lukesmithxyz / landchad Goto Github PK

Except for style and image files, other HTML files can be grouped under pages/

for example:

.
├── pix
├── pages
│ ├── git.html
│ └── foo-bar.html
└── ...

please make it less bloat, thanks

Crowd sourced knowledge about these topics and throwing it into a simple site is a cool idea, thanks for making the project. I actually started my own little blog/personal site thanks to your videos.

This is just a suggestion and may be too soydevy for your taste, but you could implement a Github action that automatically uploads your site to the server whenever you push to/merge with the master branch. It would help you keep the site automatically up to date with the latest "stable" version on Github. I detail how I did it for my static site here. It's not perfect but perhaps if you are not totally opposed to the idea you could adapt some ideas from it.

I was thinking that I can write up a quick overview on IP just so that UFW can make more sense.
I think having that as a separate lesson/page would help.

Thoughts?

Originally posted by @nathandstevens in #20 (comment)

That may be a bit outside of landchad idea, but I guess a lot of people don't care that much about sharing their stuff to the outside and want their personal safe space with their private nextcloud, photos (librephotos) and stuff like that. At least some stuff they want to be private (I personally don't trust php-written nexcloud in terms of security). Leaving open every TCP port from gitea to nextcloud is like keeping a safe outside of a house.

What comes to my mind on building your intranet:

• a guide on how to setup some private server at your house (what specs to pay attention when you buy it if any, making some ports visible behind NAT).
• making your "services" or part of them accessible only when you are connected to your private network (VPN or tunnel to your home local) . Some TCP/IP theory might be required.
• log monitoring software, sending emails on ssh access, ssh key authorization and other security tips.

Adding approx platform size and RAM consumption in each article under "Build your own platform!".
Each platform have its own RAM usage and disk usage. For limited size servers, this would be helpful.

Is anyone working on the email tutorial? Since the site launched it says in the homepage that it's been in the workings, but I didn't find any PR related to that.

E-Mail section is marked as work in progress, I presume it will be how to do everything manually.
An alternative to manually setting up everything for the e-mail server, is Mailcow. It would be a nice addition alongside the manual setup guide.
https://mailcow.email/
It uses pretty much all the common tools, and just nicely configures everything. The most you really have to do is is setuo your dns records.
https://mailcow.github.io/mailcow-dockerized-docs/

I know Luke also has a script, and wants to abstain from containerization, however at least mentioning mailcow would be a good idea in my opinion.
It's just a nice alternative

Due to the pandemic, many activities are currently held online. In particular, academic activities for schools of different levels all around the world. Many schools and universities are using proprietary Web conference solutions. There are free-libre replacements that need to be setup using a server such as Jitsi meet and BigBlueButton.

With a beginner friendly tutorial, some teachers and other event organizers might be willing to drop their usage of Zoom/MS Teams and go for a libre and privacy respecting solution.

While attempting to follow this guide I ran into countless problems, most tracing back to when you install Git a "git user" is not actually created. To solve this I created my own git user but without knowing what permissions or groups were needed I found myself constantly running into permission problems.

I am thinking of doing an article, it will guide on how to setup a irc server using Inspircd ( as irc server ) and Atheme ( for services, NickServ, ChanServ, etc..)

So I've been (religiously :^) ) following the tutorials and it's all been great.
Just came along a problem when setting up a nextcloud-service.
First problem:
# If you have SSL ready for your website (DO NOT use Nextcloud without HTTPS, you will risk data leaks including passwords and files), use these lines: listen 443 ssl http2; listen [::]:443 ssl http2; server_name yourwebsite.com; ssl_certificate /etc/ssl/nginx/yourwebsite.com.crt; ssl_certificate_key /etc/ssl/nginx/yourwebsite.com.key;
This block of code references different locations for the ssl certificates than the ones we (I) set up using the tutorial coming before. Here it even has a link to the previous tutorial.

Have been trying to solve it (I'm really not experienced with all this) but if I come up with a solution I'll make sure to update this.

I've read the general rules and the ones for formatting code. However I am wondering whether I should do the guides on a real VPS or on a VM. Does it make a difference and does it matter if it's on a virtual machine?

Thanks.

Not sure if this is the right place to ask for support, but setting up the nextcloud still doesn't work for me. I have no idea why that might be, would appreciate any help troubleshooting.

I've had experience writing UFW before, so I can "claim" this page to let everyone know it's being worked on, and draft a quick write-up on it.

I'm planning on three rough sections right now -- where to get it, how to use it, and maybe a few best practices how it might be used for servers.

If anyone has ideas on what I should focus on beyond that, LMK.

Red-pill me on Search Engine Optimization.

While I usually don't care about that kind of stuff, It hit me that it might actually be a good idea to try to optimize these articles' chances of appearing in relevant searches.

Any obvious things we can standardize to increase visibility? Some kind of extra metadata? I legit know very little about SEO.

Upgrades are automatically done daily, and in the case they go wrong you are notified by email. This would go great with a selfhosted email server. Would this be a good tutorial for the site?

he says he keeps his ~ clean but doesn't create folders to clean his repos

In the introduction to the website there's this phrase: "Most of the internet's problems could be solved if more people had their own personal platforms, so the objective of this site is to guide any normal person through the process of installing a website.".

I think it would be helpful to also explain which are these problems and why any normal person should create a website, given the target audience for this website aren't technical users, much less people who are in the whole "modern internet = bad" circle.

The functionality of omemo_all_access is provided by pep by default on in prosody version 11 and higher. This is the version users are going to have installed if they have followed the other tutorials on the website. Maybe a note that you can ignore that section if you're running version 11 or higher would be good

They are literally (in)famous only for providing services to the Nazis.
https://en.wikipedia.org/wiki/Epik_(company)

I find OpenNIC domains the most based but only those who use opennic DNS servers can access them.

It seems like lots of FOSS projects/organizations use this:
https://en.wikipedia.org/wiki/Gandi

Personally I just stick to whatever is cheapest to renewal
https://tld-list.com/

by the way, it is a sarcasm? if it is, i find it very funny :)

use a registrar based in Russia or China or a country more sympathetic to political criticism

Hi!

There is an article yet to be written about using a simple static site generator. I think it would be nice to use the example of ssg for it.

You can replace sections 4 and 5 with just one by recommending Caddy.

https://caddyserver.com/

Much simpler config, best-in-class ACME client implementation built into the web server. Tons of other features.

The config would just become:

landchad.net {
	root * /var/www/landchad
	file_server
}

And this gets you automated TLS certificates out of the box.

I found this CC0 guide that sets up matrix synapse using nginx and debian 10 buster in a nice way. It uses a postgres database, but the tutorial can be adapted to use the standard sqlite database. It is the best guide for matrix that i have seen so far.

I am too lazy to adapt it, but it should be copy and paste work. Whoever adapts it, should credit Denshivideo(thats his name on youtube). I am not him, i just found the guide and thought it would fit nicely with this website.

I have tutorials on mirroring clearnet sites over tor (using nginx) and http basic authentication with nginx. Would either of these be appropriate for the site ?

I have a few suggestions for topics that aren't listed yet

• (Pull Request) BIND9 authoritative nameserver with DNSSEC
• (WIP) DNS resolver with DNS-over-TLS and DNS-over-HTTPS
• OpenLDAP server
• Kerberos 5 authentication
• Fail2ban w/ endlessh tarpit (maybe part of firewall article)
• OpenVPN or IPsec

I may be able to write articles for a few of them as I am currently using them on my server. Some of these are needlessly difficult to set up because of the lack of good tutorials and I think people would have good uses for them (Fine-grained control over dns, auth across services, etc.). Would tutorials for any of these services be considered?

G'day everyone, having the following issue when trying to reload nginx:

"nginx: [emerg] BIO_new_file("/etc/ssl/nginx/yourwebsite.com.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/ssl/nginx/yourwebsite.com.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)"

This occurs after installing SSL on my server.

Any help would be appreciated.

Tom

Its very important to always backup your data onsite and offsite. Restic makes this super easy therefore I think a tutorial would be in the interest of any landlord

Hi, a couple of months ago i discover latex and the things you can do with it, the thing is, i would like to start a personal blog using only latex to avoid Markdown since it's doesn't have math features just like .tex files.

I'm thinking about using some kind of method of compilation to generate .html files, but how can this be superior to other formats, since I'm pretty new to latex i think this is a good place to ask.

Thanks in advance 😄

I was reading the webserver tutorial on the website and was quite surprised to read that you "recommend this in 99% of the cases.". I personally find it dangerous to propose to people who have little experience in this sector of IT to "recommend to just disable the firewall, because it is easier.". This is just very bad practice in my opinion and I am curious to know why you would recommend this.

I have a suggestion for a topic.

Namecoin is basically Bitcoin but applied to domain names. Names are stored on the blockchain, and the same rules that ensure you can't spend other people's money ensure you can't register names that are already taken.

Namecoin can be used in for ZeroNet zites (ZeroName plugin, included in standard ZeroNet), with Tor Browser in official nightly builds for .onion sites (see https://www.namecoin.org/resources/presentations/36C3/tor-workshop/ for instructions), and with ncdns (system-wide) for normal clearnet websites. (It is also theoretically possible to use for other services, like I2P and Freenet, but the client-side hasn't been implemented.) Using Namecoin does not require a full download of the blockchain. It costs NMC 0.01 (about $0.013 at current exchange rates) to register a Namecoin name.

Using Namecoin takes away the reliance on centralized DNS services, which is the last piece in the puzzle of decentralization. Namecoin can also be used for SSL, to trustlessly replace centralized certificate authorities. Domains need to be renewed every ~8 months, but nothing has to actively run on the server for them to resolve - the keys can be kept entirely in cold storage if needed.

Would a guide for this, seeing as it's a bit of a niche technology, be within scope?

I am willing to write the actual article. (Disclaimer: I am a contributor to Namecoin. I do not have any direct financial incentive in its success or its price going up.)

I have experience writing simple Flask apps with SQLite or SQLAlchemy databases. I am currently writing articles for my own site that cover Python, handling HTTP requests, and databases. In my opinion these tools are the most straight-forward way of creating web applications for more advanced sites. Do any of these topics sound useful for this webpage?

1. The usernames are confusing. I don't get if the @example.org must link/match a real, physical domain I own, or it's just a XMPP quirk/naming convention.
   I was lucky I am a single admin so I just matched the physical domain in case the user is of the domain (covering both situations of being a random username and physical domain redirection), but honestly, some people would straight up feel discouraged because the steps aren't clear even at the very beginning.

2. The usernames section is split, but if it could be merged it would be great

3. Making a seperate subdomain is not easy for a new user. I use luke's arch for like a month, and I had trouble (I am still a newbie but not fully new to linux, so plz no "new users shouldnt be making subdomains")
   I used his "website and email in one sitting" video, and even he messed up at the end with the subdomains and cropped a part subtly.
   Symbolic links are as dangerous as certifications imo. Look at my steps to make the subdomain, the hardest step in that short-looking XMPP tutorial imo, which was not mentioned at all in the tutorial:

   1. Uncertify your certbot certificate, via certbot delete
   2. Delete /sites-enabled (too many symbolic links with the default and chat/blog), via rm -rf
   3. Create /sites-enabled again, via mkdir
   4. Copy default like luke did in the video's ending, but don't edit default but chat/blog
   5. symbolic link everything again from sites-available to sites-enabled (but without default ofc)
   6. certbot --nginx
      This command works ONLY inside sites-available! Emphasis here.
   7. Now you have a subdomain :)
      ((Emphasize earlier that no subdomain is needed on the registrar (e.g. on Epik, subdomains CNAME or ALIAS))

Making a subdomain should be part of landchad.net imo, probably a seperate page

Anyway, back to the topic.
After one has a subdomain, one can continue the xmpp tutorial. And this is why I'm writing this, because a major step is skipped, as seen above. Which in the tutorial is in one bold line "if you have a multi-user chat enabled, be sure to get a certificate for that subdomain as well", but there is sadly no link to that, or how to do it.

While you have full certificates via the certbot when you make chat subdomain, you should do the "certbot -d chat.example.org --nginx", so emphasize on that, because it is easy to think it is needless since "you have already certified" (from before, certifying the chat/blog subdomain)

4. "For user privacy, we will definitely want to install and enable encryption with OMEMO."
   There is no explanation... What is OMEMO? There is no default encryption? And how to install OMEMO? At least, those are the questions I thought to myself when I fully finished the tutorial. Dino seems to have OMEMO by default, so have it mentioned somewhere, since XMPP without encryption is almost as bad as using discord

Edit: Do not misunderstand me, the above is just feedback on how to improve it. Whoever wrote it, it is a good article/tutorial, as the goal is to have an XMPP server and I managed to do that. It just could be better, because if you don't have a subdomain, you are simply stuck (most users want to make servers with their friends, instead of one-to-one)

Linking to the repo's issues page would be a good avenue to allow people to add suggestions, ask questions, etc.
The repo is already linked, but not the issues page, or some other place where people can ask questions or give suggestions. Obviously people familiar with GitHub will know where to go, but it's not obvious to others.

I tried enabling HTTPS with Certbot, but it refused with this error message:

An unexpected error occurred:
The server will not issue certificates for the identifier :: Error creating new order :: Cannot issue for "cujh7njfeymmh2a5q6ijeh7f5z3fpdpbsn3wfwvpo3ev3nkpp7py74id.onion": The ACME server refuses to issue a certificate for this domain name, because it is forbidden by policy

Seeing as DDOSing is the number one enemy of small websites and aspiring Landchads, I think mentioning them in an article or its own separate article is warranted.

From what I understand, BitMitigate is Epik's answer to Cloudflare, and is apparently better when hosting free speech stuff when compared to Cloudflare.

Other DDOS prevention methods would be nice to learn about as well. I don't want my own XMPP server to suffer downtime from some angry guy with a botnet.

Since the other IRC article issue (by someone else) was closed, I'll reclaim here.

I'm using Ergo (formerly Oragono) to create a network that has account and channel registration, along with message history, always-on accounts, and other nice things that make it suitable for normalfriend use. It also will include a section on setting up a user-friendly private web client called TheLounge, which I see as very important since it's what helped the most in getting my friends to switch over to IRC.

Caddy is another reverse proxy and web server like nginx, but which I think would make it much easier for beginners to get started. The configuration files are much more sane and beginner friendly.
So to set up a simple website this would be the contents of /etc/caddy/Caddyfile:

example.org {
        root * /var/www/example.org/
        file_server
}

git.example.org {
        reverse_proxy localhost:3000
}

Where this would automatically grab certificates for all hosts from Let's Encrypt, keep them renewed and redirect HTTP to HTTPS. For more advanced things the config for example also supports "snippets", which could be used like this:

(access_log) {
        log {
                output file /var/log/caddy/{args.0}/access.log
        }
}
...
        import access_log example.org
...
        import access_log git.example.org

If you look at their website it does look a bit soydev-y but its performance is comparable to nginx apparently. Pretty neat if you ask me.

author: a retard

STORY TIME

I followed the basic tutorial and (after much distro-hopping) now have my own website, however during my first attempt soystemD reared it's canaanite head and filled my Vultr virtual disk and memory up with garbage and rendered it inoperable. In the end I simply installed Devuan ASCII and then upgraded it to Devuan Beowulf (with openrc) using the Vultr ISO library.
During this installation I was utterly confounded with how exactly to unmount/remove the "LiveCD" from the cloud server and could not find an answer anywhere! (My search history consists of variations on "LiveCD on remote server" and "How to change boot order on cloud server".) Eventually Vultr support was able to figure out what I was trying to do and issued the following instructions;

1. Navigate to the "Products" page that lists your Vultr servers
2. Click on the server in question
3. Click on "Settings"
4. Click on "Custom ISO"
5. Click on the large blue button labeled "Detach ISO and Reboot"

From then on it was smooth sailing except for getting the ssh daemon to run. The expected command $ rc-update add sshd default returned "does not exist" errors, but $ rc-update add ssh default and then rc-service ssh start were accepted. It seems the ssh daemon goes by different names at random for each Linux distribution, even ones so similar as Debian and Devuan .

TL;DR

SystemD is gay and installing a LiveCD/LiveISO on a remote server seems simple yet either undocumented or difficult to find documentation for. Including a brief section on this subject in the basic tutorial would be extremely useful.
Also, the ssh daemon goes by different names arbitrarily. Weird.

Some programs mentioned in the guides for example the Maintaining a Server article contain references to programs such as updatedb and locate. These programs come from the mlocate package which is not included by default on Debian. However it may be included by default by some IaaS providers and I believe Ubuntu Server. (please correct if wrong)

I believe it would be beneficial to readers to inform them of the Debian package names for tools mentioned in a guide.

It'll go over

• The ip utility
• Interfaces
• Routes
• Subnets
• etc.

I could write a guide about setting up Wireguard VPN (https://www.wireguard.com/).
During the last weekend I've managed to set it up on my VPS, with two variants of routing - only to the VPN subnet or passing the whole traffic via the VPN tunnel.

It's much lighter than OpenVPN.

However, since the topic isn't listed in the "on the lookout for" section, I don't want to spend time on writing the guide if the potential PR will be ignored like my previous one (#75)

Hello,

I have followed the guide on how to setup a prosody server with great success. Everything works as its supposed to, but i feel like it would need file sharing that isn't p2p and that also works in MUCs to be used practically. So far I haven't found plenty of resources on how to implement this through extensions, yet I know it is possible.
Maybe this could be included in a separate page.

Just realised after I submitted the guide that people were claiming topics so figured I'd shoot an issue here to be consistent.
I've previously made a tutorial about it on my channel so I know some of the annoying things that trip people up during installation.

G'day everyone, I've been following all of Luke's tutorials and everything has been working great :), that is until i follow the nextcloud tutorial and end up with a 404 error when i try accessing the control panel after following all the installation steps. Any tips?

Suggesting adding $ or # before commands to clairfy how the command should be run (user/root). This is fairly common practice when websites list commands.

Gday guys, I opened a similar issue to this one about a week ago, saying that i followed all the steps on luke's site to a t, but whenever i try and access the Nextcloud config wizard through either mysite.org/nextcloud or nextcloud.mysite.org, i'm still getting a 404 error. Any advice would be sorely appreciated.

Following along with the Nextcloud tutorial and I just finished setting everything up except nginx fails to reload or restart.

nginx[4099]: nginx: [emerg] unknown directive "pagespeed" in /etc/nginx/sites-enabled/nextcloud:49

Couldn't find any answers online so I just commented the line out in curiosity and then got another error this time for a php-handler. I made sure to install all the proper packages and I enabled and made sure all the right services are running, but I'm afraid I don't have enough experience with this and am in need of assistance. Thank you!

Hello,
I think some people might find it useful to use a config file for ssh client. You can store specific settings for each host in there - like using a different key for each host or using a custom port without having to always specify it when issuing a ssh command.

I also think there could be an information about SSH tunneling.

I can work on it in my spare time, but I'm not sure if I should refactor "Use your SSH keys to prevent hacking" to a general page about SSH or create a separate page for it?