diff options
author | David Luevano Alvarado <david@luevano.xyz> | 2021-06-08 00:58:33 -0600 |
---|---|---|
committer | David Luevano Alvarado <david@luevano.xyz> | 2021-06-08 00:58:33 -0600 |
commit | 5415f37e8da7615b524173f2bb6968be46128d20 (patch) | |
tree | f108327d8a65ad14ea4007bcd317adaacb3f5eb8 /blog/src/a | |
parent | a3e6abf899f8185ff84089474dee6398d064f593 (diff) |
add 404 pages, edit entries and start skeleton for xmpp server entry
Diffstat (limited to 'blog/src/a')
-rw-r--r-- | blog/src/a/git_server_with_cgit.md | 65 | ||||
-rw-r--r-- | blog/src/a/mail_server_with_postfix.md | 54 | ||||
-rw-r--r-- | blog/src/a/website_with_nginx.md | 58 |
3 files changed, 100 insertions, 77 deletions
diff --git a/blog/src/a/git_server_with_cgit.md b/blog/src/a/git_server_with_cgit.md index da6464a..9d7ab44 100644 --- a/blog/src/a/git_server_with_cgit.md +++ b/blog/src/a/git_server_with_cgit.md @@ -13,16 +13,14 @@ Note that this is mostly for personal use, so there's no user/authentication con ## Prerequisites -I might get tired of saying this (it's just copy paste, basically)... but similar as before (check my [website](https://blog.luevano.xyz/a/website_with_nginx.html) and [mail](https://blog.luevano.xyz/a/mail_server_with_postfix.html) entries): +I might get tired of saying this (it's just copy paste, basically)... but you will need the same prerequisites as before (check my [website](https://blog.luevano.xyz/a/website_with_nginx.html) and [mail](https://blog.luevano.xyz/a/mail_server_with_postfix.html) entries), with the extras: -* (This time, optional) A domain name if you want to have a "front end" to show your repositories. Got mine on [Epik](https://www.epik.com/?affid=da5ne9ru4) (affiliate link, btw). - * With a **CNAME** for "git" and (optionally) "www.git", or some other name for your sub-domains. -* A VPS or somewhere else to host. I'm using [Vultr](https://www.vultr.com/?ref=8732849) (also an affiliate link). - * `ssh` configured. - * (Optionally, if doing the domain name thingy) With `nginx` and `certbot` setup and running. - * Of course, `git` already installed (it should be a must have always). +* (Optional, if you want a "front-end") A **CNAME** for "git" and (optionally) "www.git", or some other name for your sub-domains. +* An SSL certificate, if you're following the other entries, add a `git.conf` and run `certbot --nginx` to extend the certificate. -## git server +## Git + +[Git](https://wiki.archlinux.org/title/git) is a version control system. If not installed already, install the `git` package: @@ -74,20 +72,22 @@ systemctl start git-daemon.socket systemctl enable git-daemon.socket ``` -You're basically done. Now you should be able to push/pull repositories to your server... except, you haven't created any repository in your server, that's right, they're not created automatically when trying to push. To do so, you have to do the following sequence (assuming you're "`cd`'ed" into the `/home/git` directory): +You're basically done. Now you should be able to push/pull repositories to your server... except, you haven't created any repository in your server, that's right, they're not created automatically when trying to push. To do so, you have to run (while inside `/home/git`): ```sh -mkdir {repo_name}.git -cd {repo_name}.git +git init --bare {repo_name}.git +chown -R git:git repo_name.git ``` Those two lines above will need to be run each time you want to add a new repository to your server (yeah, kinda lame... although there are options to "automate" this, I like it this way). -After that you can already push/pull to your repository. I have my repositories (locally) set up so I can push to more than one remote at the same time (my server, GitHub, GitLab, etc.), which is detailed [here](https://gist.github.com/rvl/c3f156e117e22a25f242). +After that you can already push/pull to your repository. I have my repositories (locally) set up so I can push to more than one remote at the same time (my server, GitHub, GitLab, etc.); to do so, check [this gist](https://gist.github.com/rvl/c3f156e117e22a25f242). + +## Cgit -## cgit +[Cgit](https://wiki.archlinux.org/title/Cgit) is a fast web interface for git. -This bit is optional if you only wanted a git server (really easy to set up), this is so you can have a web application. This is basically a copy paste of [Arch Linux Wiki: Cgit](https://wiki.archlinux.org/index.php/Cgit#Nginx) so you can go there and get more in-depth configurations. +This is optionally since it's only for the web application. Install the `cgit` and `fcgiwrap` packages: @@ -102,7 +102,7 @@ systemctl start fcgiwrap.socket systemctl enable fcgiwrap.socket ``` -Next, the way I configure `nginx` is creating a separate file `{module}.conf` (`git.conf` in this case) under `/etc/nginx/sites-available` and create a symlink to `/etc/nginx/sites-enabled` as stated in my [`nginx` setup entry](https://blog.luevano.xyz/a/website_with_nginx.html). Add the following lines to your `git.conf` file: +Next, create the `git.conf` as stated in my [nginx setup entry](https://blog.luevano.xyz/a/website_with_nginx.html). Add the following lines to your `git.conf` file: ```nginx server { @@ -129,7 +129,6 @@ Now, all that's left is to configure `cgit`. Create the configuration file `/etc ```apache css=/cgit.css -source-filter=/usr/lib/cgit/filters/syntax-highlighting-edited.sh logo=/cgit.png enable-http-clone=1 @@ -155,6 +154,36 @@ repo.desc=These are my personal dotfiles. ... ``` -Otherwise you could let `cgit` to automatically detect your repositories (you have to be careful if you want to keep "private" repos) using the option `scan-path` and setup `.git/description` for each repository. I will add more to my actual configuration, but for now it is useful as it is. For more, you can check [cgitrc(5)](https://man.archlinux.org/man/cgitrc.5). +Otherwise you could let `cgit` to automatically detect your repositories (you have to be careful if you want to keep "private" repos) using the option `scan-path` and setup `.git/description` for each repository. For more, you can check [cgitrc(5)](https://man.archlinux.org/man/cgitrc.5). + +By default you can't see the files on the site, you need a highlighter to render the files, I use `highlight`. Install the `highlight` package: + +```sh +pacman -S highlight +``` + +Copy the `syntax-highlighting.sh` script to the corresponding location (basically adding `-edited` to the file): + +```sh +cp /usr/lib/cgit/filters/syntax-highlighting.sh /usr/lib/cgit/filters/syntax-highlighting-edited.sh +``` + +And edit it to use the version 3 and add `--inline-css` for more options without editing `cgit`'s CSS file: + +```sh +... +# This is for version 2 +# exec highlight --force -f -I -X -S "$EXTENSION" 2>/dev/null + +# This is for version 3 +exec highlight --force --inline-css -f -I -O xhtml -S "$EXTENSION" 2>/dev/null +... +``` + +Finally, enable the filter in `/etc/cgitrc` configuration: + +```apache +source-filter=/usr/lib/cgit/filters/syntax-highlighting-edited.sh +``` -Finally, if you want further support for highlighting, other compressed snapshots or support for markdown, checkout the optional dependencies for `cgit` and also the Arch Wiki goes in detail on how to setup highlighting with two different packages. +That would be everything. If you need support for more stuff like compressed snapshots or support for markdown, check the optional dependencies for `cgit`. diff --git a/blog/src/a/mail_server_with_postfix.md b/blog/src/a/mail_server_with_postfix.md index b65cf54..e254416 100644 --- a/blog/src/a/mail_server_with_postfix.md +++ b/blog/src/a/mail_server_with_postfix.md @@ -9,25 +9,19 @@ tags: server The entry is going to be long because it's a *tedious* process. This is also based on [Luke Smith's script](https://github.com/LukeSmithxyz/emailwiz), but adapted to Arch Linux (his script works on debian-based distributions). This entry is mostly so I can record all the notes required while I'm in the process of installing/configuring the mail server on a new VPS of mine; also I'm going to be writing a script that does everything in one go (for Arch Linux), that will be hosted [here](https://git.luevano.xyz/server_scripts.git). -This configuration works for local users (users that appear in `/etc/passwd`), and does not use any type of SQL. And note that most if not all commands executed here are run with root privileges. - -More in depth configuration is detailed in the Arch Wiki for each package used here. +This configuration works for local users (users that appear in `/etc/passwd`), and does not use any type of SQL Database. And note that most if not all commands executed here are run with root privileges. ## Prerequisites -Basically the same as with the [website with Nginx and Certbot](https://blog.luevano.xyz/a/website_with_nginx.html): +Basically the same as with the [website with Nginx and Certbot](https://blog.luevano.xyz/a/website_with_nginx.html), with the extras: -* A domain name. Got mine on [Epik](https://www.epik.com/?affid=da5ne9ru4) (affiliate link, btw). - * Later we'll be adding some **MX** and **TXT** records. - * You also need a **CNAME** for "mail" and (optionally) "www.mail", or whatever you want to call the sub-domains (although the [RFC 2181](https://tools.ietf.org/html/rfc2181#section-10.3) states that it NEEDS to be an **A** record, fuck the police), to actually work and to get SSL certificate (you can also use the SSL certificate obtained if you created a website following my other notes on `nginx` and `certbot`) with `certbot` (just create a `mail.conf` for `nginx`, similar to how we created it in the website entry). -* A VPS or somewhere else to host. I'm using [Vultr](https://www.vultr.com/?ref=8732849) (also an affiliate link). - * `ssh` configured. - * Ports 25, 587 (SMTP), 465 (SMTPS), 143 (IMAP) and 993 (IMAPS) open on the firewall (I use `ufw`). - * With `nginx` and `certbot` setup and running. +- You will need a **CNAME** for "mail" and (optionally) "www.mail", or whatever you want to call the sub-domains (although the [RFC 2181](https://tools.ietf.org/html/rfc2181#section-10.3) states that it NEEDS to be an **A** record, fuck the police). +- An SSL certificate. You can use the SSL certificate obtained following my last post using `certbot` (just create a `mail.conf` and run `certbot --nginx` again). +- Ports 25, 587 (SMTP), 465 (SMTPS), 143 (IMAP) and 993 (IMAPS) open on the firewall. ## Postfix -[Postfix](https://wiki.archlinux.org/index.php/Postfix) is a "mail transfer agent" which is the component of the mail server that receives and sends emails via SMTP. +[Postfix](https://wiki.archlinux.org/title/postfix) is a "mail transfer agent" which is the component of the mail server that receives and sends emails via SMTP. Install the `postfix` package: @@ -76,7 +70,7 @@ smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous ``` -Specify the mailbox home (this is going to be a directory inside your user's home): +Specify the mailbox home (this is going to be a directory inside your user's home containing the actual mail files): ```apache home_mailbox = Mail/Inbox/ @@ -141,7 +135,7 @@ smtps 465/tcp smtps 465/udp ``` -Before starting the `postfix` service, you need to run `newaliases` first (but you can do a bit of configuration beforehand). Edit the file `/etc/postfix/aliases` and edit accordingly. I only change the `root: you` line (where `you` is the account that will be receiving "root" mail). Check the Arch Wiki for more info and other alternatives/options. After you're done, run: +Before starting the `postfix` service, you need to run `newaliases` first, but you can do a bit of configuration beforehand editing the file `/etc/postfix/aliases`. I only change the `root: you` line (where `you` is the account that will be receiving "root" mail). After you're done, run: ```sh postalias /etc/postfix/aliases @@ -157,7 +151,7 @@ systemctl enable postfix.service ## Dovecot -[Dovecot](https://wiki.archlinux.org/index.php/Dovecot) is an IMAP and POP3 server, which is what lets an email application retrieve the mail. +[Dovecot](https://wiki.archlinux.org/title/Dovecot) is an IMAP and POP3 server, which is what lets an email application retrieve the mail. Install the `dovecot` and `pigeonhole` (sieve for `dovecot`) packages: @@ -173,9 +167,9 @@ cp /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot/dovecot.conf cp -r /usr/share/doc/dovecot/example-config/conf.d /etc/dovecot ``` -As Luke stated, `dovecot` comes with a lot of "modules" (under `/etc/dovecot/conf.d/` if you copied that folder) for all sorts of configurations that you can include, but I do as he does and just edits/creates the whole `dovecot.conf` file; although, I would like to check each of the separate configuration files `dovecot` provides I think the options Luke provides are more than good enough. +As Luke stated, `dovecot` comes with a lot of "modules" (under `/etc/dovecot/conf.d/` if you copied that folder) for all sorts of configurations that you can include, but I do as he does and just edit/create the whole `dovecot.conf` file; although, I would like to check each of the separate configuration files `dovecot` provides I think the options Luke provides are more than good enough. -I'm working with an empty `dovecot.conf` file. Add the following lines for SSL and login configuration (also replace `{yourcertdir}` with the same certificate directory described in the Postfix section above, note that the `<` is required): +I'm working with an empty `dovecot.conf` file. Add the following lines for SSL and login configuration (also replace `{yourcertdir}` with the same certificate directory described in the [Postfix](#postfix) section above, note that the `<` is required): ```apache ssl = required @@ -254,7 +248,7 @@ service auth { } ``` -Lastly (for `dovecot` at least), the plugin configuration for `sieve` (`pigeonhole`): +Lastly (for Dovecot at least), the plugin configuration for `sieve` (`pigeonhole`): ```apache protocol lda { @@ -294,13 +288,13 @@ grep -q "^vmail:" /etc/passwd || useradd -m vmail -s /usr/bin/nologin chown -R vmail:vmail /var/lib/dovecot ``` -Note that I also changed the shell for `vmail` to be `/usr/bin/nologin`. After that, run: +Note that I also changed the shell for `vmail` to be `/usr/bin/nologin`. After that, to compile the configuration file run: ```sh sievec /var/lib/dovecot/sieve/default.sieve ``` -To compile the configuration file (a `default.svbin` file will be created next to `default.sieve`). +A `default.svbin` file will be created next to `default.sieve`. Next, add the following lines to `/etc/pam.d/dovecot` if not already present (shouldn't be there if you've been following these notes): @@ -309,7 +303,7 @@ auth required pam_unix.so nullok account required pam_unix.so ``` -That's it for `dovecot`, at this point you can start/enable the `dovecot` service: +That's it for Dovecot, at this point you can start/enable the `dovecot` service: ```sh systemctl start dovecot.service @@ -318,7 +312,7 @@ systemctl enable dovecot.service ## OpenDKIM -[OpenDKIM](https://wiki.archlinux.org/index.php/OpenDKIM) is needed so services like G\*\*gle (we don't mention that name here \[\[\[this is a meme\]\]\]) don't throw the mail to the trash. DKIM stands for "DomainKeys Identified Mail". +[OpenDKIM](https://wiki.archlinux.org/title/OpenDKIM) is needed so services like G\*\*gle (we don't mention that name here \[\[\[this is a meme\]\]\]) don't throw the mail to the trash. DKIM stands for "DomainKeys Identified Mail". Install the `opendkim` package: @@ -370,7 +364,7 @@ localhost And more, make sure to include your server IP and something like `subdomain.domainname`. -Next, edit `/etc/opendkim/opendkim.conf` to reflect the changes (or rather, additions) of these files, as well as some other configuration. You can look up the example configuration file located at `/usr/share/doc/opendkim/opendkim.conf.sample`, but I'm creating a blank one with the contents: +Next, edit `/etc/opendkim/opendkim.conf` to reflect the changes (or rather, addition) of these files, as well as some other configuration. You can look up the example configuration file located at `/usr/share/doc/opendkim/opendkim.conf.sample`, but I'm creating a blank one with the contents: ```apache Domain {yourdomain} @@ -392,7 +386,7 @@ chmod g+r /etc/postfix/dkim/* I'm using `root:opendkim` so `opendkim` doesn't complain about the `{yoursubdomani}.private` being insecure (you can change that by using the option `RequireSafeKeys False` in the `opendkim.conf` file, as stated [here](http://lists.opendkim.org/archive/opendkim/users/2014/12/3331.html)). -That's it for the general configuration, but you could go more in depth and be more secure with some extra configuration as described in the [Arch Wiki entry for OpenDKIM](https://wiki.archlinux.org/index.php/OpenDKIM#Security). +That's it for the general configuration, but you could go more in depth and be more secure with some extra configuration. Now, just start/enable the `opendkim` service: @@ -417,11 +411,11 @@ In the TXT record you will place `{yoursubdomain}._domainkey` as the "Host" and 3. *SPF* entry: just `@` as the "Host" and `"v=spf1 mx a:{yoursubdomain}.{yourdomain} - all"` as the "TXT Value". -And at this point you could test your mail for spoofing and more, but you don't know -yet- how to login (it's really easy, but I'm gonna state that at the end of this entry). +And at this point you could test your mail for spoofing and more. ## SpamAssassin -[SpamAssassin](https://wiki.archlinux.org/index.php/SpamAssassin) is just *a mail filter to identify spam*. +[SpamAssassin](https://wiki.archlinux.org/title/SpamAssassin) is just *a mail filter to identify spam*. Install the `spamassassin` package (which will install a bunch of ugly `perl` packages...): @@ -500,7 +494,7 @@ systemctl enable spamassassin.service ## Wrapping up -We should have a working mail server by now. Before continuing check your journal logs (`journalctl -xe --unit={unit}`, where `{unit}` could be `spamassassin.service`for example) to see if there was any error whatsoever and try to debug it, it should be a typo somewhere (the logs are generally really descriptive) because all the settings and steps detailed here just (literally just finished doing everything on a new server as of the writing of this text) worked *(((it just werks on my machine)))*. +We should have a working mail server by now. Before continuing check your journal logs (`journalctl -xe --unit={unit}`, where `{unit}` could be `spamassassin.service` for example) to see if there was any error whatsoever and try to debug it, it should be a typo somewhere (the logs are generally really descriptive) because all the settings and steps detailed here just (literally just finished doing everything on a new server as of the writing of this text) worked *(((it just werks on my machine)))*. Now, to actually use the mail service: first of all, you need a *normal* account (don't use root) that belongs to the `mail` group (`gpasswd -a user group` to add a user `user` to group `group`) and that has a password. @@ -518,8 +512,6 @@ Next, to actually login into a mail app/program/whateveryouwanttocallit, you wil All that's left to do is test your mail server for spoofing, and to see if everything is setup correctly. Go to [DKIM Test](https://www.appmaildev.com/en/dkim) and follow the instructions (basically click next, and send an email with whatever content to the email that they provide). After you send the email, you should see something like: -![DKIM Test successful](images/b/notes/mail/dkim_test_successful.png) - -(Yes, I blurred a lot in the picture just to be sure, either way what's important is the list on the bottom part of the image) +![DKIM Test successful](images/b/notes/mail/dkim_test_successful.png "DKIM Test successful") -Finally, that's actually it for this entry, if you have any problem whatsoever you have my info down below. +Finally, that's actually it for this entry, if you have any problem whatsoever you can [contact me](https://luevano.xyz/contact.html). diff --git a/blog/src/a/website_with_nginx.md b/blog/src/a/website_with_nginx.md index 95c90c1..09a7781 100644 --- a/blog/src/a/website_with_nginx.md +++ b/blog/src/a/website_with_nginx.md @@ -15,15 +15,17 @@ As a side note, (((i use arch btw))) so everything here es aimed at an Arch Linu You will need two things: -* A domain name (duh!). I got mine on [Epik](https://www.epik.com/?affid=da5ne9ru4) (affiliate link, btw). - * With the corresponding **A** and **AAA** records pointing to the VPS' IPs ("A" record points to the ipv4 address and "AAA" to the ipv6, basically). I have three records for each type: empty one, "www" and "\*" for a wildcard, that way "domain.name", "www.domain.name", "anythingelse.domain.name" point to the same VPS (meaning that you can have several VPS for different sub-domains). -* A VPS or somewhere else to host it. I'm using [Vultr](https://www.vultr.com/?ref=8732849) (also an affiliate link). - * With `ssh` already configured both on the local machine and on the remote machine. - * Firewall already configured to allow ports 80 (HTTP) and 443 (HTTPS). I use `ufw` so it's just a matter of doing `ufw allow 80,443/tcp` as root and you're golden. - * `cron` installed if you follow along (you could use `systemd` timers, or some other method you prefer to automate running commands every X time). +- A domain name (duh!). I got mine on [Epik](https://www.epik.com/?affid=da5ne9ru4) (affiliate link, btw). + - With the corresponding **A** and **AAA** records pointing to the VPS' IPs ("A" record points to the ipv4 address and "AAA" to the ipv6, basically). I have three records for each type: empty one, "www" and "\*" for a wildcard, that way "domain.name", "www.domain.name", "anythingelse.domain.name" point to the same VPS (meaning that you can have several VPS for different sub-domains). +- A VPS or somewhere else to host it. I'm using [Vultr](https://www.vultr.com/?ref=8732849) (also an affiliate link). + - With `ssh` already configured both on the local machine and on the remote machine. + - Firewall already configured to allow ports 80 (HTTP) and 443 (HTTPS). I use `ufw` so it's just a matter of doing `ufw allow 80,443/tcp` as root and you're golden. + - `cron` installed if you follow along (you could use `systemd` timers, or some other method you prefer to automate running commands every X time). ## Nginx +[Nginx](https://wiki.archlinux.org/title/Nginx) is a web (HTTP) server and reverse proxy server. + You have two options: `nginx` and `nginx-mainline`. I prefer `nginx-mainline` because it's the "up to date" package even though `nginx` is labeled to be the "stable" version. Install the package and enable/start the service: ```sh @@ -32,11 +34,11 @@ systemctl enable nginx.service systemctl start nginx.service ``` -And that's it, at this point you can already look at the default initial page of nginx if you enter the ip of your server in a web browser. You should see something like this: +And that's it, at this point you can already look at the default initial page of Nginx if you enter the IP of your server in a web browser. You should see something like this: -![Nginx welcome page](images/b/notes/nginx/nginx_welcome_page.png) +![Nginx welcome page](images/b/notes/nginx/nginx_welcome_page.png "Nginx welcome page") -As stated in the welcome page, configuration is needed, head to the directory of nginx: +As stated in the welcome page, configuration is needed, head to the directory of Nginx: ```sh cd /etc/nginx @@ -66,7 +68,7 @@ http { } ``` -Next, inside the directory `/etc/nginx/` create the `sites-available` and `sites-enabled`, and go into the `sites-available` one: +Next, inside the directory `/etc/nginx/` create the `sites-available` and `sites-enabled` directories, and go into the `sites-available` one: ```sh mkdir sites-available @@ -91,35 +93,37 @@ server { } ``` -Note several things: +That could serve as a template if you intend to add more domains. + +Note some things: -* `listen`: we're telling nginx which port to listen to (ipv4 and ipv6, respectively). +* `listen`: we're telling Nginx which port to listen to (IPv4 and IPv6, respectively). * `root`: the root directory of where the website files (`.html`, `.css`, `.js`, etc. files) are located. I followed Luke's directory path `/var/www/some_folder`. -* `server_name`: the actual domain to "listen" to (for my website it is: `server_name luevano.xyz www.luevano.xyz`; and for this blog is: `server_name blog.luevano.xyz www.blog.luevano.xyz`). +* `server_name`: the actual domain to "listen" to (for my website it is: `server_name luevano.xyz www.luevano.xyz;` and for this blog is: `server_name blog.luevano.xyz www.blog.luevano.xyz;`). * `index`: what file to serve as the index (could be any `.html`, `.htm`, `.php`, etc. file) when just entering the website. -* `location`: used in case of different configurations across different URL paths. - * `try_files`: tells what files to look for, don't look into this too much for now. +* `location`: what goes after `domain.name`, used in case of different configurations depending on the URL paths (deny access on `/private`, make a proxy on `/proxy`, etc). + * `try_files`: tells what files to look for. -Then, make a symbolic from this config file to the `sites-enabled` directory: +Then, make a symbolic link from this configuration file to the `sites-enabled` directory: ```sh ln -s /etc/nginx/sites-available/your_config_file.conf /etc/nginx/sites-enabled ``` -This is so the `nginx.conf` file can look up the newly created server config. With this method of having each server configuration file separate you can easily "deactivate" any website by just deleting the symbolic link in `sites-enabled` and you're good, or just add new configuration files and keep everything nice and tidy. +This is so the `nginx.conf` file can look up the newly created server configuration. With this method of having each server configuration file separate you can easily "deactivate" any website by just deleting the symbolic link in `sites-enabled` and you're good, or just add new configuration files and keep everything nice and tidy. -All you have to do now is restart (or enable and start if you haven't already) the nginx service (and optionally test the configuration): +All you have to do now is restart (or enable and start if you haven't already) the Nginx service (and optionally test the configuration): ```sh nginx -t systemctl restart nginx ``` -If everything goes correctly, you can now go to your website by typing "domain.name" on a web browser. But you will see a "404 Not Found" page like the following (maybe with different nginx version): +If everything goes correctly, you can now go to your website by typing `domain.name` on a web browser. But you will see a "404 Not Found" page like the following (maybe with different Nginx version): -![Nginx 404 page](images/b/notes/nginx/nginx_404_page.png) +![Nginx 404 Not Found page](images/b/notes/nginx/nginx_404_page.png "Nginx 404 Not Found page") -That's no problem, because it means that the web server it's actually working. Just add an `index.html` file with something simple to see it in action. If you keep seeing the 404 page make sure your `root` line is correct and that the directory/index file exists. +That's no problem, because it means that the web server it's actually working. Just add an `index.html` file with something simple to see it in action (in the `/var/www/some_folder` that you decided upon). If you keep seeing the 404 page make sure your `root` line is correct and that the directory/index file exists. I like to remove the `.html` and trailing `/` on the URLs of my website, for that you need to add the following `rewrite` lines and modify the `try_files` line (for more: [Sean C. Davis: Remove HTML Extension And Trailing Slash In Nginx Config](https://www.seancdavis.com/blog/remove-html-extension-and-trailing-slash-in-nginx-config/)): @@ -133,11 +137,11 @@ server { ... ``` -For more: [Arch Linux Wiki: nginx](https://wiki.archlinux.org/index.php/nginx). - ## Certbot -The only "bad" (bloated) thing about certbot, is that it uses `python`, but for me it doesn't matter too much. You may want to look up another alternative if you prefer. Install the packages `certbot` and `certbot-nginx`: +[Certbot](https://wiki.archlinux.org/title/Certbot) is what provides the SSL certificates via [Let's Encrypt](https://letsencrypt.org/). + +The only "bad" (bloated) thing about Certbot, is that it uses `python`, but for me it doesn't matter too much. You may want to look up another alternative if you prefer. Install the packages `certbot` and `certbot-nginx`: ```sh pacman -S certbot certbot-nginx @@ -149,7 +153,7 @@ After that, all you have to do now is run `certbot` and follow the instructions certbot --nginx ``` -It will ask you for some information, for you to accept some agreements and the names to activate https for. Also, you will want to "say yes" to the redirection from http to https. And that's it, you can now go to your website and see that you have https active. +It will ask you for some information, for you to accept some agreements and the names to activate HTTPS for. Also, you will want to "say yes" to the redirection from HTTP to HTTPS. And that's it, you can now go to your website and see that you have HTTPS active. Now, the certificate given by `certbot` expires every 3 months or something like that, so you want to renew this certificate every once in a while. Using `cron`, you can do this by running: @@ -157,8 +161,6 @@ Now, the certificate given by `certbot` expires every 3 months or something like crontab -e ``` -And a file will be opened where you need to add a new rule for certbot, just append the line: `1 1 1 * * certbot renew` (renew on the first day of every month) and you're good. Alternatively use `systemd` timers as stated in the [Arch Linux Wiki](https://wiki.archlinux.org/index.php/Certbot#Automatic_renewal). - -For more: [Arch Linux Wiki: Certbot](https://wiki.archlinux.org/index.php/Certbot). +And a file will be opened where you need to add a new rule for Certbot, just append the line: `1 1 1 * * certbot renew` (renew on the first day of every month) and you're good. Alternatively use `systemd` timers as stated in the [Arch Linux Wiki](https://wiki.archlinux.org/title/Certbot#Automatic_renewal). That's it, you now have a website with SSL certificate. |