Solid Wiki Journal

Home

Set up Node Solid Server (NSS) [1] [2]

Server

This setup runs on a Ubuntu 18.04.3 LTS server. I assume any Operating System capable of running Node.js and Apache2 should also work. Start by installing Node.js and npm by following this guide.

sudo apt-get install curl software-properties-common
curl -sL https://deb.nodesource.com/setup_13.x | sudo bash -
sudo apt-get install nodejs
node -v
npm -v

Now install Apache2.

sudo apt-get update
sudo apt-get install apache2

Finally, install the Node Solid Server on the host machine.

sudo npm install -g solid-server

That’s it. Technically you can already start the NSS. To do so, move to a directory you want the server to serve form (ex. cd ~ ) and start the server solid start --port 8443. If the IP and Port are reachable over the internet or your network, you should be able to reach it here http://public.server.ip:port. Stop the server by typing Ctrl+C into the terminal.

Domain Name Configuration

As already mentioned, the server should be reachable over the internet. IP addresses are hard to remember and also subject to change. Therefore, set up a domain to forward all requests to the desired IP address. Before you can start configuring the domain name service, you must have a domain name that you can purchase from a domain name provider.

Log in to the domain management tool of the domain name provider. For this setup, we register three subdomains — first, blog.example.com for our blog. Secondly, solid.example.com for our NSS and thirdly since we set up NSS in multiuser mode, also create a wildcard subdomain *.solid.example.com. Once created, configure all domains and subdomains to forward requests to the servers IP address.

On Linux, you can test your DNS configuration by running host blog.example.com.

Wildcard Certificate

To create a wildcard certificate with Let’s Encrypt, run the following commands.

wget https://dl.eff.org/certbot-auto
mv certbot-auto /usr/local/bin/certbot-auto

./certbot-auto certonly \
    --manual \
    --preferred-challenges=dns \
    --server https://acme-v02.api.letsencrypt.org/directory \
    --agree-tos \
    -d example.com \
    -d *.example.com \
    -d *.solid.example.com

Because of the DNS Challenge, you will be prompted to create a TXT record.

sudo chmod -R 755 live/ -R
sudo chmod -R 755 archive/ -R

Apache Reverse Proxy

Enable Apache Modules

Enable the modules, by creating the following symlinks: ssl.conf, ssl.load, proxy.conf, proxy.load, proxy_html.conf, proxy_html.load, proxy_http.conf, proxy_http.load, rewrite.load, socache_shmcb.load.

cd /etc/apache2/mods-enabled
ln -s ../mods-available/ssl.conf ssl.conf
ln -s ../mods-available/ssl.load ssl.load
ln -s ../mods-available/proxy.conf proxy.conf
ln -s ../mods-available/proxy.load proxy.load
ln -s ../mods-available/proxy_html.conf proxy_html.conf
ln -s ../mods-available/proxy_html.load proxy_html.load
ln -s ../mods-available/proxy_http.conf proxy_http.conf
ln -s ../mods-available/proxy_http.load proxy_http.load 
ln -s ../mods-available/rewrite.load rewrite.load 
ln -s ../mods-available/socache_shmcb.load socache_shmcb.load 

Configure Apache Virtual Host

Now configure Apache2 to redirect all incoming HTTP request to HTTPS by defining the rewrite condition and rule. The [R=301] flag causes an HTTP 301 Moved Permanently redirect to be issued to the user agent. The [L] flag causes to stop processing the ruleset. This means that if the rule matches, no further rules will be processed.

edit /etc/apache2/sites-available/000-default.conf as follows.

<VirtualHost *:80>
      RewriteEngine On
      RewriteCond %{HTTPS} off
      RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>
 
<VirtualHost *:443>
      ServerName example.com
      DocumentRoot /var/www/journal      
 
      SSLEngine On 
      SSLProxyEngine On      
      SSLProxyVerify None
 
 
      SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
      SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
      SSLCertificateChainFile /etc/letsencrypt/live/example.com/fullchain.pem      
</VirtualHost>      
 
<VirtualHost *:443>
      ServerName solid.example.com
      DocumentRoot /var/www/solid.example.com 
 
      SSLEngine On 
      SSLProxyEngine On      
      SSLProxyVerify None
      SSLProxyCheckPeerCN Off      
      SSLProxyCheckPeerExpire Off
      ProxyPreserveHost On

      SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
      SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
      SSLCertificateChainFile /etc/letsencrypt/live/example.com/fullchain.pem

      ProxyPass / https://localhost:8443/
      ProxyPassReverse / https://localhost:8443/
</VirtualHost>

<VirtualHost *:443>
      ServerAlias *.solid.example.com

      SSLEngine On
      SSLProxyEngine On
      SSLProxyVerify None 
      SSLProxyCheckPeerExpire Off
      ProxyPreserveHost On

      SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
      SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
      SSLCertificateChainFile /etc/letsencrypt/live/example.com/fullchain.pem

      ProxyPass / https://localhost:8443/
      ProxyPassReverse / https://localhost:8443/
</VirtualHost>

If you want to prevent the server form listing directories edit /etc/apache2/apache2.conf as follows [3].

<Directory /var/www/>
        # Options Indexes FollowSymLinks
        # https://www.techrepublic.com/article/how-to-make-apache-more-secure-by-hiding-directory-folders/
        Options  FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

Restart the service.

sudo service apache2 restart 

Node Solid Server Configuration

/var/www/solid.example.com/config.json is the configuration file for NSS. Edit the JSON file directly or use solid init to be walked thought by the CLI.

{
  "root": "/var/www/solid.example.com/data",
  "port": "8443",
  "serverUri": "https://solid.example.com",
  "webid": true,
  "mount": "/",
  "configPath": "/var/www/solid.example.com/config",
  "configFile": "/var/www/solid.example.com/config.json",
  "dbPath": "/var/www/solid.example.com/.db",
  "sslKey": "/etc/letsencrypt/live/example.com/privkey.pem",
  "sslCert": "/etc/letsencrypt/live/example.com/fullchain.pem",
  "multiuser": true,
  "enforceToc": true,
  "disablePasswordChecks": false,
  "enforceToc": false,
  "supportEmail": "",
  "server": {
    "name": "solid.example.com",
    "description": "",
    "logo": ""
  }
}

Node Solid Server Systemd Service

Create a new user called solid, which is part of the group www-data.

 adduser --system --ingroup www-data --no-create-home solid

Create a Systemd service unit configuration. edit /lib/systemd/system/solid.service

[Unit]
Description=solid - Social Linked Data
Documentation=https://solid.inrupt.com/docs/
After=network.target

[Service]
Type=simple
User=solid
WorkingDirectory=/var/www/your.host.example.org
ExecStart=/usr/bin/solid start
Restart=on-failure

[Install]
WantedBy=multi-user.target

The only things left to do is create a symlink of the Systemd service, change the owner of the folder and start the Solid service.

ln -s /lib/systemd/system/solid.service /etc/systemd/system/multi-user.target.wants/
chown solid:www-data /var/www/your.host.example.org/ -R 
sudo service solid restart 

References

[1] “Installing and running node solid server.” [Online]. Available: https://solid.inrupt.com/docs/installing-running-nss.

[2] “Setting up a pod server.” [Online]. Available: https://solidproject.org/for-developers/pod-server.

[3] J. Wallen, “How to make apache more secure by hiding directory folders,” 2017. [Online]. Available: https://www.techrepublic.com/article/how-to-make-apache-more-secure-by-hiding-directory-folders/.