1 Create a Secure Foundation

A community network will not be sustainable over time unless it is built on a secure foundation. Sadly, the Internet is currently a hacker heaven where hackers have a variety of ways to take over your community network and demand a huge ransom payment to get it back. It is a lot of work to build a community network. We will therefore begin this course with a review of REAL website security. This chapter is divided into the following four articles.

1.1 Use a Linux Laptop to Access your Network

1.2 Create a VPS with a Hestia Control Panel

1.3 Use Hestia to Install Joomla

1.4 Add JCE Editor and Helix Template

1.1 Use a Linux Laptop to Access your Network

Creating your own community network can be a lot of work. It is important that your network be securely constructed and managed to prevent it from being taken over by hackers. In this article, we will review the first step in creating a secure community network. This is reflashing at least one of your computers to Linux Debian so that you will have at least one secure computer that you can use to access your network. To be clear, do not use a Windows computer to access the back end of your community network. If your Windows computer is compromised, it is only a matter of time until your website and community network will also be hacked. Here is our plan to build a secure foundation for our community network:

01

Step 1 Create a Debian Live USB
The first step is to create a Linux Debian Live USB. The first step in this process is to get two empty USB 3 drives. Use the first drive to make a copy of all of your documents on the computer you will be reflashing. Depending on how many documents, images and videos you have on your computer hard drive, this USB 3 drive may need to be 64 GB to 128 GB.

Note: Reflashing a computer will delete all documents and programs on the computer. Please copy all documents and make a list of all programs that you want to re-install after reflashing your computer.

The second USB drive will be converted into an Linux Debian 11 Live USB. It only needs to be 8 GB. I recommend Sandisk USB drives.

Download the Linux Debian 11 ISO File
Go to this page to download the 64 bit version of Linux Debian ISO file with non-free software (the non-free software may be needed to install WIFI and Printer drivers on your computer).

https://cdimage.debian.org/images/unofficial/non-free/images-including-firmware/11.1.0-live+nonfree/amd64/iso-hybrid/

Scroll down the screen to the Debian live 11 amd64 cinnamon plus non-free iso option. Then click on it to download it. It will be about 3 GB.

1.2 Create a VPS with a Hestia Control Panel

Now that we have a secure Linux computer, in this article we will review how to use your Linux Debian computer to create a Linux Debian Virtual Private Server (VPS) and then install the free open source Hestia Control Panel on your VPS.

Step 1 Get a Hosting Account with a Secure Canadian Server
It is not wise to host your website or Virtual Private Server with a US based hosting company. The reason for this is that the US has a draconian law called the Patriot Act – which allows US federal agencies to take down your website or VPS without notice and without a court hearing. The only way to have a truly secure website or VPS is to use a web host and domain registrar that is not located in the US. After months of evaluating more than 100 Canadian web hosts, I eventually chose a VPS host called CanHost.ca. In this article, I will explain why I chose CanHost not only for my VPS but also as a host to recommend to my students and business friends.

01

#1 CanHost is actually owned by Canadians and has actual servers that are actually located in Canada
During my research on Canadian VPS hosts, I found that many hosting companies which claimed to be owned by Canadians were in fact incorporated in the US and had their headquarters in the US – making them and their customers (aka your business website) subject to the draconian US Patriot Act.

#2 CanHost offers a simple DNS Manager with a Graphical User Interface
Because we will be using the Hestia Control Panel, we will be setting up our own websites, our own databases and our own custom mailing systems. These are all relatively easy tasks that most online business owners can learn to manage on their own. But setting up a DNS Manager can be a much more complex undertaking. I therefore wanted a VPS hosting company that could host all of my domain names and also have a DNS Manager which will allow me to easily route my domain names. This may seem surprising – but most VPS hosts do not have a DNS Manager!

#3 CanHost has hundreds of helpful Tutorials
Many VPS providers do not offer any instruction as to how to use their VPS. But CanHost has more than 200 tutorials which you can see at the following link: https://www.canhost.ca/hosting/index.php?rp=/knowledgebase/tag/VPS

Here is a tutorial explaining how to use the CanHost DNS Manager: https://www.canhost.ca/hosting/index.php?rp=/knowledgebase/275/How-Do-I-Manage-my-DNS.html

To update your DNS records, first navigate to your Client Area by logging in to canhost.ca. Navigate to the 'Shortcuts' list on the left, and select the list item called 'My DNS'.

02

This will open up your DNS manager, which displays all of your active DNS zones and their corresponding domain names. To edit a specific zone, click on the Edit Zone button on the right hand side. This will allow you to edit the individual DNS records for this domain.

1.3 Use Hestia to Install Joomla

In the last article, we set up a VPS account and used it to install the Hestia Control Panel. In this article, we will set up a new Hestia User. We will also point our domain name from Canhost to our VPS IP address and then install our domain name on the new user account. We will then use Midnight Commander to configure the PHP settings for our new server and then create a Joomla database and website.

Step 1 Add a New User
It is very important to create a new user for the admin as this will create a wall for hackers preventing them from reaching the Admin Control Panel should they ever manage to break into an individual user account or website. In short, all websites should be created by Hestia users and not by Hestia administrators. Click Add User.

01

Type in an easy to remember username and easy to remember password. Then type in the User Name and email address. Check Send Welcome Email to see what that looks like. Click Save and Back to return to the Users screen.

Step 2 Use your VPS Primary IP address to point your Domain Name to your VPS server.
Here we will assume that you have already set up your Hestia VPS using a different domain name and that your VPS server has the IP address 66.209.180.229. We will here add the new domain name, ourcommunitynetwork.org as a Hestia User.

First, log into your Canhost account and click on Domains. Then click on My DNS. This opens the Canhost DNS Manager. By default, the Zone records point to the Canhost IP address. Delete the first four IP addresses and replace them with the IP address of your own VPS. Then click Save. Then add two CAA records and click Save. When we are done, the first six DNS Zone Records will look like this:

02

Log out of Canhost and log back into your Hestia admin panel.

1.4 Add JCE Editor and Helix Template to your Joomla Site

Now that we have our Joomla website, in this article we will add the JCE Editor to it in order to automatically create images folders for each new member to keep their Profile Page images in. We will also use Libre Draw to create a header for our community network website. Finally, we will install and configure the Helix template and write a Welcome article for your Home Page.

Step 1 Add the JCE Editor
The JCE Editor is essential to Our Community Network as it is the only editor that will allow us to set up individual folders for each community member. Here we will show you how to configure the JCE editor so that it automatically creates a separate folder for each new member to store their images and documents in without the risk of other members accessing their personal upload folder. To download the JCE editor, go to this page:

https://www.joomlacontenteditor.net/downloads/editor/core

Then click on Download for the latest version. Then in the Joomla Control Panel, click Extensions, Manage, Install. Then click Browse for File. Then select it. It will install automatically.

Step 2 Configure the JCE Editor for use with Our Community Network
Once we install the JCE Editor, we need to modify it so that it does not allow users access to the website root folder. Also, because the JCE Editor will be used by every member of the community, it is important to set it up to allow every community member access to their own separate folder for storing their own images and other documents.

To Configure the JCE Editor, go to Components, JCE Editor. Then go to Editor Profiles, Default, Setup tab, and scroll down to User Groups. Add Registered Users to the list of permitted users. But delete Managers, Administrators and Super Users as we will soon give them a different JCE Editor. See image below.

02

Then click on the Features & Layout Tab and reduce the number of tools from four rows to two rows by moving unused icons to the lower area – but moving the font color icon to the upper area. When we are done, this is what the Editor Tool Bar will look like:

03r

Click Save. Then click on the Editor Parameters tab. We will leave URL Conversion set for relative URLs in order to make it easier to copy. But we will need to change it to Absolute URLs for the Administrator Editor for editing the Newsletter component we will be installing later. Then click on the Plugin Parameters tab. Then click on the Image Manager tab and set alignment to Center. Then click Links, and set Target to Open in a New Window. Also change Enable File Browser from Yes to No. Show Advanced Tab set to No. Show Anchor List set to No. Show Target List set to No. Set all Joomla Links List to No. Also set the Link Search to No.

Finally, click Media Support and change Allow Iframes to Yes.

Then click Save and Close. We now have the default JCE Editor set up as a normal editor.

Step 3 Create a Second JCE Editor for Administrators
Next click on JCE Editor Profiles. Select the Default Editor and click Copy. This will add another editor called Copy of Default that is exactly like the Default Editor. Click Copy of Default to open it. Change its name to Super User Editor. Change Status to Published. Scroll down to User Group, uncheck all groups except Manager, Administrator and Super Users. See image below