Setting up Secure Server for Bob on Digital Ocean

76 views
Skip to first unread message

Dave

unread,
Jan 9, 2019, 11:30:59 PM1/9/19
to TiddlyWiki
Hi, I'm attempting to put the Secure Server onto a Digitalocean droplet I bought so I can have my Bob instance accessible from anywhere (pc or mobile)

Here's what I've done so far (sorry for the weird formatting, its just a copy paste from my TW notes) following as best I can Jed's instructions here https://github.com/OokTech/SecureWikiServer :

steps I took (after connecting to droplet in terminal via "ssh root@(my droplet address)"

  • git clone https://github.com/OokTech/SecureWikiServer.git
  • (from digital ocean link) openssl req -newkey rsa:2048 -nodes -keyout domain.key -x509 -days 365 -out domain.crt
  • (dialog from above)
    • (country code)
    • (province)
    • (city)
    • "." for leave blank
    • Dave (for "common name")
    • (myemail)@gmail.com
  • Success!: ls showed:
    • SecureWikiServer domain.crt domain.key node_modules
  • Further instructions:
Update certPath and serverKeyPath in the Local.toml file in the Config folder to point to the certificate and key files.
You will have to create the Local.toml file.
Never edit Config.toml, settings in Local.toml override Config.toml so just make the same entry in Local.toml if you want to change a default setting.
  • cd SecureWikiServer
  • cd Config
  • cp Config.toml Local.toml
  • nano Local.toml
  • changed certificate and key paths to ./domain.crt and ./domain.key (they were the only files in the main folder after the keys were made as per the D.O. command above
  • If needed generate a public-private key pair for token signing (I assume that's needed, so...)
Okay, now I'm stuck.  I've never done anything like this before (I'm happy to have been able to figure out how to SSH into the droplet in the first place).

How does one generate a public-private key pair for token signing?


Thanks,
- Dave


PS I'd assume that the entire process would be the same for installing on a raspberry pi, is that correct?

Jed Carty

unread,
Jan 10, 2019, 5:09:49 AM1/10/19
to TiddlyWiki
You can just use the same key that you generated for the certificate. 

If you don't want to do that you should be able to use the same key the computer is using for SSH which should be located in /home/YOURUSERNAME/.ssh/id_rsa

If you want to generate a unique key just for signing tokens than you can follow instructions here: https://www.ssh.com/ssh/keygen/

The relevant command is

ssh-keygen -t rsa -b 4096

just make sure that you give a name for the key otherwise you are going to overwrite the one used for SSH that I mentioned above.

And yes, the process is the same as if you were setting this up on a pi or a desktop.

Dave

unread,
Jan 10, 2019, 11:42:33 AM1/10/19
to TiddlyWiki
Ok, thank you
Reply all
Reply to author
Forward
0 new messages