Handshake has a tiny SPV resolver that can run on devices with low specs, such a Raspberry Pi Zero W. In this tutorial we will need just the RPi and a SD Card (min 4GB). We also need a SD Card reader (USB or native). Raspberry Pi OS First step is to install the OS in the SD card. Raspberry Pi has a utility called Raspberry Pi Imager that does all the work for us....
Posts in this series: Introduction (this one!) Part 1 - Set up DNS server Part 2 - Set up Web server Part 3 - Secure with DANE So you wanna build a snowman website on a Handshake domain. Any website (even a regular one on an ICANN domain) needs 3 things to function A domain name - hope you have one ready A DNS server - this is what tells browsers where to fetch content from A web server - someplace where content is stored or served from Let’s quickly go through what they are (feel free to skip if you’re familiar with DNS basics)....
Posts in this series: Introduction Part 1 - Set up DNS server (this one!) Part 2 - Set up Web server Part 3 - Secure with DANE Set up DNS server We’ll be using PowerDNS here. You can use bind9, knot, or any other authoritative server, but PowerDNS is the (personally) easiest to set up and use. Sebastian Rasor has a similar guide with nsd: https://www.sebastianrasor.com/blog/hosting-a-secure-website-on-the-handshake-protocol-using-dane...
Posts in this series: Introduction Part 1 - Set up DNS server Part 2 - Set up Web server (this one!) Part 3 - Secure with DANE Set up Web Server In this part, we’ll set up a simple nginx server that just serves a static website. You can also go with any other software like Apache httpd or lighttpd. Install nginx # Install nginx sudo apt install nginx -y # create a directory to place website sudo mkdir -p /var/www/smartface Add content Copy your website files into /var/www/smartface....
Posts in this series: Introduction Part 1 - Set up DNS server Part 2 - Set up Web server Part 3 - Secure with DANE (this one!) Secure with DANE If you’re following with the series, we have a website reachable with a Handshake domain, but it’s only over HTTP and not secure. With regular domains, one would request a Certificate Authority (CA) to sign our certificate and then use it on the web server....