Difference between revisions of "Setting up a server"
imported>Maze |
m (→First time using Nginx?: mention future) |
||
(5 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
+ | |||
Currently, there are only instructions for setting up a server on Linux. Feel free to add instructions for other platforms. | Currently, there are only instructions for setting up a server on Linux. Feel free to add instructions for other platforms. | ||
Line 8: | Line 9: | ||
* git | * git | ||
− | * g++ | + | * g++ |
* [https://nodejs.org/en/ Node.js] | * [https://nodejs.org/en/ Node.js] | ||
* [https://www.npmjs.com/get-npm npm] | * [https://www.npmjs.com/get-npm npm] | ||
− | |||
− | + | Acquire the AAGRINDER server software: | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
<pre> | <pre> | ||
$ git clone https://gitlab.com/MRAAGH/aagrinder.git | $ git clone https://gitlab.com/MRAAGH/aagrinder.git | ||
Line 50: | Line 36: | ||
− | A [[server properties| | + | A [[server properties|config.json]] file will be created. |
− | + | You can change the server configuration, although the defaults should already be functional. | |
− | |||
Now, anyone who can [[wikipedia:port forwarding|access your computer]] via internet can easily connect to your aagrinder server. | Now, anyone who can [[wikipedia:port forwarding|access your computer]] via internet can easily connect to your aagrinder server. | ||
− | == | + | == Secure connection over HTTPS == |
+ | |||
+ | The AAGRINDER server by itself exposes a HTTP website. For better security, HTTPS is preferred. To achieve this, an additional software component needs to be involved as a [[wikipedia:Reverse proxy|reverse proxy]]. In this guide, we use [[wikipedia:Nginx|Nginx]]. | ||
+ | |||
+ | A Nginx configuration for proxying AAGRINDER might look like this: | ||
+ | <pre> | ||
+ | server { | ||
+ | server_name aagrinder.xyz; | ||
+ | |||
+ | location / { | ||
+ | proxy_pass http://localhost:8926; | ||
+ | } | ||
+ | |||
+ | location ~* /.io { | ||
+ | proxy_pass http://localhost:8926; | ||
+ | proxy_set_header X-Forwarded-For $remote_addr; | ||
+ | proxy_set_header X-Real-IP $remote_addr; | ||
+ | proxy_set_header X-NginX-Proxy false; | ||
+ | proxy_set_header Host $host; | ||
+ | proxy_redirect off; | ||
+ | proxy_http_version 1.1; | ||
+ | proxy_set_header Upgrade $http_upgrade; | ||
+ | proxy_set_header Connection "upgrade"; | ||
+ | } | ||
+ | |||
+ | listen [::]:443 ssl; | ||
+ | listen 443 ssl; | ||
+ | ssl_certificate /etc/letsencrypt/live/aagrinder.xyz/fullchain.pem; | ||
+ | ssl_certificate_key /etc/letsencrypt/live/aagrinder.xyz/privkey.pem; | ||
+ | include /etc/letsencrypt/options-ssl-nginx.conf; | ||
+ | ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; | ||
+ | } | ||
+ | |||
+ | server { | ||
+ | return 302 https://$host$request_uri; | ||
+ | |||
+ | server_name aagrinder.xyz; | ||
+ | |||
+ | listen 80; | ||
+ | listen [::]:80;** | ||
+ | } | ||
+ | </pre> | ||
+ | |||
+ | Here, AAGRINDER is running on port 8926 and is accessible from the outside on port 443 (https) through Nginx. The HTTPS certificate, located at ''/etc/letsencrypt/live/aagrinder.xyz'' was acquired from [[wikipedia:Let's Encrypt|Let's Encrypt]] using ''certbot''. For reference, the specific command used to acquire this certificate was: | ||
+ | <pre> | ||
+ | # certbot certonly --nginx -d aagrinder.xyz | ||
+ | </pre> | ||
+ | |||
+ | Once you have HTTPS access, it is recommended to enable ''restrict_to_localhost'' in your [[server settings]]. | ||
+ | |||
+ | === First time using Nginx? === | ||
+ | |||
+ | Here are more detailed instructions. | ||
− | + | Note: written in 2024. If you are reading far in the future, this may be very different. | |
− | If you are | ||
− | + | # acquire a domain name which points to your server's IP address. For hosting AAGRINDER, poke Maze and you might get a subdomain of aagrinder.xyz for free. | |
− | + | # install ''nginx'', ''certbot'' and ''python3-certbot-nginx'' on your server. | |
− | + | # ''certbot certonly --dry-run --nginx -d yourdomain.com'' run this command to test if you can get a certificate. You may need to run this multiple times before it works. | |
+ | # make sure the above command works '''before''' proceeding! Otherwise you might get blocked on the letsencrypt service! | ||
+ | # once you're sure it will work, run ''certbot certonly --nginx -d yourdomain.com'' (same command but without ''--dry-run'') | ||
+ | # put the above configuration file into '/etc/nginx/sites-available/yourdomain.com' and make sure to change ''aagrinder.xyz'' to ''yourdomain.com'' | ||
+ | # ''ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled/yourdomain.com'' | ||
+ | # run ''nginx -t'' to check if your nginx configuration is valid | ||
+ | # run ''systemctl reload nginx'' to enable your new configuration |
Latest revision as of 09:06, 5 July 2024
Currently, there are only instructions for setting up a server on Linux. Feel free to add instructions for other platforms.
For additional details, see administration tips.
Setting up an AAGRINDER server on Linux[edit]
You'll need these things installed:
Acquire the AAGRINDER server software:
$ git clone https://gitlab.com/MRAAGH/aagrinder.git $ cd aagrinder $ npm install
You also need the AAGRINDER terrain generator (compiled from source):
$ git clone https://gitlab.com/MRAAGH/aagrinder-terrain.git $ cd aagrinder-terrain $ make
The directory aagrinder-terrain should be inside the directory aagrinder.
Move back to the directory aagrinder, then start the server:
$ cd .. $ npm start
A config.json file will be created.
You can change the server configuration, although the defaults should already be functional.
Now, anyone who can access your computer via internet can easily connect to your aagrinder server.
Secure connection over HTTPS[edit]
The AAGRINDER server by itself exposes a HTTP website. For better security, HTTPS is preferred. To achieve this, an additional software component needs to be involved as a reverse proxy. In this guide, we use Nginx.
A Nginx configuration for proxying AAGRINDER might look like this:
server { server_name aagrinder.xyz; location / { proxy_pass http://localhost:8926; } location ~* /.io { proxy_pass http://localhost:8926; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-NginX-Proxy false; proxy_set_header Host $host; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } listen [::]:443 ssl; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/aagrinder.xyz/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/aagrinder.xyz/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; } server { return 302 https://$host$request_uri; server_name aagrinder.xyz; listen 80; listen [::]:80;** }
Here, AAGRINDER is running on port 8926 and is accessible from the outside on port 443 (https) through Nginx. The HTTPS certificate, located at /etc/letsencrypt/live/aagrinder.xyz was acquired from Let's Encrypt using certbot. For reference, the specific command used to acquire this certificate was:
# certbot certonly --nginx -d aagrinder.xyz
Once you have HTTPS access, it is recommended to enable restrict_to_localhost in your server settings.
First time using Nginx?[edit]
Here are more detailed instructions.
Note: written in 2024. If you are reading far in the future, this may be very different.
- acquire a domain name which points to your server's IP address. For hosting AAGRINDER, poke Maze and you might get a subdomain of aagrinder.xyz for free.
- install nginx, certbot and python3-certbot-nginx on your server.
- certbot certonly --dry-run --nginx -d yourdomain.com run this command to test if you can get a certificate. You may need to run this multiple times before it works.
- make sure the above command works before proceeding! Otherwise you might get blocked on the letsencrypt service!
- once you're sure it will work, run certbot certonly --nginx -d yourdomain.com (same command but without --dry-run)
- put the above configuration file into '/etc/nginx/sites-available/yourdomain.com' and make sure to change aagrinder.xyz to yourdomain.com
- ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled/yourdomain.com
- run nginx -t to check if your nginx configuration is valid
- run systemctl reload nginx to enable your new configuration