<contenttype="html"><p>These past couple of months have been very busy interesting, LibrePages
went from being a simple <code>git pull</code> webhook to fully-fledged platform
that can deploy static sites from <em>any</em> Git forge.</p>
<p>This month, the following things were accomplished:</p>
<h2 id="1-deploy-site-from-dashboard">1. Deploy site from dashboard<a class="zola-anchor" href="#1-deploy-site-from-dashboard" aria-label="Anchor link for: 1-deploy-site-from-dashboard"
<p>It is now possible to deploy and manage websites with log inspection
right from the dashboard. LibrePages will automatically assign a
randomly generated, but friendly-sounding subdomain on a domain that the
LibrePages system manages. It is also possible to inspect deployment
events, like site updates, to troubleshoot errors in the deployment
pipelines.</p>
<p>Custom domain support isn't available at the moment but will be
implemented soon.</p>
<h2 id="2-forms-support">2. Forms support<a class="zola-anchor" href="#2-forms-support" aria-label="Anchor link for: 2-forms-support"
<p>LibrePages is modular, it can be integrated into any existing system,
like <a href="https://gna.org">Gna!</a> and <a href="https://enough.community/">Enough
Community</a> to provide static site hosting. We
do this using
<a href="https://git.batsense.net/LibrePages/conductor">Conductor</a>, which allows
LibrePages to integrate with multiple DNS servers/providers, reverse
proxies and other third-party applications that LibrePages would depend
on.</p>
<p>Currently, we are working on supporting a system based on Nginx, Bind9 and Let's Encrypt.</p>
<h2 id="6-infrastructure-as-code">6. Infrastructure-as-Code<a class="zola-anchor" href="#6-infrastructure-as-code" aria-label="Anchor link for: 6-infrastructure-as-code"
<p><a href="https://git.batsense.net/LibrePages/Infrastructure-as-Code">Infrastructure as code to deploy the full
system</a> is
being worked on. So far, we've implemented deploying a Debian server
using Terraform and libvirt. Installing and and configuring LibrePages
is being worked on.</p>
<h2 id="thanks">Thanks<a class="zola-anchor" href="#thanks" aria-label="Anchor link for: thanks"
<p>I would like to thank the <a href="https://www.easter-eggs.com/">Easter-eggs</a>
for funding team for funding <a href="https://forum.gna.org/t/5-000-contract-aravinth-manivannan-easter-eggs/58">my work on
<h3 id="1-1-give-your-account-sudo-privileges">1.1) Give your account <code>sudo</code> privileges<a class="zola-anchor" href="#1-1-give-your-account-sudo-privileges" aria-label="Anchor link for: 1-1-give-your-account-sudo-privileges"
</span><span style="color:#65737e;"># add `realaravinth`, my account` to `sudo` group to be able to use `sudo`
</span><span style="color:#bf616a;">usermod -aG</span><span> sudo realaravinth </span><span style="color:#65737e;"># my account is called `realaravinth`, replace it with yours
</span><span style="color:#bf616a;">$</span><span> sudo apt install ufw </span><span style="color:#65737e;"># we are using `ufw` for the firewall
</span><span style="color:#bf616a;">$</span><span> sudo ufw allow ssh </span><span style="color:#65737e;"># allow SSH traffic on port 22, required to log into the server
<p>SSH allows remote access to our servers over secure, encrypted channels.
By default, users can log in with their password using SSH. But password
authentication <a href="https://wiki.archlinux.org/title/OpenSSH#Protecting_against_brute_force_attacks">is susceptible to brute force
attacks</a>,
so we should <a href="https://wiki.archlinux.org/title/OpenSSH#Force_public_key_authentication">disable password logins on our server and only allow
</span><span style="color:#bf616a;">Enter</span><span> file in which to save the key (/home/realaravinth/.ssh/id_rsa)</span><span style="color:#96b5b4;">:
</span><span style="color:#bf616a;">Enter</span><span> passphrase (empty for no passphrase)</span><span style="color:#96b5b4;">:
</span><span style="color:#bf616a;">Enter</span><span> same passphrase again:
</span><span style="color:#bf616a;">Your</span><span> identification has been saved in /home/realaravinth/.ssh/id_rsa
</span><span style="color:#bf616a;">Your</span><span> public key has been saved in /home/realaravinth/.ssh/id_rsa.pub
</span><span style="color:#bf616a;">The</span><span> key fingerprint is:
</span><span style="color:#bf616a;">The</span><span> key&#39;</span><span style="color:#a3be8c;">s random art image is:
</span><span style="color:#bf616a;">/usr/bin/ssh-copy-id:</span><span> INFO: Source of key(s) </span><span style="color:#bf616a;">to</span><span> be installed: &quot;</span><span style="color:#a3be8c;">/home/realaravinth/.ssh/id_rsa.pub</span><span>&quot;
</span><span style="color:#bf616a;">/usr/bin/ssh-copy-id:</span><span> INFO: attempting to log in with the new key(s)</span><span style="color:#bf616a;">,</span><span> to filter out any that are already installed
</span><span style="color:#bf616a;">/usr/bin/ssh-copy-id:</span><span> INFO: 1 key(s) </span><span style="color:#bf616a;">remain</span><span> to be installed -- if you are prompted now it is to install the new keys
<a href="https://www.fail2ban.org/wiki/index.php/Main_Page"><code>fail2ban</code></a> for
intrusion prevention by blacklisting entities (users, bots, etc.) based
<p>Open <code>fail2ban</code> configuration at <code>/etc/fail2ban/jail.conf</code> and add the following lines:</p>
<h4 id="1-3-3-configure-fail2ban-to-start-on-boot">1.3.3) Configure <code>fail2ban</code> to start on boot<a class="zola-anchor" href="#1-3-3-configure-fail2ban-to-start-on-boot" aria-label="Anchor link for: 1-3-3-configure-fail2ban-to-start-on-boot"
<h4 id="1-4-2-allow-web-traffic-open-ports-80-and-443">1.4.2) Allow web traffic: open ports <code>80</code> and <code>443</code><a class="zola-anchor" href="#1-4-2-allow-web-traffic-open-ports-80-and-443" aria-label="Anchor link for: 1-4-2-allow-web-traffic-open-ports-80-and-443"
<h4 id="1-4-2-configure-nginx-to-start-on-boot">1.4.2) Configure <code>nginx</code> to start on boot<a class="zola-anchor" href="#1-4-2-configure-nginx-to-start-on-boot" aria-label="Anchor link for: 1-4-2-configure-nginx-to-start-on-boot"
</span><span>&lt;p&gt;If </span><span style="color:#bf616a;">you</span><span> see this page, the nginx web server is successfully installed and
</span><span style="color:#bf616a;">working.</span><span> Further configuration is required.&lt;/p&gt;
</span><span>
</span><span>&lt;p&gt;For </span><span style="color:#bf616a;">online</span><span> documentation and support please refer to
</span><span>&lt;p&gt;&lt;em&gt;Thank </span><span style="color:#bf616a;">you</span><span> for using nginx.&lt;/em&gt;&lt;/p&gt;
<p>For this demo, we'll deploy a single file(<code>index.html</code>)
HTML website.</p>
<h3 id="2-1-install-the-webpage-on-the-server">2.1) Install the webpage on the server<a class="zola-anchor" href="#2-1-install-the-webpage-on-the-server" aria-label="Anchor link for: 2-1-install-the-webpage-on-the-server"
</span><span>&lt;</span><span style="color:#bf616a;">h1</span><span>&gt;Welcome to my website! o/&lt;/</span><span style="color:#bf616a;">h1</span><span>&gt;
<h3 id="2-2-serve-webpage-on-a-custom-domain">2.2) Serve webpage on a custom domain<a class="zola-anchor" href="#2-2-serve-webpage-on-a-custom-domain" aria-label="Anchor link for: 2-2-serve-webpage-on-a-custom-domain"
<h4 id="2-2-1-buy-a-domain-if-you-don-t-own-one-already">2.2.1) Buy a domain if you don't own one already<a class="zola-anchor" href="#2-2-1-buy-a-domain-if-you-don-t-own-one-already" aria-label="Anchor link for: 2-2-1-buy-a-domain-if-you-don-t-own-one-already"
<h4 id="2-2-2-go-to-the-domain-s-dns-dashboard-and-add-the-following-record">2.2.2) Go to the domain's DNS dashboard and add the following record<a class="zola-anchor" href="#2-2-2-go-to-the-domain-s-dns-dashboard-and-add-the-following-record" aria-label="Anchor link for: 2-2-2-go-to-the-domain-s-dns-dashboard-and-add-the-following-record"
<h4 id="2-2-3-setup-nginx-to-serve-the-website-at-http-your-domain">2.2.3) Setup <code>nginx</code> to serve the website at <code>http://&lt;your-domain&gt;</code><a class="zola-anchor" href="#2-2-3-setup-nginx-to-serve-the-website-at-http-your-domain" aria-label="Anchor link for: 2-2-3-setup-nginx-to-serve-the-website-at-http-your-domain"
<p>Your webpage should now be accessible at <code>http://&lt;your-domain&gt;</code>!</p>
<h3 id="2-3-install-certbot-to-set-up-https">2.3) Install <code>certbot</code> to set up HTTPS<a class="zola-anchor" href="#2-3-install-certbot-to-set-up-https" aria-label="Anchor link for: 2-3-install-certbot-to-set-up-https"
<h4 id="2-3-2-get-a-certificate-for-your-domain">2.3.2) Get a certificate for <code>&lt;your-domain&gt;</code><a class="zola-anchor" href="#2-3-2-get-a-certificate-for-your-domain" aria-label="Anchor link for: 2-3-2-get-a-certificate-for-your-domain"