Search

REPLY TO MESSAGES UPDATE - SOUL 2.31 IS AVAILABLE

How-To: Setup a custom domain

16.08.2016

Prerequisites

  • Basic Linux Know-how
  • A static, public IP address pointing to a router or similar device
    or
    a DynDNS address configured on router or similar device
  • Port 80 und 443 must be free for being forwarded to the Protonet Server
  • Ability to create a CNAME record on DNS server for desired subdomain
  • Know the current Protonet server maintenance password and keep it in a safe place
  • In case of network restrictions you might need to adjust current firewall settings

Setup port forwarding

  • Create rule for incoming TCP port 80 to Protonet Server port 80
  • Create rule for incoming TCP port 443 to Protonet Server port 443
  • (Optional) Create temporary rule for your own incoming SSH requests on port 22 (or different) to Protonet Server port 22.
  • Ensure the Protonet servers IP address doesn’t change, by using static dhcp or static IP address configured on the server
  • Test, if requesting the public ip address or DynDNS address via http/https is being forwarded properly to the Protonet server

CNAME/ A record

  • Create a (sub)domain, pointing the A record to the public ip address
    or
    Create a subdomain, pointing the CNAME record to the DynDNS address
  • Test, if requesting the subdomain via http/https is pointing to the Protonet Server

 

The following steps only refer to SOUL versions called stable/90 or newer:

Reconfigure SOUL

  • SSH to the protonet server
  • Run:
    custom_nodename protonet.customdomain.tld
    Screen Shot 2016-08-16 at 13.49.56
  • Login to Protonet SOUL as an administrator and deactivate the protonet.info- address in the system settings
    Screen Shot 2016-08-16 at 13.52.15

Create a certificate using Let’s Encrypt

  • SSH to the server
  • Create a certificate running command:
    letsencrypt
    Screen Shot 2016-08-16 at 13.53.41

Create the Diffie-Hellman parameter

  • SSH to the server
  • Create the DH parameter (might take some time, maybe you want to do this in a screen), run (NO sudo):
    openssl dhparam -out /etc/protonet/dhparams_protonet.pem 2048
  • Create a so called local_patch for persisting the DH parameter:
    /protonet/firmware/local_patches/dhparams.sh
  • Content:
    #!/bin/bash
    sed -i "/ssl_certificate_key/a ssl_dhparam /etc/protonet/dhparams_protonet.pem;"
    /home/protonet/dashboard/current/config/nginx.conf
    sv restart /home/protonet/dashboard/shared/services/enabled/nginx
  • Make it executable:
    sudo chmod +x /protonet/firmware/local_patches/dhparams.sh
  • Run the script once:
    sudo /protonet/firmware/local_patches/dhparams.sh
  • Test, if you get an A and are not facing any issues on https://www.ssllabs.com/ssltest/