Telegram
en ru

Deployment and setup

SelfPrivacy-server is created step by step within an hour. Sounds scary, but believe me, you shouldn't be a PhD to accomplish that. It's as simple as purchase in the e-shop.

  • Searching for passport and card with balance of $10-15 and $5 per month
  • Accounts registration
  • Protecting accounts
  • Domain purchasing
  • Connecting Domain to DNS Server
  • πŸ”‘ Generating tokens
  • Installation
  • Connecting to the services πŸŽ‰

If you delegate this process to someone else, you will lose privacy. For 100% independence and control we recommend to do everything on your own.

Accounts registration

For stability and privacy, SelfPrivacy requires many accounts. If you hold everything in one place, you'll get the same you've been running from β€” all data in hands of one corporation🀦

That's why, different parts of the system will be in different places. Let's register:

  • Hetzner is a virtual server hosting. Our data and SelfPrivacy services will live here.
  • NameCheap or any other registrar, to purchase your personal address on the Internet β€” the domain that will point to the server.
  • CloudFlare is a DNS server, where your personal address(domain) works.
  • Backblaze is an IaaS, that provides free storage for your encrypted backups.

Registration is trivial, but sometimes account activation may take up to few days or requires additional documents. Therefore, use real documents and fill out everything carefully. Providers protect themselves from spam in such way. Nothing personal )

Protecting accounts

Most often, systems are hacked through the weakest part. In order for accounts not to be such a part, passwords must be different and complex. TwinkleTwinkleLittleStar is a great example of a bad password. A good one 🌈 is a passphrase:

expert repose postwar anytime glimpse freestyle liability effects

or

}Rj;EtG:,M!bc4/|

How to remember such complicated password? No way! Passwords do not need to be remembered, they must be created and stored in the password manager. Though, you'll have to remember at least one β€” password from the password manager.

Be sure to enable additional account protection - the second factor (MFA, 2FA). Without this simple step, your data will not be safe.

I know it was difficult, but now your data is better protected than 95% of users. You can be proud of yourself! I'm proud of you πŸ€—

Domain purchasing

Enabled 2FA? Then let's proceed to the most interesting part!

gif

Domain β€” it's a piece of Internet, which you can name like your home pet. Potential for creativity is huge. Your only limitations are 63 symbols length + .com .org .icu or other domain zones. Feel free to choose among hundreds of others. You can choose your surname as a domain, like this: jackson.live or carson.health, or it can be something creative, like: unicorn-land.shop

Advices

  • Be sure to look at the annual renewal price, it can exceed the purchase price many times.
  • Normal domain price is $8-10 per year. The cheapest are Chinese .icu and .cyou - $4-6.
  • A good name is convenient, both on the phone to dictate, and on the business card to indicate.
  • The last name in the domain is good in that you can distribute mail to all namesakes, for example: name.secondname@surname.com, ns@surname.com or name@surname.com
  • During domain registration, make sure to enter your real e-mail address, otherwise your registration can be canceled. And if you can't extend the domain, the system won't work as intended.
  • Did I talk about the 2FA?

Connecting Domain to DNS Server

After acquisition, add your domain into CloudFlare:

gif

Using ruleit.stream as example, we chose free service plan and got nameservers: gail.ns.cloudflare.com and mattns.cloudflare.com, which must be registered with our registrar. In our case NameCheap:

gif

At the same time, we check that we include auto-renewal and protection of personal data β€” WhoisGuard. After a few minutes or, in the worst case, up to 2 days, the settings will be applied.

πŸ”‘ Generating tokens

API tokens

API tokens are almost the same as login and password, only for a program, not a person. SelfPrivacy application uses them to manage services in all accounts instead of you. Convenient!

Tokens should be stored in the password manager

We do not need a token for the NameCheap. But we will need one for the CloudFlare to use it for domain management.

CloudFlare

  • Visit the following link.
  • In the right corner, we click on the profile icon (a man in a circle). For the mobile version of the site, in the upper left corner, click the Menu button (three horizontal bars), in the dropdown menu, click on My Profile
  • We have four configuration categories to choose from: Communication, Authentication, API Tokens, Session. Choose API Tokens.
  • The first item is the Create Token button. With complete self-confidence and a desire to gain privacy, we press it.
  • We go down to the bottom and see the Create Custom Token field and the Get Started button on the right side. We press.
  • In the Token Name field, we give our token a name. You can quote and treat this as the name of a pet:)
  • Next we have Permissions. In the leftmost field, select Zone. In the longest field, center, select DNS. In the rightmost field, select Edit.
  • Next, right under this line, click Add More. Similar field will appear.
  • In the leftmost field of the new line, we select, similar to the last line β€” Zone. In the center β€” a little different. Here we choose the same as in the left β€” Zone. In the rightmost field, select Read.
  • Next we look at Zone Resources. Under this inscription there is a line with two fields. The left must have Include and the right must have Specific Zone. Once you select Specific Zone, another field appears on the right. We choose our domain in it.
  • We flick to the bottom and press the blue Continue to Summary button.
  • We're checking to see if we got everything right. A similar string must be present: Domain β€” DNS:Edit, Zone:Read.
  • Click on Create Token.
  • We copy the created token, and save it in a reliable place (preferably in the password manager).
gif

Hetzner

  • Visit the followinglink and authorize in the previously created account.
  • We go into the project we created. If there is none, then we create.
  • Point the mouse to the side panel. It should open by showing us menu items. We are interested in the latter β€” Security (with a key icon).
  • Next, at the top of the interface we see approximately the following list: SSH Keys, API Tokens, Certificates, Members. We need the API Tokens. Click on it.
  • On the right side of the interface, we will be waiting for the Generate API token button. If you use the mobile version of the site β€” in the lower right corner you will see a red plus button. We press.
  • In the Description field, give our token a name (this can be any name that you like, it does not essentially change).
  • Under Description, you can select permissions. Select Read & Write.
  • Click Generate API Token.
  • After that, your key will be displayed. We write it in a safe place, or even better, we save it in the password manager.
gif

Backblaze B2

  • Visit the following link
  • On the left side of the interface, select App Keys in the B2 Cloud Storage subcategory.
  • Click on the blue Generate New Master Application Key button.
  • In the appeared pop-up window confirm the generation.
  • Save keyID and applicationKey in the safe place. For example - in the password manager :)
gif

πŸŽ‰ Congratulations. Now you are ready to use private services.