My Face

Configuring a self-hosted Solid POD server

(Ongoing)

Recently I've been working on a Solid task manager, but I haven't started to use it in production myself. One big reason why I is that I was using a POD from solid.community, but the software was updated without notifying its users and my application was not compatible with the server for a while. It seems to be working now, but this experience taught me how important it is to have control over my data POD.

So I've decided that I will start self-hosting my data POD using node-solid-server. This shouldn't be too difficult because I've already been working with it locally for development. However, there are a couple of things that I don't expect to be straight-forward. Like configuring SSL certificates and scheduling backups.

Activity

Task started

I've forked the node-solid-server repository in order to add some customizations in my deployment. Working on this I found out that NSS (node-solid-server) is likely to be replaced by IPS (inrupt-pod-server) on most official Solid servers, as you can read here. This also means that NSS will probably stop getting as much support, so it made me ponder if I should use IPS instead for my self-hosted POD. In the end, I decided to continue with NSS given that it's the one I've been working with and it's already working well. The whole idea of Solid is that applications should be server agnostic and work using the protocol, so let's see how it goes.

Most of the changes I made in my fork have been UI related. I've basically removed all the public UI and created my own simplified version. I also disabled some routes for creating accounts, password reminders and such since I won't be using them. Something I found misleading is that setting the multiuser configuration flag to false does not hide the registration form, so this was one of my motivations to disable those routes. In order to create the htmls, since they were static assets, I just started writing some inline css. But I soon realized how much I was missing TailwindCSS, so I created a tailwind sandbox that I'll be using from now on whenever I need some simple css. It's just easier to write it using tailwind and copy the purged css in the head of the static html.

Configuring the SSL was also easier than I expected. I already knew I'd be using Let's Encrypt, but I thought I'd have issues using the certificates in the app. In the end, everything worked on the first try. Looking into some nginx configurations I also learned about two new security recommendations. Those were turning off server_tokens and adding HSTS headers.

You can see all the changes I've made to the original repository in the live branch of my fork. But keep in mind that this fork is not intended as a general purpose replacement. It contains my customizations and they may not work in other environnments, I'm just sharing them publicly for educational purposes. Also, this repository is the one I'm using in production, including all the configuration files. I thought about doing this in a private repository instead, but I reckon that'd just be security through obscurity. In the end, the important part about security is the SSL keys and access to the server. And of course, you won't be able to find any of those in the repository.