From 786a9a3a6e33c9f6e540529d03f21e566fffd78e Mon Sep 17 00:00:00 2001 From: Frederik Ring Date: Fri, 11 Oct 2024 10:59:11 +0200 Subject: [PATCH] Assume acting as non-root user --- .../01.en.md | 25 +++++++++++-------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/tutorials/deploy-static-site-offen-analytics/01.en.md b/tutorials/deploy-static-site-offen-analytics/01.en.md index 02ca8f975..8090f78c5 100644 --- a/tutorials/deploy-static-site-offen-analytics/01.en.md +++ b/tutorials/deploy-static-site-offen-analytics/01.en.md @@ -28,6 +28,8 @@ If you care about your user's privacy, you should consider using self-hosted sof This guide will walk you through the steps needed for deploying a static website alongside an [**Offen**][offen] analytics instance to a VPS (Virtual Private Server). The tutorial assumes you are using Ubuntu 24, other distributions will work too though with some differences. +The commands in this tutorial assume you are logged in as a non-root `sudo` user. If you are logged in as root instead, you do not have to use `sudo` in front of certain commands at all. + When following this guide you will use [**Docker**][docker] and [**docker-compose**][compose] for deploying your site and Offen. [**Caddy**][caddy] is used as a lightweight server in front of your setup handling **free and automated SSL**, serving static content and routing to subdomains. [offen]: https://www.offen.dev @@ -73,6 +75,9 @@ $ sudo apt-get update $ sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin +# The next step is not needed if you are logged in as root +# sudo usermod -aG docker $USER + # you can now use docker version to check whether your install was successful # depending on when you install, this might print a newer version $ docker version --format "{{ .Client.Version }}" @@ -233,8 +238,8 @@ To check the status of your setup, use `docker compose ps`: ```sh $ docker compose ps NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS -root-caddy-1 caddy:2.8.4-alpine "caddy run --config …" caddy 3 minutes ago Up 3 minutes 443/tcp, 0.0.0.0:80->80/tcp, :::80->80/tcp, 2019/tcp, 443/udp -root-offen-1 offen/offen:v1.4.2 "/sbin/tini -- offen" offen About a minute ago Up About a minute (healthy) 80/tcp, 443/tcp +user-caddy-1 caddy:2.8.4-alpine "caddy run --config …" caddy 3 minutes ago Up 3 minutes 443/tcp, 0.0.0.0:80->80/tcp, :::80->80/tcp, 2019/tcp, 443/udp +user-offen-1 offen/offen:v1.4.2 "/sbin/tini -- offen" offen About a minute ago Up About a minute (healthy) 80/tcp, 443/tcp $ ``` @@ -280,22 +285,22 @@ While the above setup works, there are some tweaks you likely want to apply to i Assuming your VPS is not behind some sort of firewall yet - you can close all ports but HTTP, HTTPS and SSH in this setup - you can use [ufw][] to setup such rules for your server: ```sh -$ ufw default deny incoming +$ sudo ufw default deny incoming Default incoming policy changed to 'deny' (be sure to update your rules accordingly) -$ ufw default allow outgoing +$ sudo ufw default allow outgoing Default outgoing policy changed to 'allow' (be sure to update your rules accordingly) -$ ufw allow ssh +$ sudo ufw allow ssh Rules updated Rules updated (v6) -$ ufw allow http +$ sudo ufw allow http Rules updated Rules updated (v6) -$ ufw allow https +$ sudo ufw allow https Rules updated Rules updated (v6) -$ ufw --force enable +$ sudo ufw --force enable Firewall is active and enabled on system startup $ ``` @@ -316,7 +321,7 @@ It makes sense to redirect the log output of your static site to a log file at ` Restart the `rsyslog` service: ```sh -$ systemctl restart rsyslog.service +$ sudo systemctl restart rsyslog.service $ ``` @@ -382,7 +387,7 @@ docker compose down && docker compose up -d To check if your logs arrive in the desired places you can `tail` one of the log files: ```sh -$ tail -f /var/log/offen.log +$ sudo tail -f /var/log/offen.log ... continuous log output ... ```