Joey

Joey

I make the internets work.

Blog Setup

7 minute read

Why did I decide to start a blog? I spend a lot of my free time working on various projects, tech and non-tech related. Networking(the kind with packets), electronics, coding, cloud, reading, gaming, building models, studying foreign languages…the list grows as I pick up any new interest. I’ll use this as a place to document my projects and hopefully others can benefit from my work.

I’ll likely focus mostly on tech, but might cover some of the other topics if I’m feeling bored. I guess I should start out my first real post about how I setup this blog.

Overview

This blog is running on Ubuntu Linux. The webserver is NGINX and the blog platform is Jekyll. This is my own custom domain that I registered years ago, but never did much with it. I guess now is as good of a time as any to put it to use. I use CloudFlare as my DNS host and also to proxy the connections to the real webserver.

Goals of this Project

  1. Self Host On Linux
  2. DNSSEC and Cloudflare Proxy
  3. More secure(hopefully?) and less complicated blogging platform
  4. HTTPS only

Future Goals

  1. Automated pipeline For blog updates
  2. Write more content

Linux Host

Since this blog currently has no traffic, it’s running on the smallest compute instance I could purchase online. I won’t go through the details of what host I’m using since that would defeat the purpose of using CloudFlare, but AWS and GCP both offer free tiers of compute instances for a limited amount of time. Another option is a VPS provider. Currently the going rate is $4-5 a month with the major providers. Any of these options will run Ubuntu Linux.

If you’re looking to start your own self-hosted blog and don’t have much Linux experience, my advice is follow a security guide for hardening linux servers. Things like disabling root login, use a secondary user with sudo access, using only SSH keys, firewall ssh to known IPs, open the firewall for only used ports (HTTPS for this blog). The larger hosts should have an image that already has these implemented or a guide on how to deploy. It varies per platform and writing this now is making me think I might need to write a more in-depth post.

Once I had my server setup and hardened, I setup my CloudFlare services.

Cloudflare

I was recently researching DNSSEC and learned that Cloudflare offers it free for personal use. I signed up for a free account cloudflare.com and added my domain. At my domain registrar, I pointed my name servers at Cloudflare’s servers.

Following Cloudflare’s guide, I setup DNSSEC. Once that was setup, I added my relevent DNS records. Cloudflare offers a proxy service, which I have enabled. If you do a DNS lookup for my domain, you’ll notice the returned A records are Cloudflare IPs. The backend server IP is unknown to the public internet. I have my server firewalled so that only inbound connections to the webserver are allowed from Cloudflare IP ranges. I’ve also enabled strict SSL/TLS, but this can’t be done until the SSL cert is added to the server.

NGINX

Why NGINX? I don’t have a great answer for that. Since I was a sysadmin in the early 2000s, I normally would have used Apache, but this time around I decided to use NGINX. I’ve read that it’s faster than Apache and uses less resources, but for a blog with no traffic what do I care? It was easy to setup and supports everything I need to run this blog.

Setup is fairly easy with Ubuntu

sudo apt update
sudo apt install nginx

Once I had the server installed, I did some base configuration for the web-server. I generally use a virtual hosting configuration for my web-servers in-case I want to add another domain later. You can read more about Virtual Hosting here.

# Create The Directories for HTML
cd /var/www/
mkdir devdisaster.com
cd devdisaster.com
mkdir html

# Create the NGINX configuration
cd /etc/nginx/sites-available
vim devdisaster.com

In the devdisaster.com file in /etc/nginx/sites-available, I created the following base configuration.

server {
    listen 80;
    listen [::]:80;

    server_name devdisaster.com;

    root /var/www/devdisaster.com;
    index index.html;

    location / {
            try_files $uri $uri/ =404;
    }
}

After the base configuration was in place, I created a symlink between sites-available and sites-enabled and restarted nginx.

# Create a symbolic link between the sites-available and the sites-enabled directories
sudo ln -s /etc/nginx/sites-available/devdisaster.com /etc/nginx/sites-enabled/

# Restart NGINX
sudo systemctl restart nginx

At this point I was able to browse to devdiaster.com and was greeted by the test index.html I created. Success! Well, kind of… I still needed to get HTTPs running before I moved on to the blog platform.

Let’s Encrypt

Does a static blog site really need HTTPS? In my opinion, yes, all sites should be HTTPS enabled. With projects like Let’s Encrypt, it’s free and with the amount of traffic I expect to have to this blog, I’m in no danger of overrunning my allocated CPU due to SSL/TLS.

I followed this to setup Let’s Encrypt. I found that step 4 isn’t necessary as the current certbot creates a system service called certbot.timer.

Once I had this setup, I put Cloudflare into SSL/TLS Full(strict) mode. The entire connection from client to server was now encrypted end to end. All the infrastructure was all setup, it was time to move on to getting the blog setup.

Jekyll

I’ve tried out a couple different platforms over the years for blogging, though I never really stuck with actually writing a blog. I’d set everything up and then kind of walk away from it. I guess my journey to getting the infrastructure built was more interesting to me than actually writing the content. I suppose the efforts weren’t completely useless as I learned a lot along the way.

The problem I have with most blogging platforms is that they are bloated and require a database to run. I don’t need user management or even want users to register to my blog site. I just want to post things and maybe offer a place to leave comments, though I’m still kind of conflicted on that point. I might enable comments to try it out.

I ended up discovering Jekyll during my current research into blog software. Jekyll is simply a static site generator. You fill out some configuration files and run the site builder, it generates the HTML etc and you copy it into your site’s html directory. The quick start guide can be found here.

You don’t have to have Jekyll installed on your server, you can install it locally on a dev machine and simply copy over the HTML. I chose to run it locally on the server and simply copy the files over locally.

I also used a theme, minimal-mistakes. The setup-guide can be found here.

Once I had Jekyll and the theme installed, I created a new site inside my home directory.

jekyll new devdisaster.com
cd devdisaster.com

# Edit the configuration files
vim _config.yml

Using the minimal-mistakes configuration guide, I went through and edited my configuration to match all the settings I wanted.

title: "/dev/disaster blog"
email: [email protected]
description: >- # this means to ignore newlines until "baseurl:"
This is my personal blog where I write whatever I feel like writing about.
baseurl: "" # the subpath of your site, e.g. /blog
url: "https://devdisaster.com" # the base hostname & protocol for your site, e.g. http://example.com

# Build settings
theme: minimal-mistakes-jekyll
minimal_mistakes_skin: "dark"
plugins:
- jekyll-feed

defaults:
- scope:
    path: ""
    type: posts
    values:
    layout: single
    author_profile: true
    read_time: true
    share: true
    related: true
- scope:
    path: ""
    type: pages
    values:
    layout: single
    author_profile: true

author:
name: "Scott"
avatar: "/assets/img/bio-photo.jpg"
bio: "I make the internets work."
location: "USA"

After the configuration is complete, all you do is run a build from the root directory.

JEKYLL_ENV=production jekyll build

This generated a _sites directory, I then copied the contents of this directory into my /var/www/devdisaster.com/html directory and restarted nginx. Success, the blog was active!

What’s Next

Write more posts, learn more markdown. To write posts in Jekyll, you write a file in markdown or HTML and then rebuild the site. After site build you copy the files over and restart the webserver. I’ll work on automating this over time, maybe I’ll just keep a git repo with the blog posts in markdown and have a pipeline that monitors for commits.

Updated:

Comments

You May Also Enjoy

Kubernetes

5 minute read

I focus mostly on designing and building network infrastructure, but this often leads to situations where I need to have a solid understanding of other disci...