AlmaLinux or Fedora or RHEL

Tested on AlmaLinux 9 and Fedora 38.

Disable SELinux

To simplify this tutorial, we will disable SELinux for now. You may also try to customize your SELinux policy if really needed.

setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

Install dependencies

Run as root:

dnf install -y git podman tar

Modify ip_unprivileged_port_start

The default service is bind to port 9443.

If you want to bind to port < 1024, for example the standard HTTPS port 443, you need to run as root:

sysctl net.ipv4.ip_unprivileged_port_start=443

Create an unprivileged user

We are using nsbox here. You can actually use whatever username you like.

useradd -m -s /bin/bash nsbox
mkdir /home/nsbox/.ssh

If you are using a Fedora AMI on AWS, run:

cp /home/fedora/.ssh/authorized_keys /home/nsbox/.ssh/

Otherwise:

cp /root/.ssh/authorized_keys /home/nsbox/.ssh/

Finally, adjust the permissions:

chmod 700 /home/nsbox/.ssh
chown -R nsbox:nsbox /home/nsbox/.ssh

First run

ssh as the nsbox user and run:

cd /home/nsbox
curl -L https://github.com/naivesystems/box/releases/download/v0.1.3/nsbox-linux-amd64 --output nsbox
chmod +x nsbox
./nsbox --help

If the help message prints, continue:

mkdir workdir
./nsbox -workdir /home/nsbox/workdir

We also allow to customize the subdomains and the port (the following command shows the default values of the subdomain and the port):

mkdir workdir
./nsbox --workdir $PWD/workdir/ \
--hostname nsbox.internal \
--login_domain login.nsbox.internal \
--portal_domain portal.nsbox.internal \
--bug_domain bug.nsbox.internal \
--build_domain build.nsbox.internal \
--review_domain review.nsbox.internal \
--mail_domain mail.nsbox.internal \
--cross_domain x.nsbox.internal \
--port 9443

Once it's up, you should see something like

HO: Using hostname nsbox.internal instead of nsbox.internal
2023/11/07 22:55:09 http://127.0.0.1:8081/a/projects/
2023/11/07 22:55:14 http://127.0.0.1:8081/a/projects/
...

To try it without a dedicated domain name and SSL certificates, you can temporarily add an entry to your /etc/hosts file (or C:\Windows\System32\Drivers\etc\hosts on Windows).

# add a line to your hosts file, where 11.22.33.44 must be replaced by the actual IP address of your machine
11.22.33.44 nsbox.internal
11.22.33.44 login.nsbox.internal
11.22.33.44 portal.nsbox.internal
11.22.33.44 review.nsbox.internal
11.22.33.44 bug.nsbox.internal
11.22.33.44 build.nsbox.internal
11.22.33.44 mail.nsbox.internal
11.22.33.44 x.nsbox.internal

See also: Custom domain names

If you want to use the domain set up on Cloudflare, see Cloudflare Tunnel

If you want to use the domain set up on AWS, see AWS Route 53

Firewall setup:

• If you are using AWS, you must set up your security group's inbound firewall rules properly.
• If you are using DigitalOcean, there is nothing to do.
• Otherwise, you need to open up a few ports in the firewall. Run as root:

  firewall-cmd --add-port={8080/tcp,8443/tcp,9443/tcp,29418/tcp}
  

  To make the firewall rules permanent:

  firewall-cmd --runtime-to-permanent
  

Now you can open the following links:

• Create New User: https://portal.nsbox.internal:9443/users/new
• Redmine: https://bug.nsbox.internal:9443
• Gerrit: https://review.nsbox.internal:9443
• Buildbot: https://build.nsbox.internal:9443
• Mailpit: https://mail.nsbox.internal:9443

Default username/password is admin/admin.

Run as a service

Ctrl-C the above command you started in the first run.

Create a file under /etc/systemd/system/nsbox.service with the following contents:

cat > /etc/systemd/system/nsbox.service
[Unit]
Description=NaiveSystems Box
After=network.target

[Service]
User=nsbox
ExecStart=/home/nsbox/nsbox -workdir /home/nsbox/workdir
Restart=always
OOMPolicy=continue

[Install]
WantedBy=multi-user.target

Enable and start the service:

systemctl daemon-reload
systemctl enable --now nsbox.service

To tail its logs with color:

journalctl --output cat -fu nsbox.service