docs/front/full-howto.en.md

# Use ServNest

## Introduction

This document describes the steps for the combined use of each service of a ServNest installation.

In short, it consists of:
1. on the **Authentication** service: creating an account
2. on the **Registry** service: registering a domain name in one of the available suffixes
3. on the **Name servers** service: configuring a DNS zone for this domain
4. on the **Web** service: uploading files using SFTP and making them accessible through the Web with the domain previously registered and configured

## Prerequisites

* the address of an existing ServNest installation (see the list on the homepage)
* a way to communicate with the chosen installation administrator, to get the account approved
* a web browser (for example LibreWolf, Tor Browser or Firefox)
* an SFTP client (for example Dolphin on KDE, GNOME Files or FileZilla)
* files to be served on the site (typically in HTML format)

## Step 1: account creation

Create an account and get it approved

1. From the chosen ServNest installation home page, go to the **Authentication** service, then use the page **Create account**
2. Ask your installation administrator an approval key, according to the instructions on the link **About this installation** on the installation home page, and wait for their answer
3. Use the answered key on the **Switch to an approved account** page

## Step 2: domain registration

Choose a domain name

1. Go to the **Registry** service
2. **Register domain**

## Step 3: the DNS zone

### Step 3.1: DNS zone creation

Authenticate the DNS zone creation by creating a specific DNS record in the parent zone (the registry), then actually create the zone

1. On the **Name servers** > **Add zone** page, copy the required NS record value (Don't submit the form yet)
2. Paste the value in **Registry** > **NS records** and submit
3. Submit the form on **Name servers** > **Add zone**
4. Paste the value in **Registry** > **NS records** again, but this time select the **Delete** action, then submit

### Step 3.2: delegation to the DNS zone

Tell the registry to delegate the domain name resolution to the servers on which we just created the zone

For each domain name listed in the **Name servers** section on the home page of the **Name servers** service:
1. Copy-paste this domain name in **Registry** > **DNS records** then submit

### Optional step 3.3: DNSSEC activation

Tell the registry the public key of the DNS zone in order to enable the DNSSEC trust delegation and thus the DNS zone records authentication

1. On **Name servers** > **Display zone**, select **DS records** then submit
2. Transmit the display values to **Registry** > **DS records**

## Step 4: the website

### Step 4.1: SFTP upload

1. Transmit the values displayed on the **Web** service home page to the SFTP client
2. If the SFTP asks to confirm the server's public key fingerprint, check that it matches one of the values display on the web page. If none of the values match, cancel the connection, then check the settings, change Internet connection or contact the administrator. (Connecting to an SFTP server without verifying it's authenticity can allow an attacker to takeover your account.)
3. The SFTP space is empty by default. Create a directory named without spaces, accents or special characters (for example `site`)
4. Copy-paste the site files inside this new directory

### Step 4.2: HTTP access creation

1. In **Name servers** > **Synchronized records**, add an entry with the domain displayed on **Web** > **Dedicated domain with Let's Encrypt certificate access** as the **Source domain**
2. In **Name servers** > **TXT records**, add for the **Subdomain** `_auth` the value displayed on **Web** > **Dedicated domain with Let's Encrypt certificate access**
3. Submit the form **Dedicated domain with Let's Encrypt certificate access**

## Conclusion

Accessing `https://domain.example/file` displays the file `/site/file` from the SFTP space.