This section is here to clarify some of the network terminology used throughout our documentation.
Client/Server
Throughout these docs we’ll be referring to the server and the client. The client-server model in this context refers to a structure where tasks/workloads are distributed between the provider of a resource of service, and clients, who want to access that resource.
When we come to talk about SSH:
- Server = Raspberry Pi/SBC (Single board computer) The server which holds the files/resources etc you want to access
- Client = your laptop,
- which you are using to access those files/resources
Later, we talk about local server setup. In this case this is a client-server protocol where:
- Server = Raspberry Pi/SBC
- An http-server which holds files/resources you want to access
- Client = A device with access to the same local network as the Pi
- which will access those files/resources via a web browser
This is confusing. We discussed how we might unpack this terminology, in a way which is critical but also legible and appropriate for the function we have assigned these docs. We came to the conclusion we will keep it simple here, but we do discuss this in more detail in the book chapter Praxis Doubling if you would like to read more on this.
Tuxic & Domain Names
The first step that we took in this process was the purchase of the servpub.net domain name from tuxic.nl, we have therefore placed some introductory information about setting up domain names here. A domain functions as the address used to access a website on the internet. We knew eventually we wanted our system to serve up websites, and so one of the first steps for us was to name and purchase a domain: servpub.net.
We talk more about the particular choices inherent in choosing a name, and top-level domain (.com/.edu/.org etc) in the Chapter Network infrastructure, where we also reflect on choosing our DNS provider - Tuxic.nl
In practical terms setting up and configuring your DNS record so that a website can be accessible will change slightly depending on how you host your website, and your DNS provider. In our case it meant creating a DNS A record through our domain controller panel:
- Logging in
- Finding the area to manage DNS settings
- Creating a new A record and adding the IP address of the site we want to find at servpub.net
This is a very quick summary, and we break down some of the terms further in the following sections.
Domain names
If IP addresses are the addresses that devices use to find each other online, then domains are how we understand where things are online. When you access a server on the internet you usually do so using its domain name. Domain names are easier and more identifiable for us to remember, and recognise than IP addresses. servpub.net is easier for us to remember for example than a string of numbers. A DNS server translates between domain names (which we understand) and IP addresses (which our devices understand).
IP addresses
IP (Internet Protocol) addresses work like a bit like a street address in that they allow devices find each other online. Every internet device has a unique IP address. These addresses can be converted into text via a Domain Name System (DNS) format. See below for more info on Domains.
There are are two types of IP addresses - static and dynamic - which each have their own use cases. The main difference is in their names. Dynamic IP addresses constantly change, and static IP addresses are fixed.
Dynamic IP addresses
Dynamic IPs are the standard for most consumer devices, or those connected to your home network like your phone or laptops. Devices are assigned IPs in the background by your internet service provider. These IPs are assigned temporarily, and change without you noticing.
Static IP addresses
Static IP addresses are unchanging - an IP is assigned to a device and it remains the same. They are manually assigned to individual devices, and are in place for as long as you need them to be. They usually also come with a cost associated. They are used for things like DNS servers, which need to remain accessible and devices always know where to find them. As they are fixed, static IP addresses also make it easier to work with Virtual Private Networks (VPNs). In our case Systerserver provide the static IP we use for servepub.
DNS Records
DNS records provide information about a hostname or domain, and include the IP addresses for a domain. They are stored on a DNS server.
There are several types of DNS record. 5 main types include:
- A record
- AAAA record
- CNAME record
- Nameserver (NS) record
- Mail exchange (MX) record
The A record is the most key. The A stands for address and the shows the IP address for a specific hostname or domain. An A records main use is to allow a web browser to load a website from their domain name, without us having to know its IP address.
An AAAA record is similar, only the DNS record points to an IPV6 address.
CNAME records points a domain name to another domain. For instance, a CNAME record can point the address www.example.com_ to the actual web site for the domain example.com.
An NS record specifies the authoritative DNS server for a domain.
MX records show where emails for a domain should be routed to i.e. directing emails to a mail server.
HTTP versus HTTPS
Hypertext Transfer Protocol (HTTP) is a method for encoding and transporting information between a client (for instance a web browser) and a web server. HTTPS does the same thing but with encryption and verification using digital certificates. HTTP messages are plaintext, which means unauthorised parties could access and read them. HTTPS messages are encrypted so that if they are intercepted they cannot be understood.
HTTPS websites must obtain an SSL/TS certificate from a certificate authority (CA), see below for information on certification.
Certification Authorities
In Https, communication is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS or HTTP over SSL. A Certificate Authority is an entity that stores, signs, and issues digital certificates.
Let’s Encrypt is a global Certificate Authority (CA), which allows people and organizations around the world to obtain, renew, and manage SSL/TLS certificates. The objective of Let’s Encrypt and the [rfc:8555 ACME protocol] is to make it possible to set up an HTTPS server and have it automatically obtain a browser-trusted certificate, without any human intervention. This is accomplished by running a certificate management agent on a web server. Read more.
Certbot is a free, open source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS.
We have used Certbot to enable https for the servpub.net domain name. We have put the section on cerbot in the Reverse Proxy set up section as it was the last step in the setup of the servpub VPN, see 04.2 Managing certificates for https for steps on how to use certbot to self-sign certificates.