Setup & Install
Acronyms
- VPS | Virtual Private Server | A server hosted in a datacenter.
- ISP | Internet Service Provider | The company you pay for internet access.
- IP | Internet Protocol | How computers communicate over the internet.
- IPv6 | IP version 6 | Very slowly replacing IPv4.
- NAT | Network Address Translation | Used in all IPv4 home routers.
- OS | Operating System | E.g. Linux, Android, Windows.
- CA | Certificate Authority | A trusted entity that signs certificates.
- URL | Uniform Resource Locator | Goes in the browser's address bar, e.g. https://example.com/
Choose where to host
WireTile is self-hosted, which means you decide where to host it. There are generally 2 options:
At home
Host at home using your own home server and residential internet connection.
A home server is simply a computer you own that's running Linux and stays powered on. Almost any computer will do, such as an old
desktop or laptop.
- You own the computer, as opposed to renting one from a datacenter.
- Reuse old computer hardware.
- Experience can vary depending on home network, mainly if router supports UPnP or not.
In a datacenter
Host using a VPS from your preferred cloud hosting provider.
- Static IPv4 and IPv6 address. Most residential ISPs don't offer static IPs.
- Solution for home ISP not providing a public IP address (carrier-grade NAT, double NAT).
- Requires registering/managing an account with a cloud hosting provider.
- Monthly costs can quickly exceed upfront cost of home server hardware.
Server setup
Requirements: Linux x86_64/ARM64, a public IP address.
For simplicity we'll assume that the Linux distro being used is
Ubuntu Server LTS. Exact steps may vary depending on distro.
Install WireTile
- Create a directory
mkdir ~/wt
- Download
curl https://wiretile.net/dl/wiretile-latest-x64.tar.gz > ~/wt/wiretile-latest-x64.tar.gz
- Extract
tar -C ~/wt -xf ~/wt/wiretile-latest-x64.tar.gz
- Create a Systemd service or a Docker container, as shown below
Systemd
- Create a Systemd service for WireTile
echo "
[Unit]
Description=WireTile
After=network.target
[Service]
ExecStart=${HOME}/wt/wiretile
[Install]
WantedBy=multi-user.target
" | sudo tee /lib/systemd/system/wiretile.service
- Start on bootup
sudo systemctl enable wiretile
- Start
sudo systemctl start wiretile
Additional useful commands:
- Stop
sudo systemctl stop wiretile
- View status
systemctl status wiretile
- View logs
journalctl -eu wiretile
Docker
- Navigate to directory
cd ~/wt
- Create a compose file for WireTile
echo "
services:
app:
image: ubuntu:latest
restart: unless-stopped
network_mode: host
working_dir: /srv
command: /srv/wiretile
volumes:
- ./:/srv
" | tee ~/wt/docker-compose.yml
- Create and start container
sudo docker compose up -d
Additional useful commands (assumes in directory ~/wt):
- Start
sudo docker compose start
- Stop
sudo docker compose stop
- View status
sudo docker compose ps
- View logs
sudo docker compose logs
Additional useful commands:
- View network interfaces and IP addresses
ip address
- View processes and ports listening on network
sudo ss -nltup
Certificates setup
The Web App expects your devices (e.g. PC, phone) and server to trust web connections to/from each other. This can be accomplished
by adding
certificate-authority.pem and client-certificate.p12 to your device.
These files would be located at ~/wt given the above instructions.
This only has to be done one time per browser/device, unless in the future you choose to manually regenerate the certificates via
the
wiretile delete-certificates command.
If prompted for a password when importing client-certificate.p12 simply leave it blank and continue.
What are these files?
These files were generated locally/offline when you first ran WireTile and are unique to you.
-
certificate-authority.pem is a CA certificate file. The browser will use it to verify that you are in fact
connecting to your server and that the connection is secure. It gives the "secure padlock" icon/text in the browser's url bar.
-
client-certificate.p12 is a client certificate file. The browser will present it when connecting to the server, and
the server uses it to decide if it will allow the connection or not. Devices without it will be rejected by the server. It is
analogous to a ID card or password, but more secure.
Lookup asymmetric or public-key cryptography if interested in more details.
Desktop
Add certificates to the web browser:
- Copy
certificate-authority.pem and client-certificate.p12 to your device.
-
Firefox:
- Settings > search for "cert" > View Certificates.
- "Authorities" tab > Import > select
certificate-authority.pem > check the checkboxes.
- "Your Certificates" tab > Import > select
client-certificate.p12.
-
Chromium-based:
Mobile
Add certificates to the OS:
- Copy
certificate-authority.pem and client-certificate.p12 to your device's Download folder.
- Settings > search for "install from storage".
- CA certificate > Install > select
certificate-authority.pem from Download folder.
- App user certificate > select
client-certificate.p12 from Download folder.
Web App
WireTile's logs will display a "Web App URLs" section listing the URLs to access the Web App. See
Server setup for command to view logs. From your device (e.g. PC, phone) navigate to the URL using a web
browser. There may be multiple URLs depending on your setup, in which case try each until one succeeds.
On mobile using a Chromium-based browser is required, as mobile Firefox doesn't support client certificates.
Reminder that
Certificates setup must be completed on the device in order for it to access the Web App.