New host for the blog with new tools
Has been a long while that I do own this domain (tglman.com) almost 18 years, and in all this time it evolved in multiple different sites, but for all this time was just hosted on a simple hosting provider that allowed me to have in it some PHP scripts.
Since I have been running for a while other sites and services in a more complex setup, was the time to renew the underlying structure of this blog as well, I've been generating this website using a small static site generator called cobalt for quite a while now, so I do not need anything sophisticate to host this site, even though I do prefer to have the ability to public things just pushing on a git repo and running a build.
Having other small sites that I already manage by pushing online with a gitlab-ci build through ssh, I thought I could just buy a simple VPS(Virtual Private Server) and do like I do with every other static site I have, cobalt + ssh on a gitlab build, and the VPS that just run an apache httpd to serve the files.
But this is boring, so I kept the build with cobalt and the publishing done with ssh, and I tried to explore other possible tools for do the static page hosting. Being quite in love with rust recently, I went to explore if existed a simple small tool written in rust that could serve some static files on a http[s], and I found see.
see
See is a simple http[s] server can serve static file, handling correctly multiple hosts, https with specific certificate configurations, and many more things that I do not need at the moment, being a young product though is not yet perfect, to handle all the cases I need that are: https , [www].tglman.com domains, for both ipv4 and ipv6, I had to duplicate a bit the configuration, here it is my final configuration:
server {
listen [::1]:443
root /var/www/html
host tglman.com
compress on
https {
key /var/lib/acme-redirect/live/tglman.com/privkey
cert /var/lib/acme-redirect/live/tglman.com/fullchain
}
}
server {
listen 443
root /var/www/html
host tglman.com
compress on
https {
key /var/lib/acme-redirect/live/tglman.com/privkey
cert /var/lib/acme-redirect/live/tglman.com/fullchain
}
}
server {
listen [::1]:443
root /var/www/html
host www.tglman.com
compress on
https {
key /var/lib/acme-redirect/live/tglman.com/privkey
cert /var/lib/acme-redirect/live/tglman.com/fullchain
}
}
server {
listen 443
root /var/www/html
host www.tglman.com
compress on
https {
key /var/lib/acme-redirect/live/tglman.com/privkey
cert /var/lib/acme-redirect/live/tglman.com/fullchain
}
}
This work fine for me so far, I may open one or more issues to try to reduce the duplication needed today, but so far, it works fine.
Then I was also searching for a replacement of certbot, that for whom do not know what is it, it is a tool to handle the generation and renew of ssl certificates using let'sencrypt.
For that (spoiler in the previous configuration) I found acme-redirect which it handles not only the registration and
renew of the certificate, but also the redirect from http to https and the restart of eventual service that use the certificate on it's renew.
acme-redirect
I did not need to do anything exceptional to make this tool work, just set my own configurations like this:
/etc/acme-redirect.d/tglman.com =>
[cert]
name = "tglman.com"
dns_names = [
"tglman.com",
"www.tglman.com",
]
/etc/acme-redirect.conf =>
[acme]
acme_email = "my mail at tglman.com"
renew_if_days_left = 15
Started the services and if you are reading this everything works just fine!!!
I do not know how stable and secure are this tools though, but I do not have anything important on this machine now, and I do monitor it frequently enough to not be worried if this get taken down by some security problems.