Deploy IPFS on Digitalocean


Install IPFS Kubo for GO as Linux service

This is a command line interface suitable for Linux type servers.

Check the latest version of Kubo for GO here

wget https://dist.ipfs.tech/kubo/v0.20.0/kubo_v0.20.0_linux-amd64.tar.gz

Unzip the file

tar -xvzf kubo_v0.20.0_linux-amd64.tar.gz

> x kubo/install.sh
> x kubo/ipfs
> x kubo/LICENSE
> x kubo/LICENSE-APACHE
> x kubo/LICENSE-MIT
> x kubo/README.md

Move to Kubo folder

cd kubo

Install

sudo bash install.sh\
> Moved ./ipfs to /usr/local/bin

Check installation

ipfs --version

Do not run the service as root but rather create ipfs user:

adduser ipfs
su ipfs

Initialize IPFS under ipfs user:

ipfs init --profile=server

Switch back to the root user:

exit

Allow the ipfs user to run long-running services by enabling user lingering for that user:

loginctl enable-linger ipfs

Create the file /etc/systemd/system/ipfs.service with this content:

[Unit]
Description=IPFS daemon

[Service]
User=ipfs
Group=ipfs
ExecStart=/usr/local/bin/ipfs daemon --enable-gc
Restart=on-failure

[Install]
WantedBy=multi-user.target

Enable and start the service

systemctl enable ipfs
systemctl start ipfs

Now IPFS should be up and running, and start when the server boots. You should see peers pouring in:

su ipfs
ipfs swarm peers

Install NGINX with Let's Encrypt Certs

apt-get update
apt-get install nginx

Edit /etc/nginx/sites-available/default. Change its contents to this:

server {
    server_name example.com ipfs.example.com;
    server_tokens off;

    listen 80;
    listen [::]:80;
    listen 443 ssl;
    listen [::]:443 ssl;

    location / {
        proxy_pass http://localhost:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

Install Certbot for Nginx

apt install certbot python3-certbot-nginx

Check UFW firewall status and enable if not active

ufw status
ufw enable

To additionally let in HTTPS traffic, allow the Nginx Full profile and delete the redundant Nginx HTTP profile allowance:

ufw allow 'Nginx Full'
ufw delete allow 'Nginx HTTP'

Obtain SSL certificate

certbot --nginx -d example.com -d ipfs.example.com

Verify certbox renewal

systemctl status certbot.timer

Output
● certbot.timer - Run certbot twice daily
     Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled)
     Active: active (waiting) since Mon 2020-05-04 20:04:36 UTC; 2 weeks 1 days ago
    Trigger: Thu 2020-05-21 05:22:32 UTC; 9h left
   Triggers: ● certbot.service
certbot renew --dry-run

Reload nginx

systemctl reload nginx

Resources