• install environment (Debian 10, https://kis.hosteurope.de)
• change and note password (Kundenadmin)
• ssh into the machine as root
• apt-get update
• apt-get upgrade
• apt-get install curl nano nginx
• systemctl stop apache2
• systemctl start nginx
• adduser --system --ingroup www-data --no-create-home solid
• wget https://dl.eff.org/certbot-auto (deprecated, should be replaced by certbot)
• mv certbot-auto /usr/local/bin/certbot-auto
• chown root /usr/local/bin/certbot-auto
• chmod 755 /usr/local/bin/certbot-auto
• cd /usr/local/bin/
• ./certbot-auto certonly \ --manual \ --preferred-challenges=dns \ --email evemat@web.de \ --server https://acme-v02.api.letsencrypt.org/directory \ --agree-tos \ -d solidweb.org -d *.solidweb.org
• DNS-Challenge
• chmod -R 755 /etc/letsencrypt/live/ /etc/letsencrypt/archive/
• curl -sL https://deb.nodesource.com/setup_16.x | sudo bash -
• apt-get install nodejs
• node -v
• npm -v
• npm install -g solid-server
• solid init

$ solid init
* ? Path to the folder you want to serve. Default is (./data) /var/www/html/data
? SSL port to run on. Default is (8443) 8443
? Solid server uri (with protocol, hostname and port) https://solidweb.org
? Enable WebID authentication Yes
? Serve Solid on URL path /
? Path to the config directory (for example: /etc/solid-server) (./config) /var/www/html/config
? Path to the config file (for example: ./config.json) (./config.json) /var/www/html/config.json
? Path to the server metadata db directory (for users/apps etc) (./.db) /var/www/html/.db
? Path to the SSL private key in PEM format /etc/letsencrypt/archive/solidweb.org/privkey1.pem
? Path to the SSL certificate key in PEM format /etc/letsencrypt/archive/solidweb.org/fullchain1.pem
? Enable multi-user mode Yes
? Do you want to set up an email service (y/N) N
? A name for your server (not required) solidweb.org
? A description of your server (not requred) undefined
? A logo (not required) undefined
? Do you want to enforce Terms & Conditions for your service (y/N) N
? Do you want to disable password strength checking (y/N) N
? The support email you provide for your users (not required) meisdata@gmail.com
config created on /root/config.json

"useEmail": true, "email": { "host": "smtp.sendgrid.net", "port": "465", "sender": "me@evering.eu", "secure": true, "auth": { "user": "apikey", "pass": "xxxxxx" } }

• copy to /var/www/html/config.json
• create /lib/systemd/system/solid.service

[Unit]
Description=solid - Social Linked Data
Documentation=https://solid.inrupt.com/docs/
After=network.target

[Service]
Type=simple
User=solid
WorkingDirectory=/var/www/html
ExecStart=/usr/bin/solid start
Restart=on-failure

[Install]
WantedBy=multi-user.target

• ln -s /lib/systemd/system/solid.service /etc/systemd/system/multi-user.target.wants/
• chown solid:www-data /var/www/html/config.json
• cd /var/www/html
• chown -R solid:www-data config data .db
• create /etc/nginx/sites-available/default

# Nginx configuration for Solid on Port 8443

## Redirects all HTTP traffic to the HTTPS host
server {
  ## In case of conflict, either remove "default_server" from the listen line below,
  ## or delete the /etc/nginx/sites-enabled/default file.
  listen 0.0.0.0:80;
  listen [::]:80;
  server_name solidweb.org;
  server_tokens off; ## Don't show the nginx version number, a security best practice
  return 301 https://$http_host$request_uri;
  access_log  /var/log/nginx/solid_access.log;
  error_log   /var/log/nginx/solid_error.log;
}

server {
  listen *:443 ssl;
  listen [::]:443 ssl;
  server_name solidweb.org;
  server_tokens off;

  access_log  /var/log/nginx/solid_ssl_access.log;
  error_log   /var/log/nginx/solid_ssl_error.log;

ssl_certificate /etc/letsencrypt/archive/solidweb.org/fullchain1.pem;
ssl_certificate_key /etc/letsencrypt/archive/solidweb.org/privkey1.pem;

root /var/www/html; #webroot

  ## [Optional] Enable HTTP Strict Transport Security
  ## HSTS is a feature improving protection against MITM attacks
  ## For more information see: https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

  location / {
    proxy_pass https://localhost:8443;

    gzip off;
    proxy_redirect off;

    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    proxy_http_version 1.1;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-Ssl     on;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }

}

• systemctl restart nginx
• nano /var/www/html/config/templates/new-account/settings/serverSide.ttl

@prefix dct: <http://purl.org/dc/terms/>.
@prefix pim: <http://www.w3.org/ns/pim/space#>.
@prefix solid: <http://www.w3.org/ns/solid/terms#>.

<>
  a pim:ConfigurationFile;

  dct:description "Administrative settings for the POD that the user can only read." .

</>
    solid:storageQuota "250000000" .

• systemctl start solid.service