Derek Sivers

Tech Independence

Contents:

  1. What?
  2. Register a domain
  3. Change DNS nameservers
  4. Create storage
  5. Create an SSH key
  6. Create your server
  7. SSH into root
  8. Customize these instructions
  9. Use your storage
  10. Simple website
  11. File sharing in /pub/
  12. Check email
  13. SMTP server
  14. Your email on anything
  15. Email directly on your server
  16. Contacts and Calendar
  17. More indie tips
  18. More storage?
  19. Upkeep
  20. Certificate expired?
  21. Trouble? Start over
  22. Questions? Additions?

What?

Tech independence is not depending on any particular company or software.

The only tools you need are the common open source basics built into any Linux or BSD operating system — free public-domain tools that are not owned by anyone, and can run on any computer.

Learn a few of these basic tools, and you can run your own private server on any computer forever, for the rest of your life. Host your own website and email. Keep your own contacts and calendars synced with your phone. Back up and sync your photos, movies, and music to your own private storage. No more subscriptions needed.

You can ignore all the companies offering “solutions”, even if they are free, because they take away self-reliance. The point is to know how to do it yourself, not to have somebody do it for you. It’s worth a little up-front work, like learning how to drive.

Below are simple step-by-step instructions that work. Instead of drowning you in options, it uses an operating system called OpenBSD and a hosting company called Vultr because I’ve used them for years and I know they are good and trustworthy. But you could do this same setup with any free Linux or BSD operating system, with any hosting company that gives you “root” access to your own private server. You could even do it on an old laptop in your closet.

So if a company turns evil or goes out of business, no problem! You can set up a new server anywhere else in an hour, point your domain name to the new IP address, and it’s done. That’s tech independence — never dependent on any particular provider or software. It’s very empowering. The instructions below will show you how.

Register a domain

  1. Go to Porkbun.com.
  2. Search for a domain name you like until you find one that’s available.
  3. Create a new account, and pay.
  4. Congratulations. You’ll use this domain name in many of the steps below.

Change DNS nameservers to Vultr

  1. Wherever you registered your domain name, log in there to change your domain’s DNS nameservers.
  2. It’s usually set by default to the company where you registered. So for example a domain registered at GoDaddy will have default nameservers of something.godaddy.com, and Porkbun’s will be something.ns.porkbun.com.
  3. Replace those defaults with these two:
    • ns1.vultr.com
    • ns2.vultr.com

Create storage

  1. Go to Vultr.com.
  2. Create an account and give it your credit card.
  3. Click here for the “Add Block Storage” page.
  4. Click “Block Storage (HDD)”, which says “Globally Available”
  5. Below that, a list of cities. Click the one closest to you.
  6. Below that, a slider lets you choose how much storage you need. If not sure, just leave it as $1 for 40 GB.
  7. Below that, in a subtle box that says “label” type the word encrypted.
  8. Below that, click the “Add Block Storage” button.

Create an SSH key

  1. Open a terminal.
    • Windows? Start → Windows PowerShell → Windows PowerShell
    • Mac? Applications → Utilities → Terminal
  2. Type ssh-keygen -t ed25519 and hit [enter] or [return].
  3. When it says, “Enter file in which to save the key (/Users/yourname/.ssh/id_ed25519):”, hit [enter] or [return].
  4. When it says, “Enter passphrase (empty for no passphrase):”, hit [enter] or [return].
  5. When it says, “Enter same passphrase again:”, hit [enter] or [return].
  6. See the line that starts, “Your public key has been saved in” and ends in “id_ed25519.pub”? That’s the file you need for the next step.
  7. In a text editor, open “id_ed25519.pub.
    • Windows? Type notepad .ssh/id_ed25519.pub
    • Mac? Type open -e .ssh/id_ed25519.pub
  8. It should be a single line like this:
    ssh-ed25519 AAAAC3Nz5AAAAIPIXO5icj4LUpqa2baqYQRmCZ1+NV4sBDr you@computer
  9. Copy (⌘-C or Ctrl-C) the contents of “id_ed25519.pub” now, since you will paste it in the next step.
  10. In your Vultr.com account, “Account → SSH Keys”, click here to [Add SSH Key]
  11. In [Name], type mykey
  12. In the box below it, paste (⌘-V or Ctrl-V) the contents of “id_ed25519.pub” now, so it says something like
    ssh-ed25519 AAAAC3Nz5AAAAIPIXO5icj4LUpqa2baqYQRmCZ1+NV4sBDr you@computer
  13. Below that, click the [Add SSH Key] button. It should say “SSH Key Added” and under “SSH Keys” you should see “mykey”.

Create your server

  1. In your Vultr.com account:
  2. Click here for the “Deploy New Instance” page.
  3. Click “Cloud Compute - Shared CPU” (NOT “Optimized Cloud Compute”)
  4. Below that, Choose Location, IMPORTANT: click the same city you chose for your encrypted storage in the previous step.
  5. Below that, Choose Image, click “OpenBSD” (the yellow blowfish) then inside its box, click “7.6 x64
  6. Below that, Choose Plan, click “Regular Cloud Compute” on the right
  7. When it pops-up “For only $$ more…” click “No Thanks”
  8. Click the top, cheapest option: 25 GB SSD, 1 vCPU, 1 GB, 1 TB, $5/month
  9. When again it pops-up “For only $$ more…” click “No Thanks”
  10. Below that, Additional Features, UN-check “Auto Backups”
  11. A scary pop-up says “Are you sure....”. Tick the box next to “I understand the risks”, then click the red button “Disable Auto Backups”.
  12. Next to that, UN-check “IPv6” because you won’t use it yet
  13. Under SSH Keys, choose “mykey” (very important!)
  14. Under “Server Hostname & Label”, type your domain name in both “server hostname” and “server label”.
  15. At the bottom, click the big blue button [“Deploy Now”].
  16. Stretch your legs for a minute while waiting for your server status to change from “Installing” to “Running”.
  17. Copy and save its IP Address on your computer.

SSH into root, and get my script

  1. Copy (⌘-C or Ctrl-C) the IP Address from the last step of Create Your Server.
  2. Open your terminal from the Create an SSH key section.
  3. Whenever I say to type something into the terminal, hit your [return] or [enter] key afterwards.
  4. Type into the terminal: ssh root@YOUR-IP-ADDRESS. So for example:
    ssh root@123.45.67.89
  5. It should say something like:
    The authenticity of host '123.45.67.78 (123.45.67.89)' can’t be established.
    ED25519 key fingerprint is SHA256:OyiqVsjRX8U2f0UTUY4D0erdl6855YNRXyQk2D.
    This key is not known by any other names
    Are you sure you want to continue connecting (yes/no/[fingerprint])?
  6. Type yes
  7. It should say something like:
    Warning: Permanently added '123.45.67.89' (ED25519) to the list of known hosts.
    OpenBSD 7.6 (GENERIC.MP) #338: Mon Sep 30 08:55:35 MDT 2024
    Welcome to OpenBSD: The proactively secure Unix-like operating system.
  8. Congratulations! You’re inside a remote computer!
  9. Type ftp https://sive.rs/ti.sh
  10. Type sh ti.sh
  11. Watch it install, answer its questions, and do what it says.
  12. Be ready to open a new terminal window, so you can leave this one logged-in.
  13. See below for help with its prompts.

Customize these instructions

Enter your domain name and the username that you create, below, and this will customize all following instructions for you.

Use your encrypted storage

The ti.sh script will eventually prompt you, “Now upload anything while I wait...”. Here’s how.

Mac

  1. In a new terminal window on your Mac, type:
  2. rsync -avz Documents yourusername@yourdomain.name:/mnt/
  3. You should see it uploading your Documents folder to your private encrypted storage. Use this same format to upload any other folders, replacing “Documents” in the command.
  4. I highly recommend learning rsync, since it can be used for so many things (even backing up to a USB storage). Search the web for “rsync tutorial” some day to know it better. Then you can skip over the next FreeFileSync section.

FreeFileSync

For Windows, try FreeFileSync. Here’s how:

  1. Download FreeFileSync and please give an optional donation there if you can afford to. Donating also unlocks more features. Thanks to Jon Lis for the recommendation.
  2. Install and open FreeFileSync.
  3. Top-center: click the grey [Browse] button and find the folder with the stuff you want to upload.
  4. Top-far-right: click the white cloud icon then SFTP at the top.
  5. Server name or IP address: yourdomain.name
  6. Left side: click (*) Key File
  7. Username: yourusername
  8. Browse to find your private key, called id_ed25519 from the “Create an SSH key” section. (Not the file that ends in “.pub”, but the one next to it.) NOTE: Because the /Users/yourusername/.ssh directory is “hidden” by Windows and Mac by default, I find it easier to just type the path directly, like this:
    • The username, for this next line, should be your username on your home computer, not your remote server.
    • Windows? Type C:\Users\yourusername\.ssh\id_ed25519
    • Mac? Type /Users/yourusername/.ssh/id_ed25519
  9. Directory on server: /mnt
  10. Click OK to go back to the main screen.
  11. Top-right: click the green gear wheel.
  12. Left button: click “MIRROR →
  13. Click OK to go back to the main screen.
  14. Top-center: click “COMPARE”, and make sure your files are there.
  15. Top-right: click “SYNCHRONIZE Mirror →” then [Start]

Verify and unmount

  1. When it’s done uploading, log in to your server again, from your terminal.
  2. Type find /mnt
  3. You should see a long list of the files you uploaded.
  4. Type m-x to detach your encrypted storage.
  5. Type find /mnt again, and now you should see nothing there! Congratulations! You now see how this will work in the future:
    1. Log in and type “m” to attach your encrypted storage.
    2. Upload your files with rsync or FreeFileSync.
    3. Log in and type “m-x” to detach the storage, for security.

Simple website

  1. On your home computer, in your main home directory, make a directory/folder called “htdocs”
  2. Download this file called “template.html” and save it in your “htdocs” directory.
  3. Download this file called “style.css” and also save it in your “htdocs” directory.
  4. Make a copy of the “template.html” file, and name the copy “index.html”. This will be your home page.
  5. Edit the index.html file in a text editor (NotePad or TextEdit) and change my default text to whatever you want.
  6. When you need to add a new page, just copy the template again, call it “about.html” or whatever, and make a link to it from the home page. The header of each page will link back to index.html : your home page.
  7. If you want to change the look of your site, just edit the style.css file. Search the web for “CSS tutorial” if needed.
  8. To upload it to your public server, do one of the next two steps:
  9. Apple Mac? Open a new terminal window on your computer, type
    rsync -avz htdocs yourusername@yourdomain.name:/var/www/
  10. Windows? FreeFileSync again, but now change the “Directory on server” to /var/www/ (you can find it by clicking [browse] or typing it directly) then upload this htdocs directory there.
  11. Go to https://yourdomain.name in your web browser, refresh the page, and you should see your updated website.
  12. Any trouble, just know that the goal is to get that index.html file into this location on your server: /var/www/htdocs/index.html because that’s where the web server is expecting it to be. That’s where we put the original test file, so your new index.html file should replace that one.
  13. If you want short URLs, without the .html, you can (for everything except index.html) because I set the default type to be HTML. Just remove the “.html” from your HTML filenames, update your links, and voilà!
It’s important to know how to make a simple website by hand, and not let people sell you on complex solutions that are the equivalent of saying you need a jumbo jet when you really need a bicycle. For real tech independence, start by typing your HTML files yourself. Only later, after you have many many pages, consider a more complicated solution.

File sharing in /pub/

Your website is configured to list all files in the /pub/ directory of your website. So basically anything in /var/www/htdocs/pub/ is public. Upload any files you want to share.

It replaces Dropbox and similar services for sending big files. Just upload the file to /var/www/htdocs/pub/ then find it in your web browser, copy its URL, and send someone the URL.

If the files you want to share are already on your computer, then just make a pub/ directory inside htdocs/ (so, htdocs/pub/), put your files in there, then use FreeFileSync or rsync to upload them as you did in the previous section called “Simple website”. Consider them part of your website.

Or if you have a URL from somewhere else online that you want to download to your server, just do it as we did in the numbered steps above. Then use FreeFileSync or rsync to download from your server to your computer first, before your next upload sync.

Check email on your server

  1. From your existing (gmail, etc) email account, send two or three “hello me!” emails to yourusername@yourdomain.name
  2. ssh in to your server, then type mutt
  3. You should see the emails you sent. If not, wait a minute.
  4. Type j and k a few times to go down and up the list of emails.
  5. To read an email, hit [enter] or [return] when it is highlighted.
  6. To go back to the list, type i (for “index”)
  7. To delete it, type d (but don’t delete them all yet because you need one for a future step)
  8. Type q to quit.

SMTP server

If it weren’t for thieves, we wouldn’t need locks. If it weren’t for spammers, you could send email directly from your server. But noooooo, hosting companies got burned by spammers, so now they block outgoing emails even for nice people like you. That’s why you need to use an special external email-sending service. SMTP is the name of the standard protocol for sending emails.

  1. Go to smtp2go.com and click [Try SMTP2GO Free].
  2. Under “Start your free account”, when it asks your “Work email”, give your new yourusername@yourdomain.name
  3. Click [Continue] then give your name, and make up a password just for your account there. (You won’t need that password anywhere else.)
  4. After that, it should say “Check your inbox!”
  5. Finish the remaining steps on your server, by running “ti.sh”. My ti.sh script receives their email, shows you the link, gets the API key from you, then takes care of everything else so that you can send emails.
  6. When done, your smtp2go.com account has your SMTP User settings (the things you enter in your email app) on the left-hand menu under “Sending” → “SMTP Users”.

Your email on anything

To do email from your phone, computer, or anywhere else, you now have an IMAP server, called Dovecot. So on any device, you can add a new IMAP Mail account, with these settings:

If you have any problem sending email that way, use the smtp2go.com settings for the Outgoing mail server, saved under “Sending → SMTP Users” in your smtp2go.com account.

Email directly on your server

  1. ssh in to your server, then type mutt
  2. Type j and k to get to an email you want to reply to.
  3. To reply, hit r then:
    • It shows “To:” so you can edit or add recipients. Hit [enter] or [return] to leave it.
    • It shows “Subject:” so you can edit the subject. Hit [enter] or [return] to leave it.
    • It asks “Include message in reply? ([yes]/no/?):”. Hit [enter] or [return] for the usual norm of echoing someone’s email back at them below your reply. Or n for not.
    • Now you are inside the vi text editor which is not self-explanatory, so I’ll walk you through a simple reply:
    • Hit i (no [return] or [enter]) to go into “insert mode” and type your message. You’ll notice it’s on the same line as some other text, so you might want to start by hitting [return] or [enter] a few times, then up-arrow to go back to the first line again.
    • When done typing your message, hit your [esc] key in the very top-left corner of your keyboard. Nothing will change on the screen, yet.
    • Type :wq (the “:” at the beginning is important) then [enter] or [return].
    • Then you’ll see the “Compose Menu” which I think of as the “last chance before sending” screen. Hit y to send it.
  4. To send a new email, hit m then repeat those steps like you did for a reply, except now the “To:” and “Subject:” are blank and waiting for you to create. (For “To:”, type the email address of the person you’re emailing.)
  5. To quit, hit q

Mutt is a great program for reading and sending email on the command line. It’s been my email client for 20 years. Read its manual here if you want to go deeper. It does everything.

The vi text editor is a useful tool to edit text on a server. It takes a few minutes to learn, but it’s worth learning because it’s installed by default on every Linux/BSD server.

Contacts and Calendar

Your phone currently keeps its contacts and calendars with Google or Apple. Now you can get them off the cloud and keep them privately on your own server.

My ti.sh setup script installs a CardDAV server for contacts, and CalDAV server for calendars.

Here’s how to connect your phone.

Android phone

You need an app called “DAVx⁵”, so install it first. Then…

  1. Open the DAVx⁵ app
  2. Click the orange (+) in the bottom-right
  3. Click (·) “Login with URL and user name”
  4. Base URL: https://dav.yourdomain.name/
  5. User name: yourusername
  6. Password: the “easy to type on your phone” password you made
  7. Click “LOGIN” in the bottom-right corner.
  8. It should work and bring you to the “Create account” page, where “Account name” will be yourusername. Leave everything as-is and click “CREATE ACCOUNT” in the bottom-right corner.
  9. It brings you to the “CARDDAV” header. Tick the toggle to turn on next to your domain name.
  10. Click the ♻ arrows in the bottom-right corner to synchronize your contacts.
  11. Click the “CALDAV” header up top. Tick the toggle to turn on next to your domain name.
  12. Click the ♻ arrows in the bottom-right corner to synchronize your calendar.
  13. Go to your Calendar app, and in the top-right corner, click the round icon there. (Might be your face or a letter.) Then change it to the one with yourusername. After changing it, click the X in the top-left corner.
  14. To add a new Event, Click [+] in the bottom-right corner, and choose “Event” from the popup menu.
  15. There might be a warning, “Switch to a Google Account to take advantage blah blah…”. Click “dismiss”.
  16. Title this event something like “Test Delete”, and notice it should be saving to the calendar with your domain name and username. Click (Save) in the top-right corner.
  17. Check the terminal window where it should say “Calendar entry added!”
  18. Go to your Contacts app, and in the bottom-right corner, click “Fix & manage”.
  19. Click “Settings
  20. Near the bottom, click “Default account for new contacts”, and change it to the DAVx⁵ Address book with your domain name.
  21. Click “< Settings” in the top-left corner.
  22. In the top-right corner, click the round icon there. (Might be your face or a letter.) Then change it to the DAVx⁵ Address book with your domain name. Then click X in the top-left corner.
  23. Click “Contacts” in the bottom-left corner. It should say “No contacts in this account”.
  24. Click + in the bottom-right corner to Create contact. Top of the next page should say “Save to” then your domain name.
  25. Add a New Contact with a name like “Test Delete”. Then click “Save” in the top-right corner.
  26. Check the terminal window where it should say “Contact added! Both work. Congratulations.”

Apple iPhone

  1. Settings → Contacts → Accounts → Add Account → Other → (under “CONTACTS”:) Add CardDAV Account
  2. Server: dav.yourdomain.name
  3. User Name: yourusername
  4. Password: the “easy to type on your phone” password you made
  5. Click “next” in the top right corner, and it should bring you to your “Accounts” page, where you see it listed, saying “Contacts” underneath.
  6. Click Add Account → Other → (under “CALENDARS”:) Add CalDAV Account
  7. Server: dav.yourdomain.name
  8. User Name: yourusername
  9. Password: the “easy to type on your phone” password you made
  10. Click “next” in the top right corner, and it should bring you to a “CalDAV” page, showing Calendars and Reminders. Un-tick Reminders.
  11. Click “save” in the top right corner, and it should bring you to your “Accounts” page, where you see it listed, saying “Calendars” underneath.
  12. Click “< Contacts” in the top-left corner, to go back to settings for your Contacts app.
  13. At the bottom change Default Account to the one with yourdomain.name.
  14. Click “< Contacts” then “< Settings”, both in the top-left corner, then scroll down to Calendar settings and click it.
  15. In Calendar settings, 2nd from the bottom should say “Default Calendar”. Tap to change it to the one with yourdomain.name.
  16. Go to your Calendar app and click the + in the top-right corner.
  17. Add a New Event with a Title like “Test Delete”. Then click “Add” in the top-right corner.
  18. Check the terminal window where it should say “Calendar entry added!”
  19. Go to your Contacts app and click the + in the top-right corner.
  20. Add a New Contact with a name like “Test Delete”. Then click “Done” in the top-right corner.
  21. Check the terminal window where it should say “Contact added! Both work. Congratulations.”

More indie tips

  1. Use Firefox.
  2. Install uBlock Origin in Firefox and Chrome.
  3. In Firefox settings, under “Privacy and Security”, choose “[X] Delete cookies and site data when Firefox is closed”, then close Firefox often to erase all your cookies and logins. Browse the web anonymously, not logged-in.
  4. Replace Google Authenticator with 2FAS.
  5. If you use Windows, replace it with Ubuntu Linux. (Use both at first, then slowly transition.)
  6. Keep your new email address as a private email account that you only give to those few people who you really want to hear from. Then your old gmail/yahoo/outlook/etc address can be just low-priority junk, and your new private email account won’t need spam protection.
  7. Or if you don’t want to run your own email server, use Mailbox.org or Fastmail but only by using your own domain name. Be yourusername@yourdomain.name from now on. Don’t depend on anyone else’s domain for your email or you’ll be stuck with them.

More storage?

If you need hundreds of gigabytes, or even terabytes of storage, I recommend Hetzner’s “Storage Box”. It’s the best storage value I’ve found. Also consider Backblaze Personal Backup.

I personally use Vultr’s storage (as described above) for sensitive information I definitely want completely encrypted. Then I use Hetzner’s Storage Box for all my photos, videos, music, and other big files that don’t absolutely need to be encrypted.

Upkeep

You honestly don’t have to do anything to maintain your server. It will just work as-is for decades! But if you like to keep it up-to-date, it only takes a minute, so run these next steps any time.

  1. Log in to your server, if you are not already.
  2. Type doas su
  3. Type syspatch
  4. Type fw_update
  5. Type pkg_add -u
  6. Type sysupgrade
  7. Type exit; exit to log out.

If that last “sysupgrade” step did not give an “Error retrieving … 404 Not Found” error, that means your OpenBSD operating system is upgrading itself. They release an upgrade every 6 months. In that case, go to this OpenBSD page and follow the link at the top that says “Upgrading to (7.6, etc)” to see if there’s anything else you should know.

If the “sysupgrade” step updated your operating system and your server rebooted, then there is just one more step:

  1. Log in to your server, if you are not already.
  2. Type doas su
  3. Type sysmerge
  4. Follow any instructions. Don’t worry about messing up because you can always start over, as described below.
  5. Re-do the syspatch ; fw_update ; pkg_add -u steps, above.
  6. Type exit; exit to log out.

Secure certificate expired?

  1. Log in to your server, if you are not already.
  2. Type doas su
  3. Type domain=yourdomain.name
  4. Type acme-client -v $domain
  5. Type rcctl restart relayd
  6. That should fix it. Confirm it in your web browser. Let me know if not.
  7. IMPORTANT: Copy-paste this next line to make it renew automatically from now on:
  8. (crontab -l 2>/dev/null; echo "11\t3\t*\t*\t5\tacme-client $domain && rcctl reload relayd") | crontab -
  9. Hit [enter]. Type exit; exit to log out.
  10. Let me know if it happens again. (It shouldn’t.)

Trouble? Start over

I’ve tested the steps above very carefully and repeatedly. They work. So if you hit a major problem, something not happening like it says it should, please do this:

  1. Type “cd ; m-x ; exit” in any terminals you still have open, until they are all closed.
  2. Go to your Vultr account.
  3. See your server instance? See to the far right, a subtle ···? Click that.
  4. From its pop-up menu, click the last option: “Server Destroy”.
  5. Tick the box next to “[X] Yes, destroy this server.”
  6. Click the big red [Destroy Server] button.
  7. This will not destroy your encrypted storage. That’s another reason we kept it separate from the start. So if you already uploaded a bunch of your files and want to save them, they should still be there.
  8. On your own computer, in the terminal, type: rm .ssh/known_hosts
  9. Go back to the section called “Create your server” and try again.

Questions? Additions?

To learn more about your new server, just log in and type: help
It will teach you the basics. Then for each command or file you want to know more about, type man followed by the command or filename. So for example, log in and type…

Hit your [space] bar to scroll the page, then q to quit.

It’s one of the most wonderful things about OpenBSD: everything you need to know is in those man pages! No need for YouTube, Google, ChatGPT, or any other advertising-driven sources of information.

I will constantly improve this page, so get on my private email list for updates.

Until then, ask any questions. If something went wrong, please give me a very specific description of exactly what went wrong at what step, what it was supposed to do, and what exactly it actually did. Click here to email me.

Requests for what to add? Again, just email me.