VPS Hosting Made Easy With Yunohost
17 min read

VPS Hosting Made Easy With Yunohost

Complacency and convenience are far greater enemies to privacy and security than any world government. Don't let them win for another day.
VPS Hosting Made Easy With Yunohost


Managing Your Own

As we see more and more censorship and throttling of information from sources outside a given narrative, the need for understanding how to manage hosting your own sites and data grows greater and more important.

Many, if not most of us, would likely see our viewpoints and standards as completely normal, generally only asking to be left alone. This has become increasingly difficult as big tech corporations dictate more and more about what information we are allowed to see or propagate. In an ideal world, we would all have the ability to be our own Internet Service Provider (ISP), but in practice this is just not feasible. There are, however, steps that can be taken quite easily to increase our amount of self-sovereignty and to deny these corporations from so easily removing our information from view.

One of these steps is to begin taking control of the hosting of your data and even some social media or encrypted messaging platforms. This can be accomplished in a few ways, and again ideally we would all be able to run our own equipment in-house in order to host our websites and data in a more private, secure, and self-reliant way. Once again though, we find in practice this may not be an option for some people. Fret not, for there is still quite a simple and efficient way to take steps toward this final goal without having to buy or run any equipment in your own home through using a VPS.

What Is VPS Hosting?

VPS is short for a Virtual Private Server.

A server is a computer on which your web host stores the files and databases needed for your website. Whenever a visitor wants to access a website, their browser sends a request to the server and it transfers the necessary files through the internet. VPS hosting provides you with a virtual server that simulates a physical server. In reality though, the machine is shared among several users.

Using virtualization, a hosting provider installs a virtual layer on top of the operating system (OS) of the server. This layer divides the server into partitions and allows each user to install their own OS and software. So a VPS is both virtual and private because you have complete control. It is separated from other server users on the OS level. VPS technology is similar to creating partitions on your own computer when you want to run more than one OS (e.g. Windows and Linux) without a reboot.

The gain then, is that you are able to install an OS, fully controlled by you, to host and run your own websites and applications without relying on a service like Twitter to allow you to post on their site. The tradeoff of using a VPS rather than your own personal, physical server is that you are still relying on the VPS hosting provider to operate your server. This means you definitely gain a level of autonomy past being deplatformed off Twitter for a tweet that goes against the popular narrative, but at the same time if you were to host a site using a VPS that became a target due to inflammatory content or the like, your VPS provider could still remove you from their service. While far from perfect, it is most certainly a step in the right direction, and due to it all being done virtually, can be set up and configured with minimal effort and investment on your part.


Getting Started

  • Editors Note: Since the writing of this guide, there have been some developments with Namecheap that warrant mentioning here, as I would not recommend them if I were writing this guide over today. One was the incident with domain hijacking involving prominent darknet forum accounts where Namecheap has been credibly accused of unbecoming actions that to this point they have not even attempted to refute. Secondly, and even more pertinent to this guide, users running Yunohost on a Namecheap VPS have been repeatedly warned and/or shut down after being accused of participating in "network attacks" consisting of UDP port scans, when no such "attacks" were being performed by the accused. You can read more about this discussion on my Matrix server room where privacy tools are the main topic. If I were writing this today, my recommendation for VPS providers would be Bitlaunch and 1984 Hosting instead. If you do decide to go with 1984.is as your VPS provider, there is one additional step which will need to be taken once the VPS is up and running. You can learn about this simple additional step here, and once that initial step is complete you can continue following these guides from the appropriate step.
It's fun to talk about and imagine becoming more sovereign and private, but we have tools available today to actually begin taking steps to accomplish the goal.

"Use the tools" is more than just a cute saying; it is a way of life. A mindset. A large part of that is knowing what tools are available, and which to use for a specific job. So let's start going over just one way to get started hosting which takes very little effort or money, and can be done today, right now.

proxy-image-1

Namecheap is just one of a few one-stop shops where you can acquire all the things you need to get started. They offer domain name purchase and registration, as well as a variety of options for VPS hosting. The one I will be touching on today is self-managed VPS hosting, which means you are in total control of the server. This allows you to install the operating system you would like to use, and manage all your services using secure shell, also known as SSH. Best of all, Namecheap now accepts bitcoin for payments, and so allows you to better protect your identity when setting up a VPS and domain to host your information!

First step will be to acquire a domain name, if you don't have one already. You can search on Namecheap for the domain of your choice, provided it is still available. If it is not, certain domains may be able to be purchased for a price from the current owner. There are over 400+ domain types, from .com to .guide to my personal favorite, .tools. Screenshot_2021-02-02-Domain-Name-Search-Check-Domain-Name-Availability---Namecheap Choose wisely.

Once you have selected a domain name that suits you, throw it in your cart and let's move on to selecting a VPS.

When choosing a VPS, you'll want to keep in mind a few things, primarily the amount of traffic and use you will need it to be able to provide. For this guide, we will be installing Yunohost on this particular server, because it provides several different applications and types of services that can be installed with a single click. Requirements for installation of Yunohost is a server with at least 512MB RAM. Most people looking to simply host some social media, blog, or their own files or passwords will be fine with the Pulsar plan, which offers 2 cores and 2GB RAM. Screenshot_2021-02-02-Cheap-VPS-Hosting-Services---Managed-Virtual-Servers-at-Namecheap-com
These options allow for users to have full root access and installation of a variety of operating systems as well. Screenshot_2021-02-02-Cheap-VPS-Hosting-Services---Managed-Virtual-Servers-at-Namecheap-com-1-
There is no additional charge to be able to fully manage your own server, and as mentioned earlier can easily be done using SSH. The majority of the work to be done will be done using Yunohost once it is installed, so mainly what we need from Namecheap is simply a domain and a VPS. An additional requirement for installation of Yunohost is for the VPS to be running Debian 10+ OS. All these various operating systems are able to be installed for free by default when choosing to self-manage. Screenshot_2021-02-02-Cheap-VPS-Hosting-Services---Managed-Virtual-Servers-at-Namecheap-com-2- Select Debian 10 (64 Bit) and move on.

Once you have selected those, go to checkout and make your purchase. Again, if you would like to keep your identity more hidden, you are able to do so by using bitcoin to checkout. You will be asked to provide some information such as name, address, and telephone number, but it is up to you to determine the veracity of the information you provide, since verification is extremely limited. You will need to send an amount of BTC large enough to make the purchase to your account first, and as soon as it receives a single confirmation you will be able to pull from your account balance. If you would like to enable automatic renewal using BTC, simply send enough to cover the amount for the time you would like to renew, and Namecheap will automatically pull it for you when the time comes. Depending on the domain and VPS option and timeframe you choose, you can get started hosting your own data today for as little as ~$30. Screenshot_2021-02-02-Armored-Email-Encrypted-Secure-Anonymous


Setting Up

Once your purchase is complete, it may take a few hours for Namecheap to get your server properly up and running.

Once it is ready, you will receive an email at the address you provided which contains information necessary to access your server. Included will be the url to visit for server management, along with username, and password. It will also include the details to access your server using SSH, which is the what you will use to install Yunohost. It is advised to change at least your password after successfully logging in the first time. Screenshot_2021-02-02-Armored-Email-Encrypted-Secure-Anonymous-1-

Login to the VPS Management Platform using the credentials provided, and you will see several tools able to be used to service and configure your VPS. Screenshot_2021-02-02-Control-Panel One important thing to be sure and configure is the reverse DNS, located toward the bottom of the platform. Screenshot_2021-02-02-Control-Panel-1- Click the link for Network, and then click the link shown under the heading Reverse DNS. You will want to enter your actual domain name in this area, in the form of example.com. Once you have done that and changed your password, it is time to move on to SSH into your VPS and install Yunohost.

  • If you get an error here, you may need to configure your DNS A Record section first. Scroll down to the "Configuration" section of this article to see about DNS records. Only need to do the first A Record configuring for now, the rest will come later.

I will be dealing with using linux distributions here, but if you are on a Windows machine you will likely want to install PuTTY for SSH. If SSH is not already installed on your device, then on Debian/Ubuntu based distros first be sure you are able to log in as a user with sudo privileges. Next open a terminal and install OpenSSH-Server using the following commands:
$ sudo apt update
$ sudo apt install openssh-server
Enter the sudo password, and press y. Once installed, you can move on to logging into your VPS using SSH.

First, look in the email you received from Namecheap for the IP address where your domain is hosted. In order to access it, you will enter the following command:
ssh root@ipaddress, where ipaddress is replaced with the actual IP address given to you, something like 185.192.46.38 for example. When this is done for the first time, you will be presented with a warning similar to this:
The authenticity of host '185.192.46.38 (185.192.46.38)' can't be established. ECDSA key fingerprint is SHA256:Vybt22mVXuNuB5unE++yowF7lgA/9/2bLSiO3qmYWBY. Are you sure you want to continue connecting (yes/no)?
You will need to type out the entire yes and press enter. You will then see:
Warning: Permanently added '185.192.46.38' (ECDSA) to the list of known hosts.
root@185.192.46.38's password:
You will need to then enter the password given to you in the email from Namecheap as well, and press enter. You should receive an output similar to:
Welcome to Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-33-generic x86_64)

* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage

You are now SSH'ed into your VPS, and ready to take the next step and install Yunohost.


Installing Yunohost

Yunohost is a service that allows you to manage your server from home with a simple, easy to use interface.

It enables installation of a variety of different applications and services that you desire using a set of pre-made packages making it as easy as possible to get your data into your own hands. You'll visit the documentation page for installing on a dedicated server, where you will see the requirements for your VPS, which we already made sure to manage earlier. Screenshot_2021-02-02-Install-on-a-dedicated-server---YunoHost
Choose to install manually and you will be presented with some commands you can simply copy/paste into your terminal window that you used to SSH into your site. First, you'll want to enter:
apt install ca-certificates
followed by
curl https://install.yunohost.org | bash to install the program.

You will then need to move on to post installation to finish the process. This can be done by logging in to your IP in a browser, but since we are already in the terminal window we can just finish installation right there by entering yunohost tools postinstall. You will be asked at that point for your main domain name, which is the domain name you purchased earlier at Namecheap in the form example.com. You will then be asked to create an administration password, which should be a strong password which you will use from that point on to login to your Yunohost admin panel.
Note when you enter this password it will override your SSH password you received in the email from Namecheap. From this point on if you want to SSH into Yunohost you will do so by entering admin@ipaddress instead of root@ipaddress then use this password.
Before getting going on Yunohost, there is still one thing remaining to get done, which is DNS configuration.


Configuration

It is very important to properly configure all parts of your system.

The first part of that is properly configuring DNS records, for which you will need to be logged in to your Namecheap account. You cannot configure DNS records in Yunohost. However, you can get an idea of what the default configuration for your domain should be by visiting the DNS config section. There you will find a command to be entered in the same terminal window you have been using to SSH into your site. Enter the following:
yunohost domain dns-conf example.com, replacing example.com with your actual domain name in the same format. You should see an output in your terminal to help you properly configure DNS on Namecheap. Screenshot_2021-02-02-DNS-zone-configuration---YunoHost

In your Namecheap account when you first login, you should see the domain you have purchased and are hosting in the dashboard. To the right is a button marked "Manage"; click that, and you'll be taken to the Details page. In the row of options, select "Advanced DNS". Screenshot_2021-02-02-Advanced-DNS
You'll notice the way Yunohost lists the DNS records do not look the same as the way Namecheap lays them out. Once you understand the important parts, it becomes easier. First part is the A Records. Click on "Add New Record" Screenshot_2021-02-02-Advanced-DNS-2- and choose A Records from the drop down menu. You will need to make two such records, one with @ in the "Host" section, the other with * in the same, "Host" area. In both, in the "Value" area you will enter the actual IP address of your domain. Once done with both, choose "Save All Changes".

We are not going to worry about IPV6 records, if you want to look into that later be my guest. For now just the bare bones to get started. Moving on to the XMPP section, as shown in your example configuration Screenshot_2021-02-02-DNS-zone-configuration---YunoHost-1- Again choose "Add New Record", and the first two configurations you'll choose SRV from the drop down menu. Both of these will be nearly identical except for one word and a different port. The first record is for _xmpp-client. while the second is for _xmpp-server..

You'll see an area on Namecheap first marked "Service". This is the area in which you will enter the first part; enter _xmpp-client.. Then in the "Protocol" section you will enter _tcp. Under "Priority" you'll put 0, then in "Weight" you'll put 5. In the "Port" section you will enter 5222 in this first record, followed by your.domain in the final, "Target" area.

Create a second SRV record that matches the above, only changes are to move _xmpp-client. to _xmpp-server. instead, then change the "Port" section from 5222 to 5269. All other records should match the previous. Choose "Save All Changes".

Next are CNAME records, which you will make 4 different records for, choosing CNAME from the drop down menu in each. There are only two sections to fill out for all four records. The "Target" section in all 4 records will be your.domain. The "Host" section will be different for each one. In no particular order, they will be muc, pubsub, vjud, and xmpp-upload. Screenshot_2021-02-02-DNS-zone-configuration---YunoHost-2-
Once you have those 4 records entered, again "Save All Changes".

Last is the mail config. You will have 3 different TXT records in this same area of DNS config, so choose "Add New Record" 3 times. The first two will be configured like so:
Choose TXT from dropdown. Enter @ in Host. Enter v=spf1 a mx -all in Target.
Choose TXT. Enter _dmarc in Host. Enter v=DMARC1; p=none in Target.

The third TXT record you will need to look in the output from the command you entered earlier for DNS records. You are looking for a record that looks like this Screenshot_2021-02-02-DNS-zone-configuration---YunoHost-3- to find the proper "huuuuggggge key" to copy/paste into DNS records.
So enter mail._domainkey in the Host section, then v=DKIM1; k=rsa; p=thekeycopy/pasted in the Target section. Choose "Save All Changes" to save those 3 records, and we have one left.

For the last record, the MX one, you will need to scroll down from the area you are in now in the Namecheap dashboard. Look for the "Mail Settings" area Screenshot_2021-02-02-Advanced-DNS-4- and choose Custom MX from the drop down menu. Then choose "Add New Record", and choose MX Record. Then enter @ in Host, your.domain in Mail Server, and 10 in Priority. "Save All Changes", and you are DNS configured.


Yunohost Administration

Now that we have DNS properly configured and ready to go, it's time to start on Yunohost administration.

You can access your Yunohost admin page by entering https://your.domain/yunohost/admin, but replacing your.domain with your actual domain name. You should first see a sign in area where you will need to enter the password you set earlier during post-installation. Screenshot_2021-02-02-YunoHost-admin
Note that the first time you enter the above address, you will receive warning about the certificate being self-signed. It is fine to ignore this, as we will be installing a Let's Encrypt certificate later.

First, to add yourself as a user, click in the "Users" section, then choose "+New User". Screenshot_2021-02-02-YunoHost-admin-4- The first user you add, yourself, will automatically have email addresses created as username@domain.name, as well as a few other aliases. Once you have created yourself as a user, click on your username shown in the Users section, and you will see a section toward the bottom to edit your account. Screenshot_2021-02-02-YunoHost-admin-5- Here you can add an email forward address, one that you normally use everyday if you like, that way you don't need to configure a new email using Thunderbird or another email service. Either doing this or configuring a new email will be important, as when you install some applications you will be sent information necessary to login and make changes in the email. For example, when installing Bitwarden you will receive an email with details absolutely necessary to configure your Bitwarden_RS server, including an Admin token. If you simply add a forwarding email address that is fine, just make sure after installing applications like Bitwarden you check that email service, and note that you will likely need to check the "Spam" folder to find the initial message. So make sure you either forward email, or create a new email using a service like Thunderbird, which you can see how to do here.

Now to deal with the Let's Encrypt certificate.

Enter the section marked "Domains". You will see your default domain, and click on that again. You should then see an area marked "Manage SSL Certificate". Screenshot_2021-02-02-YunoHost-admin-1- Click Manage SSL, and as long as you have properly configured your DNS records, it should say that the domain is ready to install a "Let's Encrypt" certificate, and present a green button. Click that button, confirm you would like to install this certificate. Once that is done, you will no longer see a warning when accessing your https:// domain. Now on to applications.

When you go back to the home screen of your Yunohost administration page, you will see a section for Applications. Select this area, and you will be presented with a plethora of different types of apps ready to be installed with a single click.Screenshot_2021-02-02-YunoHost-admin-2-
For example, I have recommended using Bitwarden for quite a while as a password manager. Now, instead of your password information being stored on Bitwarden's servers, you can run your own Bitwarden instance and store your own passwords! Screenshot_2021-02-02-YunoHost-admin-3- Simply click the "Install" button, and Yunohost will take care of the rest. It will show you where Bitwarden will be installed, and get the job done.

  • Edit: The Yunohost instance of Bitwarden is now called "VaultWarden"

Get Off My Lawn

Now that you have your own domain, VPS, and Yunohost installed, you can begin installing all the various applications you need.

These apps range from Bitwarden as we just discussed, to your very own Mastodon instance which you can federate by hooking up to a relay, to your own blog site ;). There are several applications to choose from, so I suggest looking through and finding the best fits for your needs. As noted earlier, there are many different ways to go about hosting your own data, this is but one. Is it the most self-sovereign? Well, no, you won't exactly be your own ISP after this. But you will be able to have a social media site through Mastodon that is very similar to Twitter, but which no administrator will be able to ban you from. You will be able to store your own passwords without that data being transferred to a third party application, as it will be hosted on your virtual server. You can create a blog that is not nearly as easy to deplatform as it would be if you were writing a Medium post, for example.

Using the tools means exactly that--Use the tools. Don't let perfect be the enemy of good, just because something isn't 100% sovereign or decentralized doesn't mean it isn't a significant step in the right direction. All those steps eventually result in an epic journey, and you may well find yourself in Elysian fields of freedom before you know it. Make a move today to take greater control over your digital identity and data. Complacency and convenience are far greater enemies to privacy and security than any world government. Don't allow them to win for another day.

Enjoying these posts? Subscribe for more