add img folder to test img

philc 2023-02-09 09:55:58 +01:00
parent e242c82882
commit ae97933e7f
5 changed files with 273 additions and 28 deletions

40
HardwareNation.md Normal file

@ -0,0 +1,40 @@
# The physical world nation
The Setup.js process will respect thoss conventions.
All nation are findable in https://apxtrib.crabdance.com or directly to any known town https://town-nation.tld.ext<br>
example: hill-ants.ndda.fr wall-ants.nooo.com ....
https://apxtrib.crabdance.com and IP is host into https://freedns.afraid.org , its IP is change each day to an elected mayor's town IP.
If apxtrib.crabdance.com do not answer your system know the other towns address and then can contact them with https://town-nation.tld.ext/apxtrib.
## Machine Naming Rules
Any server belonging to apxtrib network has to be reach with **https://townId_nationId.tld.ext**<br>
A hostname machine is a unique name in the network: **townId_nationId**<br>
A hostname is reachable with a DNS hosted by tld.ext: **townId.nationId A public IP**<br>
```sh
#To change a hostname
sudo hostnamectl set-hostname town_nation
# To check IP and answer (replace apxtrib.crabdance.com by town_nation.tld.ext you know)
ping apxtrib.crabdance.com
```
## Nation's Object
Publicaly accessible:<br>
Liste des Towns par Nations {nationsId:{townId:{lastIP, dns}}} https://apxtrib.crabdance.com/socialworld/nations/searchindex/nations_towns.json <br>
Liste des Tribes https://apxtrib.crabdance.com/socialworld/nations/searchindex/tribes.json

@ -1,22 +1,38 @@
# How to Setup a town
** ******************** **
This tuto will:
* use nginx to proxy any url/app to the apiXpress routes
* use nginx to serve static file for clientId in https
* create env to start apixpress.js with PM2 production env (see [pm2 doc](https://pm2.keymetrics.io/docs/usage/pm2-doc-single-page/)
* conf linux to backup your client's data
* create your clientId space with an admin user on your apiXPress instance
* serve the apiXpress webapp graphical interface to manage your env (create new ClientId space, manage your server's ressource,...
**At the end** you will have a town instance link to the nationchains or a town dev to create plugin or add feature to apiXtribe.
**WARNING : DISCMAILER**
You need to understand all step, this is just a guide line, do not try to set up a production server if you don't understand linux securities subjects. To make works an apiXtribe you need to delegate root privilege to a safe user so be aware. But feel free to play on a dev machine.
You need to understand all step, this is just a guide line, do not try to set up a production server if you don't understand linux securities subjects. To make works an apXtrib you need to delegate root privilege to a safe user so be aware. But feel free to play on a dev machine.
In any doubt ask the community to set up a production server for small cost for you (ask to support@ndda.fr).
**Data pre-request:**
* identify a nation you want to belong to - see [nations list](https://apxtrib.crabdance.com/socialworld/objects/nations/searchindex/nationslist.json)
* a town name that does not exist [towns list](https://apxtrib.crabdance.com/socialworld/objects/nations/searchindex/townslist.json)
* a dns that redirect to your public IP server (for dev purpose set /etc/hosts with 127.0.0.1 town.localnation for prod register an townname.nationname A IP adsresss)
**Physical pre-request:**
For production:
* An ubuntu server > 20 (VPS or physical machine) accessible from ssh root@IP adresse
For dev:
* Any linux, but all tuto are based on debian set up
This tuto will:
* use nginx to deal with ssl certificat (https)
* use nginx as reverse proxy based on dns abd url to the apXtrib routes
* use nginx to serve static file based on dns and file name
* use pm2 to manage apxtrib.js, see [pm2 doc](https://pm2.keymetrics.io/docs/usage/pm2-doc-single-page/)
* create your tribe space call townname with an admin user
* serve the apxtrib webapp graphical interface to manage your env (create new ClientId space, manage your server's ressource,... ) [Link to ]
**At the end** you will have a town live instance link to the nationchains or a local town dev to create plugin or add feature to apXtrib.
**Pre-request**:
An ubuntu server version > 20 (VPS, physical machine,....) accessible from ssh root@IP address.
This setup process was tested on LXC ubuntu/focal.
@ -24,14 +40,14 @@ This setup process was tested on LXC ubuntu/focal.
snapd (snap --version) is already installed by default, need to install it if not ($ sudo apt install snap).
For your physical machine (only way to decentralize the control) see https://ubuntu.com/tutorials/install-ubuntu-server#1-overview
You can use any other linux distro but you need to write your own setup.js .If you do please send us your setup (support@apixpress.org) and we'll share to the community. Also, share other way to set up (other static web engine, apache, haproxy, ...). Less standardization means more security. You'll find the process install in models/Setup.js. It collects necessary data then run a bunch of command. We kept command line install for software we use in case their install process evolve before we can update this tuto. In case of any issue please contact any admin of an apiXtribe instance.
You can use any other linux distro but you need to write your own setup.js .If you do please send us your setup (support@apixpress.org) and we'll share to the community. Also, share other way to set up (other static web engine, apache, haproxy, ...). Less standardization means more security. You'll find the process install in models/Setup.js. It collects necessary data then run a bunch of command. We kept command line install for software we use in case their install process evolve before we can update this tuto. In case of any issue please contact any admin of an apXtrib instance.
## To add a town to a nation
---
**Parameter to anticipate**:
- nationName: you want to join (check it's rules) ex: ants nation. ..
- townName: as futur mayor choose a uniq town name, check https://apixtribe.crabdance.com to check existing town as a dev type 'devtown'.
- townName: as futur mayor choose a uniq town name, check https://apxtrib.crabdance.com to check existing town as a dev type 'devtown'.
- sudoerUser: linux user you want to use (will be sudoer) ex:phil or name of your town
if for prod:
- townIP: as futur mayor your public IP where your instance
@ -51,21 +67,21 @@ Create a safe user (with sudo access) in this example phil
passwd phil
usermod -aG sudo phil
sudo visudo
\# add the next line in the file
# add the next line in the file
phil ALL=(ALL) NOPASSWD: ALL
\# exit and save
# exit and save
sudo apt-get install git vim libcap2-bin p7zip-full p7zip-rar
\# Install last nvm** (check website to get latest v0.xx)
# Install last nvm** (check website to get latest v0.xx)
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash
nvm --version
\# if nvm not found then cc paste 3 last line : export NVM_DIR= ....
\# and recheck nvm --version
\# Install node/npm/yarn**
# if nvm not found then cc paste 3 last line : export NVM_DIR= ....
# and recheck nvm --version
# Install node/npm/yarn**
nvm install node
node --version #to check
npm install --global yarn
yarn --version
\# Allow a simple user to listen on port 80
# Allow a simple user to listen on port 80
sudo setcap cap_net_bind_service=+ep /usr/local/bin/node
```
**install nginx**
@ -139,10 +155,10 @@ $ yarn startpm2
Usefull command:
```
\# in DEV
# in DEV
yarn dev = "node apixpress.js" all is log in the terminal
\# in PRODUCTION
# in PRODUCTION
yarn pm2 info apixpress
yarn logpm2 = yarn pm2 logs apixpress --lines 400
@ -151,13 +167,13 @@ yarn pm2 monit apixpress
yarn startpm2 = yarn pm2 start apixpress.js --log-date-format 'DD-MM HH:mm:ss.SSS'
yarn stoppm2 = yarn pm2 stop apixpress.js
\#Process to autostart (usefull if the server crash this will restart pm2 process)
\# check apixpress is well started if not start it
#Process to autostart (usefull if the server crash this will restart pm2 process)
# check apixpress is well started if not start it
yarn pm2 list
yarn pm2 startup (if they are nothing saved it will provide a command line to run then run it)
sudo env PATH=$PATH:/home/phil/.nvm/versions/node/v17.3.0/bin /home/phil/workspace/apixpress/node_modules/pm2/bin/pm2 startup systemd -u phil --hp /home/phil
\# To stop autostart
# To stop autostart
yarn pm2 unstartup ; in case of error follow the command line provide like)
sudo env PATH=$PATH:/home/phil/.nvm/versions/node/v17.3.0/bin /home/phil/workspace/apixpress/node_modules/pm2/bin/pm2 unstartup systemd -u phil --hp /home/phil
@ -171,7 +187,7 @@ To access apiXpress Manager graphical user interface type: https://apixpress.dom
As dev you'll squeeze many steps, you can use this dev install to:
* understand how this works localy without to be connected to the blockchain (nationchains)
* add local tribe to dev plugin or website to allow your clients (tribe's druid) to show and validate with them what they request you to do.
* dev new features that you want to add to the apiXtribe community and earn Xcoin if the tech comitee valide your code
* dev new features that you want to add to the apXtrib community and earn Xcoin if the tech comitee valide your code
* Audit the code to highlight security fail and gain some Xcoin in our bounty challenge for any fail discover
* You can also try to pentest other towns to improve security

10
UsefullfreeDNS Normal file

@ -0,0 +1,10 @@
...
# Usefull freedns
Anonymous solution behind an email address for free. You can also register any domain and pay with bitcoin. Remember that to be anonyme on internet is nearly not possible. So as you know what to do to hide your identity behind your email or bitcoin public key, this solution is quiet simple.
(https://freedns.afraid.org/)[https://freedns.afraid.org/}]
![freeDNS dynamic link](img/freednsdynlink.png)
Test image

179
UsefulltricksubuntuServer Normal file

@ -0,0 +1,179 @@
# Machine d'installation ubuntu server type
Ubuntu server 22.04 LTS with an internet link to update the installer
Plug your machine on your network to get IP
Ubuntu server use /etc/netplan to parameter network
## Manage Hardware
```bash
# check HD conf
sudo lsblk -f
sudo fdisk -l
# in case of LVM
sudo vgdisplay
# if Free PE / Size then increase with
sudo lvextend -l +100%FREE /dev/ubuntu-vg/ubuntu-lv
sudo resize2fs /dev/mapper/ubuntu--vg-ubuntu--lv
check df -h # check that / increase properly
```
To remove partition and to create 1
```bash
sudo fdisk /dev/sdbx
# type d (interactive))
# n (to add a new partition answer question by default (extented to store data))
# at the end type w to save change
# to format
sudo mkfs.ext4 /dev/sdbx
#to rename label disk
sudo e2label /dev/sdxN my_label
#disks monut for user edifiance in / by disk uuid (get into lsblk -f)
sudo vim /etc/fstab #add this line per disk (to get user uid $id -u <username> to get gid $id -G <username>)
UUID=d9f51ab7-7be1-4a75-a218-c97c50d807f8 /home/edifiance/Backup0 ext4 umask=0077,gid=1001,uid=1001 0 1
#for mounting without rebooting
sudo mount -a
# liste of add fdisk -l (voir la liste des dd)
fdisk /dev/sdb
# delete an create one partition with a 2Tb format with:
mkfs.ext4 /dev/sdb1
#hd2T = espace disque de 2 Tera en root
mkdir /mnt/hdexterne
sudo vim /etc/fstab #addthis line
/dev/sdb1 /mnt/hdexterne ext4 defaults 0 1
#Check access right of the folder belong to the final user
sudo chown -R user:group B*
sudo chmod 662 -R B*
# authorize phil to access to the mount
# cmd id give back the uis and gid (ften the same)
id # connected with the relevant user
# instead of 1000 we add uid of the previous cmd
echo "root:1000:1" | sudo tee -a /etc/subuid /etc/subgid
#check cat /etc/subuid thzt we have root with uid of phil'
```
## Manage network
If multi ethernet card => chose the bonds option
/etc/netplan
```conf
# This is the network config written by 'subiquity'
network:
bonds:
bond0:
dhcp4: yes
routes:
- to: default
via: 192.168.1.1
interfaces:
- enp0s25
- enp2s0
parameters:
mode: balance-rr
ethernets:
enp0s25: {}
enp2s0: {}
version: 2
```
```bash
sudo netplan generate # process file from your yaml file
sudo netplan apply # apply it
```
Then into a container
```bash
# network address info
ip a
# check if host is reachable
ping gateway # check if gateway is accessible often 192.168.1.1
ping 8.8.8.8 # check if internet is accessible by ip (this is one of the dns of google)
ping www.google.com # check if dns transciption is available
```
## Manage linux server:
```bash
#set a time server
sudo apt install ntp
sudo timedatectl
sudo timedatectl set-timezone 'Europe/Paris'
# List running service on a machine (active or not)
systemctl --type=service
# To check status of service
systemectl status servicename
# restart stop load a service
systemctl start servicename
# Change hostname of a server do not use . or any other char than a-z A-Z 0-9 -
sudo hostnamectl set-hostname hill-ants
```
## Manage lxd lxc container
We use snapd to manage lxd
https://snapcraft.io/lxd
```bash
sudo snap install lxd
sudo adduser phil lxd
lxd init
Would you like to use LXD clustering? (yes/no) [default=no]:
Do you want to configure a new storage pool? (yes/no) [default=yes]:
Name of the new storage pool [default=default]: VMpool
Name of the storage backend to use (btrfs, dir, lvm, zfs, ceph) [default=zfs]: dir
Would you like to connect to a MAAS server? (yes/no) [default=no]:
Would you like to create a new local network bridge? (yes/no) [default=yes]:
What should the new bridge be called? [default=lxdbr0]:
What IPv4 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]:
What IPv6 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: none
Would you like LXD to be available over the network? (yes/no) [default=no]: yes
Would you like stale cached images to be updated automatically? (yes/no) [default=yes]
Would you like a YAML "lxd init" preseed to be printed? (yes/no) [default=no]:
lxc --help
lxc cmdname --help
# to get list of container
lxc list
# Show list of available VM
$ lxc image list images:debian ou ubuntu ...
# create a Nomcontainer into VMpool
lxc launch images:ubuntu/focal NomContainer --storage VMpool
# to access an ubuntu VM
lxc exec MonContainer -- sudo --login --user ubuntu
# To access an other distro
lxc exec NomContainer -- /bin/bash
# to debug into the host
journalctl -u LXD
# to debug into a Namecontainer
lxc info Namecontainer --show-log
Si pb de resolv.conf check if it is running (if not start it)
sudo systemctl status systemd-resolved.service
```
Pour réinitialiser le réseau on peut faire sudo dpkg-reconfigure -p medium lxd

BIN
img/freednsdynlink.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 476 KiB