Skip to content

AlmaLinux or Fedora or RHEL

Joshua1023 edited this page May 6, 2024 · 18 revisions

Tested on AlmaLinux 9 and Fedora 38.

Disable SELinux

To simplify this tutorial, we will disable SELinux for now. You may also try to customize your SELinux policy if really needed.

setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

Install dependencies

Run as root:

dnf install -y git podman tar

Create an unprivileged user

We are using nsbox here. You can actually use whatever username you like.

# useradd -m -s /bin/bash nsbox
# mkdir /home/nsbox/.ssh

If you are using a Fedora AMI on AWS, run:

cp /home/fedora/.ssh/authorized_keys /home/nsbox/.ssh/


cp /root/.ssh/authorized_keys /home/nsbox/.ssh/

Finally, adjust the permissions:

chmod 700 /home/nsbox/.ssh
chown -R nsbox:nsbox /home/nsbox/.ssh

First run

ssh as the nsbox user and run:

cd /home/nsbox
curl -L --output nsbox
chmod +x nsbox
./nsbox --help

If the help message prints, continue:

mkdir workdir
./nsbox -workdir /home/nsbox/workdir

Once it's up, you should see something like

HO: Using hostname nsbox.local instead of nsbox.local
2023/11/07 22:55:09
2023/11/07 22:55:14

To try it without a dedicated domain name and SSL certificates, you can temporarily add an entry to your /etc/hosts file (or C:\Windows\System32\Drivers\etc\hosts on Windows).

# add a line to your hosts file, where must be replaced by the actual IP address of your machine nsbox.local

See also: Custom domain names

Firewall setup:

  • If you are using AWS, you must set up your security group's inbound firewall rules properly.
  • If you are using DigitalOcean, there is nothing to do.
  • Otherwise, you need to open up a few ports in the firewall. Run as root:
    firewall-cmd --add-port={8080/tcp,8443/tcp,9440-9444/tcp,9992/tcp,29418/tcp}
    To make the firewall rules permanent:
    firewall-cmd --runtime-to-permanent

Now you can open the following links:

Default username/password is admin/admin.

Run as a service

Ctrl-C the above command you started in the first run.

Create a file under /etc/systemd/system/nsbox.service with the following contents:

cat > /etc/systemd/system/nsbox.service
Description=NaiveSystems Box

ExecStart=/home/nsbox/nsbox -workdir /home/nsbox/workdir


Enable and start the service:

systemctl daemon-reload
systemctl enable --now nsbox.service

To tail its logs with color:

journalctl --output cat -fu nsbox.service
Clone this wiki locally