Introducing Indie Web Server 8.0.0: install the server and start serving a secure static personal web site in literally seconds
I hope it makes your lives easier. This is one of the earlier pieces of the puzzle in the Hypha project.
(It took two weeks and a couple of false starts but Version 8.0.0 introduces native binaries for Linux and macOS. Production use via startup daemons is supported only on Linux platforms with systemd.)
@aral This is freakin' awesome Aral. Thanks!
*whispers* there's a typo for Hypha towards bottom of the blog post. 😬 😜
@david Thank you, David. I’ll fix that typo when I’m back at my computer; appreciate the heads up :)
@aral This is just lovely! Thank you for making this!
@K_REY_C You’re very welcome. Please do let me know how you get on with it if you use it :)
@aral Just tried it out -- ran into a snag (which is acceptable as a limitation, but I'm sharing anyway as there may be others) -- i'm running on a shared hosting plan (so no root access). I've gotten around this for some things by doing a virtual environment in python. Anyway to get around this with indie web server?
thanks again for the tool!
@K_REY_C Thanks for the feedback, Kyle. Sadly, that is a limitation; I don’t see support for shared hosting being compatible with the vision I have for Hypha (which Indie Web Server is an early component of). The production use case is limited to VPS and above.
Thanks again for your feedback. As you said, there might be others so at the very least I should document that better :)
@aral really appreciate the response and honestly just wanted to know if there was even a way for a work-around there. Documentation would be helpful so I thought I'd send it your way. At any rate, I might spin up on a VPS! Is there any hosting you might recommend that's reasonably priced?
@aral possibly redundant criticism, but: please don't advise people to pipe to bash. It may simplify things and look pretty, but (aside from the obvious security issues / implied trust of the domain) encourages others to "simplify" commands (possibly using sudo) in this manner, and could even result in partial commands being executed and wrecking someone's system. Source: https://www.seancassidy.me/dont-pipe-to-your-shell.html
Aside from that, great article! I might try this out sometime soon :)
@fennifith Hi James, if you look at the script in question, there’s no chance it can wreck anyone’s system as it does nothing destructive. The latter can also be avoided by prompting before destructive behaviour (always a good idea) and installation shouldn’t be a destructive process in any case. What is an actual issue with the practice is encouraging people to pipe stuff to their systems without checking what it is; hence on the it asks you to. The alternative, here, would destroy usability…
@fennifith … and usability and security are always a trade off: a completely secure system would be one that is utterly unusable. That’s why we use threat models. For the goals of this project and its threat model, this is the most optimised installation process I could come up with. Always open for suggestions about how to make it better (so the bit that comes after “don’t do that” and says “do this instead”).
Hope you find it useful when you try it out.
@aral It is good that you have considered this, but I'd still like to err on the side of caution (one possible option is PGP-signing the installer so it can be verified with keybase or the "web of trust"), and I think the decision of how this is balanced with usability should ultimately be left to the user. Regardless, I would briefly mention this in the article if only to communicate to a new/inexperienced audience that it *might not always be a good idea*, and that this is still something to be wary of.
@aral However, after taking some time to look at the project I see that this is mentioned in the web server's page, and it is true that the script may be simple enough that PGP signing is a bit overkill. Criticizing your work without properly understanding it was on me.
@fennifith Hey, no worries – always better to err on the side of caution ;)
This is my personal Mastodon.