Skip to content

AlmaLinux or Fedora or RHEL

Joshua1023 edited this page Jun 18, 2024 · 18 revisions

Tested on AlmaLinux 9 and Fedora 38.

Disable SELinux

To simplify this tutorial, we will disable SELinux for now. You may also try to customize your SELinux policy if really needed.

setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

Install dependencies

Run as root:

dnf install -y git podman tar

Create an unprivileged user

We are using nsbox here. You can actually use whatever username you like.

useradd -m -s /bin/bash nsbox
mkdir /home/nsbox/.ssh

If you are using a Fedora AMI on AWS, run:

cp /home/fedora/.ssh/authorized_keys /home/nsbox/.ssh/

Otherwise:

cp /root/.ssh/authorized_keys /home/nsbox/.ssh/

Finally, adjust the permissions:

chmod 700 /home/nsbox/.ssh
chown -R nsbox:nsbox /home/nsbox/.ssh

First run

ssh as the nsbox user and run:

cd /home/nsbox
curl -L https://github.com/naivesystems/box/releases/download/v0.1.3/nsbox-linux-amd64 --output nsbox
chmod +x nsbox
./nsbox --help

If the help message prints, continue:

mkdir workdir
./nsbox -workdir /home/nsbox/workdir

Once it's up, you should see something like

HO: Using hostname nsbox.local instead of nsbox.local
2023/11/07 22:55:09 http://127.0.0.1:8081/a/projects/
2023/11/07 22:55:14 http://127.0.0.1:8081/a/projects/
...

To try it without a dedicated domain name and SSL certificates, you can temporarily add an entry to your /etc/hosts file (or C:\Windows\System32\Drivers\etc\hosts on Windows).

# add a line to your hosts file, where 11.22.33.44 must be replaced by the actual IP address of your machine
11.22.33.44 nsbox.local

See also: Custom domain names

Firewall setup:

  • If you are using AWS, you must set up your security group's inbound firewall rules properly.
  • If you are using DigitalOcean, there is nothing to do.
  • Otherwise, you need to open up a few ports in the firewall. Run as root:
    firewall-cmd --add-port={8080/tcp,8443/tcp,9440-9444/tcp,9992/tcp,29418/tcp}
    
    To make the firewall rules permanent:
    firewall-cmd --runtime-to-permanent
    

Now you can open the following links:

Default username/password is admin/admin.

Run as a service

Ctrl-C the above command you started in the first run.

Create a file under /etc/systemd/system/nsbox.service with the following contents:

cat > /etc/systemd/system/nsbox.service
[Unit]
Description=NaiveSystems Box
After=network.target

[Service]
User=nsbox
ExecStart=/home/nsbox/nsbox -workdir /home/nsbox/workdir
Restart=always
OOMPolicy=continue

[Install]
WantedBy=multi-user.target

Enable and start the service:

systemctl daemon-reload
systemctl enable --now nsbox.service

To tail its logs with color:

journalctl --output cat -fu nsbox.service
Clone this wiki locally