initial commitHEADprimary

1 files changed, 96 insertions, 0 deletions

diff --git a/memos/WM-050.txt b/memos/WM-050.txt
new file mode 100644
index 0000000..0c7a384
--- /dev/null
+++ b/memos/WM-050.txt
@@ -0,0 +1,96 @@
+
+
+
+
+
+
+
+Document: WM-050                                                 P. Webb
+Category: Tutorial                                            2021.05.15
+
+                How to setup a Handshake site with Caddy
+
+Abstract
+
+   Easiest tutorial for adding TLS to a Handshake site, with Caddy.
+
+Body
+
+   For the uninitiated, Handshake[1] is a protocol intended to embrace
+   (and ideally extinguish) legacy DNS. If that statement scares you, it
+   makes sense. Drastic change is alarming. Yes, there is a blockchain
+   involved but we're not going to get into that. You came here because
+   you 1) have a Handshake TLD and 2) you have a site you want to use
+   on it.
+
+   Caddy[2], by default, automatically issues TLS certificates via
+   LetsEncrypt but LE is a centralized certificate authority and doesn't
+   know what Handshake is. Not to worry, we'll generate our own secure
+   certificates with OUR OWN CA (via light-ca[3])! After that we'll
+   update our Caddyfile and reload/restart the server to test and
+   finalize our changes. Easy-peasy.
+
+   For this tutorial I'll be using my TLD starbase/. Rather than make
+   the root domain resolve to a site, I'm opting to use an SLD
+   (second-level domain) instead (so, welcome.starbase in this example).
+   You should be familiar with DNS and managing servers before
+   continuing. Without further ado, let's begin!
+
+   01. SFTP your site content to your VPS
+
+   02. SSH into VPS and install light-ca
+   ```sh
+   curl -sL https://github.com/light-river/light-ca/releases/download/latest/light-ca.tar.gz | tar zx && sudo mv ./light-ca /usr/bin/light-ca
+   ```
+
+   03. Create certs
+   ```sh
+   light-ca --domains "welcome.starbase"
+   ```
+
+   04. Update Caddyfile
+   ```txt
+   welcome.starbase {
+     # This is the path to a folder on my server that holds the site code
+     root * /var/www/starbase/
+     encode gzip
+     file_server
+     # This is the path to the certs created by light-ca
+     # The paths I chose are not the defaults.
+     # Syntax: tls <path to cert.pem> <path to key.pem>
+     tls /var/custom-certs/welcome.starbase/cert.pem /var/custom-certs/welcome.starbase/key.pem
+   }
+   ```
+
+   05. Reload Caddy and check for issues
+   ```sh
+   systemctl reload caddy
+   # If there are no issues, run next command
+   systemctl restart caddy
+   ```
+
+   06. Finally, add A record to TLD DNS (via Namebase[4]) with VPS'
+   IP address.
+
+   I'm assuming you're using NextDNS[5], hDNS[6], or some other method
+   of natively viewing Handshake domains on your device. If so, enter
+   https://<your-site> in your favorite browser to view your
+   "hard" work.
+
+   Seriously, this was so easy. 🕸
+
+   P.S. I'm building a registry AND a registrar for my collection of
+   Handshake TLDs. If you want updates on when they launch, follow
+   @neuenet[7] and @beachfront_[8] respectively. The launch is slated
+   for end of summer.
+
+References
+
+   [1] <https://handshake.org>
+   [2] <https://caddyserver.com>
+   [3] <https://github.com/light-river/light-ca>
+   [4] <https://namebase.io>
+   [5] <https://nextdns.io>
+   [6] <https://hdns.io>
+   [7] <https://twitter.com/neuenet>
+   [8] <https://twitter.com/beachfront_>