Ech0 - 00 / 00 / 00

PlainPad

Before we start, you will need a Debian 10+ VPS (you can get one on digitalocean for example), if you prefer to use your own self hosted server, make sure that port 80 and 443 are correctly port forwarded so that the public ip points to the server and not the router. Once that's done, go and ssh into your debian 10 server.

You can use DuckDNS to get a free domain name:

[ 192.168.100.1/24 ] [ /dev/pts/13 ] [~/Documents/Github/blog/Conf]
→ ssh root@ech4.duckdns.org
The authenticity of host 'ech4.duckdns.org (178.128.46.38)' can't be established.
ECDSA key fingerprint is SHA256:z2HAncB99pfbAUfj9tJY7vlo8EGUzCIUxWBAnjAflcA.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'ech4.duckdns.org,178.128.46.38' (ECDSA) to the list of known hosts.
Linux debian-s-1vcpu-1gb-lon1-01 4.19.0-10-cloud-amd64 #1 SMP Debian 4.19.132-1 (2020-07-24) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
root@debian-s-1vcpu-1gb-lon1-01:~#

Initial Setup

First install the required dependencies:

apt update -y && apt upgrade -y
apt install -y curl mariadb-server git npm unzip nginx php7.3-{mysql,curl,zip,fpm,bcmath,ctype,fileinfo,json,mbstring,pdo,tokenizer,xml}
php -i | grep -i openssl

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php composer-setup.php --install-dir=/usr/local/bin/ --filename=composer
which composer


	

Get on the releases page and get the latest zip, currently it is at version beta.4 :

cd /var/www/
mkdir plainpad
cd plainpad
wget https://github.com/alextselegidis/plainpad/releases/download/1.0.0-beta.4/plainpad-1.0.0-beta.4.zip
unzip plainpad-1.0.0-beta.4.zip

cp .env.example .env
nano .env



mysql -u root -p
create database plainpad;
create user 'plainpad'@'localhost' identified by 'p@ssw0rd';
grant all privileges on plainpad.* to 'plainpad'@'localhost';
exit;

php artisan migrate:fresh --seed
chown -R www-data: .

Setting up Nginx

wget -O -  https://get.acme.sh | sh
source ~/.bashrc

systemctl stop nginx 
acme.sh --issue --standalone -d ech1.duckdns.org -k 4096


nano /etc/nginx/sites-available/plainpad.conf

server {
	listen 80;
	listen [::]:80;
	server_name ech1.duckdns.org;
	return 301 https://$server_name$request_uri;
}

server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	server_name ech1.duckdns.org;

	ssl_certificate /root/.acme.sh/ech1.duckdns.org/fullchain.cer;
	ssl_trusted_certificate /root/.acme.sh/ech1.duckdns.org/ech1.duckdns.org.cer;
	ssl_certificate_key /root/.acme.sh/ech1.duckdns.org/ech1.duckdns.org.key;

	ssl_protocols TLSv1.3 TLSv1.2;
	ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
	ssl_prefer_server_ciphers on;
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 10m;
	ssl_session_tickets off;
	ssl_ecdh_curve auto;
	ssl_stapling on;
	ssl_stapling_verify on;
	resolver 80.67.188.188 80.67.169.40 valid=300s;
	resolver_timeout 10s;

	add_header X-XSS-Protection "1; mode=block"; #Cross-site scripting
	add_header X-Frame-Options "SAMEORIGIN" always; #clickjacking
	add_header X-Content-Type-Options nosniff; #MIME-type sniffing
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";	

    root /var/www/plainpad/public;
    index index.html;
    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   unix:/var/run/php/php7.3-fpm.sock;
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }
}	

ln -s /etc/nginx/sites-available/plainpad.conf /etc/nginx/sites-enabled/plainpad.conf
nginx -t 
systemctl start nginx 

Web interface

And there you have it !