summaryrefslogtreecommitdiff
path: root/blog/dst
diff options
context:
space:
mode:
Diffstat (limited to 'blog/dst')
l---------blog/dst/404.html1
-rw-r--r--blog/dst/a/git_server_with_cgit.html57
-rw-r--r--blog/dst/a/mail_server_with_postfix.html61
-rw-r--r--blog/dst/a/website_with_nginx.html49
-rw-r--r--blog/dst/rss.xml167
-rw-r--r--blog/dst/sitemap.xml20
6 files changed, 189 insertions, 166 deletions
diff --git a/blog/dst/404.html b/blog/dst/404.html
new file mode 120000
index 0000000..2274043
--- /dev/null
+++ b/blog/dst/404.html
@@ -0,0 +1 @@
+/home/lz/dox/www/luevano.xyz/luevano/404.html \ No newline at end of file
diff --git a/blog/dst/a/git_server_with_cgit.html b/blog/dst/a/git_server_with_cgit.html
index 7259b42..64cd553 100644
--- a/blog/dst/a/git_server_with_cgit.html
+++ b/blog/dst/a/git_server_with_cgit.html
@@ -81,20 +81,13 @@
<p>My git server is all I need to setup to actually <em>kill</em> my other server (I&rsquo;ve been moving from servers on these last 2-3 blog entries), that&rsquo;s why I&rsquo;m already doing this entry. I&rsquo;m basically following <a href="https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server">git&rsquo;s guide on setting up a server</a> plus some specific stuff for (btw i use) Arch Linux (<a href="https://wiki.archlinux.org/index.php/Git_server#Web_interfaces">Arch Linux Wiki: Git server</a> and <a href="https://miracoin.wordpress.com/2014/11/25/step-by-step-guide-on-setting-up-git-server-in-arch-linux-pushable/">Step by step guide on setting up git server in arch linux (pushable)</a>).</p>
<p>Note that this is mostly for personal use, so there&rsquo;s no user/authentication control other than that of SSH. Also, most if not all commands here are run as root.</p>
<h2 id="prerequisites">Prerequisites</h2>
-<p>I might get tired of saying this (it&rsquo;s just copy paste, basically)&hellip; but similar as before (check my <a href="https://blog.luevano.xyz/a/website_with_nginx.html">website</a> and <a href="https://blog.luevano.xyz/a/mail_server_with_postfix.html">mail</a> entries):</p>
+<p>I might get tired of saying this (it&rsquo;s just copy paste, basically)&hellip; but you will need the same prerequisites as before (check my <a href="https://blog.luevano.xyz/a/website_with_nginx.html">website</a> and <a href="https://blog.luevano.xyz/a/mail_server_with_postfix.html">mail</a> entries), with the extras:</p>
<ul>
-<li>(This time, optional) A domain name if you want to have a &ldquo;front end&rdquo; to show your repositories. Got mine on <a href="https://www.epik.com/?affid=da5ne9ru4">Epik</a> (affiliate link, btw).<ul>
-<li>With a <strong>CNAME</strong> for &ldquo;git&rdquo; and (optionally) &ldquo;www.git&rdquo;, or some other name for your sub-domains.</li>
+<li>(Optional, if you want a &ldquo;front-end&rdquo;) A <strong>CNAME</strong> for &ldquo;git&rdquo; and (optionally) &ldquo;www.git&rdquo;, or some other name for your sub-domains.</li>
+<li>An SSL certificate, if you&rsquo;re following the other entries, add a <code>git.conf</code> and run <code>certbot --nginx</code> to extend the certificate.</li>
</ul>
-</li>
-<li>A VPS or somewhere else to host. I&rsquo;m using <a href="https://www.vultr.com/?ref=8732849">Vultr</a> (also an affiliate link).<ul>
-<li><code>ssh</code> configured.</li>
-<li>(Optionally, if doing the domain name thingy) With <code>nginx</code> and <code>certbot</code> setup and running.</li>
-<li>Of course, <code>git</code> already installed (it should be a must have always).</li>
-</ul>
-</li>
-</ul>
-<h2 id="git-server">git server</h2>
+<h2 id="git">Git</h2>
+<p><a href="https://wiki.archlinux.org/title/git">Git</a> is a version control system.</p>
<p>If not installed already, install the <code>git</code> package:</p>
<pre><code class="language-sh">pacman -S git
</code></pre>
@@ -125,14 +118,15 @@ ExecStart=-/usr/lib/git-core/git-daemon --inetd --export-all --base-path=/home/g
<pre><code class="language-sh">systemctl start git-daemon.socket
systemctl enable git-daemon.socket
</code></pre>
-<p>You&rsquo;re basically done. Now you should be able to push/pull repositories to your server&hellip; except, you haven&rsquo;t created any repository in your server, that&rsquo;s right, they&rsquo;re not created automatically when trying to push. To do so, you have to do the following sequence (assuming you&rsquo;re &ldquo;<code>cd</code>&lsquo;ed&rdquo; into the <code>/home/git</code> directory):</p>
-<pre><code class="language-sh">mkdir {repo_name}.git
-cd {repo_name}.git
+<p>You&rsquo;re basically done. Now you should be able to push/pull repositories to your server&hellip; except, you haven&rsquo;t created any repository in your server, that&rsquo;s right, they&rsquo;re not created automatically when trying to push. To do so, you have to run (while inside <code>/home/git</code>):</p>
+<pre><code class="language-sh">git init --bare {repo_name}.git
+chown -R git:git repo_name.git
</code></pre>
<p>Those two lines above will need to be run each time you want to add a new repository to your server (yeah, kinda lame&hellip; although there are options to &ldquo;automate&rdquo; this, I like it this way).</p>
-<p>After that you can already push/pull to your repository. I have my repositories (locally) set up so I can push to more than one remote at the same time (my server, GitHub, GitLab, etc.), which is detailed <a href="https://gist.github.com/rvl/c3f156e117e22a25f242">here</a>.</p>
-<h2 id="cgit">cgit</h2>
-<p>This bit is optional if you only wanted a git server (really easy to set up), this is so you can have a web application. This is basically a copy paste of <a href="https://wiki.archlinux.org/index.php/Cgit#Nginx">Arch Linux Wiki: Cgit</a> so you can go there and get more in-depth configurations.</p>
+<p>After that you can already push/pull to your repository. I have my repositories (locally) set up so I can push to more than one remote at the same time (my server, GitHub, GitLab, etc.); to do so, check <a href="https://gist.github.com/rvl/c3f156e117e22a25f242">this gist</a>.</p>
+<h2 id="cgit">Cgit</h2>
+<p><a href="https://wiki.archlinux.org/title/Cgit">Cgit</a> is a fast web interface for git.</p>
+<p>This is optionally since it&rsquo;s only for the web application.</p>
<p>Install the <code>cgit</code> and <code>fcgiwrap</code> packages:</p>
<pre><code class="language-sh">pacman -S cgit fcgiwrap
</code></pre>
@@ -140,7 +134,7 @@ cd {repo_name}.git
<pre><code class="language-sh">systemctl start fcgiwrap.socket
systemctl enable fcgiwrap.socket
</code></pre>
-<p>Next, the way I configure <code>nginx</code> is creating a separate file <code>{module}.conf</code> (<code>git.conf</code> in this case) under <code>/etc/nginx/sites-available</code> and create a symlink to <code>/etc/nginx/sites-enabled</code> as stated in my <a href="https://blog.luevano.xyz/a/website_with_nginx.html"><code>nginx</code> setup entry</a>. Add the following lines to your <code>git.conf</code> file:</p>
+<p>Next, create the <code>git.conf</code> as stated in my <a href="https://blog.luevano.xyz/a/website_with_nginx.html">nginx setup entry</a>. Add the following lines to your <code>git.conf</code> file:</p>
<pre><code class="language-nginx">server {
listen 80;
listen [::]:80;
@@ -161,7 +155,6 @@ systemctl enable fcgiwrap.socket
<p>Where the <code>server_name</code> line depends on you, I have mine setup to <code>git.luevano.xyz</code> and <code>www.git.luevano.xyz</code>. Optionally run <code>certbot --nginx</code> to get a certificate for those domains if you don&rsquo;t have already.</p>
<p>Now, all that&rsquo;s left is to configure <code>cgit</code>. Create the configuration file <code>/etc/cgitrc</code> with the following content (my personal options, pretty much the default):</p>
<pre><code class="language-apache">css=/cgit.css
-source-filter=/usr/lib/cgit/filters/syntax-highlighting-edited.sh
logo=/cgit.png
enable-http-clone=1
@@ -183,14 +176,32 @@ repo.owner=luevano
repo.desc=These are my personal dotfiles.
...
</code></pre>
-<p>Otherwise you could let <code>cgit</code> to automatically detect your repositories (you have to be careful if you want to keep &ldquo;private&rdquo; repos) using the option <code>scan-path</code> and setup <code>.git/description</code> for each repository. I will add more to my actual configuration, but for now it is useful as it is. For more, you can check <a href="https://man.archlinux.org/man/cgitrc.5">cgitrc(5)</a>.</p>
-<p>Finally, if you want further support for highlighting, other compressed snapshots or support for markdown, checkout the optional dependencies for <code>cgit</code> and also the Arch Wiki goes in detail on how to setup highlighting with two different packages.</p>
+<p>Otherwise you could let <code>cgit</code> to automatically detect your repositories (you have to be careful if you want to keep &ldquo;private&rdquo; repos) using the option <code>scan-path</code> and setup <code>.git/description</code> for each repository. For more, you can check <a href="https://man.archlinux.org/man/cgitrc.5">cgitrc(5)</a>.</p>
+<p>By default you can&rsquo;t see the files on the site, you need a highlighter to render the files, I use <code>highlight</code>. Install the <code>highlight</code> package:</p>
+<pre><code class="language-sh">pacman -S highlight
+</code></pre>
+<p>Copy the <code>syntax-highlighting.sh</code> script to the corresponding location (basically adding <code>-edited</code> to the file):</p>
+<pre><code class="language-sh">cp /usr/lib/cgit/filters/syntax-highlighting.sh /usr/lib/cgit/filters/syntax-highlighting-edited.sh
+</code></pre>
+<p>And edit it to use the version 3 and add <code>--inline-css</code> for more options without editing <code>cgit</code>&lsquo;s CSS file:</p>
+<pre><code class="language-sh">...
+# This is for version 2
+# exec highlight --force -f -I -X -S &quot;$EXTENSION&quot; 2&gt;/dev/null
+
+# This is for version 3
+exec highlight --force --inline-css -f -I -O xhtml -S &quot;$EXTENSION&quot; 2&gt;/dev/null
+...
+</code></pre>
+<p>Finally, enable the filter in <code>/etc/cgitrc</code> configuration:</p>
+<pre><code class="language-apache">source-filter=/usr/lib/cgit/filters/syntax-highlighting-edited.sh
+</code></pre>
+<p>That would be everything. If you need support for more stuff like compressed snapshots or support for markdown, check the optional dependencies for <code>cgit</code>.</p>
<hr>
<div class="article-info">
<p>By David Luévano</p>
<p>Created: Sun, Mar 21, 2021 @ 19:00 UTC</p>
- <p>Modified: Fri, Jun 04, 2021 @ 07:59 UTC</p>
+ <p>Modified: Tue, Jun 08, 2021 @ 06:53 UTC</p>
<div class="article-tags">
<p>Tags:
<a href="https://blog.luevano.xyz/tag/@english.html">english</a>, <a href="https://blog.luevano.xyz/tag/@server.html">server</a>, <a href="https://blog.luevano.xyz/tag/@tools.html">tools</a>, <a href="https://blog.luevano.xyz/tag/@tutorial.html">tutorial</a> </p>
diff --git a/blog/dst/a/mail_server_with_postfix.html b/blog/dst/a/mail_server_with_postfix.html
index e44d4d2..04a1b54 100644
--- a/blog/dst/a/mail_server_with_postfix.html
+++ b/blog/dst/a/mail_server_with_postfix.html
@@ -79,25 +79,16 @@
<h1>Create a mail server with Postfix, Dovecot, SpamAssassin and OpenDKIM</h1>
<p>The entry is going to be long because it&rsquo;s a <em>tedious</em> process. This is also based on <a href="https://github.com/LukeSmithxyz/emailwiz">Luke Smith&rsquo;s script</a>, but adapted to Arch Linux (his script works on debian-based distributions). This entry is mostly so I can record all the notes required while I&rsquo;m in the process of installing/configuring the mail server on a new VPS of mine; also I&rsquo;m going to be writing a script that does everything in one go (for Arch Linux), that will be hosted <a href="https://git.luevano.xyz/server_scripts.git">here</a>.</p>
-<p>This configuration works for local users (users that appear in <code>/etc/passwd</code>), and does not use any type of SQL. And note that most if not all commands executed here are run with root privileges.</p>
-<p>More in depth configuration is detailed in the Arch Wiki for each package used here.</p>
+<p>This configuration works for local users (users that appear in <code>/etc/passwd</code>), and does not use any type of SQL Database. And note that most if not all commands executed here are run with root privileges.</p>
<h2 id="prerequisites">Prerequisites</h2>
-<p>Basically the same as with the <a href="https://blog.luevano.xyz/a/website_with_nginx.html">website with Nginx and Certbot</a>:</p>
+<p>Basically the same as with the <a href="https://blog.luevano.xyz/a/website_with_nginx.html">website with Nginx and Certbot</a>, with the extras:</p>
<ul>
-<li>A domain name. Got mine on <a href="https://www.epik.com/?affid=da5ne9ru4">Epik</a> (affiliate link, btw).<ul>
-<li>Later we&rsquo;ll be adding some <strong>MX</strong> and <strong>TXT</strong> records.</li>
-<li>You also need a <strong>CNAME</strong> for &ldquo;mail&rdquo; and (optionally) &ldquo;www.mail&rdquo;, or whatever you want to call the sub-domains (although the <a href="https://tools.ietf.org/html/rfc2181#section-10.3">RFC 2181</a> states that it NEEDS to be an <strong>A</strong> record, fuck the police), to actually work and to get SSL certificate (you can also use the SSL certificate obtained if you created a website following my other notes on <code>nginx</code> and <code>certbot</code>) with <code>certbot</code> (just create a <code>mail.conf</code> for <code>nginx</code>, similar to how we created it in the website entry).</li>
-</ul>
-</li>
-<li>A VPS or somewhere else to host. I&rsquo;m using <a href="https://www.vultr.com/?ref=8732849">Vultr</a> (also an affiliate link).<ul>
-<li><code>ssh</code> configured.</li>
-<li>Ports 25, 587 (SMTP), 465 (SMTPS), 143 (IMAP) and 993 (IMAPS) open on the firewall (I use <code>ufw</code>).</li>
-<li>With <code>nginx</code> and <code>certbot</code> setup and running.</li>
-</ul>
-</li>
+<li>You will need a <strong>CNAME</strong> for &ldquo;mail&rdquo; and (optionally) &ldquo;www.mail&rdquo;, or whatever you want to call the sub-domains (although the <a href="https://tools.ietf.org/html/rfc2181#section-10.3">RFC 2181</a> states that it NEEDS to be an <strong>A</strong> record, fuck the police).</li>
+<li>An SSL certificate. You can use the SSL certificate obtained following my last post using <code>certbot</code> (just create a <code>mail.conf</code> and run <code>certbot --nginx</code> again).</li>
+<li>Ports 25, 587 (SMTP), 465 (SMTPS), 143 (IMAP) and 993 (IMAPS) open on the firewall.</li>
</ul>
<h2 id="postfix">Postfix</h2>
-<p><a href="https://wiki.archlinux.org/index.php/Postfix">Postfix</a> is a &ldquo;mail transfer agent&rdquo; which is the component of the mail server that receives and sends emails via SMTP.</p>
+<p><a href="https://wiki.archlinux.org/title/postfix">Postfix</a> is a &ldquo;mail transfer agent&rdquo; which is the component of the mail server that receives and sends emails via SMTP.</p>
<p>Install the <code>postfix</code> package:</p>
<pre><code class="language-sh">pacman -S postfix
</code></pre>
@@ -133,7 +124,7 @@ smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
</code></pre>
-<p>Specify the mailbox home (this is going to be a directory inside your user&rsquo;s home):</p>
+<p>Specify the mailbox home (this is going to be a directory inside your user&rsquo;s home containing the actual mail files):</p>
<pre><code class="language-apache">home_mailbox = Mail/Inbox/
</code></pre>
<p>Pre-configuration to work seamlessly with <code>dovecot</code> and <code>opendkim</code>:</p>
@@ -177,7 +168,7 @@ spamassassin unix - n n - - pipe
<pre><code class="language-apache">smtps 465/tcp
smtps 465/udp
</code></pre>
-<p>Before starting the <code>postfix</code> service, you need to run <code>newaliases</code> first (but you can do a bit of configuration beforehand). Edit the file <code>/etc/postfix/aliases</code> and edit accordingly. I only change the <code>root: you</code> line (where <code>you</code> is the account that will be receiving &ldquo;root&rdquo; mail). Check the Arch Wiki for more info and other alternatives/options. After you&rsquo;re done, run:</p>
+<p>Before starting the <code>postfix</code> service, you need to run <code>newaliases</code> first, but you can do a bit of configuration beforehand editing the file <code>/etc/postfix/aliases</code>. I only change the <code>root: you</code> line (where <code>you</code> is the account that will be receiving &ldquo;root&rdquo; mail). After you&rsquo;re done, run:</p>
<pre><code class="language-sh">postalias /etc/postfix/aliases
newaliases
</code></pre>
@@ -186,7 +177,7 @@ newaliases
systemctl enable postfix.service
</code></pre>
<h2 id="dovecot">Dovecot</h2>
-<p><a href="https://wiki.archlinux.org/index.php/Dovecot">Dovecot</a> is an IMAP and POP3 server, which is what lets an email application retrieve the mail.</p>
+<p><a href="https://wiki.archlinux.org/title/Dovecot">Dovecot</a> is an IMAP and POP3 server, which is what lets an email application retrieve the mail.</p>
<p>Install the <code>dovecot</code> and <code>pigeonhole</code> (sieve for <code>dovecot</code>) packages:</p>
<pre><code class="language-sh">pacman -S dovecot pigeonhole
</code></pre>
@@ -195,8 +186,8 @@ systemctl enable postfix.service
cp /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot/dovecot.conf
cp -r /usr/share/doc/dovecot/example-config/conf.d /etc/dovecot
</code></pre>
-<p>As Luke stated, <code>dovecot</code> comes with a lot of &ldquo;modules&rdquo; (under <code>/etc/dovecot/conf.d/</code> if you copied that folder) for all sorts of configurations that you can include, but I do as he does and just edits/creates the whole <code>dovecot.conf</code> file; although, I would like to check each of the separate configuration files <code>dovecot</code> provides I think the options Luke provides are more than good enough.</p>
-<p>I&rsquo;m working with an empty <code>dovecot.conf</code> file. Add the following lines for SSL and login configuration (also replace <code>{yourcertdir}</code> with the same certificate directory described in the Postfix section above, note that the <code>&lt;</code> is required):</p>
+<p>As Luke stated, <code>dovecot</code> comes with a lot of &ldquo;modules&rdquo; (under <code>/etc/dovecot/conf.d/</code> if you copied that folder) for all sorts of configurations that you can include, but I do as he does and just edit/create the whole <code>dovecot.conf</code> file; although, I would like to check each of the separate configuration files <code>dovecot</code> provides I think the options Luke provides are more than good enough.</p>
+<p>I&rsquo;m working with an empty <code>dovecot.conf</code> file. Add the following lines for SSL and login configuration (also replace <code>{yourcertdir}</code> with the same certificate directory described in the <a href="#postfix">Postfix</a> section above, note that the <code>&lt;</code> is required):</p>
<pre><code class="language-apache">ssl = required
ssl_cert = &lt;{yourcertdir}/fullchain.pem
ssl_key = &lt;{yourcertdir}/privkey.pem
@@ -260,7 +251,7 @@ namespace inbox {
}
}
</code></pre>
-<p>Lastly (for <code>dovecot</code> at least), the plugin configuration for <code>sieve</code> (<code>pigeonhole</code>):</p>
+<p>Lastly (for Dovecot at least), the plugin configuration for <code>sieve</code> (<code>pigeonhole</code>):</p>
<pre><code class="language-apache">protocol lda {
mail_plugins = $mail_plugins sieve
}
@@ -288,20 +279,20 @@ if header :contains &quot;X-Spam-Flag&quot; &quot;YES&quot; {
<pre><code class="language-sh">grep -q &quot;^vmail:&quot; /etc/passwd || useradd -m vmail -s /usr/bin/nologin
chown -R vmail:vmail /var/lib/dovecot
</code></pre>
-<p>Note that I also changed the shell for <code>vmail</code> to be <code>/usr/bin/nologin</code>. After that, run:</p>
+<p>Note that I also changed the shell for <code>vmail</code> to be <code>/usr/bin/nologin</code>. After that, to compile the configuration file run:</p>
<pre><code class="language-sh">sievec /var/lib/dovecot/sieve/default.sieve
</code></pre>
-<p>To compile the configuration file (a <code>default.svbin</code> file will be created next to <code>default.sieve</code>).</p>
+<p>A <code>default.svbin</code> file will be created next to <code>default.sieve</code>.</p>
<p>Next, add the following lines to <code>/etc/pam.d/dovecot</code> if not already present (shouldn&rsquo;t be there if you&rsquo;ve been following these notes):</p>
<pre><code class="language-txt">auth required pam_unix.so nullok
account required pam_unix.so
</code></pre>
-<p>That&rsquo;s it for <code>dovecot</code>, at this point you can start/enable the <code>dovecot</code> service:</p>
+<p>That&rsquo;s it for Dovecot, at this point you can start/enable the <code>dovecot</code> service:</p>
<pre><code class="language-sh">systemctl start dovecot.service
systemctl enable dovecot.service
</code></pre>
<h2 id="opendkim">OpenDKIM</h2>
-<p><a href="https://wiki.archlinux.org/index.php/OpenDKIM">OpenDKIM</a> is needed so services like G**gle (we don&rsquo;t mention that name here [[[this is a meme]]]) don&rsquo;t throw the mail to the trash. DKIM stands for &ldquo;DomainKeys Identified Mail&rdquo;.</p>
+<p><a href="https://wiki.archlinux.org/title/OpenDKIM">OpenDKIM</a> is needed so services like G**gle (we don&rsquo;t mention that name here [[[this is a meme]]]) don&rsquo;t throw the mail to the trash. DKIM stands for &ldquo;DomainKeys Identified Mail&rdquo;.</p>
<p>Install the <code>opendkim</code> package:</p>
<pre><code class="language-sh">pacman -S opendkim
</code></pre>
@@ -330,7 +321,7 @@ localhost
...
</code></pre>
<p>And more, make sure to include your server IP and something like <code>subdomain.domainname</code>.</p>
-<p>Next, edit <code>/etc/opendkim/opendkim.conf</code> to reflect the changes (or rather, additions) of these files, as well as some other configuration. You can look up the example configuration file located at <code>/usr/share/doc/opendkim/opendkim.conf.sample</code>, but I&rsquo;m creating a blank one with the contents:</p>
+<p>Next, edit <code>/etc/opendkim/opendkim.conf</code> to reflect the changes (or rather, addition) of these files, as well as some other configuration. You can look up the example configuration file located at <code>/usr/share/doc/opendkim/opendkim.conf.sample</code>, but I&rsquo;m creating a blank one with the contents:</p>
<pre><code class="language-apache">Domain {yourdomain}
Selector {yoursubdomain}
@@ -345,7 +336,7 @@ Socket inet:8891@localhost
chmod g+r /etc/postfix/dkim/*
</code></pre>
<p>I&rsquo;m using <code>root:opendkim</code> so <code>opendkim</code> doesn&rsquo;t complain about the <code>{yoursubdomani}.private</code> being insecure (you can change that by using the option <code>RequireSafeKeys False</code> in the <code>opendkim.conf</code> file, as stated <a href="http://lists.opendkim.org/archive/opendkim/users/2014/12/3331.html">here</a>).</p>
-<p>That&rsquo;s it for the general configuration, but you could go more in depth and be more secure with some extra configuration as described in the <a href="https://wiki.archlinux.org/index.php/OpenDKIM#Security">Arch Wiki entry for OpenDKIM</a>.</p>
+<p>That&rsquo;s it for the general configuration, but you could go more in depth and be more secure with some extra configuration.</p>
<p>Now, just start/enable the <code>opendkim</code> service:</p>
<pre><code class="language-sh">systemctl start opendkim.service
systemctl enable opendkim.service
@@ -367,9 +358,9 @@ systemctl enable opendkim.service
<p><em>SPF</em> entry: just <code>@</code> as the &ldquo;Host&rdquo; and <code>"v=spf1 mx a:{yoursubdomain}.{yourdomain} - all"</code> as the &ldquo;TXT Value&rdquo;.</p>
</li>
</ol>
-<p>And at this point you could test your mail for spoofing and more, but you don&rsquo;t know -yet- how to login (it&rsquo;s really easy, but I&rsquo;m gonna state that at the end of this entry).</p>
+<p>And at this point you could test your mail for spoofing and more.</p>
<h2 id="spamassassin">SpamAssassin</h2>
-<p><a href="https://wiki.archlinux.org/index.php/SpamAssassin">SpamAssassin</a> is just <em>a mail filter to identify spam</em>.</p>
+<p><a href="https://wiki.archlinux.org/title/SpamAssassin">SpamAssassin</a> is just <em>a mail filter to identify spam</em>.</p>
<p>Install the <code>spamassassin</code> package (which will install a bunch of ugly <code>perl</code> packages&hellip;):</p>
<pre><code class="language-sh">pacman -S spamassassin
</code></pre>
@@ -422,7 +413,7 @@ ExecStart=/usr/bin/vendor_perl/spamd -x -u spamd -g spamd --listen=/run/spamd/sp
systemctl enable spamassassin.service
</code></pre>
<h2 id="wrapping-up">Wrapping up</h2>
-<p>We should have a working mail server by now. Before continuing check your journal logs (<code>journalctl -xe --unit={unit}</code>, where <code>{unit}</code> could be <code>spamassassin.service</code>for example) to see if there was any error whatsoever and try to debug it, it should be a typo somewhere (the logs are generally really descriptive) because all the settings and steps detailed here just (literally just finished doing everything on a new server as of the writing of this text) worked <em>(((it just werks on my machine)))</em>.</p>
+<p>We should have a working mail server by now. Before continuing check your journal logs (<code>journalctl -xe --unit={unit}</code>, where <code>{unit}</code> could be <code>spamassassin.service</code> for example) to see if there was any error whatsoever and try to debug it, it should be a typo somewhere (the logs are generally really descriptive) because all the settings and steps detailed here just (literally just finished doing everything on a new server as of the writing of this text) worked <em>(((it just werks on my machine)))</em>.</p>
<p>Now, to actually use the mail service: first of all, you need a <em>normal</em> account (don&rsquo;t use root) that belongs to the <code>mail</code> group (<code>gpasswd -a user group</code> to add a user <code>user</code> to group <code>group</code>) and that has a password.</p>
<p>Next, to actually login into a mail app/program/whateveryouwanttocallit, you will use the following settings, at least for <code>thunderdbird</code>(I tested in windows default mail app and you don&rsquo;t need a lot of settings):</p>
<ul>
@@ -437,15 +428,17 @@ systemctl enable spamassassin.service
<li>Password: your <code>user</code> password (as in the password you use to login to the server with that user)</li>
</ul>
<p>All that&rsquo;s left to do is test your mail server for spoofing, and to see if everything is setup correctly. Go to <a href="https://www.appmaildev.com/en/dkim">DKIM Test</a> and follow the instructions (basically click next, and send an email with whatever content to the email that they provide). After you send the email, you should see something like:</p>
-<p><img alt="DKIM Test successful" src="images/b/notes/mail/dkim_test_successful.png"></p>
-<p>(Yes, I blurred a lot in the picture just to be sure, either way what&rsquo;s important is the list on the bottom part of the image)</p>
-<p>Finally, that&rsquo;s actually it for this entry, if you have any problem whatsoever you have my info down below.</p>
+<figure id="__yafg-figure-3">
+<img alt="DKIM Test successful" src="images/b/notes/mail/dkim_test_successful.png" title="DKIM Test successful">
+<figcaption>DKIM Test successful</figcaption>
+</figure>
+<p>Finally, that&rsquo;s actually it for this entry, if you have any problem whatsoever you can <a href="https://luevano.xyz/contact.html">contact me</a>.</p>
<hr>
<div class="article-info">
<p>By David Luévano</p>
<p>Created: Sun, Mar 21, 2021 @ 04:05 UTC</p>
- <p>Modified: Sun, Jun 06, 2021 @ 00:24 UTC</p>
+ <p>Modified: Tue, Jun 08, 2021 @ 06:27 UTC</p>
<div class="article-tags">
<p>Tags:
<a href="https://blog.luevano.xyz/tag/@english.html">english</a>, <a href="https://blog.luevano.xyz/tag/@server.html">server</a>, <a href="https://blog.luevano.xyz/tag/@tools.html">tools</a>, <a href="https://blog.luevano.xyz/tag/@tutorial.html">tutorial</a> </p>
diff --git a/blog/dst/a/website_with_nginx.html b/blog/dst/a/website_with_nginx.html
index 7e5bd99..caf756f 100644
--- a/blog/dst/a/website_with_nginx.html
+++ b/blog/dst/a/website_with_nginx.html
@@ -95,14 +95,18 @@
</li>
</ul>
<h2 id="nginx">Nginx</h2>
+<p><a href="https://wiki.archlinux.org/title/Nginx">Nginx</a> is a web (HTTP) server and reverse proxy server.</p>
<p>You have two options: <code>nginx</code> and <code>nginx-mainline</code>. I prefer <code>nginx-mainline</code> because it&rsquo;s the &ldquo;up to date&rdquo; package even though <code>nginx</code> is labeled to be the &ldquo;stable&rdquo; version. Install the package and enable/start the service:</p>
<pre><code class="language-sh">pacman -S nginx-mainline
systemctl enable nginx.service
systemctl start nginx.service
</code></pre>
-<p>And that&rsquo;s it, at this point you can already look at the default initial page of nginx if you enter the ip of your server in a web browser. You should see something like this:</p>
-<p><img alt="Nginx welcome page" src="images/b/notes/nginx/nginx_welcome_page.png"></p>
-<p>As stated in the welcome page, configuration is needed, head to the directory of nginx:</p>
+<p>And that&rsquo;s it, at this point you can already look at the default initial page of Nginx if you enter the IP of your server in a web browser. You should see something like this:</p>
+<figure id="__yafg-figure-1">
+<img alt="Nginx welcome page" src="images/b/notes/nginx/nginx_welcome_page.png" title="Nginx welcome page">
+<figcaption>Nginx welcome page</figcaption>
+</figure>
+<p>As stated in the welcome page, configuration is needed, head to the directory of Nginx:</p>
<pre><code class="language-sh">cd /etc/nginx
</code></pre>
<p>Here you have several files, the important one is <code>nginx.conf</code>, which as its name implies, contains general configuration of the web server. If you peek into the file, you will see that it contains around 120 lines, most of which are commented out and contains the welcome page server block. While you can configure a website in this file, it&rsquo;s common practice to do it on a separate file (so you can scale really easily if needed for mor websites or sub-domains).</p>
@@ -125,7 +129,7 @@ http {
types_hash_max_size 4096;
}
</code></pre>
-<p>Next, inside the directory <code>/etc/nginx/</code> create the <code>sites-available</code> and <code>sites-enabled</code>, and go into the <code>sites-available</code> one:</p>
+<p>Next, inside the directory <code>/etc/nginx/</code> create the <code>sites-available</code> and <code>sites-enabled</code> directories, and go into the <code>sites-available</code> one:</p>
<pre><code class="language-sh">mkdir sites-available
mkdir sites-enabled
cd sites-available
@@ -144,28 +148,32 @@ cd sites-available
}
}
</code></pre>
-<p>Note several things:</p>
+<p>That could serve as a template if you intend to add more domains.</p>
+<p>Note some things:</p>
<ul>
-<li><code>listen</code>: we&rsquo;re telling nginx which port to listen to (ipv4 and ipv6, respectively).</li>
+<li><code>listen</code>: we&rsquo;re telling Nginx which port to listen to (IPv4 and IPv6, respectively).</li>
<li><code>root</code>: the root directory of where the website files (<code>.html</code>, <code>.css</code>, <code>.js</code>, etc. files) are located. I followed Luke&rsquo;s directory path <code>/var/www/some_folder</code>.</li>
-<li><code>server_name</code>: the actual domain to &ldquo;listen&rdquo; to (for my website it is: <code>server_name luevano.xyz www.luevano.xyz</code>; and for this blog is: <code>server_name blog.luevano.xyz www.blog.luevano.xyz</code>).</li>
+<li><code>server_name</code>: the actual domain to &ldquo;listen&rdquo; to (for my website it is: <code>server_name luevano.xyz www.luevano.xyz;</code> and for this blog is: <code>server_name blog.luevano.xyz www.blog.luevano.xyz;</code>).</li>
<li><code>index</code>: what file to serve as the index (could be any <code>.html</code>, <code>.htm</code>, <code>.php</code>, etc. file) when just entering the website.</li>
-<li><code>location</code>: used in case of different configurations across different URL paths.<ul>
-<li><code>try_files</code>: tells what files to look for, don&rsquo;t look into this too much for now.</li>
+<li><code>location</code>: what goes after <code>domain.name</code>, used in case of different configurations depending on the URL paths (deny access on <code>/private</code>, make a proxy on <code>/proxy</code>, etc).<ul>
+<li><code>try_files</code>: tells what files to look for.</li>
</ul>
</li>
</ul>
-<p>Then, make a symbolic from this config file to the <code>sites-enabled</code> directory:</p>
+<p>Then, make a symbolic link from this configuration file to the <code>sites-enabled</code> directory:</p>
<pre><code class="language-sh">ln -s /etc/nginx/sites-available/your_config_file.conf /etc/nginx/sites-enabled
</code></pre>
-<p>This is so the <code>nginx.conf</code> file can look up the newly created server config. With this method of having each server configuration file separate you can easily &ldquo;deactivate&rdquo; any website by just deleting the symbolic link in <code>sites-enabled</code> and you&rsquo;re good, or just add new configuration files and keep everything nice and tidy.</p>
-<p>All you have to do now is restart (or enable and start if you haven&rsquo;t already) the nginx service (and optionally test the configuration):</p>
+<p>This is so the <code>nginx.conf</code> file can look up the newly created server configuration. With this method of having each server configuration file separate you can easily &ldquo;deactivate&rdquo; any website by just deleting the symbolic link in <code>sites-enabled</code> and you&rsquo;re good, or just add new configuration files and keep everything nice and tidy.</p>
+<p>All you have to do now is restart (or enable and start if you haven&rsquo;t already) the Nginx service (and optionally test the configuration):</p>
<pre><code class="language-sh">nginx -t
systemctl restart nginx
</code></pre>
-<p>If everything goes correctly, you can now go to your website by typing &ldquo;domain.name&rdquo; on a web browser. But you will see a &ldquo;404 Not Found&rdquo; page like the following (maybe with different nginx version):</p>
-<p><img alt="Nginx 404 page" src="images/b/notes/nginx/nginx_404_page.png"></p>
-<p>That&rsquo;s no problem, because it means that the web server it&rsquo;s actually working. Just add an <code>index.html</code> file with something simple to see it in action. If you keep seeing the 404 page make sure your <code>root</code> line is correct and that the directory/index file exists.</p>
+<p>If everything goes correctly, you can now go to your website by typing <code>domain.name</code> on a web browser. But you will see a &ldquo;404 Not Found&rdquo; page like the following (maybe with different Nginx version):</p>
+<figure id="__yafg-figure-2">
+<img alt="Nginx 404 Not Found page" src="images/b/notes/nginx/nginx_404_page.png" title="Nginx 404 Not Found page">
+<figcaption>Nginx 404 Not Found page</figcaption>
+</figure>
+<p>That&rsquo;s no problem, because it means that the web server it&rsquo;s actually working. Just add an <code>index.html</code> file with something simple to see it in action (in the <code>/var/www/some_folder</code> that you decided upon). If you keep seeing the 404 page make sure your <code>root</code> line is correct and that the directory/index file exists.</p>
<p>I like to remove the <code>.html</code> and trailing <code>/</code> on the URLs of my website, for that you need to add the following <code>rewrite</code> lines and modify the <code>try_files</code> line (for more: <a href="https://www.seancdavis.com/blog/remove-html-extension-and-trailing-slash-in-nginx-config/">Sean C. Davis: Remove HTML Extension And Trailing Slash In Nginx Config</a>):</p>
<pre><code class="language-nginx">server {
...
@@ -175,27 +183,26 @@ systemctl restart nginx
try_files $uri/index.html $uri.html $uri/ $uri =404;
...
</code></pre>
-<p>For more: <a href="https://wiki.archlinux.org/index.php/nginx">Arch Linux Wiki: nginx</a>.</p>
<h2 id="certbot">Certbot</h2>
-<p>The only &ldquo;bad&rdquo; (bloated) thing about certbot, is that it uses <code>python</code>, but for me it doesn&rsquo;t matter too much. You may want to look up another alternative if you prefer. Install the packages <code>certbot</code> and <code>certbot-nginx</code>:</p>
+<p><a href="https://wiki.archlinux.org/title/Certbot">Certbot</a> is what provides the SSL certificates via <a href="https://letsencrypt.org/">Let&rsquo;s Encrypt</a>.</p>
+<p>The only &ldquo;bad&rdquo; (bloated) thing about Certbot, is that it uses <code>python</code>, but for me it doesn&rsquo;t matter too much. You may want to look up another alternative if you prefer. Install the packages <code>certbot</code> and <code>certbot-nginx</code>:</p>
<pre><code class="language-sh">pacman -S certbot certbot-nginx
</code></pre>
<p>After that, all you have to do now is run <code>certbot</code> and follow the instructions given by the tool:</p>
<pre><code class="language-sh">certbot --nginx
</code></pre>
-<p>It will ask you for some information, for you to accept some agreements and the names to activate https for. Also, you will want to &ldquo;say yes&rdquo; to the redirection from http to https. And that&rsquo;s it, you can now go to your website and see that you have https active.</p>
+<p>It will ask you for some information, for you to accept some agreements and the names to activate HTTPS for. Also, you will want to &ldquo;say yes&rdquo; to the redirection from HTTP to HTTPS. And that&rsquo;s it, you can now go to your website and see that you have HTTPS active.</p>
<p>Now, the certificate given by <code>certbot</code> expires every 3 months or something like that, so you want to renew this certificate every once in a while. Using <code>cron</code>, you can do this by running:</p>
<pre><code class="language-sh">crontab -e
</code></pre>
-<p>And a file will be opened where you need to add a new rule for certbot, just append the line: <code>1 1 1 * * certbot renew</code> (renew on the first day of every month) and you&rsquo;re good. Alternatively use <code>systemd</code> timers as stated in the <a href="https://wiki.archlinux.org/index.php/Certbot#Automatic_renewal">Arch Linux Wiki</a>.</p>
-<p>For more: <a href="https://wiki.archlinux.org/index.php/Certbot">Arch Linux Wiki: Certbot</a>.</p>
+<p>And a file will be opened where you need to add a new rule for Certbot, just append the line: <code>1 1 1 * * certbot renew</code> (renew on the first day of every month) and you&rsquo;re good. Alternatively use <code>systemd</code> timers as stated in the <a href="https://wiki.archlinux.org/title/Certbot#Automatic_renewal">Arch Linux Wiki</a>.</p>
<p>That&rsquo;s it, you now have a website with SSL certificate.</p>
<hr>
<div class="article-info">
<p>By David Luévano</p>
<p>Created: Fri, Mar 19, 2021 @ 02:58 UTC</p>
- <p>Modified: Sun, Jun 06, 2021 @ 00:23 UTC</p>
+ <p>Modified: Tue, Jun 08, 2021 @ 06:11 UTC</p>
<div class="article-tags">
<p>Tags:
<a href="https://blog.luevano.xyz/tag/@english.html">english</a>, <a href="https://blog.luevano.xyz/tag/@server.html">server</a>, <a href="https://blog.luevano.xyz/tag/@tools.html">tools</a>, <a href="https://blog.luevano.xyz/tag/@tutorial.html">tutorial</a> </p>
diff --git a/blog/dst/rss.xml b/blog/dst/rss.xml
index 248050b..94e819c 100644
--- a/blog/dst/rss.xml
+++ b/blog/dst/rss.xml
@@ -13,9 +13,9 @@
<copyright>Copyright 2021 David Luévano Alvarado</copyright>
<managingEditor>david@luevano.xyz (David Luévano Alvarado)</managingEditor>
<webMaster>david@luevano.xyz (David Luévano Alvarado)</webMaster>
- <pubDate>Sun, 06 Jun 2021 19:08:48 GMT</pubDate>
- <lastBuildDate>Sun, 06 Jun 2021 19:08:48 GMT</lastBuildDate>
- <generator>pyssg v0.5.7</generator>
+ <pubDate>Tue, 08 Jun 2021 06:57:28 GMT</pubDate>
+ <lastBuildDate>Tue, 08 Jun 2021 06:57:28 GMT</lastBuildDate>
+ <generator>pyssg v0.5.9</generator>
<docs>https://validator.w3.org/feed/docs/rss2.html</docs>
<ttl>30</ttl>
<image>
@@ -81,20 +81,13 @@
<content:encoded><![CDATA[<p>My git server is all I need to setup to actually <em>kill</em> my other server (I&rsquo;ve been moving from servers on these last 2-3 blog entries), that&rsquo;s why I&rsquo;m already doing this entry. I&rsquo;m basically following <a href="https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server">git&rsquo;s guide on setting up a server</a> plus some specific stuff for (btw i use) Arch Linux (<a href="https://wiki.archlinux.org/index.php/Git_server#Web_interfaces">Arch Linux Wiki: Git server</a> and <a href="https://miracoin.wordpress.com/2014/11/25/step-by-step-guide-on-setting-up-git-server-in-arch-linux-pushable/">Step by step guide on setting up git server in arch linux (pushable)</a>).</p>
<p>Note that this is mostly for personal use, so there&rsquo;s no user/authentication control other than that of SSH. Also, most if not all commands here are run as root.</p>
<h2 id="prerequisites">Prerequisites</h2>
-<p>I might get tired of saying this (it&rsquo;s just copy paste, basically)&hellip; but similar as before (check my <a href="https://blog.luevano.xyz/a/website_with_nginx.html">website</a> and <a href="https://blog.luevano.xyz/a/mail_server_with_postfix.html">mail</a> entries):</p>
+<p>I might get tired of saying this (it&rsquo;s just copy paste, basically)&hellip; but you will need the same prerequisites as before (check my <a href="https://blog.luevano.xyz/a/website_with_nginx.html">website</a> and <a href="https://blog.luevano.xyz/a/mail_server_with_postfix.html">mail</a> entries), with the extras:</p>
<ul>
-<li>(This time, optional) A domain name if you want to have a &ldquo;front end&rdquo; to show your repositories. Got mine on <a href="https://www.epik.com/?affid=da5ne9ru4">Epik</a> (affiliate link, btw).<ul>
-<li>With a <strong>CNAME</strong> for &ldquo;git&rdquo; and (optionally) &ldquo;www.git&rdquo;, or some other name for your sub-domains.</li>
+<li>(Optional, if you want a &ldquo;front-end&rdquo;) A <strong>CNAME</strong> for &ldquo;git&rdquo; and (optionally) &ldquo;www.git&rdquo;, or some other name for your sub-domains.</li>
+<li>An SSL certificate, if you&rsquo;re following the other entries, add a <code>git.conf</code> and run <code>certbot --nginx</code> to extend the certificate.</li>
</ul>
-</li>
-<li>A VPS or somewhere else to host. I&rsquo;m using <a href="https://www.vultr.com/?ref=8732849">Vultr</a> (also an affiliate link).<ul>
-<li><code>ssh</code> configured.</li>
-<li>(Optionally, if doing the domain name thingy) With <code>nginx</code> and <code>certbot</code> setup and running.</li>
-<li>Of course, <code>git</code> already installed (it should be a must have always).</li>
-</ul>
-</li>
-</ul>
-<h2 id="git-server">git server</h2>
+<h2 id="git">Git</h2>
+<p><a href="https://wiki.archlinux.org/title/git">Git</a> is a version control system.</p>
<p>If not installed already, install the <code>git</code> package:</p>
<pre><code class="language-sh">pacman -S git
</code></pre>
@@ -125,14 +118,15 @@ ExecStart=-/usr/lib/git-core/git-daemon --inetd --export-all --base-path=/home/g
<pre><code class="language-sh">systemctl start git-daemon.socket
systemctl enable git-daemon.socket
</code></pre>
-<p>You&rsquo;re basically done. Now you should be able to push/pull repositories to your server&hellip; except, you haven&rsquo;t created any repository in your server, that&rsquo;s right, they&rsquo;re not created automatically when trying to push. To do so, you have to do the following sequence (assuming you&rsquo;re &ldquo;<code>cd</code>&lsquo;ed&rdquo; into the <code>/home/git</code> directory):</p>
-<pre><code class="language-sh">mkdir {repo_name}.git
-cd {repo_name}.git
+<p>You&rsquo;re basically done. Now you should be able to push/pull repositories to your server&hellip; except, you haven&rsquo;t created any repository in your server, that&rsquo;s right, they&rsquo;re not created automatically when trying to push. To do so, you have to run (while inside <code>/home/git</code>):</p>
+<pre><code class="language-sh">git init --bare {repo_name}.git
+chown -R git:git repo_name.git
</code></pre>
<p>Those two lines above will need to be run each time you want to add a new repository to your server (yeah, kinda lame&hellip; although there are options to &ldquo;automate&rdquo; this, I like it this way).</p>
-<p>After that you can already push/pull to your repository. I have my repositories (locally) set up so I can push to more than one remote at the same time (my server, GitHub, GitLab, etc.), which is detailed <a href="https://gist.github.com/rvl/c3f156e117e22a25f242">here</a>.</p>
-<h2 id="cgit">cgit</h2>
-<p>This bit is optional if you only wanted a git server (really easy to set up), this is so you can have a web application. This is basically a copy paste of <a href="https://wiki.archlinux.org/index.php/Cgit#Nginx">Arch Linux Wiki: Cgit</a> so you can go there and get more in-depth configurations.</p>
+<p>After that you can already push/pull to your repository. I have my repositories (locally) set up so I can push to more than one remote at the same time (my server, GitHub, GitLab, etc.); to do so, check <a href="https://gist.github.com/rvl/c3f156e117e22a25f242">this gist</a>.</p>
+<h2 id="cgit">Cgit</h2>
+<p><a href="https://wiki.archlinux.org/title/Cgit">Cgit</a> is a fast web interface for git.</p>
+<p>This is optionally since it&rsquo;s only for the web application.</p>
<p>Install the <code>cgit</code> and <code>fcgiwrap</code> packages:</p>
<pre><code class="language-sh">pacman -S cgit fcgiwrap
</code></pre>
@@ -140,7 +134,7 @@ cd {repo_name}.git
<pre><code class="language-sh">systemctl start fcgiwrap.socket
systemctl enable fcgiwrap.socket
</code></pre>
-<p>Next, the way I configure <code>nginx</code> is creating a separate file <code>{module}.conf</code> (<code>git.conf</code> in this case) under <code>/etc/nginx/sites-available</code> and create a symlink to <code>/etc/nginx/sites-enabled</code> as stated in my <a href="https://blog.luevano.xyz/a/website_with_nginx.html"><code>nginx</code> setup entry</a>. Add the following lines to your <code>git.conf</code> file:</p>
+<p>Next, create the <code>git.conf</code> as stated in my <a href="https://blog.luevano.xyz/a/website_with_nginx.html">nginx setup entry</a>. Add the following lines to your <code>git.conf</code> file:</p>
<pre><code class="language-nginx">server {
listen 80;
listen [::]:80;
@@ -161,7 +155,6 @@ systemctl enable fcgiwrap.socket
<p>Where the <code>server_name</code> line depends on you, I have mine setup to <code>git.luevano.xyz</code> and <code>www.git.luevano.xyz</code>. Optionally run <code>certbot --nginx</code> to get a certificate for those domains if you don&rsquo;t have already.</p>
<p>Now, all that&rsquo;s left is to configure <code>cgit</code>. Create the configuration file <code>/etc/cgitrc</code> with the following content (my personal options, pretty much the default):</p>
<pre><code class="language-apache">css=/cgit.css
-source-filter=/usr/lib/cgit/filters/syntax-highlighting-edited.sh
logo=/cgit.png
enable-http-clone=1
@@ -183,8 +176,26 @@ repo.owner=luevano
repo.desc=These are my personal dotfiles.
...
</code></pre>
-<p>Otherwise you could let <code>cgit</code> to automatically detect your repositories (you have to be careful if you want to keep &ldquo;private&rdquo; repos) using the option <code>scan-path</code> and setup <code>.git/description</code> for each repository. I will add more to my actual configuration, but for now it is useful as it is. For more, you can check <a href="https://man.archlinux.org/man/cgitrc.5">cgitrc(5)</a>.</p>
-<p>Finally, if you want further support for highlighting, other compressed snapshots or support for markdown, checkout the optional dependencies for <code>cgit</code> and also the Arch Wiki goes in detail on how to setup highlighting with two different packages.</p>]]></content:encoded>
+<p>Otherwise you could let <code>cgit</code> to automatically detect your repositories (you have to be careful if you want to keep &ldquo;private&rdquo; repos) using the option <code>scan-path</code> and setup <code>.git/description</code> for each repository. For more, you can check <a href="https://man.archlinux.org/man/cgitrc.5">cgitrc(5)</a>.</p>
+<p>By default you can&rsquo;t see the files on the site, you need a highlighter to render the files, I use <code>highlight</code>. Install the <code>highlight</code> package:</p>
+<pre><code class="language-sh">pacman -S highlight
+</code></pre>
+<p>Copy the <code>syntax-highlighting.sh</code> script to the corresponding location (basically adding <code>-edited</code> to the file):</p>
+<pre><code class="language-sh">cp /usr/lib/cgit/filters/syntax-highlighting.sh /usr/lib/cgit/filters/syntax-highlighting-edited.sh
+</code></pre>
+<p>And edit it to use the version 3 and add <code>--inline-css</code> for more options without editing <code>cgit</code>&lsquo;s CSS file:</p>
+<pre><code class="language-sh">...
+# This is for version 2
+# exec highlight --force -f -I -X -S &quot;$EXTENSION&quot; 2&gt;/dev/null
+
+# This is for version 3
+exec highlight --force --inline-css -f -I -O xhtml -S &quot;$EXTENSION&quot; 2&gt;/dev/null
+...
+</code></pre>
+<p>Finally, enable the filter in <code>/etc/cgitrc</code> configuration:</p>
+<pre><code class="language-apache">source-filter=/usr/lib/cgit/filters/syntax-highlighting-edited.sh
+</code></pre>
+<p>That would be everything. If you need support for more stuff like compressed snapshots or support for markdown, check the optional dependencies for <code>cgit</code>.</p>]]></content:encoded>
</item>
<item>
<title>Create a mail server with Postfix, Dovecot, SpamAssassin and OpenDKIM</title>
@@ -197,25 +208,16 @@ repo.desc=These are my personal dotfiles.
<category>Tutorial</category>
<description>How to create mail server using Postfix, Dovecot, SpamAssassin and OpenDKIM. This is a follow up on post about creating a website with Nginx and Certbot.</description>
<content:encoded><![CDATA[<p>The entry is going to be long because it&rsquo;s a <em>tedious</em> process. This is also based on <a href="https://github.com/LukeSmithxyz/emailwiz">Luke Smith&rsquo;s script</a>, but adapted to Arch Linux (his script works on debian-based distributions). This entry is mostly so I can record all the notes required while I&rsquo;m in the process of installing/configuring the mail server on a new VPS of mine; also I&rsquo;m going to be writing a script that does everything in one go (for Arch Linux), that will be hosted <a href="https://git.luevano.xyz/server_scripts.git">here</a>.</p>
-<p>This configuration works for local users (users that appear in <code>/etc/passwd</code>), and does not use any type of SQL. And note that most if not all commands executed here are run with root privileges.</p>
-<p>More in depth configuration is detailed in the Arch Wiki for each package used here.</p>
+<p>This configuration works for local users (users that appear in <code>/etc/passwd</code>), and does not use any type of SQL Database. And note that most if not all commands executed here are run with root privileges.</p>
<h2 id="prerequisites">Prerequisites</h2>
-<p>Basically the same as with the <a href="https://blog.luevano.xyz/a/website_with_nginx.html">website with Nginx and Certbot</a>:</p>
+<p>Basically the same as with the <a href="https://blog.luevano.xyz/a/website_with_nginx.html">website with Nginx and Certbot</a>, with the extras:</p>
<ul>
-<li>A domain name. Got mine on <a href="https://www.epik.com/?affid=da5ne9ru4">Epik</a> (affiliate link, btw).<ul>
-<li>Later we&rsquo;ll be adding some <strong>MX</strong> and <strong>TXT</strong> records.</li>
-<li>You also need a <strong>CNAME</strong> for &ldquo;mail&rdquo; and (optionally) &ldquo;www.mail&rdquo;, or whatever you want to call the sub-domains (although the <a href="https://tools.ietf.org/html/rfc2181#section-10.3">RFC 2181</a> states that it NEEDS to be an <strong>A</strong> record, fuck the police), to actually work and to get SSL certificate (you can also use the SSL certificate obtained if you created a website following my other notes on <code>nginx</code> and <code>certbot</code>) with <code>certbot</code> (just create a <code>mail.conf</code> for <code>nginx</code>, similar to how we created it in the website entry).</li>
-</ul>
-</li>
-<li>A VPS or somewhere else to host. I&rsquo;m using <a href="https://www.vultr.com/?ref=8732849">Vultr</a> (also an affiliate link).<ul>
-<li><code>ssh</code> configured.</li>
-<li>Ports 25, 587 (SMTP), 465 (SMTPS), 143 (IMAP) and 993 (IMAPS) open on the firewall (I use <code>ufw</code>).</li>
-<li>With <code>nginx</code> and <code>certbot</code> setup and running.</li>
-</ul>
-</li>
+<li>You will need a <strong>CNAME</strong> for &ldquo;mail&rdquo; and (optionally) &ldquo;www.mail&rdquo;, or whatever you want to call the sub-domains (although the <a href="https://tools.ietf.org/html/rfc2181#section-10.3">RFC 2181</a> states that it NEEDS to be an <strong>A</strong> record, fuck the police).</li>
+<li>An SSL certificate. You can use the SSL certificate obtained following my last post using <code>certbot</code> (just create a <code>mail.conf</code> and run <code>certbot --nginx</code> again).</li>
+<li>Ports 25, 587 (SMTP), 465 (SMTPS), 143 (IMAP) and 993 (IMAPS) open on the firewall.</li>
</ul>
<h2 id="postfix">Postfix</h2>
-<p><a href="https://wiki.archlinux.org/index.php/Postfix">Postfix</a> is a &ldquo;mail transfer agent&rdquo; which is the component of the mail server that receives and sends emails via SMTP.</p>
+<p><a href="https://wiki.archlinux.org/title/postfix">Postfix</a> is a &ldquo;mail transfer agent&rdquo; which is the component of the mail server that receives and sends emails via SMTP.</p>
<p>Install the <code>postfix</code> package:</p>
<pre><code class="language-sh">pacman -S postfix
</code></pre>
@@ -251,7 +253,7 @@ smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
</code></pre>
-<p>Specify the mailbox home (this is going to be a directory inside your user&rsquo;s home):</p>
+<p>Specify the mailbox home (this is going to be a directory inside your user&rsquo;s home containing the actual mail files):</p>
<pre><code class="language-apache">home_mailbox = Mail/Inbox/
</code></pre>
<p>Pre-configuration to work seamlessly with <code>dovecot</code> and <code>opendkim</code>:</p>
@@ -295,7 +297,7 @@ spamassassin unix - n n - - pipe
<pre><code class="language-apache">smtps 465/tcp
smtps 465/udp
</code></pre>
-<p>Before starting the <code>postfix</code> service, you need to run <code>newaliases</code> first (but you can do a bit of configuration beforehand). Edit the file <code>/etc/postfix/aliases</code> and edit accordingly. I only change the <code>root: you</code> line (where <code>you</code> is the account that will be receiving &ldquo;root&rdquo; mail). Check the Arch Wiki for more info and other alternatives/options. After you&rsquo;re done, run:</p>
+<p>Before starting the <code>postfix</code> service, you need to run <code>newaliases</code> first, but you can do a bit of configuration beforehand editing the file <code>/etc/postfix/aliases</code>. I only change the <code>root: you</code> line (where <code>you</code> is the account that will be receiving &ldquo;root&rdquo; mail). After you&rsquo;re done, run:</p>
<pre><code class="language-sh">postalias /etc/postfix/aliases
newaliases
</code></pre>
@@ -304,7 +306,7 @@ newaliases
systemctl enable postfix.service
</code></pre>
<h2 id="dovecot">Dovecot</h2>
-<p><a href="https://wiki.archlinux.org/index.php/Dovecot">Dovecot</a> is an IMAP and POP3 server, which is what lets an email application retrieve the mail.</p>
+<p><a href="https://wiki.archlinux.org/title/Dovecot">Dovecot</a> is an IMAP and POP3 server, which is what lets an email application retrieve the mail.</p>
<p>Install the <code>dovecot</code> and <code>pigeonhole</code> (sieve for <code>dovecot</code>) packages:</p>
<pre><code class="language-sh">pacman -S dovecot pigeonhole
</code></pre>
@@ -313,8 +315,8 @@ systemctl enable postfix.service
cp /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot/dovecot.conf
cp -r /usr/share/doc/dovecot/example-config/conf.d /etc/dovecot
</code></pre>
-<p>As Luke stated, <code>dovecot</code> comes with a lot of &ldquo;modules&rdquo; (under <code>/etc/dovecot/conf.d/</code> if you copied that folder) for all sorts of configurations that you can include, but I do as he does and just edits/creates the whole <code>dovecot.conf</code> file; although, I would like to check each of the separate configuration files <code>dovecot</code> provides I think the options Luke provides are more than good enough.</p>
-<p>I&rsquo;m working with an empty <code>dovecot.conf</code> file. Add the following lines for SSL and login configuration (also replace <code>{yourcertdir}</code> with the same certificate directory described in the Postfix section above, note that the <code>&lt;</code> is required):</p>
+<p>As Luke stated, <code>dovecot</code> comes with a lot of &ldquo;modules&rdquo; (under <code>/etc/dovecot/conf.d/</code> if you copied that folder) for all sorts of configurations that you can include, but I do as he does and just edit/create the whole <code>dovecot.conf</code> file; although, I would like to check each of the separate configuration files <code>dovecot</code> provides I think the options Luke provides are more than good enough.</p>
+<p>I&rsquo;m working with an empty <code>dovecot.conf</code> file. Add the following lines for SSL and login configuration (also replace <code>{yourcertdir}</code> with the same certificate directory described in the <a href="#postfix">Postfix</a> section above, note that the <code>&lt;</code> is required):</p>
<pre><code class="language-apache">ssl = required
ssl_cert = &lt;{yourcertdir}/fullchain.pem
ssl_key = &lt;{yourcertdir}/privkey.pem
@@ -378,7 +380,7 @@ namespace inbox {
}
}
</code></pre>
-<p>Lastly (for <code>dovecot</code> at least), the plugin configuration for <code>sieve</code> (<code>pigeonhole</code>):</p>
+<p>Lastly (for Dovecot at least), the plugin configuration for <code>sieve</code> (<code>pigeonhole</code>):</p>
<pre><code class="language-apache">protocol lda {
mail_plugins = $mail_plugins sieve
}
@@ -406,20 +408,20 @@ if header :contains &quot;X-Spam-Flag&quot; &quot;YES&quot; {
<pre><code class="language-sh">grep -q &quot;^vmail:&quot; /etc/passwd || useradd -m vmail -s /usr/bin/nologin
chown -R vmail:vmail /var/lib/dovecot
</code></pre>
-<p>Note that I also changed the shell for <code>vmail</code> to be <code>/usr/bin/nologin</code>. After that, run:</p>
+<p>Note that I also changed the shell for <code>vmail</code> to be <code>/usr/bin/nologin</code>. After that, to compile the configuration file run:</p>
<pre><code class="language-sh">sievec /var/lib/dovecot/sieve/default.sieve
</code></pre>
-<p>To compile the configuration file (a <code>default.svbin</code> file will be created next to <code>default.sieve</code>).</p>
+<p>A <code>default.svbin</code> file will be created next to <code>default.sieve</code>.</p>
<p>Next, add the following lines to <code>/etc/pam.d/dovecot</code> if not already present (shouldn&rsquo;t be there if you&rsquo;ve been following these notes):</p>
<pre><code class="language-txt">auth required pam_unix.so nullok
account required pam_unix.so
</code></pre>
-<p>That&rsquo;s it for <code>dovecot</code>, at this point you can start/enable the <code>dovecot</code> service:</p>
+<p>That&rsquo;s it for Dovecot, at this point you can start/enable the <code>dovecot</code> service:</p>
<pre><code class="language-sh">systemctl start dovecot.service
systemctl enable dovecot.service
</code></pre>
<h2 id="opendkim">OpenDKIM</h2>
-<p><a href="https://wiki.archlinux.org/index.php/OpenDKIM">OpenDKIM</a> is needed so services like G**gle (we don&rsquo;t mention that name here [[[this is a meme]]]) don&rsquo;t throw the mail to the trash. DKIM stands for &ldquo;DomainKeys Identified Mail&rdquo;.</p>
+<p><a href="https://wiki.archlinux.org/title/OpenDKIM">OpenDKIM</a> is needed so services like G**gle (we don&rsquo;t mention that name here [[[this is a meme]]]) don&rsquo;t throw the mail to the trash. DKIM stands for &ldquo;DomainKeys Identified Mail&rdquo;.</p>
<p>Install the <code>opendkim</code> package:</p>
<pre><code class="language-sh">pacman -S opendkim
</code></pre>
@@ -448,7 +450,7 @@ localhost
...
</code></pre>
<p>And more, make sure to include your server IP and something like <code>subdomain.domainname</code>.</p>
-<p>Next, edit <code>/etc/opendkim/opendkim.conf</code> to reflect the changes (or rather, additions) of these files, as well as some other configuration. You can look up the example configuration file located at <code>/usr/share/doc/opendkim/opendkim.conf.sample</code>, but I&rsquo;m creating a blank one with the contents:</p>
+<p>Next, edit <code>/etc/opendkim/opendkim.conf</code> to reflect the changes (or rather, addition) of these files, as well as some other configuration. You can look up the example configuration file located at <code>/usr/share/doc/opendkim/opendkim.conf.sample</code>, but I&rsquo;m creating a blank one with the contents:</p>
<pre><code class="language-apache">Domain {yourdomain}
Selector {yoursubdomain}
@@ -463,7 +465,7 @@ Socket inet:8891@localhost
chmod g+r /etc/postfix/dkim/*
</code></pre>
<p>I&rsquo;m using <code>root:opendkim</code> so <code>opendkim</code> doesn&rsquo;t complain about the <code>{yoursubdomani}.private</code> being insecure (you can change that by using the option <code>RequireSafeKeys False</code> in the <code>opendkim.conf</code> file, as stated <a href="http://lists.opendkim.org/archive/opendkim/users/2014/12/3331.html">here</a>).</p>
-<p>That&rsquo;s it for the general configuration, but you could go more in depth and be more secure with some extra configuration as described in the <a href="https://wiki.archlinux.org/index.php/OpenDKIM#Security">Arch Wiki entry for OpenDKIM</a>.</p>
+<p>That&rsquo;s it for the general configuration, but you could go more in depth and be more secure with some extra configuration.</p>
<p>Now, just start/enable the <code>opendkim</code> service:</p>
<pre><code class="language-sh">systemctl start opendkim.service
systemctl enable opendkim.service
@@ -485,9 +487,9 @@ systemctl enable opendkim.service
<p><em>SPF</em> entry: just <code>@</code> as the &ldquo;Host&rdquo; and <code>"v=spf1 mx a:{yoursubdomain}.{yourdomain} - all"</code> as the &ldquo;TXT Value&rdquo;.</p>
</li>
</ol>
-<p>And at this point you could test your mail for spoofing and more, but you don&rsquo;t know -yet- how to login (it&rsquo;s really easy, but I&rsquo;m gonna state that at the end of this entry).</p>
+<p>And at this point you could test your mail for spoofing and more.</p>
<h2 id="spamassassin">SpamAssassin</h2>
-<p><a href="https://wiki.archlinux.org/index.php/SpamAssassin">SpamAssassin</a> is just <em>a mail filter to identify spam</em>.</p>
+<p><a href="https://wiki.archlinux.org/title/SpamAssassin">SpamAssassin</a> is just <em>a mail filter to identify spam</em>.</p>
<p>Install the <code>spamassassin</code> package (which will install a bunch of ugly <code>perl</code> packages&hellip;):</p>
<pre><code class="language-sh">pacman -S spamassassin
</code></pre>
@@ -540,7 +542,7 @@ ExecStart=/usr/bin/vendor_perl/spamd -x -u spamd -g spamd --listen=/run/spamd/sp
systemctl enable spamassassin.service
</code></pre>
<h2 id="wrapping-up">Wrapping up</h2>
-<p>We should have a working mail server by now. Before continuing check your journal logs (<code>journalctl -xe --unit={unit}</code>, where <code>{unit}</code> could be <code>spamassassin.service</code>for example) to see if there was any error whatsoever and try to debug it, it should be a typo somewhere (the logs are generally really descriptive) because all the settings and steps detailed here just (literally just finished doing everything on a new server as of the writing of this text) worked <em>(((it just werks on my machine)))</em>.</p>
+<p>We should have a working mail server by now. Before continuing check your journal logs (<code>journalctl -xe --unit={unit}</code>, where <code>{unit}</code> could be <code>spamassassin.service</code> for example) to see if there was any error whatsoever and try to debug it, it should be a typo somewhere (the logs are generally really descriptive) because all the settings and steps detailed here just (literally just finished doing everything on a new server as of the writing of this text) worked <em>(((it just werks on my machine)))</em>.</p>
<p>Now, to actually use the mail service: first of all, you need a <em>normal</em> account (don&rsquo;t use root) that belongs to the <code>mail</code> group (<code>gpasswd -a user group</code> to add a user <code>user</code> to group <code>group</code>) and that has a password.</p>
<p>Next, to actually login into a mail app/program/whateveryouwanttocallit, you will use the following settings, at least for <code>thunderdbird</code>(I tested in windows default mail app and you don&rsquo;t need a lot of settings):</p>
<ul>
@@ -555,9 +557,11 @@ systemctl enable spamassassin.service
<li>Password: your <code>user</code> password (as in the password you use to login to the server with that user)</li>
</ul>
<p>All that&rsquo;s left to do is test your mail server for spoofing, and to see if everything is setup correctly. Go to <a href="https://www.appmaildev.com/en/dkim">DKIM Test</a> and follow the instructions (basically click next, and send an email with whatever content to the email that they provide). After you send the email, you should see something like:</p>
-<p><img alt="DKIM Test successful" src="images/b/notes/mail/dkim_test_successful.png"></p>
-<p>(Yes, I blurred a lot in the picture just to be sure, either way what&rsquo;s important is the list on the bottom part of the image)</p>
-<p>Finally, that&rsquo;s actually it for this entry, if you have any problem whatsoever you have my info down below.</p>]]></content:encoded>
+<figure id="__yafg-figure-3">
+<img alt="DKIM Test successful" src="images/b/notes/mail/dkim_test_successful.png" title="DKIM Test successful">
+<figcaption>DKIM Test successful</figcaption>
+</figure>
+<p>Finally, that&rsquo;s actually it for this entry, if you have any problem whatsoever you can <a href="https://luevano.xyz/contact.html">contact me</a>.</p>]]></content:encoded>
</item>
<item>
<title>Create a website with Nginx and Certbot</title>
@@ -586,14 +590,18 @@ systemctl enable spamassassin.service
</li>
</ul>
<h2 id="nginx">Nginx</h2>
+<p><a href="https://wiki.archlinux.org/title/Nginx">Nginx</a> is a web (HTTP) server and reverse proxy server.</p>
<p>You have two options: <code>nginx</code> and <code>nginx-mainline</code>. I prefer <code>nginx-mainline</code> because it&rsquo;s the &ldquo;up to date&rdquo; package even though <code>nginx</code> is labeled to be the &ldquo;stable&rdquo; version. Install the package and enable/start the service:</p>
<pre><code class="language-sh">pacman -S nginx-mainline
systemctl enable nginx.service
systemctl start nginx.service
</code></pre>
-<p>And that&rsquo;s it, at this point you can already look at the default initial page of nginx if you enter the ip of your server in a web browser. You should see something like this:</p>
-<p><img alt="Nginx welcome page" src="images/b/notes/nginx/nginx_welcome_page.png"></p>
-<p>As stated in the welcome page, configuration is needed, head to the directory of nginx:</p>
+<p>And that&rsquo;s it, at this point you can already look at the default initial page of Nginx if you enter the IP of your server in a web browser. You should see something like this:</p>
+<figure id="__yafg-figure-1">
+<img alt="Nginx welcome page" src="images/b/notes/nginx/nginx_welcome_page.png" title="Nginx welcome page">
+<figcaption>Nginx welcome page</figcaption>
+</figure>
+<p>As stated in the welcome page, configuration is needed, head to the directory of Nginx:</p>
<pre><code class="language-sh">cd /etc/nginx
</code></pre>
<p>Here you have several files, the important one is <code>nginx.conf</code>, which as its name implies, contains general configuration of the web server. If you peek into the file, you will see that it contains around 120 lines, most of which are commented out and contains the welcome page server block. While you can configure a website in this file, it&rsquo;s common practice to do it on a separate file (so you can scale really easily if needed for mor websites or sub-domains).</p>
@@ -616,7 +624,7 @@ http {
types_hash_max_size 4096;
}
</code></pre>
-<p>Next, inside the directory <code>/etc/nginx/</code> create the <code>sites-available</code> and <code>sites-enabled</code>, and go into the <code>sites-available</code> one:</p>
+<p>Next, inside the directory <code>/etc/nginx/</code> create the <code>sites-available</code> and <code>sites-enabled</code> directories, and go into the <code>sites-available</code> one:</p>
<pre><code class="language-sh">mkdir sites-available
mkdir sites-enabled
cd sites-available
@@ -635,28 +643,32 @@ cd sites-available
}
}
</code></pre>
-<p>Note several things:</p>
+<p>That could serve as a template if you intend to add more domains.</p>
+<p>Note some things:</p>
<ul>
-<li><code>listen</code>: we&rsquo;re telling nginx which port to listen to (ipv4 and ipv6, respectively).</li>
+<li><code>listen</code>: we&rsquo;re telling Nginx which port to listen to (IPv4 and IPv6, respectively).</li>
<li><code>root</code>: the root directory of where the website files (<code>.html</code>, <code>.css</code>, <code>.js</code>, etc. files) are located. I followed Luke&rsquo;s directory path <code>/var/www/some_folder</code>.</li>
-<li><code>server_name</code>: the actual domain to &ldquo;listen&rdquo; to (for my website it is: <code>server_name luevano.xyz www.luevano.xyz</code>; and for this blog is: <code>server_name blog.luevano.xyz www.blog.luevano.xyz</code>).</li>
+<li><code>server_name</code>: the actual domain to &ldquo;listen&rdquo; to (for my website it is: <code>server_name luevano.xyz www.luevano.xyz;</code> and for this blog is: <code>server_name blog.luevano.xyz www.blog.luevano.xyz;</code>).</li>
<li><code>index</code>: what file to serve as the index (could be any <code>.html</code>, <code>.htm</code>, <code>.php</code>, etc. file) when just entering the website.</li>
-<li><code>location</code>: used in case of different configurations across different URL paths.<ul>
-<li><code>try_files</code>: tells what files to look for, don&rsquo;t look into this too much for now.</li>
+<li><code>location</code>: what goes after <code>domain.name</code>, used in case of different configurations depending on the URL paths (deny access on <code>/private</code>, make a proxy on <code>/proxy</code>, etc).<ul>
+<li><code>try_files</code>: tells what files to look for.</li>
</ul>
</li>
</ul>
-<p>Then, make a symbolic from this config file to the <code>sites-enabled</code> directory:</p>
+<p>Then, make a symbolic link from this configuration file to the <code>sites-enabled</code> directory:</p>
<pre><code class="language-sh">ln -s /etc/nginx/sites-available/your_config_file.conf /etc/nginx/sites-enabled
</code></pre>
-<p>This is so the <code>nginx.conf</code> file can look up the newly created server config. With this method of having each server configuration file separate you can easily &ldquo;deactivate&rdquo; any website by just deleting the symbolic link in <code>sites-enabled</code> and you&rsquo;re good, or just add new configuration files and keep everything nice and tidy.</p>
-<p>All you have to do now is restart (or enable and start if you haven&rsquo;t already) the nginx service (and optionally test the configuration):</p>
+<p>This is so the <code>nginx.conf</code> file can look up the newly created server configuration. With this method of having each server configuration file separate you can easily &ldquo;deactivate&rdquo; any website by just deleting the symbolic link in <code>sites-enabled</code> and you&rsquo;re good, or just add new configuration files and keep everything nice and tidy.</p>
+<p>All you have to do now is restart (or enable and start if you haven&rsquo;t already) the Nginx service (and optionally test the configuration):</p>
<pre><code class="language-sh">nginx -t
systemctl restart nginx
</code></pre>
-<p>If everything goes correctly, you can now go to your website by typing &ldquo;domain.name&rdquo; on a web browser. But you will see a &ldquo;404 Not Found&rdquo; page like the following (maybe with different nginx version):</p>
-<p><img alt="Nginx 404 page" src="images/b/notes/nginx/nginx_404_page.png"></p>
-<p>That&rsquo;s no problem, because it means that the web server it&rsquo;s actually working. Just add an <code>index.html</code> file with something simple to see it in action. If you keep seeing the 404 page make sure your <code>root</code> line is correct and that the directory/index file exists.</p>
+<p>If everything goes correctly, you can now go to your website by typing <code>domain.name</code> on a web browser. But you will see a &ldquo;404 Not Found&rdquo; page like the following (maybe with different Nginx version):</p>
+<figure id="__yafg-figure-2">
+<img alt="Nginx 404 Not Found page" src="images/b/notes/nginx/nginx_404_page.png" title="Nginx 404 Not Found page">
+<figcaption>Nginx 404 Not Found page</figcaption>
+</figure>
+<p>That&rsquo;s no problem, because it means that the web server it&rsquo;s actually working. Just add an <code>index.html</code> file with something simple to see it in action (in the <code>/var/www/some_folder</code> that you decided upon). If you keep seeing the 404 page make sure your <code>root</code> line is correct and that the directory/index file exists.</p>
<p>I like to remove the <code>.html</code> and trailing <code>/</code> on the URLs of my website, for that you need to add the following <code>rewrite</code> lines and modify the <code>try_files</code> line (for more: <a href="https://www.seancdavis.com/blog/remove-html-extension-and-trailing-slash-in-nginx-config/">Sean C. Davis: Remove HTML Extension And Trailing Slash In Nginx Config</a>):</p>
<pre><code class="language-nginx">server {
...
@@ -666,20 +678,19 @@ systemctl restart nginx
try_files $uri/index.html $uri.html $uri/ $uri =404;
...
</code></pre>
-<p>For more: <a href="https://wiki.archlinux.org/index.php/nginx">Arch Linux Wiki: nginx</a>.</p>
<h2 id="certbot">Certbot</h2>
-<p>The only &ldquo;bad&rdquo; (bloated) thing about certbot, is that it uses <code>python</code>, but for me it doesn&rsquo;t matter too much. You may want to look up another alternative if you prefer. Install the packages <code>certbot</code> and <code>certbot-nginx</code>:</p>
+<p><a href="https://wiki.archlinux.org/title/Certbot">Certbot</a> is what provides the SSL certificates via <a href="https://letsencrypt.org/">Let&rsquo;s Encrypt</a>.</p>
+<p>The only &ldquo;bad&rdquo; (bloated) thing about Certbot, is that it uses <code>python</code>, but for me it doesn&rsquo;t matter too much. You may want to look up another alternative if you prefer. Install the packages <code>certbot</code> and <code>certbot-nginx</code>:</p>
<pre><code class="language-sh">pacman -S certbot certbot-nginx
</code></pre>
<p>After that, all you have to do now is run <code>certbot</code> and follow the instructions given by the tool:</p>
<pre><code class="language-sh">certbot --nginx
</code></pre>
-<p>It will ask you for some information, for you to accept some agreements and the names to activate https for. Also, you will want to &ldquo;say yes&rdquo; to the redirection from http to https. And that&rsquo;s it, you can now go to your website and see that you have https active.</p>
+<p>It will ask you for some information, for you to accept some agreements and the names to activate HTTPS for. Also, you will want to &ldquo;say yes&rdquo; to the redirection from HTTP to HTTPS. And that&rsquo;s it, you can now go to your website and see that you have HTTPS active.</p>
<p>Now, the certificate given by <code>certbot</code> expires every 3 months or something like that, so you want to renew this certificate every once in a while. Using <code>cron</code>, you can do this by running:</p>
<pre><code class="language-sh">crontab -e
</code></pre>
-<p>And a file will be opened where you need to add a new rule for certbot, just append the line: <code>1 1 1 * * certbot renew</code> (renew on the first day of every month) and you&rsquo;re good. Alternatively use <code>systemd</code> timers as stated in the <a href="https://wiki.archlinux.org/index.php/Certbot#Automatic_renewal">Arch Linux Wiki</a>.</p>
-<p>For more: <a href="https://wiki.archlinux.org/index.php/Certbot">Arch Linux Wiki: Certbot</a>.</p>
+<p>And a file will be opened where you need to add a new rule for Certbot, just append the line: <code>1 1 1 * * certbot renew</code> (renew on the first day of every month) and you&rsquo;re good. Alternatively use <code>systemd</code> timers as stated in the <a href="https://wiki.archlinux.org/title/Certbot#Automatic_renewal">Arch Linux Wiki</a>.</p>
<p>That&rsquo;s it, you now have a website with SSL certificate.</p>]]></content:encoded>
</item>
<item>
diff --git a/blog/dst/sitemap.xml b/blog/dst/sitemap.xml
index bf22510..40b3af4 100644
--- a/blog/dst/sitemap.xml
+++ b/blog/dst/sitemap.xml
@@ -22,19 +22,19 @@
</url>
<url>
<loc>https://blog.luevano.xyz/a/git_server_with_cgit.html</loc>
- <lastmod>2021-06-04</lastmod>
+ <lastmod>2021-06-08</lastmod>
<changefreq>weekly</changefreq>
<priority>1.0</priority>
</url>
<url>
<loc>https://blog.luevano.xyz/a/mail_server_with_postfix.html</loc>
- <lastmod>2021-06-06</lastmod>
+ <lastmod>2021-06-08</lastmod>
<changefreq>weekly</changefreq>
<priority>1.0</priority>
</url>
<url>
<loc>https://blog.luevano.xyz/a/website_with_nginx.html</loc>
- <lastmod>2021-06-06</lastmod>
+ <lastmod>2021-06-08</lastmod>
<changefreq>weekly</changefreq>
<priority>1.0</priority>
</url>
@@ -53,43 +53,43 @@
<url>
<loc>https://blog.luevano.xyz/tag/@english.html</loc>
- <lastmod>2021-06-06</lastmod>
+ <lastmod>2021-06-08</lastmod>
<changefreq>daily</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://blog.luevano.xyz/tag/@server.html</loc>
- <lastmod>2021-06-06</lastmod>
+ <lastmod>2021-06-08</lastmod>
<changefreq>daily</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://blog.luevano.xyz/tag/@short.html</loc>
- <lastmod>2021-06-06</lastmod>
+ <lastmod>2021-06-08</lastmod>
<changefreq>daily</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://blog.luevano.xyz/tag/@spanish.html</loc>
- <lastmod>2021-06-06</lastmod>
+ <lastmod>2021-06-08</lastmod>
<changefreq>daily</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://blog.luevano.xyz/tag/@tools.html</loc>
- <lastmod>2021-06-06</lastmod>
+ <lastmod>2021-06-08</lastmod>
<changefreq>daily</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://blog.luevano.xyz/tag/@tutorial.html</loc>
- <lastmod>2021-06-06</lastmod>
+ <lastmod>2021-06-08</lastmod>
<changefreq>daily</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://blog.luevano.xyz/tag/@update.html</loc>
- <lastmod>2021-06-06</lastmod>
+ <lastmod>2021-06-08</lastmod>
<changefreq>daily</changefreq>
<priority>0.5</priority>
</url>