Log in as root.
First, make sure the system is up to date, and install tar and wget:
apt-get update
apt-get install tar wgetGet the latest IPFS binary and install it:
wget https://dist.ipfs.io/go-ipfs/v0.4.10/go-ipfs_v0.4.10_linux-amd64.tar.gz
tar xfv go-ipfs_v0.4.10_linux-amd64.tar.gz
cp go-ipfs/ipfs /usr/local/bin/It’s usually not a good idea to run a public-facing service as root. So create a new user account to run IPFS and switch to it:
adduser ipfs
su ipfsInitialize IPFS:
ipfs initIPFS works by actively seeking nearby nodes to connect to, which is a good thing for performance and availability, particularly in home and office networks. This causes addresses in the networks to be dialed that may not be there. Unfortunately, some VPS providers incorrectly classify this as suspicious activity, and some even have blocked nodes for doing so. To avoid this, add two things to the config file:
# 1. disable mDNS discovery
ipfs config --json Discovery.MDNS.Enabled false
# 2. filter out local network addresses
ipfs config --json Swarm.AddrFilters '[
"/ip4/10.0.0.0/ipcidr/8",
"/ip4/100.64.0.0/ipcidr/10",
"/ip4/169.254.0.0/ipcidr/16",
"/ip4/172.16.0.0/ipcidr/12",
"/ip4/192.0.0.0/ipcidr/24",
"/ip4/192.0.0.0/ipcidr/29",
"/ip4/192.0.0.8/ipcidr/32",
"/ip4/192.0.0.170/ipcidr/32",
"/ip4/192.0.0.171/ipcidr/32",
"/ip4/192.0.2.0/ipcidr/24",
"/ip4/192.168.0.0/ipcidr/16",
"/ip4/198.18.0.0/ipcidr/15",
"/ip4/198.51.100.0/ipcidr/24",
"/ip4/203.0.113.0/ipcidr/24",
"/ip4/240.0.0.0/ipcidr/4"
]'Now you could start the IPFS daemon with ipfs daemon &, but what you really want is that it automatically starts when the server boots.
Switch back to the root user:
exitAllow the ipfs user to run long-running services by enabling user lingering for that user:
loginctl enable-linger ipfsCreate the file /etc/systemd/system/ipfs.service with this content:
[Unit]
Description=IPFS daemon
[Service]
User=ipfs
Group=ipfs
ExecStart=/usr/local/bin/ipfs daemon
Restart=on-failure
[Install]
WantedBy=multi-user.target
Enable and start the service:
systemctl enable ipfs
systemctl start ipfsNow IPFS should be up and running, and start when the server boots.
You should see peers pouring in:
su ipfs
ipfs swarm peersNow that you have IPFS running on your server, add your website.
ipfs add -r <path>This adds all contents of the folder at <path> to IPFS, recursively. You should see output similar to this:
added QmcrBxpSJ8if6Uy7yZbtyXXsPuUmvT5KKfZKQi39kVJ5aW <folder>/images/fritz.png
added QmauwH6KDTGaTeAdQJbW9wZEGczjzSu9EceeasPUXo2qz9 <folder>/index.html
added Qmd9JiiVRTyyY1Tn2CWDLrkqqKFaMiwaAvAASTE88yyXAC <folder>/images
added QmaFrmEDFJXnYJb9hCrKDGs8XVvSUALzhv297W3uP97v2Y <folder>
Take note of the last hash (here: QmaFrmED..., yours will be different).
Publish this to IPNS:
ipfs name publish QmaFrmEDFJXnYJb9hCrKDGs8XVvSUALzhv297W3uP97v2YAfter a few moments, you should see output similar to this:
Published to <peer-id>: /ipfs/QmaFrmEDFJXnYJb9hCrKDGs8XVvSUALzhv297W3uP97v2Y
Take note of your <peer-id>.
Your website is now added to IPFS and published to IPNS under your IPFS node's peer ID. You can view your website on the ipfs.io gateway now: https://ipfs.io/ipns/. Or on any other gateway, like your local one at localhost:8080.
Repeat this procedure every time you change content in your website.
Go to https://cloud.digitalocean.com/networking/domains/ and add your domain. Below we assume this domain is example.com, just replace that with you actual domain.
Add A records (and AAAA records if you want to support IPv6) for both your main domain example.com and the subdomain ipfs.example.com. The latter will be proxied to your local IPFS gateway so that it is publicly accessible.
Also add a TXT record for example.com, with the content dnslink=/ipns/<peer-id>.
DNS records take a while to propagate, so be patient.
Log in as root.
Make sure the system is up to date, and install nginx:
apt-get update
apt-get install nginxEdit /etc/nginx/sites-available/default. Change its contents to this:
server {
server_name example.com ipfs.example.com;
server_tokens off;
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
This will proxy all requests to example.com and ipfs.example.com to your IPFS gateway running at localhost:8080.
Test your configuration:
nginx -tIf everything is okay, reload nginx:
systemctl reload nginxInstall Certbot:
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install python-certbot-nginxRun Certbot to get your SSL certificates. Certbot supports nginx, and will update your configuration file automatically.
certbot --nginx -d example.com -d ipfs.example.comCertbot will ask you to choose whether HTTPS access is required or optional (select the Secure option).
To harden security, update Diffie-Hellman parameters:
openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048Include this file somewhere in the server block of your nginx configuration /etc/nginx/sites-available/default, like this:
ssl_dhparam /etc/ssl/certs/dhparam.pem;
Again, test your configuration:
nginx -tIf everything is okay, reload nginx:
systemctl reload nginxLet's Encrypt certificates expire after 90 days, so you should have means in place to update them automatically. Crontabs are a good way to do that:
crontab -eAdd the following line to the end of the file:
15 3 * * * /usr/bin/certbot renew --quiet
This will run certbot renew --quiet every day at 3:15am. It checks if the certificates expire soon (in 30 days or less), and if they do, renews them.
Now if you go to https://example.com, you should see the website you added to IPFS above.
This is awesome, thanks for sharing!