Server self-hosting setup issues

Hi, I’ve been messing about with getting the node solid server up and running on an old raspberry pi, but I’ve run into issues getting it to work correctly. I will admit I’m rather new to self-hosting webservers and web development in general, so please bear with me :stuck_out_tongue: also note I use example.net in place of the actual domain name I’m testing this with, if that isn’t obvious.

I’ve been following this rough guide, and I seem to have got something working but not quite… I’ve registered a domain and pointed it at the server, forwarded ports 80 and 8443 on the router and installed + configured the server. I also attempted to generate an SSL certificate using certbot/letsencrypt (though I’ve only done this for the main domain, not wildcard subdomains). I’ve managed to get the server to run and even connected to it in browser; but here is where things aren’t quite working as expected…

The first issue is that, when running the solid server as a service per the guide, it doesn’t appear to work at all. At least, I can’t connect to it - and I’ve checked to make sure the service is actually running (it is). I have a sneaky feeling it’s something to do with permissions which the guide might omit, because the server does (semi) work when I run it as root manually in the terminal with sudo solid start in the appropriate directory; at least, for instance when I connect to example.net:8443 I get the homepage and I can even register an account (though myaccount.example.net fails to load - is this because I’m missing the wildcard SSL certificate?). Also note that simply going to example.net dosen’t work, I have to specify the port. Any idea why? Apologies if the answer seems obvious, I’m learning :stuck_out_tongue:

Also, when running my server manually, I notice this kinda stuff logged in the terminal which is what makes me think I’ve misconfigured permissions somewhere:
solid:ACL accessDenied: checking access to <https://example.net/> by null and origin null +92ms solid:ACL 1 direct authentications about <https://example.net/> +14ms solid:ACL Agent or group: Ok, its public. +16ms solid:ACL Mode allowed: <http://www.w3.org/ns/auth/acl#Read> +11ms solid:ACL accessDenied: modeURIorReasons: ["http://www.w3.org/ns/auth/acl#Read"] +3ms solid:ACL checking <http://www.w3.org/ns/auth/acl#Read> +5ms solid:ACL Mode required and allowed:<http://www.w3.org/ns/auth/acl#Read> +4ms

[Edit] I was using certbot manually rather than certbot-auto and according to this post I’ve found Server not starting with user solid because of letsencrypt ssl acces it seems permissions are indeed the reason why the solid service is not running correctly. I’m in the process of re-certifying with certbot-auto, so maybe that will help… we’ll see.

[Edit Edit] I got the service to run properly - I had to (recursively) change the permissions of /etc/letsencrypt/archive/example.net and /etc/letsencrypt/live/example.net so the solid user could obtain the private SSL keys. Nonetheless the server still doesn’t function correctly, I still have to specify the port in the URL to make things work.

Thoughts on where I’ve gone wrong?

Thanks!

1 Like

Could you post the config.json file. This shall give the explanation for port 8443.

Wildcard SSL is needed for multi-user mode, Yes

Aye sure thing. I’ve run certbot autocert again and setup SSL correctly as far as I can tell, and I’ve fixed the port issue so I don’t have to put the port in the URL (misconfigured port forwarding… I now forward external 443 traffic to 8443 internally). However I do have to specify https://example.net rather than just example.net still, I assume that’s because port 80 traffic needs a redirect… is there a way to configure the server to do that, or do I have to mess with DNS records or something? Also subdomains don’t work (so I can register, but not login), I still have the solid:ACL accessDenied errors in the logs too.

Here is the config.json file contents (so indeed using port 8443):

{ "root": "/var/www/example.net/data", "port": "8443", "serverUri": "https://example.net", "webid": true, "mount": "/", "configPath": "./config", "configFile": "./config.json", "dbPath": "./.db", "sslKey": "/etc/letsencrypt/live/example.net/privkey.pem", "sslCert": "/etc/letsencrypt/live/example.net/fullchain.pem", "multiuser": true, "enforceToc": false, "disablePasswordChecks": false, "supportEmail": "", "server": { "name": "example.net", "description": "", "logo": "" } }

Thanks for helping out :slight_smile:

Well, I fixed the wildcard subdomain issue (added an A record for it). Now the server seems to be functional, including login! The only outstanding issue is that unless https:// is in the URL, some web browsers won’t connect.

You need to redirect HTTP to HTTPS. Solid server cannot do it. It can only redirect port inside a protocol.

You can have a look to https://github.com/solid/solidcommunity.net/issues/8. solid-community.net does this with Nginx.

Ah okay, thanks! I’m in the process of setting up a little python server to redirect it for me now, cheers for the help :slight_smile:

If you could share your installation of an old raspi that would be nice.

1 Like

Aye sure! I’ll probably write an article on my blog sometime in the near future but to summarise, the difficult bit was installing node. Everything else worked nicely (more or less) with the server itself on the current version of Raspbian (or Raspberry OS I think it’s called now), the main issues I had were just me tripping over configuring DNS and Linux file permissions. To get node to work you can’t use apt or npm on the pi as the version is outdated, you have to install it manually, but thankfully there are “experimental” binaries available (which is so much better than building from source). I used node version 12.19.0 for armv6 from https://unofficial-builds.nodejs.org/download/release/v12.19.0/ which did the trick for me. Also I should note I used the “lite” version of Raspbian and SSH’d in rather than wasting CPU and memory on graphics and unnecessary programs. Additionally, my pi is an original model B, so it’s a bit more powerful than the model A, but in theory I guess that’d work too.

@SpectralCascade For installing node, I’ve had good experience lately using nvm. Easy to install and then that handles the heavy lifting of managing node.

Did a quick search and this article is a good summary that might be useful for next time :slight_smile:

https://www.jemrf.com/pages/how-to-install-nvm-and-node-js-on-raspberry-pi

1 Like

Thanks for the heads up. Note the original raspi B is armv6 which isn’t supported by the official branch of node for version 12 and up as far as I’m aware, which is needed for the server (newer pis use armv7 and/or armv8 I believe, so it’s not a problem for those), unless there’s a way to switch to the experimental branch (I have not checked this) it would have to build from source via nvm which was painfully slow when I tested it. Indeed though for modern raspberry pis nvm would be far better.

1 Like