Skip to content

AlmaLinux or Fedora or RHEL

Xiao Jia edited this page Nov 7, 2023 · 18 revisions

Tested on AlmaLinux 9 and Fedora 38.

Install dependencies

Run as root:

# dnf install -y git podman tar

Create an unprivileged user

You can actually use whatever username you like.

# useradd -m -s /bin/bash nsbox
# mkdir /home/nsbox/.ssh
# cp /root/.ssh/authorized_keys /home/nsbox/.ssh/
# chmod 700 /home/nsbox/.ssh
# chown -R nsbox:nsbox /home/nsbox/.ssh

First run

ssh as the nsbox user and run:

$ cd /home/nsbox
$ curl -L https://github.com/naivesystems/box/releases/download/v0.1.2/nsbox-linux-amd64 --output nsbox
$ chmod +x nsbox
$ ./nsbox --help

If the help message prints, continue:

$ mkdir workdir
$ ./nsbox -workdir /home/nsbox/workdir

Once it's up, you should see something like

HO: Using hostname nsbox.local instead of nsbox.local
2023/11/07 22:55:09 http://127.0.0.1:8081/a/projects/
2023/11/07 22:55:14 http://127.0.0.1:8081/a/projects/
...

To try it without a domain name and SSL certificates, you can temporarily add an entry to your /etc/hosts file (or C:\Windows\System32\Drivers\etc\hosts on Windows).

# add a line to your hosts file, where 11.22.33.44 must be replaced by the actual IP address of your machine
11.22.33.44 nsbox.local

Then you need to open up a few ports in the firewall. Run as root:

# firewall-cmd --add-port={8080/tcp,8443/tcp,9440-9444/tcp,9992/tcp,29418/tcp}

Now you can open the following links:

Default username/password is admin/admin.

To make the firewall rules permanent:

# firewall-cmd --runtime-to-permanent

Run as a service

Ctrl-C the above command you started in the first run.

SELinux will probably be unhappy about running things directly from user home. Let's disable it for now. You may also try to customize your SELinux policy if really needed.

# setenforce 0
# sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

Create a file under /etc/systemd/system/nsbox.service with the following contents:

# cat > /etc/systemd/system/nsbox.service
[Unit]
Description=NaiveSystems Box
After=network.target

[Service]
User=nsbox
ExecStart=/home/nsbox/nsbox -workdir /home/nsbox/workdir
Restart=always
OOMPolicy=continue

[Install]
WantedBy=multi-user.target

Enable and start the service:

# systemctl daemon-reload
# systemctl enable --now nsbox.service

To tail its logs with color:

# journalctl --output cat -fu nsbox.service

Clone this wiki locally