diff --git a/content/blog/_2022-09-10-how-to-publish-website-without-librepages.md b/content/blog/_2022-09-10-how-to-publish-website-without-librepages.md index fd4be91..1de1cdf 100644 --- a/content/blog/_2022-09-10-how-to-publish-website-without-librepages.md +++ b/content/blog/_2022-09-10-how-to-publish-website-without-librepages.md @@ -5,7 +5,7 @@ description = "Automation services like LibrePages exist to make lives easier bu draft=false [taxonomies] -tags = ['bare-metal', 'nginx', 'JAMStack', 'git', 'self-hosting'] +tags = ['bare-metal', 'nginx', 'JAMStack', 'lets-encrypt', 'self-hosting'] [extra] author = 'realaravinth' @@ -19,10 +19,9 @@ technologies always helps! We will be using the following technologies to deploy our website: -1. GNU/Linux server(Debian) -2. Nginx (webs server) -3. Let's Encrypt (for HTTPS) -4. Gitea (but any Git hosting works) +1. [GNU/Linux server(Debian)](https://debian.org) +2. [Nginx](https://www.nginx.com/) (webs server) +3. [Let's Encrypt](https://letsencrypt.org/) (for HTTPS) Let's get started! @@ -54,27 +53,34 @@ Log out and log back in. ### 1.2) Install and setup firewall(`ufw`) -Uncomplicated Firewall(`ufw`) is a popular firewall that is easy to -set up and maintain. For most installations, this should be enough. -System administrators use firewalls to open only the ports that they -think should receive traffic from external networks. Without it, all -ports will be open, causing a security nightmare. +[Uncomplicated +Firewall(`ufw`)](https://wiki.ubuntu.com/UncomplicatedFirewall) is a +popular firewall that is easy to set up and maintain. For most +installations, this should be enough. System administrators use +firewalls to open only the ports that they think should receive traffic +from external networks. Without it, all ports will be open, causing a +security nightmare. We will require standard SSH (22), and the standard web ports (80 and 443). A comprehensive list of services and the list of ports the listen -on is available at `/etc/services. +on is available at `/etc/services`. -```bash $ sudo apt update && apt upgrade # update system $ sudo apt -install ufw # we are using `ufw` for the firewall +```bash +$ sudo apt update && apt upgrade # update system +$ sudo apt install ufw # we are using `ufw` for the firewall $ sudo ufw allow ssh # allow SSH traffic on port 22, required to log into the server $ sudo ufw enable # deploy firewall ``` ### 1.3) Secure SSH -SSH allows remote access to our servers over secure, encrypted -channels. By default, users can log in with their password -using SSH. But password authentication is susceptible to brute force attacks, so we should disable password logins on our server and only allow public-key authentication only. +SSH allows remote access to our servers over secure, encrypted channels. +By default, users can log in with their password using SSH. But password +authentication [is susceptible to brute force +attacks](https://wiki.archlinux.org/title/OpenSSH#Protecting_against_brute_force_attacks), +so we should [disable password logins on our server and only allow +public-key authentication +only](https://wiki.archlinux.org/title/OpenSSH#Force_public_key_authentication). ### 1.3.1) Generate key pair @@ -148,7 +154,10 @@ $ sudo systemctl restart sshd ### 1.3) Install and setup `fail2ban` -We will be using `fail2ban` for intrusion prevention by blackiisting entities (users, bots, etc.) based on failed login attempts. +We will be using +[`fail2ban`](https://www.fail2ban.org/wiki/index.php/Main_Page) for +intrusion prevention by blacklisting entities (users, bots, etc.) based +on failed login attempts. #### 1.3.1) Install `fail2ban` @@ -348,7 +357,8 @@ will have to log in every three months and renew the certificate. If you fail or forget it, your visitors will see security warnings on your website. -Thankfully, Let's Encrypt provides automation through `certbot` +Thankfully, there is a way to automate this process through +[`certbot`](https://certbot.eff.org/) #### 2.3.1) Install `certbot`: