claus · June 21, 2025 13:28 · Jun 1, 2020 · Jun 12, 2018 · Jun 12, 2018 · Apr 20, 2018
diff --git a/ipfs-server-setup.md b/ipfs-server-setup.md
@@ -113,7 +113,7 @@ Also add a `TXT` record for `example.com`, with the content `dnslink=/ipfs/QmaFr
 
 _Update the `TXT` record with the new multi-hash every time you change content in your website._
 
-![Digital Ocean DNS Settings](https://ipfs.wa.hle.rs/ipfs/QmPKFqVGGeuPRivgYB36N6j62SqNM1teqEYhNHALDS51Cm)
+![Digital Ocean DNS Settings](https://ipfs.io/ipfs/QmPKFqVGGeuPRivgYB36N6j62SqNM1teqEYhNHALDS51Cm)
 
 DNS records take a while to propagate, so be patient.
 

diff --git a/ipfs-server-setup.md b/ipfs-server-setup.md
@@ -236,3 +236,4 @@ Now if you go to `https://example.com`, you should see the website you added to
 ## Additional Info
 
 * [Safely running a public IPFS gateway using nginx](http://blog.klaehn.org/2018/06/08/running-ipfs-gateway/) (shows how to prevent download of arbitrary, non-endorsed content via your IPFS gateway)
+* [Publishing a blog on IPFS](http://blog.klaehn.org/2018/06/06/publish-blog-on-ipfs/) (Jekyll, posts hosted on GitHub, Travis CI)
diff --git a/ipfs-server-setup.md b/ipfs-server-setup.md
@@ -232,3 +232,7 @@ Now if you go to `https://example.com`, you should see the website you added to
 * [How To Install Nginx](https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-16-04)
 * [How To Secure Nginx with Let's Encrypt](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04)
 * [How To Host Multiple Node.js Applications On a Single VPS](https://www.digitalocean.com/community/tutorials/how-to-host-multiple-node-js-applications-on-a-single-vps-with-nginx-forever-and-crontab)
+
+## Additional Info
+
+* [Safely running a public IPFS gateway using nginx](http://blog.klaehn.org/2018/06/08/running-ipfs-gateway/) (shows how to prevent download of arbitrary, non-endorsed content via your IPFS gateway)
diff --git a/ipfs-server-setup.md b/ipfs-server-setup.md
@@ -13,11 +13,11 @@ apt-get update
 apt-get install tar wget
 ```
 
-Get the [latest IPFS binary](https://dist.ipfs.io/go-ipfs/v0.4.13/go-ipfs_v0.4.13_linux-amd64.tar.gz) and install it:
+Get the [latest IPFS binary](https://dist.ipfs.io/go-ipfs/v0.4.14/go-ipfs_v0.4.14_linux-amd64.tar.gz) and install it:
 
 ```sh
-wget https://dist.ipfs.io/go-ipfs/v0.4.13/go-ipfs_v0.4.13_linux-amd64.tar.gz
-tar xfv go-ipfs_v0.4.13_linux-amd64.tar.gz
+wget https://dist.ipfs.io/go-ipfs/v0.4.14/go-ipfs_v0.4.14_linux-amd64.tar.gz
+tar xfv go-ipfs_v0.4.14_linux-amd64.tar.gz
 cp go-ipfs/ipfs /usr/local/bin/
 ```
 

diff --git a/ipfs-server-setup.md b/ipfs-server-setup.md
@@ -57,7 +57,7 @@ Description=IPFS daemon
 [Service]
 User=ipfs
 Group=ipfs
-ExecStart=/usr/local/bin/ipfs daemon
+ExecStart=/usr/local/bin/ipfs daemon --enable-gc
 Restart=on-failure
 
 [Install]
@@ -225,24 +225,6 @@ This will run `certbot renew --quiet` every day at 3:15am. It checks if the cert
 
 Now if you go to `https://example.com`, you should see the website you added to IPFS above.
 
-## Periodically run IPFS garbage collector on your repo
-
-You should also instruct your server to periodically run the IPFS garbage collector on your repo. Your IPFS daemon will collect some dust over time and you only have so much disk space available, so that sounds like a good idea.
-
-This one should run under the ipfs user:
-
-```sh
-crontab -u ipfs -e
-```
-
-Add the following line to the end of the file:
-
-```
-0 5 * * * /usr/local/bin/ipfs repo gc -q
-```
-
-This will run `ipfs repo gc -q` every day at 5am.
-
 ## Sources
 
 * [Run IPFS latest on a VPS](https://ipfs.io/blog/22-run-ipfs-on-a-vps/)

diff --git a/ipfs-server-setup.md b/ipfs-server-setup.md
@@ -97,7 +97,7 @@ added Qmd9JiiVRTyyY1Tn2CWDLrkqqKFaMiwaAvAASTE88yyXAC <folder>/images
 added QmaFrmEDFJXnYJb9hCrKDGs8XVvSUALzhv297W3uP97v2Y <folder>
 ```
 
-Take note of the last hash (here: `QmaFrmED...`, yours will be different).
+Take note of the last multi-hash (here: `QmaFrmED...`, yours will be different).
 
 Your website is now added to IPFS. You can view it on the `ipfs.io` gateway now: `https://ipfs.io/ipfs/QmaFrmED...`. Or on your local one at `localhost:8080`. Or on any other gateway.
 
@@ -111,7 +111,7 @@ Add `A` records (and `AAAA` records if you want to support IPv6) for both your m
 
 Also add a `TXT` record for `example.com`, with the content `dnslink=/ipfs/QmaFrmED...`.
 
-_Update the `TXT` record every time you change content in your website._
+_Update the `TXT` record with the new multi-hash every time you change content in your website._
 
 ![Digital Ocean DNS Settings](https://ipfs.wa.hle.rs/ipfs/QmPKFqVGGeuPRivgYB36N6j62SqNM1teqEYhNHALDS51Cm)
 

diff --git a/ipfs-server-setup.md b/ipfs-server-setup.md
@@ -101,7 +101,7 @@ Take note of the last hash (here: `QmaFrmED...`, yours will be different).
 
 Your website is now added to IPFS. You can view it on the `ipfs.io` gateway now: `https://ipfs.io/ipfs/QmaFrmED...`. Or on your local one at `localhost:8080`. Or on any other gateway.
 
-Repeat this procedure every time you change content in your website.
+_Repeat this procedure every time you change content in your website._
 
 ## Set up DNS
 
@@ -111,14 +111,12 @@ Add `A` records (and `AAAA` records if you want to support IPv6) for both your m
 
 Also add a `TXT` record for `example.com`, with the content `dnslink=/ipfs/QmaFrmED...`.
 
+_Update the `TXT` record every time you change content in your website._
+
 ![Digital Ocean DNS Settings](https://ipfs.wa.hle.rs/ipfs/QmPKFqVGGeuPRivgYB36N6j62SqNM1teqEYhNHALDS51Cm)
 
 DNS records take a while to propagate, so be patient.
 
-## Update your website
-
-Your website will change over time, you might add or remove content. In order for IPFS to serve the new content, you have to repeat the procedure outlined in section "Add your website to IPFS" above (`ipfs add -r <path>` etc), and update your `TXT` DNS record with the new hash.
-
 ## Install nginx with Let's Encrypt SSL certs
 
 Log in as `root`.

diff --git a/ipfs-server-setup.md b/ipfs-server-setup.md
@@ -31,32 +31,7 @@ su ipfs
 Initialize IPFS:
 
 ```sh
-ipfs init
-```
-
-IPFS works by actively seeking nearby nodes to connect to, which is a good thing for performance and availability, particularly in home and office networks. This causes addresses in the networks to be dialed that may not be there. Unfortunately, some VPS providers incorrectly classify this as suspicious activity, and some even have blocked nodes for doing so. To avoid this, add two things to the config file:
-
-```sh
-# 1. disable mDNS discovery
-ipfs config --json Discovery.MDNS.Enabled false
-# 2. filter out local network addresses
-ipfs config --json Swarm.AddrFilters '[
-  "/ip4/10.0.0.0/ipcidr/8",
-  "/ip4/100.64.0.0/ipcidr/10",
-  "/ip4/169.254.0.0/ipcidr/16",
-  "/ip4/172.16.0.0/ipcidr/12",
-  "/ip4/192.0.0.0/ipcidr/24",
-  "/ip4/192.0.0.0/ipcidr/29",
-  "/ip4/192.0.0.8/ipcidr/32",
-  "/ip4/192.0.0.170/ipcidr/32",
-  "/ip4/192.0.0.171/ipcidr/32",
-  "/ip4/192.0.2.0/ipcidr/24",
-  "/ip4/192.168.0.0/ipcidr/16",
-  "/ip4/198.18.0.0/ipcidr/15",
-  "/ip4/198.51.100.0/ipcidr/24",
-  "/ip4/203.0.113.0/ipcidr/24",
-  "/ip4/240.0.0.0/ipcidr/4"
-]'
+ipfs init --profile=server
 ```
 
 Now you could start the IPFS daemon with `ipfs daemon &`, but what you really want is that it automatically starts when the server boots.

diff --git a/ipfs-server-setup.md b/ipfs-server-setup.md
@@ -142,7 +142,7 @@ DNS records take a while to propagate, so be patient.
 
 ## Update your website
 
-Your website will change over time, you might add or remove content. In order for ipfs to serve the new content, you have to repeat the procedure outlined in section "Add your website to IPFS" above (`ipfs add -r <path>` etc), and update your `TXT` DNS record with the new hash.
+Your website will change over time, you might add or remove content. In order for IPFS to serve the new content, you have to repeat the procedure outlined in section "Add your website to IPFS" above (`ipfs add -r <path>` etc), and update your `TXT` DNS record with the new hash.
 
 ## Install nginx with Let's Encrypt SSL certs
 

diff --git a/ipfs-server-setup.md b/ipfs-server-setup.md
@@ -252,7 +252,7 @@ This will run `certbot renew --quiet` every day at 3:15am. It checks if the cert
 
 Now if you go to `https://example.com`, you should see the website you added to IPFS above.
 
-## Run IPFS garbage collector on your repo
+## Periodically run IPFS garbage collector on your repo
 
 You should also instruct your server to periodically run the IPFS garbage collector on your repo. Your IPFS daemon will collect some dust over time and you only have so much disk space available, so that sounds like a good idea.
 

diff --git a/ipfs-server-setup.md b/ipfs-server-setup.md
@@ -254,9 +254,9 @@ Now if you go to `https://example.com`, you should see the website you added to
 
 ## Run IPFS garbage collector on your repo
 
-While you're at cronjobbing stuff, you can also instruct your server to periodically run the IPFS garbage collector on your repo. Your IPFS daemon will collect quite some dust over time and you only have so much disk space available, so that sounds like a good idea.
+You should also instruct your server to periodically run the IPFS garbage collector on your repo. Your IPFS daemon will collect some dust over time and you only have so much disk space available, so that sounds like a good idea.
 
-This cronjob should run under the ipfs user:
+This one should run under the ipfs user:
 
 ```sh
 crontab -u ipfs -e

diff --git a/ipfs-server-setup.md b/ipfs-server-setup.md
@@ -252,6 +252,24 @@ This will run `certbot renew --quiet` every day at 3:15am. It checks if the cert
 
 Now if you go to `https://example.com`, you should see the website you added to IPFS above.
 
+## Run IPFS garbage collector on your repo
+
+While you're at cronjobbing stuff, you can also instruct your server to periodically run the IPFS garbage collector on your repo. Your IPFS daemon will collect quite some dust over time and you only have so much disk space available, so that sounds like a good idea.
+
+This cronjob should run under the ipfs user:
+
+```sh
+crontab -u ipfs -e
+```
+
+Add the following line to the end of the file:
+
+```
+0 5 * * * /usr/local/bin/ipfs repo gc -q
+```
+
+This will run `ipfs repo gc -q` every day at 5am.
+
 ## Sources
 
 * [Run IPFS latest on a VPS](https://ipfs.io/blog/22-run-ipfs-on-a-vps/)

diff --git a/ipfs-server-setup.md b/ipfs-server-setup.md
@@ -124,21 +124,7 @@ added QmaFrmEDFJXnYJb9hCrKDGs8XVvSUALzhv297W3uP97v2Y <folder>
 
 Take note of the last hash (here: `QmaFrmED...`, yours will be different).
 
-Publish this to IPNS:
-
-```sh
-ipfs name publish QmaFrmEDFJXnYJb9hCrKDGs8XVvSUALzhv297W3uP97v2Y
-```
-
-After a few moments, you should see output similar to this:
-
-```
-Published to <peer-id>: /ipfs/QmaFrmEDFJXnYJb9hCrKDGs8XVvSUALzhv297W3uP97v2Y
-```
-
-Take note of your `<peer-id>`.
-
-Your website is now added to IPFS and published to IPNS under your IPFS node's peer ID. You can view your website on the `ipfs.io` gateway now: `https://ipfs.io/ipns/<peer-id>`. Or on any other gateway, like your local one at `localhost:8080`.
+Your website is now added to IPFS. You can view it on the `ipfs.io` gateway now: `https://ipfs.io/ipfs/QmaFrmED...`. Or on your local one at `localhost:8080`. Or on any other gateway.
 
 Repeat this procedure every time you change content in your website.
 
@@ -148,12 +134,16 @@ Go to `https://cloud.digitalocean.com/networking/domains/` and add your domain.
 
 Add `A` records (and `AAAA` records if you want to support IPv6) for both your main domain `example.com` and the subdomain `ipfs.example.com`. The latter will be proxied to your local IPFS gateway so that it is publicly accessible.
 
-Also add a `TXT` record for `example.com`, with the content `dnslink=/ipns/<peer-id>`.
+Also add a `TXT` record for `example.com`, with the content `dnslink=/ipfs/QmaFrmED...`.
 
-![https://ipfs.io/ipfs/QmYCmFJEf1ymT7yKUoJUznKbYgwoR2Qq2Sx4F3VAR9pEri](https://ipfs.io/ipfs/QmYCmFJEf1ymT7yKUoJUznKbYgwoR2Qq2Sx4F3VAR9pEri)
+![Digital Ocean DNS Settings](https://ipfs.wa.hle.rs/ipfs/QmPKFqVGGeuPRivgYB36N6j62SqNM1teqEYhNHALDS51Cm)
 
 DNS records take a while to propagate, so be patient.
 
+## Update your website
+
+Your website will change over time, you might add or remove content. In order for ipfs to serve the new content, you have to repeat the procedure outlined in section "Add your website to IPFS" above (`ipfs add -r <path>` etc), and update your `TXT` DNS record with the new hash.
+
 ## Install nginx with Let's Encrypt SSL certs
 
 Log in as `root`.

diff --git a/ipfs-server-setup.md b/ipfs-server-setup.md
@@ -1,6 +1,6 @@
 # Host Your Site Under Your Domain on IPFS
 
-This is a step-by-step tutorial for hosting your website under your domain on IPFS, from zero, on a DigitalOcean Ubuntu 16.04.3 x64 Droplet (i am using the $10 variant with 1GB RAM).
+This is a step-by-step tutorial for hosting your website under your domain on IPFS, from zero, on a DigitalOcean Ubuntu 16.04.3 x64 Droplet (i am using the $10 variant with 2GB RAM).
 
 ## Install IPFS
 
@@ -265,7 +265,7 @@ Now if you go to `https://example.com`, you should see the website you added to
 ## Sources
 
 * [Run IPFS latest on a VPS](https://ipfs.io/blog/22-run-ipfs-on-a-vps/)
-* [A short guide to hosting your site on ipfs](https://github.com/ipfs/examples/tree/master/examples/websites)
+* [A short guide to hosting your site on ipfs](https://ipfs.io/ipfs/QmRFTtbyEp3UaT67ByYW299Suw7HKKnWK6NJMdNFzDjYdX/websites/README.md)
 * [How To Install Nginx](https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-16-04)
 * [How To Secure Nginx with Let's Encrypt](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04)
 * [How To Host Multiple Node.js Applications On a Single VPS](https://www.digitalocean.com/community/tutorials/how-to-host-multiple-node-js-applications-on-a-single-vps-with-nginx-forever-and-crontab)
diff --git a/ipfs-server-setup.md b/ipfs-server-setup.md
@@ -13,11 +13,11 @@ apt-get update
 apt-get install tar wget
 ```
 
-Get the [latest IPFS binary](https://dist.ipfs.io/go-ipfs/v0.4.10/go-ipfs_v0.4.10_linux-amd64.tar.gz) and install it:
+Get the [latest IPFS binary](https://dist.ipfs.io/go-ipfs/v0.4.13/go-ipfs_v0.4.13_linux-amd64.tar.gz) and install it:
 
 ```sh
-wget https://dist.ipfs.io/go-ipfs/v0.4.10/go-ipfs_v0.4.10_linux-amd64.tar.gz
-tar xfv go-ipfs_v0.4.10_linux-amd64.tar.gz
+wget https://dist.ipfs.io/go-ipfs/v0.4.13/go-ipfs_v0.4.13_linux-amd64.tar.gz
+tar xfv go-ipfs_v0.4.13_linux-amd64.tar.gz
 cp go-ipfs/ipfs /usr/local/bin/
 ```
 

diff --git a/ipfs-server-setup.md b/ipfs-server-setup.md
@@ -138,7 +138,7 @@ Published to <peer-id>: /ipfs/QmaFrmEDFJXnYJb9hCrKDGs8XVvSUALzhv297W3uP97v2Y
 
 Take note of your `<peer-id>`.
 
-Your website is now added to IPFS and published to IPNS under your IPFS node's peer ID. You can view your website on the `ipfs.io` gateway now: [https://ipfs.io/ipns/<peer-id>](https://ipfs.io/ipns/QmPf59hQAHmQeaVcHmfmHqtBMFoJb2imKZCRDzx4GGFExk). Or on any other gateway, like your local one at `localhost:8080`.
+Your website is now added to IPFS and published to IPNS under your IPFS node's peer ID. You can view your website on the `ipfs.io` gateway now: `https://ipfs.io/ipns/<peer-id>`. Or on any other gateway, like your local one at `localhost:8080`.
 
 Repeat this procedure every time you change content in your website.
 

diff --git a/ipfs-server-setup.md b/ipfs-server-setup.md
@@ -1,4 +1,4 @@
-# Hosting Your Site Under Your Domain on IPFS
+# Host Your Site Under Your Domain on IPFS
 
 This is a step-by-step tutorial for hosting your website under your domain on IPFS, from zero, on a DigitalOcean Ubuntu 16.04.3 x64 Droplet (i am using the $10 variant with 1GB RAM).
 

diff --git a/ipfs-server-setup.md b/ipfs-server-setup.md
@@ -1,6 +1,6 @@
 # Hosting Your Site Under Your Domain on IPFS
 
-This is a step-by-step tutorial for hosting your website under your domain on IPFS, from zero on a DigitalOcean Ubuntu 16.04.3 x64 Droplet (i am using the $10 variant with 1GB RAM).
+This is a step-by-step tutorial for hosting your website under your domain on IPFS, from zero, on a DigitalOcean Ubuntu 16.04.3 x64 Droplet (i am using the $10 variant with 1GB RAM).
 
 ## Install IPFS
 

diff --git a/ipfs-server-setup.md b/ipfs-server-setup.md
@@ -1,3 +1,7 @@
+# Hosting Your Site Under Your Domain on IPFS
+
+This is a step-by-step tutorial for hosting your website under your domain on IPFS, from zero on a DigitalOcean Ubuntu 16.04.3 x64 Droplet (i am using the $10 variant with 1GB RAM).
+
 ## Install IPFS
 
 Log in as root.

diff --git a/ipfs-server-setup.md b/ipfs-server-setup.md
@@ -223,7 +223,11 @@ openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
 Include this file somewhere in the `server` block of your nginx configuration `/etc/nginx/sites-available/default`, like this:
 
 ```
-ssl_dhparam /etc/ssl/certs/dhparam.pem;
+server {
+    ...
+    ssl_dhparam /etc/ssl/certs/dhparam.pem;
+    ...
+}
 ```
 
 Again, test your configuration:

diff --git a/ipfs-server-setup.md b/ipfs-server-setup.md
@@ -256,6 +256,7 @@ Now if you go to `https://example.com`, you should see the website you added to
 
 ## Sources
 
+* [Run IPFS latest on a VPS](https://ipfs.io/blog/22-run-ipfs-on-a-vps/)
 * [A short guide to hosting your site on ipfs](https://github.com/ipfs/examples/tree/master/examples/websites)
 * [How To Install Nginx](https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-16-04)
 * [How To Secure Nginx with Let's Encrypt](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04)

diff --git a/ipfs-server-setup.md b/ipfs-server-setup.md
@@ -256,7 +256,7 @@ Now if you go to `https://example.com`, you should see the website you added to
 
 ## Sources
 
-[A short guide to hosting your site on ipfs](https://github.com/ipfs/examples/tree/master/examples/websites)
-[How To Install Nginx](https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-16-04)
-[How To Secure Nginx with Let's Encrypt](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04)
-[How To Host Multiple Node.js Applications On a Single VPS](https://www.digitalocean.com/community/tutorials/how-to-host-multiple-node-js-applications-on-a-single-vps-with-nginx-forever-and-crontab)
+* [A short guide to hosting your site on ipfs](https://github.com/ipfs/examples/tree/master/examples/websites)
+* [How To Install Nginx](https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-16-04)
+* [How To Secure Nginx with Let's Encrypt](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04)
+* [How To Host Multiple Node.js Applications On a Single VPS](https://www.digitalocean.com/community/tutorials/how-to-host-multiple-node-js-applications-on-a-single-vps-with-nginx-forever-and-crontab)
diff --git a/ipfs-server-setup.md b/ipfs-server-setup.md
@@ -253,3 +253,10 @@ Add the following line to the end of the file:
 This will run `certbot renew --quiet` every day at 3:15am. It checks if the certificates expire soon (in 30 days or less), and if they do, renews them.
 
 Now if you go to `https://example.com`, you should see the website you added to IPFS above.
+
+## Sources
+
+[A short guide to hosting your site on ipfs](https://github.com/ipfs/examples/tree/master/examples/websites)
+[How To Install Nginx](https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-16-04)
+[How To Secure Nginx with Let's Encrypt](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04)
+[How To Host Multiple Node.js Applications On a Single VPS](https://www.digitalocean.com/community/tutorials/how-to-host-multiple-node-js-applications-on-a-single-vps-with-nginx-forever-and-crontab)
diff --git a/ipfs-server-setup.md b/ipfs-server-setup.md
@@ -165,22 +165,22 @@ Edit `/etc/nginx/sites-available/default`. Change its contents to this:
 
 ```
 server {
-	server_name example.com ipfs.example.com;
-	server_tokens off;
+    server_name example.com ipfs.example.com;
+    server_tokens off;
 
-	listen 80;
-	listen [::]:80;
+    listen 80;
+    listen [::]:80;
     listen 443 ssl;
     listen [::]:443 ssl;
 
-	location / {
-            proxy_pass http://localhost:8080;
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection 'upgrade';
-            proxy_set_header Host $host;
-            proxy_cache_bypass $http_upgrade;
-	}
+    location / {
+        proxy_pass http://localhost:8080;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_cache_bypass $http_upgrade;
+    }
 }
 ```
 

diff --git a/ipfs-server-setup.sh → ipfs-server-setup.md b/ipfs-server-setup.sh → ipfs-server-setup.md
diff --git a/ipfs-server-setup.sh b/ipfs-server-setup.sh
@@ -0,0 +1,255 @@
+## Install IPFS
+
+Log in as root.
+
+First, make sure the system is up to date, and install `tar` and `wget`:
+
+```sh
+apt-get update
+apt-get install tar wget
+```
+
+Get the [latest IPFS binary](https://dist.ipfs.io/go-ipfs/v0.4.10/go-ipfs_v0.4.10_linux-amd64.tar.gz) and install it:
+
+```sh
+wget https://dist.ipfs.io/go-ipfs/v0.4.10/go-ipfs_v0.4.10_linux-amd64.tar.gz
+tar xfv go-ipfs_v0.4.10_linux-amd64.tar.gz
+cp go-ipfs/ipfs /usr/local/bin/
+```
+
+It’s usually not a good idea to run a public-facing service as root. So create a new user account to run IPFS and switch to it:
+
+```sh
+adduser ipfs
+su ipfs
+```
+
+Initialize IPFS:
+
+```sh
+ipfs init
+```
+
+IPFS works by actively seeking nearby nodes to connect to, which is a good thing for performance and availability, particularly in home and office networks. This causes addresses in the networks to be dialed that may not be there. Unfortunately, some VPS providers incorrectly classify this as suspicious activity, and some even have blocked nodes for doing so. To avoid this, add two things to the config file:
+
+```sh
+# 1. disable mDNS discovery
+ipfs config --json Discovery.MDNS.Enabled false
+# 2. filter out local network addresses
+ipfs config --json Swarm.AddrFilters '[
+  "/ip4/10.0.0.0/ipcidr/8",
+  "/ip4/100.64.0.0/ipcidr/10",
+  "/ip4/169.254.0.0/ipcidr/16",
+  "/ip4/172.16.0.0/ipcidr/12",
+  "/ip4/192.0.0.0/ipcidr/24",
+  "/ip4/192.0.0.0/ipcidr/29",
+  "/ip4/192.0.0.8/ipcidr/32",
+  "/ip4/192.0.0.170/ipcidr/32",
+  "/ip4/192.0.0.171/ipcidr/32",
+  "/ip4/192.0.2.0/ipcidr/24",
+  "/ip4/192.168.0.0/ipcidr/16",
+  "/ip4/198.18.0.0/ipcidr/15",
+  "/ip4/198.51.100.0/ipcidr/24",
+  "/ip4/203.0.113.0/ipcidr/24",
+  "/ip4/240.0.0.0/ipcidr/4"
+]'
+```
+
+Now you could start the IPFS daemon with `ipfs daemon &`, but what you really want is that it automatically starts when the server boots.
+
+Switch back to the `root` user:
+
+```sh
+exit
+```
+
+Allow the `ipfs` user to run long-running services by enabling user lingering for that user:
+
+```sh
+loginctl enable-linger ipfs
+```
+
+Create the file `/etc/systemd/system/ipfs.service` with this content:
+
+```
+[Unit]
+Description=IPFS daemon
+
+[Service]
+User=ipfs
+Group=ipfs
+ExecStart=/usr/local/bin/ipfs daemon
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+```
+
+Enable and start the service:
+
+```sh
+systemctl enable ipfs
+systemctl start ipfs
+```
+
+Now IPFS should be up and running, and start when the server boots.
+
+You should see peers pouring in:
+
+```sh
+su ipfs
+ipfs swarm peers
+```
+
+## Add your website to IPFS
+
+Now that you have IPFS running on your server, add your website.
+
+```sh
+ipfs add -r <path>
+```
+
+This adds all contents of the folder at `<path>` to IPFS, recursively. You should see output similar to this:
+
+```
+added QmcrBxpSJ8if6Uy7yZbtyXXsPuUmvT5KKfZKQi39kVJ5aW <folder>/images/fritz.png
+added QmauwH6KDTGaTeAdQJbW9wZEGczjzSu9EceeasPUXo2qz9 <folder>/index.html
+added Qmd9JiiVRTyyY1Tn2CWDLrkqqKFaMiwaAvAASTE88yyXAC <folder>/images
+added QmaFrmEDFJXnYJb9hCrKDGs8XVvSUALzhv297W3uP97v2Y <folder>
+```
+
+Take note of the last hash (here: `QmaFrmED...`, yours will be different).
+
+Publish this to IPNS:
+
+```sh
+ipfs name publish QmaFrmEDFJXnYJb9hCrKDGs8XVvSUALzhv297W3uP97v2Y
+```
+
+After a few moments, you should see output similar to this:
+
+```
+Published to <peer-id>: /ipfs/QmaFrmEDFJXnYJb9hCrKDGs8XVvSUALzhv297W3uP97v2Y
+```
+
+Take note of your `<peer-id>`.
+
+Your website is now added to IPFS and published to IPNS under your IPFS node's peer ID. You can view your website on the `ipfs.io` gateway now: [https://ipfs.io/ipns/<peer-id>](https://ipfs.io/ipns/QmPf59hQAHmQeaVcHmfmHqtBMFoJb2imKZCRDzx4GGFExk). Or on any other gateway, like your local one at `localhost:8080`.
+
+Repeat this procedure every time you change content in your website.
+
+## Set up DNS
+
+Go to `https://cloud.digitalocean.com/networking/domains/` and add your domain. Below we assume this domain is `example.com`, just replace that with you actual domain.
+
+Add `A` records (and `AAAA` records if you want to support IPv6) for both your main domain `example.com` and the subdomain `ipfs.example.com`. The latter will be proxied to your local IPFS gateway so that it is publicly accessible.
+
+Also add a `TXT` record for `example.com`, with the content `dnslink=/ipns/<peer-id>`.
+
+![https://ipfs.io/ipfs/QmYCmFJEf1ymT7yKUoJUznKbYgwoR2Qq2Sx4F3VAR9pEri](https://ipfs.io/ipfs/QmYCmFJEf1ymT7yKUoJUznKbYgwoR2Qq2Sx4F3VAR9pEri)
+
+DNS records take a while to propagate, so be patient.
+
+## Install nginx with Let's Encrypt SSL certs
+
+Log in as `root`.
+
+Make sure the system is up to date, and install `nginx`:
+
+```sh
+apt-get update
+apt-get install nginx
+```
+
+Edit `/etc/nginx/sites-available/default`. Change its contents to this:
+
+```
+server {
+	server_name example.com ipfs.example.com;
+	server_tokens off;
+
+	listen 80;
+	listen [::]:80;
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+	location / {
+            proxy_pass http://localhost:8080;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection 'upgrade';
+            proxy_set_header Host $host;
+            proxy_cache_bypass $http_upgrade;
+	}
+}
+```
+
+This will proxy all requests to `example.com` and `ipfs.example.com` to your IPFS gateway running at `localhost:8080`.
+
+Test your configuration:
+
+```sh
+nginx -t
+```
+
+If everything is okay, reload nginx:
+
+```sh
+systemctl reload nginx
+```
+
+Install Certbot:
+
+```sh
+add-apt-repository ppa:certbot/certbot
+apt-get update
+apt-get install python-certbot-nginx
+```
+
+Run Certbot to get your SSL certificates. Certbot supports nginx, and will update your configuration file automatically.
+
+```sh
+certbot --nginx -d example.com -d ipfs.example.com
+```
+
+Certbot will ask you to choose whether HTTPS access is required or optional (select the `Secure` option).
+
+To harden security, update Diffie-Hellman parameters:
+
+```sh
+openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
+```
+
+Include this file somewhere in the `server` block of your nginx configuration `/etc/nginx/sites-available/default`, like this:
+
+```
+ssl_dhparam /etc/ssl/certs/dhparam.pem;
+```
+
+Again, test your configuration:
+
+```sh
+nginx -t
+```
+
+If everything is okay, reload nginx:
+
+```sh
+systemctl reload nginx
+```
+
+Let's Encrypt certificates expire after 90 days, so you should have means in place to update them automatically. Crontabs are a good way to do that:
+
+```sh
+crontab -e
+```
+
+Add the following line to the end of the file:
+
+```
+15 3 * * * /usr/bin/certbot renew --quiet
+```
+
+This will run `certbot renew --quiet` every day at 3:15am. It checks if the certificates expire soon (in 30 days or less), and if they do, renews them.
+
+Now if you go to `https://example.com`, you should see the website you added to IPFS above.