I want to switch away from CloudApp to a host/domain under my control, and DropShare looks like a great alternative, because it lets you pick a back-end.

They have instructions for setting up SCP/SSH using your own server via nginx on DigitalOcean. I’ve already got danj.ca running on Apache on Linode, so I should be able to replicate the same.

Another alternative is to use S3-compatible object storage which, again, Linode offers and I could potentially use by mirroring DropShare’s DigitalOcean instructions. Object storage might be a better move because it comes with CDN and takes away the overhead of administering a server, but we’ll see. I’ll try just putting this on my web server first…

Instructions

Requirements

I already have the server and web server running, I just need to add:

  • A VirtualHost, to associate a subdomain to the folder where the shared files will be hosted
  • A user account for DropShare to use; by their instructions, the hosted files go in this user’s home directory, but I suppose you could host them somewhere else as long as it’s available to the user account / web server
  • An SSH keypair for DropShare to use to authenticate as the DropShare user

Adding the site to Apache

  • Pretty sure I want the site’s document root alongside that for www.danj.ca, i.e. /var/www/dropshare/
  • So let’s create that folder with the same subfolders as my other site has
  • > sudo mkdir -p /var/www/dropshare/{backups,log,public_html} 
  • Now let’s create the Apache config for the site
  • My intention is to use share.danj.ca as the public domain for this site
  • Let’s start by copying www.danj.ca’s config
  • > sudo cp www.danj.ca.conf dropshare.conf
  • Actually, wait. I should name this after the site I want to use, not the incidental fact I’ll use DropShare to interact with it!
  • Let’s replace “dropshare” above with “share.danj.ca”
  • Ok, added share.danj.ca.conf with contents copied from www.danj.ca.conf, but all domain/folder references updated accordingly
  • Kept the Rewrite rule that I believe forces https…
  • Now we need to add a link in the sites-enabled directory
  • sudo ln -s /etc/apache2/sites-available/share.danj.ca.conf /etc/apache2/sites-enabled/share.danj.ca.conf

Set up a user for dropshare

  • sudo useradd dropshare
  • …Oops, should have used useradd -m, he didn’t get a home directory 😛
  • Ok, created the directory by hand and made the dropshare user its owner… I wonder if I have to configure something to actually make /home/dropshare associated as the user’s homedir… but we’ll see
  • Give the dropshare user ownership on the share.danj.ca/public_html directory
  • > sudo chown dropshare:www-data /var/www/share.danj.ca/public_html
  • Oh, by the way, it looks like this is how you assign a user’s homedir: sudo usermod -d /home/dropshare dropshare, so let’s do that
  • Usermod reported “no changes”, so I guess it was fine

Set up the domain

  • In Hover, we need to add a CNAME so that requests to share.danj.ca go to the server
  • If I recall correctly, I think we can set up a CNAME from share.danj.ca to danj.ca, and Apache should do the right thing, but I could be missing a step. Let’s put a test index.html in share’s public_html dir, and that’ll let us know if we’re finding it.
  • Hmm, actually right now share.danj.ca in a web browser just sends me to http://danj.ca; I guess there’s a wildcard subdomain record?
  • Ok, created the CNAME, let’s see what happens… might need to wait for DNS to propagate
  • Ah, reviewing some docs, I was reminded I need to restart Apache after adding server configs
    • Now share.danj.ca gives me a certificate error, presumably because it’s not configured for SSL, so it might be working
    • Also note that now code.danj.ca (an existing CNAME) leads to an empty directory listing… what’s that showing me? 🤔
  • Instructions: https://certbot.eff.org/docs/using.html#re-creating-and-updating-existing-certificates
  • Ran > sudo certbot certonly --cert-name danj.ca -d danj.ca,www.danj.ca,share.danj.ca
  • Selected Apache plugin as the challenge mechanism, confirmed I wanted to add the new domain, that’s all it took
  • Oh yes, and restart the web server. Gotta remember that.
  • Ok, now share.danj.ca redirects me to the website at www.danj.ca, it doesn’t seem like my Apache config is working as intended

Fixing the Apache config

  • Still noticing that if you go to share.danj.ca or danj.ca, the hyperlinks to all articles have that domain. I guess because they’re all relative links. But I’d really like to force the site to always direct you to www
  • Ok. Confirmed that pinging share.danj.ca basically returns danj.ca and pings the correct IP address. That’s a sanity check done. Now let’s look at the Apache configs again
  • Interesting: Added a test index file to the share.danj.ca document root. When I go to an undefined subdomain, like scrod.danj.ca, I get served that file. If I actually go to share.danj.ca, I end up on the www.danj.ca homepage… Same with code.danj.ca
  • Hypothesis: I was gonna say CNAMEs are taking me to danj.ca, but both code and share are CNAMEs yet yield different results
    • Now, the difference is, share is on the SSL cert…
    • Wait, the share apache config also has the redirect rules I copied from www to apply https…
    • Ok, I think the share.danj.ca VirtualHost is working just fine. But when it redirects to https, then we end up in the VirtualHost config in www.danj.ca-le-ssl.conf (because it handles *:443), which of course serves us www.danj.ca/public_html
    • So I think if I add a 443 VirtualHost for share.danj.ca, I’ll have it made. Now, it looks like LetsEncrypt/certbot added that SSL config file for me, but for share.danj.ca, I’m gonna try just adding the SSL VirtualHost to the existing share.danj.ca config file
  • Yup, that did it! Now share.danj.ca redirects to https://share.danj.ca and serves up the share index file

Letting DropShare communicate with the server

  • We need to generate an SSH keypair for DropShare to use to connect as the dropshare user
  • Did that locally on my Mac, using the instructions from DropShare
  • I remember there’s a clever way to copy an SSH pubkey up to the server, let’s see if I can find it…
  • Ah, I was thinking of ssh-copy-id, but that assumes you’re adding a key for the user with whom you’re logging in. That’s not what I’m doing: I want to SSH into the server as my own account, but add a key for the dropshare account
  • It occurs to me I can do this with scp
  • Ah, no, I want to append the contents of the pubkey to authorized_keys, like this:
  • > ssh user@danj.ca "cat >> /home/dropshare/.ssh/authorized_keys" < ~/.ssh/dropshare.pub
  • …Ah, the file doesn’t exist. Can’t append to it if it doesn’t exist.
  • Logged in and created the .ssh folder and auth keys file for dropshare. For reference, giving it these permissions: this comment
  • Let’s try this one more time via SSH (we’ll need sudo, cos I can’t write to the other user’s auth keys file…)
    • Ah, it’s not clear how to do this via sudo. Fuck it, just copy the pubkey to the pasteboard and I’ll paste it into the authorized_keys file while SSH-ed in, let Terminal do the work. 😛
  • Ok, done.
  • Let’s test and see if it works: ssh -i ~/.ssh/dropshare dropshare@danj.ca
    • (The i switch defines precisely which key to use, otherwise it would default to my key (actually I think the dropshare key is the only one there, but let’s just be explicit.))
  • Boom, that worked. Ok, now dropshare can get in to the server

Setting up DropShare on the Mac

  • Set up new SCP over SSH connection
  • Hostname: share.danj.ca
  • Username: dropshare
  • Password: SSH passphrase
  • SSH Key Pair: dropshare/dropshare.pub
  • Upload Path: /var/www/share.danj.ca/public_html
  • URL to Path: https://share.danj.ca/
  • Successfully tested!
  • Uploaded a screenshot… DropShare’s annotation tool is MUCH more clunky than CloudApp’s… alas
    • Ahh, but you can configure DropShare to use external annotation tools! Gonna play with that!
    • One of the supported apps is CleanShot, also included in SetApp (which is how I’m getting access to DropShare), so there’s a natural choice… though it also supports Preview.app too, let’s try that first.
      • Ah, ok, so it hands off the screenshot to Preview, then you use the DropShare Share Extension in Preview to upload the image
      • A slight annoyance here is you have to dismiss Preview (and tell it you don’t want to save the screenshot) when you’re done
      • Let’s try CleanShot, too
        • Oh yeah. That’s a LOT better1. CleanShot has nice annotation tools much more like CloudApp’s, and you just drag an icon up to DropShare’s menu bar icon, which uploads the shot and dismisses CleanShot. I think this is my workflow. ✅

Next Up

I think the next thing I want to do is set up YOURLS on my server, and set DropShare to use it. I suspect I’ll have to stop using www.danj.ca as an alias for danj.ca, and make them into two separate sites. But that should be fine, as the canonical URLs for my website use www.danj.ca anyway. danj.ca is perfect for short URLs…

  1. (Update after a few months of using CleanShot): CleanShot is great. It’s got an easy-to-use screen recorder built right in that lets you capture video or animated GIFs, great for demonstrations. It also has a feature that lets you quickly hide your desktop icons, which I used in haste whilse sharing my screen on a video call the other day. Thus far my only complaint about CleanShot is it doesn’t seem to support emoji in its text annotation which is a big 👎🏼.