onion-addresses-only yes
</pre>
</div>
<p>
Or on Arch/Parabola:
</p>
<div class="org-src-container">
<pre class="src src-bash">sudo pacman -S git
git clone https://github.com/bashrc/freedombone
<span class="org-builtin">cd</span> freedombone
git checkout stretch
sudo make install
freedombone-image --setup parabola
freedombone-image -t i386 --onion-addresses-only yes
</pre>
</div>
<p>
Now prepare your local system to talk to the freedombone by running the following command. This will set up avahi and create ssh keys if necessary.
</p>
<div class="org-src-container">
<pre class="src src-bash">freedombone-client
</pre>
</div>
<div class="org-center">
<div class="figure">
<p><img src="images/tor_onion.jpg" alt="tor_onion.jpg" />
</p>
</div>
</div>
<p>
The version in which sites are available only via onion addresses is the easiest to get started with, since you can evaluate the system without committing to buying an ICANN domain name or needing to get involved with SSL/TLS certificates at all. However, if you do want your sites to be available typically as subdomains of a domain name which you own then remove the <b>&#x2013;onion-addresses-only yes</b> option from the last command shown above. Also see the <a href="./domains.html">guide on setting up an ICANN domain name</a>.
</p>
<p>
The <b>onion-addresses-only</b> option <b>does not</b> mean that everything gets routed through Tor. It's intended to provide accessible web apps with minimum fuss and without needing to buy a clearnet domain name or mess with forwarding ports. Using apps via their onion addresses may provide some degree of anonymity but it may not be perfect and anonymity isn't the aim of this system (if you want that then use <a href="https://tails.boum.org/">TAILS</a>).
</p>
<p>
If you want to create images for microSD cards used within various single board computers then replace the <b>i386</b> with <b>beaglebone</b> / <b>cubieboard2</b> / <b>cubietruck</b> / <b>a20-olinuxino-lime</b> / <b>a20-olinuxino-lime2</b> / <b>a20-olinuxino-micro</b> or <b>apu</b>.
</p>
<div class="org-center">
<div class="figure">
<p><img src="images/beaglebone_black9.jpg" alt="beaglebone_black9.jpg" />
</p>
</div>
</div>
<p>
This takes a while. Maybe an hour or so, depending on the speed of your system and the internets. The good news though is that once created you can use the resulting image any number of times, and you don't need to trust some pre-built image.
</p>
<p>
List what drives are on your system with:
</p>
<div class="org-src-container">
<pre class="src src-bash">ls /dev/sd*
</pre>
</div>
<p>
Now plug in the USB thumb drive, and do the same again. Notice which drive letter gets added.
</p>
<p>
You can now copy the image to the USB thumb drive, replacing <b>sdX</b> with the identifier of the USB thumb drive. Don't include any numbers (so for example use <b>sdc</b> instead of <b>sdc1</b>).
</p>
<div class="org-src-container">
<pre class="src src-bash">dd <span class="org-variable-name">if</span>=/dev/zero <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">bs</span>=1M <span class="org-variable-name">count</span>=8
dd <span class="org-variable-name">bs</span>=1M <span class="org-variable-name">if</span>=myimagefile.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
</pre>
</div>
<p>
And wait. Again it will take a while to copy over. When that's done plug it into the laptop or netbook which you want to use as a server, power on and set the BIOS to boot from the USB stick.
</p>
<p>
As the system boots for the first time the login is:
</p>
<div class="org-src-container">
<pre class="src src-bash">username: fbone
password: freedombone
</pre>
</div>
<p>
If you're installing from a microSD card on a single board computer without a screen and keyboard attached then you can ssh into it with:
</p>
<div class="org-src-container">
<pre class="src src-bash">ssh fbone@freedombone.local -p 2222
</pre>
</div>
<p>
Using the initial password "<i>freedombone</i>".
</p>
<p>
You will then be shown a new randomly generated password. It's <b>very important</b> that you write this down somewhere before going further, because you'll need this to log in later.
</p>
<p>
You'll be asked to set a username and a "real" name (or nickname), then the rest of the installation will be automatic. Again, it takes a while, so go and do something less boring instead. At the end of the base install you can also choose to install specific apps, but if you want to do that later then just press Enter.
</p>
<p>
When it's installed on your local system open a terminal and verify the ssh server key hash with:
</p>
<div class="org-src-container">
<pre class="src src-bash">freedombone-client --verify
</pre>
</div>
<p>
This will show the hash code for the public ssh key of the Freedombone system.
</p>
<div class="org-center">
<div class="figure">
<p><img src="images/ssh_key_verify.jpg" alt="ssh_key_verify.jpg" />
</p>
</div>
</div>
<p>
Open another terminal window then run:
</p>
<div class="org-src-container">
<pre class="src src-bash">freedombone-client
ssh myusername@freedombone.local -p 2222
</pre>
</div>
<p>
Use the password you wrote down earlier to log in. Select the <b>administrator control panel</b> with up and down cursor keys, space bar and enter key. You should see something like this, and you might need to re-enter your password.
</p>
<div class="org-center">
<div class="figure">
<p><img src="images/controlpanel/control_panel.jpg" alt="control_panel.jpg" />
</p>
</div>
</div>
<p>
Then select <b>About</b>. You'll see a list of sites and their onion addresses.
</p>
<div class="org-center">
<div class="figure">
<p><img src="images/controlpanel/control_panel_about.jpg" alt="control_panel_about.jpg" />
</p>
</div>
</div>
<p>
The About screen contains the ssh server public key hashes and you can compare the relevant one with the previous terminal window to verify that they're the same. If they're not then you might have a <i>machine-in-the-middle</i> snooping on you.
</p>
<p>
You have now confirmed a secure connection. Probably. If you're still sceptical then you can power off the system, remove the microSD card and manually check the public keys within the /etc/ssh directory on the drive.
</p>
<p>
Press any key to exit from the About screen. You can then select <b>Add/Remove apps</b> and add whatever applications you wish to run. Note that some apps will only run on x86 systems, but most will install and run on ARM single board computers. More details on particular apps can be <a href="./apps.html">found here</a>.
</p>
<div class="org-center">
<div class="figure">
<p><img src="images/controlpanel/control_panel_apps.jpg" alt="control_panel_apps.jpg" />
</p>
</div>
</div>
<p>
Once your apps have installed you can go back to the About screen, pick an onion address and try it within a Tor compatible browser. You'll need to know the login passwords and those can be found within the <i>Passwords</i> section of the administrator control panel. An axiom of the Freedombone system is that <i>if given the choice users will usually use insecure passwords</i>, so on this system passwords are generated randomly. If you need to then you can transfer the passwords into your favourite password manager and remove them from the server by going to the <b>Security Settings</b> section of the administrator control panel and choosing <b>Export passwords</b> and <b>Password storage</b>.
</p>
<p>
<b>Congratulations! You have now become a citizen of the free internet.</b>
</p>
<p>
<b>Use your new powers wisely.</b>
</p>
<p>
Of course, this is just one way in which you can install the Freedombone system. If you have a single board computer (SBC) such as a <a href="./beaglebone.html">BeagleBone Black</a> or OLinuxino you can make disk images for those too. You can even create clearnet sites if you have your own domain name. ARM boards with closed proprietary boot blobs are not supported. For more details run:
</p>
<div class="org-src-container">
<pre class="src src-bash">man freedombone-image
</pre>
</div>
<div class="org-center">
<p>
This site can also be accessed via a Tor browser at <a href="http://pazyv7nkllp76hqr.onion">http://pazyv7nkllp76hqr.onion</a>
</p>
</div>
</div>
<div id="postamble" class="status">
<style type="text/css">
.back-to-top {
position: fixed;
bottom: 2em;
right: 0px;
text-decoration: none;
color: #000000;
background-color: rgba(235, 235, 235, 0.80);
font-size: 12px;
padding: 1em;
display: none;
}
.back-to-top:hover {
background-color: rgba(135, 135, 135, 0.50);
}
</style>
<div class="back-to-top">
<a href="#top">Back to top</a> | <a href="mailto:bob@freedombone.net">E-mail me</a>
</div>
</div>
</body>
</html>