Assume acting as non-root user

tutorials/deploy-static-site-offen-analytics/01.en.md

@@ -28,6 +28,8 @@ If you care about your user's privacy, you should consider using self-hosted sof
 
 This guide will walk you through the steps needed for deploying a static website alongside an [**Offen**][offen] analytics instance to a VPS (Virtual Private Server). The tutorial assumes you are using Ubuntu 24, other distributions will work too though with some differences.
 
+The commands in this tutorial assume you are logged in as a non-root `sudo` user. If you are logged in as root instead, you do not have to use `sudo` in front of certain commands at all.
+
 When following this guide you will use [**Docker**][docker] and [**docker-compose**][compose] for deploying your site and Offen. [**Caddy**][caddy] is used as a lightweight server in front of your setup handling **free and automated SSL**, serving static content and routing to subdomains.
 
 [offen]: https://www.offen.dev
@@ -73,6 +75,9 @@ $ sudo apt-get update
 
 $ sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
 
+# The next step is not needed if you are logged in as root
+# sudo usermod -aG docker $USER
+
 # you can now use docker version to check whether your install was successful
 # depending on when you install, this might print a newer version
 $ docker version --format "{{ .Client.Version }}"
@@ -233,8 +238,8 @@ To check the status of your setup, use `docker compose ps`:
 ```sh
 $ docker compose ps
 NAME           IMAGE                COMMAND                  SERVICE   CREATED              STATUS                        PORTS
-root-caddy-1   caddy:2.8.4-alpine   "caddy run --config …"   caddy     3 minutes ago        Up 3 minutes                  443/tcp, 0.0.0.0:80->80/tcp, :::80->80/tcp, 2019/tcp, 443/udp
-root-offen-1   offen/offen:v1.4.2   "/sbin/tini -- offen"    offen     About a minute ago   Up About a minute (healthy)   80/tcp, 443/tcp
+user-caddy-1   caddy:2.8.4-alpine   "caddy run --config …"   caddy     3 minutes ago        Up 3 minutes                  443/tcp, 0.0.0.0:80->80/tcp, :::80->80/tcp, 2019/tcp, 443/udp
+user-offen-1   offen/offen:v1.4.2   "/sbin/tini -- offen"    offen     About a minute ago   Up About a minute (healthy)   80/tcp, 443/tcp
 $
 ```
 
@@ -280,22 +285,22 @@ While the above setup works, there are some tweaks you likely want to apply to i
 Assuming your VPS is not behind some sort of firewall yet - you can close all ports but HTTP, HTTPS and SSH in this setup - you can use [ufw][] to setup such rules for your server:
 
 ```sh
-$ ufw default deny incoming
+$ sudo ufw default deny incoming
 Default incoming policy changed to 'deny'
 (be sure to update your rules accordingly)
-$ ufw default allow outgoing
+$ sudo ufw default allow outgoing
 Default outgoing policy changed to 'allow'
 (be sure to update your rules accordingly)
-$ ufw allow ssh
+$ sudo ufw allow ssh
 Rules updated
 Rules updated (v6)
-$ ufw allow http
+$ sudo ufw allow http
 Rules updated
 Rules updated (v6)
-$ ufw allow https
+$ sudo ufw allow https
 Rules updated
 Rules updated (v6)
-$ ufw --force enable
+$ sudo ufw --force enable
 Firewall is active and enabled on system startup
 $
 ```
@@ -316,7 +321,7 @@ It makes sense to redirect the log output of your static site to a log file at `
 Restart the `rsyslog` service:
 
 ```sh
-$ systemctl restart rsyslog.service
+$ sudo systemctl restart rsyslog.service
 $
 ```
 
@@ -382,7 +387,7 @@ docker compose down && docker compose up -d
 To check if your logs arrive in the desired places you can `tail` one of the log files:
 
 ```sh
-$ tail -f /var/log/offen.log
+$ sudo tail -f /var/log/offen.log
 ... continuous log output ...
 ```