Deploy IPFS on Digitalocean
Install IPFS Kubo for GO as Linux service
This is a command line interface suitable for Linux type servers.
Check the latest version of Kubo for GO here
wget https://dist.ipfs.tech/kubo/v0.20.0/kubo_v0.20.0_linux-amd64.tar.gz
Unzip the file
tar -xvzf kubo_v0.20.0_linux-amd64.tar.gz
> x kubo/install.sh
> x kubo/ipfs
> x kubo/LICENSE
> x kubo/LICENSE-APACHE
> x kubo/LICENSE-MIT
> x kubo/README.md
Move to Kubo folder
cd kubo
Install
sudo bash install.sh\
> Moved ./ipfs to /usr/local/bin
Check installation
ipfs --version
Do not run the service as root but rather create ipfs
user:
adduser ipfs
su ipfs
Initialize IPFS under ipfs
user:
ipfs init --profile=server
Switch back to the root
user:
exit
Allow the ipfs
user to run long-running services by enabling user lingering for that user:
loginctl enable-linger ipfs
Create the file /etc/systemd/system/ipfs.service
with this content:
[Unit]
Description=IPFS daemon
[Service]
User=ipfs
Group=ipfs
ExecStart=/usr/local/bin/ipfs daemon --enable-gc
Restart=on-failure
[Install]
WantedBy=multi-user.target
Enable and start the service
systemctl enable ipfs
systemctl start ipfs
Now IPFS should be up and running, and start when the server boots. You should see peers pouring in:
su ipfs
ipfs swarm peers
Install NGINX with Let's Encrypt Certs
apt-get update
apt-get install nginx
Edit /etc/nginx/sites-available/default
. Change its contents to this:
server {
server_name example.com ipfs.example.com;
server_tokens off;
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Install Certbot for Nginx
apt install certbot python3-certbot-nginx
Check UFW firewall status and enable if not active
ufw status
ufw enable
To additionally let in HTTPS traffic, allow the Nginx Full profile and delete the redundant Nginx HTTP profile allowance:
ufw allow 'Nginx Full'
ufw delete allow 'Nginx HTTP'
Obtain SSL certificate
certbot --nginx -d example.com -d ipfs.example.com
Verify certbox renewal
systemctl status certbot.timer
Output
● certbot.timer - Run certbot twice daily
Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled)
Active: active (waiting) since Mon 2020-05-04 20:04:36 UTC; 2 weeks 1 days ago
Trigger: Thu 2020-05-21 05:22:32 UTC; 9h left
Triggers: ● certbot.service
certbot renew --dry-run
Reload nginx
systemctl reload nginx