# Personal Solid Pod

Hello! This is a personal Solid pod of [michal](https://mrkvon.org). It runs on CommunitySolidServer v7

## How do we host it?

### Pod (with CommunitySolidServer)

- `git clone https://github.com/CommunitySolidServer/CommunitySolidServer.git`
- `npm install`
- `npm start -- -f ../data/ -c ../config.json -p 3579 -b https://data.mrkvon.org`

Config is a copy of [file-root-pod](https://github.com/CommunitySolidServer/CommunitySolidServer/blob/33e9ae41916c9de0638709b02c42936e53d49414/config/file-root-pod.json) with changed email and password

#### nginx settings

based on [solid nginx config example](https://github.com/solid/solidproject.org/wiki/Using-NGINX-as-a-reverse-proxy#configuration)

```
###### Setup for Community Solid Server ######
# https://solidproject.org/self-hosting/css/nginx

# Your local Solid server instance
upstream data-mrkvon-org {
    server 127.0.0.1:3579;
}

server {
    server_name data.mrkvon.org;

    # Proxy traffic for https://data.mrkvon.org/ to http://localhost:3579/
    # Proxy all traffic to the Solid server
    location / {
        # Delegate to the Solid server, passing the original host and protocol
        proxy_pass http://data-mrkvon-org$request_uri;
        proxy_set_header X-Forwarded-Host  $host;
        proxy_set_header X-Forwarded-Proto $scheme;
    
        # Pass these headers from the Solid server back to the client
        proxy_pass_header Server;
        proxy_pass_header Set-Cookie;
    
        # Enable Websocket support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        
        # Prevent ETag modification (https://github.com/solid/community-server/issues/1036)
        gzip off;
    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot

    # HTTPS certificate setup (can be autogenerated by tools such as certbot)
    ssl_certificate /etc/letsencrypt/live/data.mrkvon.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/data.mrkvon.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = data.mrkvon.org) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    server_name data.mrkvon.org;
    listen 80;
    listen [::]:80;
    return 404; # managed by Certbot
}
```

### Identity

I have webID at `https://id.mrkvon.org`, and it redirects to `https://data.mrkvon.org/profile/card`. The challenge was making it work nicely with CORS - but i managed

#### nginx settings

```
server {
    server_name id.mrkvon.org;

    access_log /var/log/nginx/id_mrkvon_access.log;
    error_log /var/log/nginx/id_mrkvon_error.log;

    charset utf8;

    add_header 'Access-Control-Allow-Origin' "$http_origin" always;
    add_header 'Access-Control-Allow-Credentials' 'true' always;
    add_header 'Access-Control-Allow-Methods' 'GET,HEAD,OPTIONS,POST,PUT,PATCH,DELETE' always;
    add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,DPop' always;
    add_header 'access-control-expose-headers' 'Accept-Patch,Accept-Post,Accept-Put,Allow,Content-Range,ETag,Last-Modified,Link,Location,Updates-Via,WAC-Allow,Www-Authenticate' always;

    # Default return for root path
    location = / {
        # Respond with 204 No Content to OPTIONS requests at the root
        # CORS doesn't work well with redirects in OPTIONS
        if ($request_method = 'OPTIONS') {
            return 204 no-content;
        }

        if ($request_method = 'PATCH') {
            return 308 https://data.mrkvon.org/profile/card;
        }
        if ($request_method = 'POST') {
            return 308 https://data.mrkvon.org/profile/card;
        }
        if ($request_method = 'PUT') {
            return 308 https://data.mrkvon.org/profile/card;
        }
        if ($request_method = 'DELETE') {
            return 308 https://data.mrkvon.org/profile/card;
        }

        # For GET and HEAD requests, return 303 to profile document
        return 303 https://data.mrkvon.org/profile/card;
    }

    # Respond with 404 Not Found for all other URLs
    location / {
        return 404;
    }

    listen 443 ssl; # managed by Certbot
    listen [::]:443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/id.mrkvon.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/id.mrkvon.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = id.mrkvon.org) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    listen [::]:80;

    server_name id.mrkvon.org;
    return 404; # managed by Certbot
}
```

#### Keep it up with pm2

- `pm2 start npm --name data.mrkvon.org -- start -- -f ../data/ -c ../config.json -p 3579 -b https://data.mrkvon.org`
- `pm2 save`