rodger/imagehost-setup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e7bc3decdc
imagehost-setup/README.md

236 lines
8.9 KiB
Markdown
Raw Blame History

# imagehost-setup
A single-script installer that turns a fresh AlmaLinux 10 VPS into a lightweight, secure image host — SFTP upload, Nginx file serving, optional Let's Encrypt SSL, and brute-force protection out of the box.
## Requirements
- A fresh AlmaLinux 10 VPS (tested on Linode/Akamai)
- A domain name pointed at your server's IP address *(optional but recommended for SSL)*
- Root or sudo access
## Quick Start *(for experienced users)*
```bash
curl -O https://git.castlehollow.com/rodger/imagehost-setup/raw/branch/main/imagehost-setup.sh
sudo bash imagehost-setup.sh
```
The script will walk you through the rest interactively. When it finishes, it prints your SFTP credentials and image URL — save them somewhere safe.
## What it sets up
- **Nginx** — serves image files only (JPG, PNG, GIF, WebP, AVIF, SVG, BMP, TIFF); everything else returns a 404
- **SFTP chroot** — a locked-down upload user that can only access the images folder; no shell access
- **Maintenance user** — a normal SSH login with sudo access for administration
- **firewalld** — opens only SSH, HTTP, and HTTPS; everything else is blocked
- **fail2ban** — automatically bans IPs that repeatedly fail to log in
- **Let's Encrypt SSL** — optional; falls back to plain HTTP if no domain is provided
---
## Guide for Windows Users New to Linux
Never used a terminal before? No problem. This section walks you through everything from zero.
### Before You Start
You'll need to have already done two things that aren't covered here:
1. **Rented a VPS** (Virtual Private Server) — a small cloud computer you can run 24/7. Linode/Akamai is a good choice. Their smallest plan (Nanode, $5/month) is plenty for this.
2. **Set up a domain name** *(optional)* — if you want a proper web address like `images.yourdomain.com` instead of a raw IP address, you'll need a domain and need to point it at your server's IP address. Your VPS provider and domain registrar will have guides for this.
If you need help with either of those, check the video walkthrough [link here].
Once your server is running and you have its **IP address** (looks something like `172.237.151.226`) and **root password** from your provider, come back here.
---
### Step 1 — Get a Terminal on Windows
A terminal (also called a command prompt or console) is a text-based window you type commands into. On modern Windows you have a few options:
**Option A — Windows Terminal + SSH (Windows 10/11, recommended)**
Windows 10 and 11 come with SSH built in. Press the **Windows key**, type `Terminal`, and open **Windows Terminal** or **PowerShell**. Either one works fine.
**Option B — PuTTY (older Windows, or if the above doesn't work)**
Download PuTTY from [https://www.putty.org](https://www.putty.org) — it's free and has been the standard Windows SSH client for decades. Install it and open it.
---
### Step 2 — Log Into Your Server
Your server is running Linux and is waiting for you to connect to it. The way you connect is called **SSH** (Secure Shell) — it's an encrypted connection that lets you type commands on the remote server as if you were sitting in front of it.
**Using Windows Terminal or PowerShell:**
Type the following, replacing `YOUR.SERVER.IP` with your actual IP address:
```
ssh root@YOUR.SERVER.IP
```
Press Enter. You'll see a message like:
```
The authenticity of host '172.237.151.226' can't be established.
Are you sure you want to continue connecting (yes/no)?
```
Type `yes` and press Enter. This is normal — it's just your computer remembering the server for next time.
Then it will ask for a password. Type your root password (the one your VPS provider gave you) and press Enter. **You won't see anything as you type — that's normal**, Linux hides passwords for security.
You should end up at a prompt that looks something like:
```
[root@localhost ~]#
```
You're in. You're now typing commands directly on your server.
**Using PuTTY:**
Open PuTTY. In the **Host Name** box, type your server's IP address. Make sure **Port** is `22` and **SSH** is selected. Click **Open**. When the security warning appears, click **Accept**. Log in as `root` with your server password.
---
### Step 3 — Download and Run the Setup Script
Now you'll download and run the installer. Copy and paste these two commands, pressing Enter after each one:
```bash
curl -O https://git.castlehollow.com/rodger/imagehost-setup/raw/branch/main/imagehost-setup.sh
```
```bash
bash imagehost-setup.sh
```
> **Tip:** To paste into Windows Terminal, right-click or press **Ctrl+Shift+V**. In PuTTY, just right-click.
The script will now ask you a series of questions. Here's what each one means:
---
### Step 4 — Answering the Setup Questions
**Domain name**
If you have a domain name pointed at this server (like `images.yourdomain.com`), type it here and press Enter. If not, just press Enter to skip — your images will be accessible by IP address instead.
**Email address**
Only asked if you entered a domain. This is used by Let's Encrypt to send you certificate expiry notices. Enter any email address you check.
**SFTP username**
This is the username you'll use to upload images. Press Enter to accept the default (`imageuser`), or type your own.
**SFTP password**
This is the password for uploading images. You can type your own password or just press Enter to have a strong one generated for you automatically. Either way, it will be displayed at the end — make sure you save it.
**Maintenance username**
This is a separate login for managing the server itself (not for uploading images). Press Enter to accept the default (`siteadmin`), or type your own.
**Maintenance password**
Same as above — type one or press Enter to auto-generate.
**Maximum image file size**
The largest file size (in megabytes) that can be uploaded. Press Enter to accept the default of 20 MB, or type a number.
**Proceed with installation?**
Review the summary and type `y` then Enter to start the installation. The script will now run for a few minutes — you'll see progress messages scrolling by. This is normal.
---
### Step 5 — Save Your Credentials
When the script finishes, it will print a summary that looks something like this:
```
Image URL format:
https://images.yourdomain.com/<filename.jpg>
SFTP connection details:
Host : images.yourdomain.com
Port : 22
Username : imageuser
Password : Xk92mPqL... ← Save this now!
Upload to: /images/
Maintenance (SSH) login:
Host : images.yourdomain.com
Port : 22
Username : siteadmin
Password : Rt47vNwM... ← Save this now!
Sudo : sudo -i to become root
```
**Copy this entire block and save it somewhere safe** — a password manager, a secure note, anywhere you won't lose it. The passwords cannot be recovered after this point (though they can be reset if needed).
---
### Step 6 — Upload Your First Image
You'll need an SFTP client — a program that lets you transfer files to your server. These are all free:
- **FileZilla** — [https://filezilla-project.org](https://filezilla-project.org) (Windows, Mac, Linux)
- **WinSCP** — [https://winscp.net](https://winscp.net) (Windows only, very beginner-friendly)
- **Cyberduck** — [https://cyberduck.io](https://cyberduck.io) (Windows and Mac)
**Connecting with FileZilla (as an example):**
1. Open FileZilla
2. At the top, fill in:
- **Host:** your domain or IP address
- **Username:** your SFTP username (e.g. `imageuser`)
- **Password:** your SFTP password
- **Port:** `22`
3. Click **Quickconnect**
4. On the right side you'll see a folder called `images` — that's where your files go
5. Drag an image from your computer into that folder
**Accessing your image:**
Once uploaded, your image is immediately available at:
```
https://images.yourdomain.com/your-filename.jpg
```
Or if you're using an IP address:
```
http://172.237.151.226/your-filename.jpg
```
That's the URL you'd paste into your inventory management system listing.
---
### Troubleshooting
**"Connection refused" when trying to SSH**
Your server may still be booting, or your IP address is wrong. Wait a minute and try again. Double-check the IP in your VPS provider's dashboard.
**Images returning a 404 error**
Make sure you uploaded the file into the `/images/` folder, not the root of the SFTP connection. In FileZilla, you should see an `images` folder when you first connect — put your files inside that.
**Forgot the SFTP or maintenance password**
Log into your server via SSH as your maintenance user, then run:
```bash
sudo passwd imageuser
```
Replace `imageuser` with whichever account needs a password reset. You'll be prompted to set a new one.
**SSL certificate didn't install / getting a security warning**
This usually means your domain's DNS record wasn't pointing at your server's IP yet when the script ran. Once DNS is set up correctly, log in via SSH and run:
```bash
sudo certbot --nginx -d images.yourdomain.com
```
---
## License
MIT
Reference in New Issue View Git Blame Copy Permalink