There is currently one publicly available Pod server available that you can run yourself: Node Solid Server. Instructions on how to set it up are available at its website. More extensive Documentation is below.

Example config for NSS on a root server

We assume Linux (Debian 8) on the host system. This is how it’ s tested. The aim is to get a Solid Pod Server that is public reachable in the Internet using Apache as reverse-proxy.

Connect root-server to net (depends on Hosting Service Provider) (you will need ssh)

  • Order virtual server at Provider of your choice

Assign Fully Qualified Domain Name to the machine

  • Setup DNS properly

Get and deploy https certificate

  • ssh into the machine as user root
  • deploy two certificates with letsencrypt/certbot (domain-cert and wildcard-cert)
    (you will need to edit a DNS-text-record depending on the challenge)
  • sample commands using certbot-auto
    $ wget https://dl.eff.org/certbot-auto
    $ mv certbot-auto /usr/local/bin/certbot-auto
    $ chown root /usr/local/bin/certbot-auto
    $ chmod 0755 /usr/local/bin/certbot-auto
    $ cd /usr/local/bin/
    $ ./certbot-auto certonly \
    --manual \
    --preferred-challenges=dns \
    --email mail@host.com \
    --server https://acme-v02.api.letsencrypt.org/directory \
    --agree-tos \
    -d example.org -d *.example.org
    //now DNS-challenge
    $ chmod -r 777 /etc/letsencrypt/live/

Apache config

  • enable modules (ssl.conf, ssl.load, proxy.conf, proxy.load, proxy_html.conf, proxy_html.load, proxy_http.conf, proxy_http.load, rewrite.load, socache_shmcb.load)
  • this is done by creating symlinks in /etc/apache2/mods-enabled/ pointing to /etc/apache2/mods-available/*
  • sample for one module other modules equivalent
    $ cd /etc/apache2/mods-enabled
    $ ln -s ../mods-available/ssl.conf ssl.conf
  • edit 000-default.conf
    nano /etc/apache2/sites-available/000-default.conf
    add to config in the appropriate section as follows
<VirtualHost *:80>
ServerName example.org
Redirect / https://example.org

DocumentRoot /var/www/example.org
</VirtualHost>

<VirtualHost *.443>
ServerName example.org
DocumentRoot /var/www/example.org

SSLEngine On
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyPeerName Off
SSLProxyCheckPeerExpire Off
ProxyPreserveHost On

SSLCertificateFile /etc/letsencrypt/live/example.org/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.org/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.org/fullchain.pem

ProxyPass / https://localhost:8443/
ProxyPassReverse / https://localhost:8443/
</VirtualHost>

<VirtualHost *:443>
ServerAlias *.example.org

SSLEngine On
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyPeerName Off
SSLProxyCheckPeerExpire Off
ProxyPreserveHost On

SSLCertificateFile /etc/letsencrypt/live/example.org/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.org/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.org/fullchain.pem

ProxyPass / https://localhost:8443/
ProxyPassReverse / https://localhost:8443/
</VirtualHost>
  • edit default-ssl.conf
    nano /etc/apache2/sites-available/default-ssl.conf
    add to config in the appropriate section as follows
<VirtualHost _default_:443>
ServerName example.org:443
DocumentRoot /var/www/example.org

SSLEngine on

SSLCertificateFile /etc/letsencrypt/live/example.org/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.org/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.org/fullchain.pem
</VirtualHost>

Install nodejs > 8 and npm

  • https://tecadmin.net/install-latest-nodejs-npm-on-debian/

Install Solid Server

  • $ npm install -g solid-server

init Solid Server (config)

  • ? Path to the folder you want to serve. Default is (./data) /var/www/your.host.example.org/data
    ? SSL port to run on. Default is (8443) 8443
    ? Solid server uri (with protocol, hostname and port) https://your.host.example.org
    ? Enable WebID authentication Yes
    ? Serve Solid on URL path /
    ? Path to the config directory (for example: /etc/solid-server) (./config) /var/www/your.host.example.org/config
    ? Path to the config file (for example: ./config.json) (./config.json) /var/www/your.host.example.org/config.json
    ? Path to the server metadata db directory (for users/apps etc) (./.db) /var/www/your.host.example.org/.db
    ? Path to the SSL private key in PEM format /etc/letsencrypt/live/your.host.example.org/privkey.pem
    ? Path to the SSL certificate key in PEM format /etc/letsencrypt/live/your.host.example.org/fullchain.pem
    ? Enable multi-user mode Yes
    ? Do you want to set up an email service (y/N) N
    ? A name for your server (not required) your.host.example.org
    ? A description of your server (not requred) undefined
    ? A logo (not required) undefined
    ? Do you want to enforce Terms & Conditions for your service (y/N) N
    ? Do you want to disable password strength checking (y/N) N
    ? The support email you provide for your users (not required) undefined
    config created on /root/config.json

Then, you need to create the paths that you entered. You would also need to copy the config.json file to where you indicated it should be.

add user solid

  • $ adduser --system --ingroup www-data --no-create-home solid

create /lib/systemd/system/solid.service

  • [Unit]
    Description=solid - Social Linked Data
    Documentation=https://solid.inrupt.com/docs/
    After=network.target

    [Service]
    Type=simple
    User=solid
    WorkingDirectory=/var/www/your.host.example.org
    ExecStart=/usr/bin/solid start
    Restart=on-failure

    [Install]
    WantedBy=multi-user.target

create symlink

  • $ ln -s /lib/systemd/system/solid.service /etc/systemd/system/multi-user.target.wants/

chown solid config directories

  • $ cd /var/www/your.host.example.org/
    $ chown solid:www-data config/ data/ .db/

start service

  • $ systemctl start solid.service