rodger/imagehost-setup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e7bc3decdc
imagehost-setup/README.md

8.9 KiB
Raw Blame History

imagehost-setup

A single-script installer that turns a fresh AlmaLinux 10 VPS into a lightweight, secure image host — SFTP upload, Nginx file serving, optional Let's Encrypt SSL, and brute-force protection out of the box.

Requirements

  • A fresh AlmaLinux 10 VPS (tested on Linode/Akamai)
  • A domain name pointed at your server's IP address (optional but recommended for SSL)
  • Root or sudo access

Quick Start (for experienced users)

curl -O https://git.castlehollow.com/rodger/imagehost-setup/raw/branch/main/imagehost-setup.sh
sudo bash imagehost-setup.sh

The script will walk you through the rest interactively. When it finishes, it prints your SFTP credentials and image URL — save them somewhere safe.

What it sets up

  • Nginx — serves image files only (JPG, PNG, GIF, WebP, AVIF, SVG, BMP, TIFF); everything else returns a 404
  • SFTP chroot — a locked-down upload user that can only access the images folder; no shell access
  • Maintenance user — a normal SSH login with sudo access for administration
  • firewalld — opens only SSH, HTTP, and HTTPS; everything else is blocked
  • fail2ban — automatically bans IPs that repeatedly fail to log in
  • Let's Encrypt SSL — optional; falls back to plain HTTP if no domain is provided

Guide for Windows Users New to Linux

Never used a terminal before? No problem. This section walks you through everything from zero.

Before You Start

You'll need to have already done two things that aren't covered here:

  1. Rented a VPS (Virtual Private Server) — a small cloud computer you can run 24/7. Linode/Akamai is a good choice. Their smallest plan (Nanode, $5/month) is plenty for this.
  2. Set up a domain name (optional) — if you want a proper web address like images.yourdomain.com instead of a raw IP address, you'll need a domain and need to point it at your server's IP address. Your VPS provider and domain registrar will have guides for this.

If you need help with either of those, check the video walkthrough [link here].

Once your server is running and you have its IP address (looks something like 172.237.151.226) and root password from your provider, come back here.

Step 1 — Get a Terminal on Windows

A terminal (also called a command prompt or console) is a text-based window you type commands into. On modern Windows you have a few options:

Option A — Windows Terminal + SSH (Windows 10/11, recommended)

Windows 10 and 11 come with SSH built in. Press the Windows key, type Terminal, and open Windows Terminal or PowerShell. Either one works fine.

Option B — PuTTY (older Windows, or if the above doesn't work)

Download PuTTY from https://www.putty.org — it's free and has been the standard Windows SSH client for decades. Install it and open it.

Step 2 — Log Into Your Server

Your server is running Linux and is waiting for you to connect to it. The way you connect is called SSH (Secure Shell) — it's an encrypted connection that lets you type commands on the remote server as if you were sitting in front of it.

Using Windows Terminal or PowerShell:

Type the following, replacing YOUR.SERVER.IP with your actual IP address:

ssh root@YOUR.SERVER.IP

Press Enter. You'll see a message like:

The authenticity of host '172.237.151.226' can't be established.
Are you sure you want to continue connecting (yes/no)?

Type yes and press Enter. This is normal — it's just your computer remembering the server for next time.

Then it will ask for a password. Type your root password (the one your VPS provider gave you) and press Enter. You won't see anything as you type — that's normal, Linux hides passwords for security.

You should end up at a prompt that looks something like:

[root@localhost ~]#

You're in. You're now typing commands directly on your server.

Using PuTTY:

Open PuTTY. In the Host Name box, type your server's IP address. Make sure Port is 22 and SSH is selected. Click Open. When the security warning appears, click Accept. Log in as root with your server password.

Step 3 — Download and Run the Setup Script

Now you'll download and run the installer. Copy and paste these two commands, pressing Enter after each one:

curl -O https://git.castlehollow.com/rodger/imagehost-setup/raw/branch/main/imagehost-setup.sh

bash imagehost-setup.sh

Tip: To paste into Windows Terminal, right-click or press Ctrl+Shift+V. In PuTTY, just right-click.

The script will now ask you a series of questions. Here's what each one means:

Step 4 — Answering the Setup Questions

Domain name If you have a domain name pointed at this server (like images.yourdomain.com), type it here and press Enter. If not, just press Enter to skip — your images will be accessible by IP address instead.

Email address Only asked if you entered a domain. This is used by Let's Encrypt to send you certificate expiry notices. Enter any email address you check.

SFTP username This is the username you'll use to upload images. Press Enter to accept the default (imageuser), or type your own.

SFTP password This is the password for uploading images. You can type your own password or just press Enter to have a strong one generated for you automatically. Either way, it will be displayed at the end — make sure you save it.

Maintenance username This is a separate login for managing the server itself (not for uploading images). Press Enter to accept the default (siteadmin), or type your own.

Maintenance password Same as above — type one or press Enter to auto-generate.

Maximum image file size The largest file size (in megabytes) that can be uploaded. Press Enter to accept the default of 20 MB, or type a number.

Proceed with installation? Review the summary and type y then Enter to start the installation. The script will now run for a few minutes — you'll see progress messages scrolling by. This is normal.

Step 5 — Save Your Credentials

When the script finishes, it will print a summary that looks something like this:

  Image URL format:
    https://images.yourdomain.com/<filename.jpg>

  SFTP connection details:
    Host     : images.yourdomain.com
    Port     : 22
    Username : imageuser
    Password : Xk92mPqL...   ← Save this now!
    Upload to: /images/

  Maintenance (SSH) login:
    Host     : images.yourdomain.com
    Port     : 22
    Username : siteadmin
    Password : Rt47vNwM...   ← Save this now!
    Sudo     : sudo -i to become root

Copy this entire block and save it somewhere safe — a password manager, a secure note, anywhere you won't lose it. The passwords cannot be recovered after this point (though they can be reset if needed).

Step 6 — Upload Your First Image

You'll need an SFTP client — a program that lets you transfer files to your server. These are all free:

Connecting with FileZilla (as an example):

  1. Open FileZilla
  2. At the top, fill in:
    • Host: your domain or IP address
    • Username: your SFTP username (e.g. imageuser)
    • Password: your SFTP password
    • Port: 22
  3. Click Quickconnect
  4. On the right side you'll see a folder called images — that's where your files go
  5. Drag an image from your computer into that folder

Accessing your image:

Once uploaded, your image is immediately available at:

https://images.yourdomain.com/your-filename.jpg

Or if you're using an IP address:

http://172.237.151.226/your-filename.jpg

That's the URL you'd paste into your inventory management system listing.

Troubleshooting

"Connection refused" when trying to SSH Your server may still be booting, or your IP address is wrong. Wait a minute and try again. Double-check the IP in your VPS provider's dashboard.

Images returning a 404 error Make sure you uploaded the file into the /images/ folder, not the root of the SFTP connection. In FileZilla, you should see an images folder when you first connect — put your files inside that.

Forgot the SFTP or maintenance password Log into your server via SSH as your maintenance user, then run:

sudo passwd imageuser

Replace imageuser with whichever account needs a password reset. You'll be prompted to set a new one.

SSL certificate didn't install / getting a security warning This usually means your domain's DNS record wasn't pointing at your server's IP yet when the script ran. Once DNS is set up correctly, log in via SSH and run:

sudo certbot --nginx -d images.yourdomain.com

License

MIT