3.9 KiB
3.9 KiB
Use ServNest
Introduction
This document describes the steps for the combined use of each service of a ServNest installation.
In short, it consists of:
- on the Authentication service: creating an account
- on the Registry service: registering a domain name in one of the available suffixes
- on the Name servers service: configuring a DNS zone for this domain
- on the Web service: uploading files using SFTP and making them accessible through the Web with the domain previously registered and configured
Prerequisites
- the address of an existing ServNest installation (see the list on the homepage)
- a way to communicate with the chosen installation administrator, to get the account approved
- a web browser (for example LibreWolf, Tor Browser or Firefox)
- an SFTP client (for example Dolphin on KDE, GNOME Files or FileZilla)
- files to be served on the site (typically in HTML format)
Step 1: account creation
Create an account and get it approved
- From the chosen ServNest installation home page, go to the Authentication service, then use the page Create account
- Ask your installation administrator an approval key, according to the instructions on the link About this installation on the installation home page, and wait for their answer
- Use the answered key on the Switch to an approved account page
Step 2: domain registration
Choose a domain name
- Go to the Registry service
- Register domain
Step 3: the DNS zone
Step 3.1: DNS zone creation
Authenticate the DNS zone creation by creating a specific DNS record in the parent zone (the registry), then actually create the zone
- On the Name servers > Add zone page, copy the required NS record value (Don't submit the form yet)
- Paste the value in Registry > NS records and submit
- Submit the form on Name servers > Add zone
- Paste the value in Registry > NS records again, but this time select the Delete action, then submit
Step 3.2: delegation to the DNS zone
Tell the registry to delegate the domain name resolution to the servers on which we just created the zone
For each domain name listed in the Name servers section on the home page of the Name servers service:
- Copy-paste this domain name in Registry > DNS records then submit
Optional step 3.3: DNSSEC activation
Tell the registry the public key of the DNS zone in order to enable the DNSSEC trust delegation and thus the DNS zone records authentication
- On Name servers > Display zone, select DS records then submit
- Transmit the display values to Registry > DS records
Step 4: the website
Step 4.1: SFTP upload
- Transmit the values displayed on the Web service home page to the SFTP client
- If the SFTP asks to confirm the server's public key fingerprint, check that it matches one of the values display on the web page. If none of the values match, cancel the connection, then check the settings, change Internet connection or contact the administrator. (Connecting to an SFTP server without verifying it's authenticity can allow an attacker to takeover your account.)
- The SFTP space is empty by default. Create a directory named without spaces, accents or special characters (for example
site
) - Copy-paste the site files inside this new directory
Step 4.2: HTTP access creation
- In Name servers > Synchronized records, add an entry with the domain displayed on Web > Dedicated domain with Let's Encrypt certificate access as the Source domain
- In Name servers > TXT records, add for the Subdomain
_auth
the value displayed on Web > Dedicated domain with Let's Encrypt certificate access - Submit the form Dedicated domain with Let's Encrypt certificate access
Conclusion
Accessing https://domain.example/file
displays the file /site/file
from the SFTP space.