# Host Your Site Under Your Domain on IPFS

This is a step-by-step tutorial for hosting your website under your domain on IPFS, from zero, on a DigitalOcean Ubuntu 16.04.3 x64 Droplet (i am using the $10 variant with 2GB RAM).

## Install IPFS

Log in as root.

First, make sure the system is up to date, and install `tar` and `wget`:

```sh
apt-get update
apt-get install tar wget
```

Get the [latest IPFS binary](https://dist.ipfs.io/go-ipfs/v0.4.14/go-ipfs_v0.4.14_linux-amd64.tar.gz) and install it:

```sh
wget https://dist.ipfs.io/go-ipfs/v0.4.14/go-ipfs_v0.4.14_linux-amd64.tar.gz
tar xfv go-ipfs_v0.4.14_linux-amd64.tar.gz
cp go-ipfs/ipfs /usr/local/bin/
```

It’s usually not a good idea to run a public-facing service as root. So create a new user account to run IPFS and switch to it:

```sh
adduser ipfs
su ipfs
```

Initialize IPFS:

```sh
ipfs init --profile=server
```

Now you could start the IPFS daemon with `ipfs daemon &`, but what you really want is that it automatically starts when the server boots.

Switch back to the `root` user:

```sh
exit
```

Allow the `ipfs` user to run long-running services by enabling user lingering for that user:

```sh
loginctl enable-linger ipfs
```

Create the file `/etc/systemd/system/ipfs.service` with this content:

```
[Unit]
Description=IPFS daemon

[Service]
User=ipfs
Group=ipfs
ExecStart=/usr/local/bin/ipfs daemon --enable-gc
Restart=on-failure

[Install]
WantedBy=multi-user.target
```

Enable and start the service:

```sh
systemctl enable ipfs
systemctl start ipfs
```

Now IPFS should be up and running, and start when the server boots.

You should see peers pouring in:

```sh
su ipfs
ipfs swarm peers
```

## Add your website to IPFS

Now that you have IPFS running on your server, add your website.

```sh
ipfs add -r <path>
```

This adds all contents of the folder at `<path>` to IPFS, recursively. You should see output similar to this:

```
added QmcrBxpSJ8if6Uy7yZbtyXXsPuUmvT5KKfZKQi39kVJ5aW <folder>/images/fritz.png
added QmauwH6KDTGaTeAdQJbW9wZEGczjzSu9EceeasPUXo2qz9 <folder>/index.html
added Qmd9JiiVRTyyY1Tn2CWDLrkqqKFaMiwaAvAASTE88yyXAC <folder>/images
added QmaFrmEDFJXnYJb9hCrKDGs8XVvSUALzhv297W3uP97v2Y <folder>
```

Take note of the last multi-hash (here: `QmaFrmED...`, yours will be different).

Your website is now added to IPFS. You can view it on the `ipfs.io` gateway now: `https://ipfs.io/ipfs/QmaFrmED...`. Or on your local one at `localhost:8080`. Or on any other gateway.

_Repeat this procedure every time you change content in your website._

## Set up DNS

Go to `https://cloud.digitalocean.com/networking/domains/` and add your domain. Below we assume this domain is `example.com`, just replace that with you actual domain.

Add `A` records (and `AAAA` records if you want to support IPv6) for both your main domain `example.com` and the subdomain `ipfs.example.com`. The latter will be proxied to your local IPFS gateway so that it is publicly accessible.

Also add a `TXT` record for `example.com`, with the content `dnslink=/ipfs/QmaFrmED...`.

_Update the `TXT` record with the new multi-hash every time you change content in your website._

![Digital Ocean DNS Settings](https://ipfs.io/ipfs/QmPKFqVGGeuPRivgYB36N6j62SqNM1teqEYhNHALDS51Cm)

DNS records take a while to propagate, so be patient.

## Install nginx with Let's Encrypt SSL certs

Log in as `root`.

Make sure the system is up to date, and install `nginx`:

```sh
apt-get update
apt-get install nginx
```

Edit `/etc/nginx/sites-available/default`. Change its contents to this:

```
server {
    server_name example.com ipfs.example.com;
    server_tokens off;

    listen 80;
    listen [::]:80;
    listen 443 ssl;
    listen [::]:443 ssl;

    location / {
        proxy_pass http://localhost:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}
```

This will proxy all requests to `example.com` and `ipfs.example.com` to your IPFS gateway running at `localhost:8080`.

Test your configuration:

```sh
nginx -t
```

If everything is okay, reload nginx:

```sh
systemctl reload nginx
```

Install Certbot:

```sh
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install python-certbot-nginx
```

Run Certbot to get your SSL certificates. Certbot supports nginx, and will update your configuration file automatically.

```sh
certbot --nginx -d example.com -d ipfs.example.com
```

Certbot will ask you to choose whether HTTPS access is required or optional (select the `Secure` option).

To harden security, update Diffie-Hellman parameters:

```sh
openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
```

Include this file somewhere in the `server` block of your nginx configuration `/etc/nginx/sites-available/default`, like this:

```
server {
    ...
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ...
}
```

Again, test your configuration:

```sh
nginx -t
```

If everything is okay, reload nginx:

```sh
systemctl reload nginx
```

Let's Encrypt certificates expire after 90 days, so you should have means in place to update them automatically. Crontabs are a good way to do that:

```sh
crontab -e
```

Add the following line to the end of the file:

```
15 3 * * * /usr/bin/certbot renew --quiet
```

This will run `certbot renew --quiet` every day at 3:15am. It checks if the certificates expire soon (in 30 days or less), and if they do, renews them.

Now if you go to `https://example.com`, you should see the website you added to IPFS above.

## Sources

* [Run IPFS latest on a VPS](https://ipfs.io/blog/22-run-ipfs-on-a-vps/)
* [A short guide to hosting your site on ipfs](https://ipfs.io/ipfs/QmRFTtbyEp3UaT67ByYW299Suw7HKKnWK6NJMdNFzDjYdX/websites/README.md)
* [How To Install Nginx](https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-16-04)
* [How To Secure Nginx with Let's Encrypt](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04)
* [How To Host Multiple Node.js Applications On a Single VPS](https://www.digitalocean.com/community/tutorials/how-to-host-multiple-node-js-applications-on-a-single-vps-with-nginx-forever-and-crontab)

## Additional Info

* [Safely running a public IPFS gateway using nginx](http://blog.klaehn.org/2018/06/08/running-ipfs-gateway/) (shows how to prevent download of arbitrary, non-endorsed content via your IPFS gateway)
* [Publishing a blog on IPFS](http://blog.klaehn.org/2018/06/06/publish-blog-on-ipfs/) (Jekyll, posts hosted on GitHub, Travis CI)