Who this page is for
Are you a new DSA chapter an existing chapter using mostly Slack and Google Docs? Do you want to take control of your chapter's data, preserve your privacy, and perhaps get new functionality you didn't have before?
After much research, I believe I've found the easiest, cheapest, and most secure way for DSA chapters to collaborate and work together online. Now more than ever before, it's easier to take your chapter's data in your own hands, rather than relying on Amazon, Apple, Microsoft or Google.
Your chapter can make the switch from closed-source programs that harvest your data and restrict features for non-paying users to useful, free, open-source software - with minimal effort and cost. As a fun bonus, you'll also be avoiding some of the country's worst tech offenders and abusers of power. But you may be asking - why bother doing all this in the first place?
Why this guide was made
I understand that closed-source tools like Slack, Google Docs, and more just work for many people. People use these tools already at their jobs, at school, and even at home. Many people have a busy schedule as-is, and so we're grateful they choose to spend their precious free time building socialism. Why would we make them learn something new or download a new app? Why risk de-incentivising people from contributing?
If you imagine a utopian socialist future, does it include Google, Microsoft, Facebook, and Amazon acting as middlemen to everything you do online? Probably not. I've spent a lot of time trying to make the process of using free software as easy as possible for everyone involved - from the admins, to leadership, to your users.
This guide will walk you through each and every step, from starting with nothing but a credit card to finishing with your own website, blog, chat program, file storage solution, and an email/calendar/contacts server. Best of all, you can likely complete setup of all of these services in a few hours.
What it means to really own your tech stack
Before going through this process, remember that your entire chapter will be making this change with you. Before starting, ensure your chapter's leadership is on board with using any software you plan to deploy. Buy-in from leadership, and your membership body, is an essential first step and cannot be skipped! Also, ensure you have a plan to pay for expenses (~$50/month). Even when leadership and most of your members are on board with the plan to change your tools, you should still comminute early and often to all the comrades in your chapter to ensure they are heard and their concerns are taken into consideration as this transition is made.
Remember: be democratic. Over-communication is less likely than under-communication, so communicate early, often, and using plain language.
Also, keep in mind that anything you do will need to be passed on to someone else at some point in the future. I strongly recommend taking copious notes as you transition and storing these notes for any other admins who have access to the software in the future. You may not know when you will not be able to access the admin dashboard in the future, so always have a plan for how someone can take control of your chapter's digital presence without you being there in a safe manner. We'll cover this more later, but keep it in mind. Now let's cover exactly what you'll need to get started!
What you need, and how much it costs
You need three main things:
- A domain name is the name of your chapter or something catchy like socialism.tools. This is that thing you type into the address bar in your browser.
- A Virtual Private Server, or VPS, is a computer that lives in the cloud. It's called a virtual private server because it's not really a black box sitting somewhere - it's a part of a very powerful server, running many people's servers at the same time but separated from each other (thus, private).
- If you are extremely cost-constrained you can use a computer you already own - but be aware this is more difficult to set up, more risky, and will likely have worse performance than a VPS.
- A piece of software called Cloudron. It will run on your VPS. Cloudron mainly acts as an application controller. Cloudrun can install apps for you with one click, set them up for you, and keep them updated. Cloudrun also keeps itself updated, and provides user management and email services to all your apps. Installing, configuring, and updating apps can be confusing or time-consuming, and Cloudron does it for you for a price that is far, far lower than other (business-focused) options. Cloudrun is run by a small company in Germany. There are free alternatives to handle this type of thing, but Cloudron is the best and easiest.
There is no away around the fact that this solution - as with any open-source solution - is going to cost money. Big Tech companies can subsidize free usage of things like Google Docs, OneDrive, Zoom, or Slack by charging their business customers a lot of money. But despite the cost of running free software, I think this is worth it to take control of your chapter - why become socialist if you don't want to take big bets, eh? 😉
The cost breakdown will look something like this:
This adds up to $440 per year (less than $10 a week), or more if you pay for Cloudron monthly. This is the cheapest possible configuration I could find that could reasonably support a chapter.
If your chapter has a very tech-savvy Linux expert on hand, you could probably get away with not paying for Cloudron (and maybe it's you), but remember what I said earlier - someday, someone else will need to inherit this technology stack. You might be unavailable when something breaks, and things like chat and email can be critical to people's safety. Cloudron makes it easy to give multiple people access both to the platform itself and all the apps therein, and that simplicity and peace of mine is a huge part of why Cloudron is worth the money.
Disclosure: The two links above for a VPS and Cloudron are referral links; if you purchase services after clicking on them, I get a discount on the VPS and license key used to run socialism.tools. Vultr gives you $100 to start, which is a pretty good deal and I like the service.
Let's buy a domain!
Buying your domain name is like buying your digital identity. As a reminder, the domain name of this site is socialism.tools. In this case, we're going to use the same place to both buy our domain and host our DNS records. DNS records are like directions for computers - when someone types in socialism.tools into their web browser, the DNS record is what routes that request to my server's IP address. We'll get an IP address later, but we do need to start with a domain.
Already have a domain?
If you already have a domain, great! You can keep your current domain registrar if you want. However, your DNS provider needs to be on this list of providers that Cloudron supports.
You can type in your domain name, including your top-level domain. These are .com, .biz, .org, .tools, etc. There are tons of top-level domains, and if you aren't sure which one you want, leave it out and see what Cloudflare suggests. For fun, let's say we're helping Albuquerque DSA set up their site. I like the .group TLD, so I'll use that for this example.
Complete the purchase process. You will be asked for your address and contact information - this information is not public. Gandi has something called WHOIS privacy on by default, so if someone tries to look up who owns a domain, it will not show them anything. Gandi is required to keep this information for legal purposes, so keep that in mind.
We need to do one more thing with Gandi. Get an open Notepad or empty document open - we need to save a special string of text. Here's what to do:
- Click your username in the top-right corner
- Click user settings
- Click Change password and configure access settings
- Click add an API key
Now, copy the string of text that appears on the screen to your doc. Only share this string with people you entrust your entire chapter infrastructure to. This lets application change routing rules for you domain.
Let's build your VPS!
Now we need somewhere to point that fancy new domain name! There are many options to choose from when selecting a company to provide you a VPS. Cloudron recommends four options that offer one-click easy installation. Amazon is a popular option, but fuck Jeff Bezos.
Vultr is what I use, and is a popular option that offers one-click install. It also has one of the best user interfaces available, to make managing your resources and sharing them with others easier. Digital Ocean is also a popular alternative that offers slightly less performance per dollar, but has a wider variety of service.
You can click here to set up a new Vultr account with $100 in credit. Once you have an account, you can create a new server using the plus button on the product page. Click Deploy new server, and then choose the location closest to you.
Under "Server Type" select "Marketplace apps" and select "Cloudron".
Leave "Basic" selected and choose the size of your server. The absolute bare minimum is the $10/mo server and I wouldn't recommend this unless you really, really don't have any money. If you plan on installing more than two or three apps, especially if you want to use WordPress, I would strongly recommend going up to the $20 plan at a minimum.
Important: you can very easily upgrade your server, but downgrading is much more difficult.
Next, you'll choose a data region. If you're trying to avoid surveillance by the government by selecting a different country, I have bad news - it will likely not help. For performance reasons, choose a data center as close to your members as possible.
"Hey wait, you said this guide would help us avoid surveillance!"
I did, because it will protect you from bulk collection activities. Bulk collection activities are like Google mining your search history for ad data or the FBI issuing a wide search warrant for anyone who searched "communism is cool" in Facebook Messenger (The EFF has more information on this topic.)
But this is not a guide on how to hide from the feds - doing so would so drastically increase the cost and complexity to this project so much it could not exist.
If sufficiently experienced hackers - such as the NSA, GRU, or others - want to get your data, they will. Do not transmit or store anything you think could be used against you on a computer if this is a concern. A Signal call, or even better, an in-person conversation does well when dealing with sensitive information.
Anyway, back to setup:
Select the checkboxes for IPv6 and Block storage. IPv6 is a new networking technology I see no reason not to have. Block storage will come in handy later for backups.
Leave everything else as-is, unless you want to pay for DDOS protection. I don't think smaller orgs need this, but if it gives you some peace of mind, go for it.
Your server hostname can be set to something custom for vanity purposes, and you likely don't need to worry about labels.
Congratulations! In a few moments, your VPS will be built and have Cloudron ready to go! Wait for the installation process to complete before moving on to the next step - configuring your new Cloudron install.
Let's configure Cloudron!
Once the process is finished, click the IP address (those numbers) to copy it your clipboard.
Paste the IP address into your browser's URL bar.
Do not include http://www. or anything else
If you get a message saying the site is not secure, press "Advanced" and then "Continue" - you should only see this message when you first setup the server. You should see Cloudron's DNS Setup page. We are now going to connect the domain name you created earlier to our server.
Type in your domain name, select Cloudflare, then API Token, and paste in the API token you saved to Notepad or Sticky Notes earlier. Then click Save. After a few moments, you should be prompted to create your Cloudron username and password. Your email must be valid - double check it!
After that, you'll want to create a Cloudron.io account. This is the account you'll use to pay for a license to Cloudron (or try it for free). After that, you should now be able to see the App Store! Let's try installing an app.
Let's install WordPress!
Click App Store, select WordPress and click Install. On the next screen, you'll be prompted for a location and user management settings.
We'll get back to user management later, so feel free to leave that for now. Location is what will appear before your domain name, creating the location of the app. For example, wordpress.socialism.tools links to this WordPress installation (to set a default app that your users will see if they just type the domain name, just the location field blank - but remember, you can only have one of those! I have WordPress set up with both a WordPress prefix and as the blank domain.)
Press Install and wait a few moments. Congratulations, you've just installed WordPress! You can use WordPress to have a web page for your chapter, write blog posts, and send out emails. WordPress is a huge, powerful tool, so we won't cover it all in this post.
Before we continue - a word about updates
You may have heard of WordPress before - in perhaps not in a flattering light. As WordPress is very popular, attacks that target WordPress installations are also popular, as many are not updated when new vulnerabilities are found. Luckily, Cloudron makes it easy to keep WordPress updated and secure - you only need to click the green "Update" arrow when you see it:
After pressing the button, you'll be taken to the Updates tab of the app's Settings page.
Click the green "Update available" button to run the update (it will also run automatically if you wait long enough). Remember that whatever is updating will be briefly unavailable, so try to make sure many other people aren't using the software when you do it. This update process applies to all Cloudron software, not just WordPress.
After clicking the update button, Cloudron will show you a changelog:
Make sure nothing is alarming, and then click "Update".
I recommend using Rocket Chat or Matrix as your Slack replacement. Cloudron offers both.
Matrix (Synapse + Element)
Matrix is a protocol; it requires a server (Synapse) and a client (Element) to function. Matrix is designed with decentralization in mind, meaning it is designed to function as a network of servers, of which your installation is one node. This is great for a lot of purposes but can be confusing for people who are less tech-savvy, and it's not designed with the same ideas in mind as Slack replacements like Rocket Chat and Mattermost.
That being said, Matrix has a lot of energy behind it and is improving constantly. Matrix's usability has improved drastically over the past year, but if you want something simple Rocket Chat is recommended. This guide will focus on Rocket Chat, but if you want to use the advanced privacy, security, and collaboration features Matrix offers and aren't afraid of just a bit of extra work, check out our Matrix guide.
Install & Configure Rocket Chat
RocketChat is an excellent open-source Slack alternative that's easy to use and includes everything your chapter needs to chat together. If you've used Slack before, you'll feel at home with Rocket Chat - you can even import your old Slack messages!
Install Rocket Chat the same way you installed WordPress - just head to the app store and click Install! Consider setting the location to chat.yourdomain to make things simple.
Once Rocket Chat is installed, you will need to set it up. Please follow the first-time set up instructions that appear on the app's modal:
I strongly recommend registering your server with Rocket Chat. It includes a ton of things you need, is easy to register, and is free!
Very large chapters, with multiple mobile device developers, are the only people that should choose Standalone, and even then, it's a lot of work. Standalone gives you the opportunity to access a couple of additional features, but it's significantly more work to maintain and requires far, far more technical knowledge of mobile app development to setup.
Congratulations! Let's get into your Rocket Chat workspace. First, let's finish registering your server with Rocket Chat. Click the three-dot menu in the top left corner, and then click Administration.
Click "Connectivity Services"
Now, open up a new tab and check your email (the one listed on this screen). You'll have an email that looks like this:
Click the blue button and create a Rocket Chataccount if you don't have one. Once you're done, you should be on the Workspaces screen in your Rocket Chat Cloud account. Click the blue box and press "Register self-managed"
Select Internet access, Continue, then copy the code that appears. Go back to your Rocket Chat instance and enter the code in the Token box and press Connect. It should then look like this:
Press the blue button and authorize your server. When you're done with that, your Connectivity Services should look like this:
Awesome! You now have a Slack replacement complete with mobile notifications, app integrations, and more! I'll build a separate guide for a more advanced Rocket Chat configuration. For now, let's create a simple announcement channel. Select the "new" button, then Channel, and then Broadcast Channel.
Note how it says only certain users will be able to post. You can control user roles under Settings > Users > Click a user to edit > scroll down to roles. Let's take a break from Rocket Chat for now and move on to an older communication method: email.
Let's set up Email!
Email is more complicated than anything else here. Before we go in-depth on Cloudron's email services and how they interact with your apps, I want to take a moment to familiarize you with the main concepts of email routing.
We are going to be enabling the SMTP server in Cloudron. SMTP stands for Simple Mail Transfer Protocol, and it is anything but simple in practice. Luckily, Cloudron handles the hard parts for us, but there is one thing it cannot help with - your IP reputation.
A quick note on IP reputation
As you recall, when you created your VPS you first accessed it with its IP address. Nearly all mail systems, including Cloudron itself, compare incoming emails against IP denylists. There are public IP denylists and private ones, but all email servers use IP denylists in one way or another to gauge how trustworthy your IP is.
To illustrate how they work, I'm going to use a Gmail user on your server as an example. Let's say Alex sets up his Rocket Chat account with his email, email@example.com. Rocket Chat will send his two-factor login code from Cloudron to Gmail. Gmail will analyze the message - using a huge variety of factors like sending IP, message content, and Alex's preferences, to determine 1) if it reaches their inbox at all and 2) where it will go if it does.
Let's start with sending IP. There are a limited number of IPv4 addresses, so big hosting providers, such as Digital Ocean, are forced to re-use them. It is also possible to detect what "block" an IP comes from - so Gmail knows your message is coming from Digital Ocean. Unfortunately, spammers use virtually all VPS services to send spam, so these companies usually do not have very reputable IPs to begin with. This usually isn't enough to prevent your message from being received by Alex's Gmail account, but it may send it to their spam folder.
If you want to avoid this problem, a much more reliable way to send mail is via a "transactional email service" such as Mailgun. These companies go to great lengths to protect their IP reputation, and so your messages have a better chance of being delivered. They also cost money, but not too much (roughly a dollar per thousand emails for Mailgun, or $35/mo for a very advanced plan with 50,000 mails per month which only the largest chapters would need). To keep costs low and this guide short, we're going to stick with the built-in SMTP server to send mail and hope for the best. A guide on setting up Mailgun is coming soon.
How to use Cloudron's Email services
By default, Cloudron will just be configured to send mail. This is all you need for your apps to send things like password reset emails or two-factor codes. After a few changes, you can turn Cloudron into a full-service email provider, with email inboxes, delegation, and many more features.
Setup is easy. Open the Cloudron menu (your name, in the top right) and click Email. Then click Enable.
Cloudron should automatically configure all your email DNS records for you! It may take a few minutes (and sometimes a few hours) to fully take effect. You can click the Status screen to ensure everything is configured correctly:
I hit an issue where ethics where some of the records (SPF and DMARC) did not get applied for whatever reason (I was also very impatient and only waited about 30 minutes). If, after a day, you still aren't seeing these records in Cloudflare, click the record and Cloudron will show you exactly what it's expecting to see - then enter that information into Cloudflare under DNS.
That's it! You can view the post from Cloudron on troubleshooting emails for more help if you need it.
Using your new email account
After your email is ready to go, you can create a mailbox. Mailboxes are based on Cloudron accounts and tied to a domain. Remember - your emails live in the Cloudron service itself, not with any single app.
To begin, click "Email" in the Cloudron menu.
Click the pencil icon next to the domain to add things like mailboxes, mailing lists, and catch-alls.
You can create accounts under the Users tab, but we'll go over that more next - let's start with you as the admin. Click "Add" in the mailboxes menu.
Now, on to the harder part - collaborating on files and documents.
Nextcloud: Your swiss army knife
The last step of this process is the largest - we're going to get Nextcloud installed. Nextcloud offers a boatload of features - chat, file sync, document creation via Collabora, maps, tasks, oh my! But the problem with Nextcloud is precisely this broadness - it is difficult to keep Nextcloud secure, fully updated, and working well for everyone. It does a lot, but what it does well is more of a mixed bag. Unfortunately, it's the best solution we have. We'll cover Nextcloud in more detail in another post; we'll cover the basics here.
I'm going to take you through a basic Nextcloud setup with their built-n Mail and Calendar apps as well as Collabora, a web-based document, presentation, and spreadsheet program.
This will be a long one! If you did all the previous sections of this guide in one go, congrats, but be aware this will take a bit longer than the others. Nextcloud has a lot of options, and we're just going to get you set up with the basics.
Install Nextcloud as you would any other app and pay close attention to the install message.
Change your password by clicking your user icon in the top-right corner > settings > security.
Save this password somewhere save, but for convenience, you can use your Cloudron account. Click Users, then click the pencil icon your account, and put yourself in the admin group, then click done to ensure the change is saved. You can now log out and then log in to your Cloudron account.
Accessing your email account in Nextcloud is easy. If you don't see the mail icon in the blue bar at the top, click your profile icon, then Apps, App Bundles, scroll down to Collaboration, and install the following:
- Collabora Online
In the Mail app, follow Cloudron's instructions for logging in.
Your calendar should appear instantly, and you can start adding events and inviting anyone you like to meetings. You may notice a few things missing from other calendar systems, like smart geolocation of addresses. Nextcloud does include an easy way to find a time (among people who use Nextcloud as their calendar). Add your attendees, then press "Show busy times" to find a time that works for everyone.
Mobile support can be somewhat complicated, unfortunately, and we'll cover that in Part 2 of this guide where we'll go deeper into Nextcloud. If you don't have it setup yet, just log in on the web and select "List" view.
Like Calendar, Contacts in Nextcloud are pretty straightforward. You can import contacts from other sources like Google Contacts by downloading them as a
.vcf file and then clicking
Settings > Import.
Ensure you and your users keep in mind content in Nextcloud is not encrypted.
Documents, Spreadsheets, and Presentations
Go back to your Cloudron page and install the Collabora app. Wait for it to start, log in with your Cloudron account, and enter in the address of your Nextcloud app. Mine is nextcloud.socialism.tools. You must enter the primary Nextcloud address, not a redirect.
Now open Nextcloud. Open your menu and click Settings, then Collabora Online Edition. Check "use your own server" and enter the full web address of Collabora.
Now click "Files" at the top menu bar of the screen, and then click the plus button. You should now see options for Documents, Spreadsheets, and Presentations!
Create a test doc and open the Nextcloud document editor. As you may come to realize, Collabora is not exactly equivalent to Google Docs. It's a little clunky, a little less full-featured, a little rougher around the edges. That being said, it's easily the best open source solution - there's even a mobile app!
Document editing, more than chat or email, is likely to be the most controversial choice. Chat is transactional, Rocket Chat and Element are very close to Slack, and many people won't need an email account (or will only need to check it infrequently). But a lot of people will need to collaborate on documents, some of which will be released to the public. Collabora may not offer the features users need, and they may want to keep using Google Docs or Microsoft Word. If this is the case, and your other chapter members are OK with using these tools, you can manage that as well!
While any integration with Google Docs is not possible, you can still use Office - and any other programs that store files locally - pretty easily with Nextcloud. Download Nextcloud's file sync utility to automatically keep files updated with the copy stored in Nextcloud. Just remember that Microsoft Office licenses cost money and may not be accessible to everyone in your chapter. (and please, do not store personal files on your work computer you don't want your boss to see!) We'll cover integrating other document collaboration systems in Part 3.
You've done a lot of work so far! You now have a centrally managed yet private cloud for all your chapter's applications and data. Your data is no longer being siphoned off by big tech, and you've gained some new features along the way. You have a base that's secure, with chat services, a blog, email, contacts, calendaring, and perhaps more! You're ready to begin your chapter's journey into their open-source future. You will undoubtedly hit bumps along the way, but hopefully, the other articles on this site, along with your nerdy comrades, can help you overcome them.
Good luck, and solidarity forever!