From 4dc57a13ad7accb702a43ebe16efd5ac76673cc8 Mon Sep 17 00:00:00 2001
From: realaravinth
We will be using the following technologies to deploy our website:
Let's get started!
Uncomplicated Firewall(ufw
) is a popular firewall that is easy to
-set up and maintain. For most installations, this should be enough.
-System administrators use firewalls to open only the ports that they
-think should receive traffic from external networks. Without it, all
-ports will be open, causing a security nightmare.
Uncomplicated
+Firewall(ufw
) is a
+popular firewall that is easy to set up and maintain. For most
+installations, this should be enough. System administrators use
+firewalls to open only the ports that they think should receive traffic
+from external networks. Without it, all ports will be open, causing a
+security nightmare.
We will require standard SSH (22), and the standard web ports (80 and 443). A comprehensive list of services and the list of ports the listen -on is available at `/etc/services.
-install ufw # we are using `ufw` for the firewall
-$ sudo ufw allow ssh # allow SSH traffic on port 22, required to log into the server
-$ sudo ufw enable # deploy firewall
+on is available at /etc/services
.
+$ sudo apt update && apt upgrade # update system
+$ sudo apt install ufw # we are using `ufw` for the firewall
+$ sudo ufw allow ssh # allow SSH traffic on port 22, required to log into the server
+$ sudo ufw enable # deploy firewall
1.3) Secure SSH
-
SSH allows remote access to our servers over secure, encrypted
-channels. By default, users can log in with their password
-using SSH. But password authentication is susceptible to brute force attacks, so we should disable password logins on our server and only allow public-key authentication only.
+SSH allows remote access to our servers over secure, encrypted channels.
+By default, users can log in with their password using SSH. But password
+authentication is susceptible to brute force
+attacks,
+so we should disable password logins on our server and only allow
+public-key authentication
+only.
1.3.1) Generate key pair
-
@@ -525,7 +531,10 @@ the server, let's disable password authentication on the server:
>
We will be using fail2ban
for intrusion prevention by blackiisting entities (users, bots, etc.) based on failed login attempts.
+We will be using
+fail2ban
for
+intrusion prevention by blacklisting entities (users, bots, etc.) based
+on failed login attempts.
1.3.1) Install fail2ban
@@ -709,7 +718,8 @@ authority to get our SSL certificates.
will have to log in every three months and renew the
certificate. If you fail or forget it, your visitors will see security
warnings on your website.
-
Thankfully, Let's Encrypt provides automation through certbot
+Thankfully, there is a way to automate this process through
+certbot
2.3.1) Install certbot
:
@@ -760,7 +770,7 @@ you.
#JAMStack
- #git
+ #lets-encrypt
#self-hosting
diff --git a/blog/atom.xml b/blog/atom.xml
index bddb365..70c6934 100644
--- a/blog/atom.xml
+++ b/blog/atom.xml
@@ -19,10 +19,9 @@ but knowing how to do it manually using industry standard
technologies always helps!</p>
<p>We will be using the following technologies to deploy our website:</p>
<ol>
-<li>GNU/Linux server(Debian)</li>
-<li>Nginx (webs server)</li>
-<li>Let's Encrypt (for HTTPS)</li>
-<li>Gitea (but any Git hosting works)</li>
+<li><a href="https://debian.org">GNU/Linux server(Debian)</a></li>
+<li><a href="https://www.nginx.com/">Nginx</a> (webs server)</li>
+<li><a href="https://letsencrypt.org/">Let's Encrypt</a> (for HTTPS)</li>
</ol>
<p>Let's get started!</p>
<h2 id="1-setup-debian-gnu-linux">1. Setup Debian GNU/Linux<a class="zola-anchor" href="#1-setup-debian-gnu-linux" aria-label="Anchor link for: 1-setup-debian-gnu-linux"
@@ -53,25 +52,32 @@ from a lower-privileged account. Let's make our account sudo capable:<
><span class="anchor-icon">#</span></a
>
</h3>
-<p>Uncomplicated Firewall(<code>ufw</code>) is a popular firewall that is easy to
-set up and maintain. For most installations, this should be enough.
-System administrators use firewalls to open only the ports that they
-think should receive traffic from external networks. Without it, all
-ports will be open, causing a security nightmare.</p>
+<p><a href="https://wiki.ubuntu.com/UncomplicatedFirewall">Uncomplicated
+Firewall(<code>ufw</code>)</a> is a
+popular firewall that is easy to set up and maintain. For most
+installations, this should be enough. System administrators use
+firewalls to open only the ports that they think should receive traffic
+from external networks. Without it, all ports will be open, causing a
+security nightmare.</p>
<p>We will require standard SSH (22), and the standard web ports (80 and
443). A comprehensive list of services and the list of ports the listen
-on is available at `/etc/services.</p>
-<pre data-lang="bash $ sudo apt update && apt upgrade # update system $ sudo apt" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash $ sudo apt update && apt upgrade # update system $ sudo apt "><code class="language-bash $ sudo apt update && apt upgrade # update system $ sudo apt" data-lang="bash $ sudo apt update && apt upgrade # update system $ sudo apt"><span>install ufw # we are using `ufw` for the firewall
-</span><span>$ sudo ufw allow ssh # allow SSH traffic on port 22, required to log into the server
-</span><span>$ sudo ufw enable # deploy firewall
+on is available at <code>/etc/services</code>.</p>
+<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> sudo apt update && </span><span style="color:#bf616a;">apt</span><span> upgrade </span><span style="color:#65737e;"># update system
+</span><span style="color:#bf616a;">$</span><span> sudo apt install ufw </span><span style="color:#65737e;"># we are using `ufw` for the firewall
+</span><span style="color:#bf616a;">$</span><span> sudo ufw allow ssh </span><span style="color:#65737e;"># allow SSH traffic on port 22, required to log into the server
+</span><span style="color:#bf616a;">$</span><span> sudo ufw enable </span><span style="color:#65737e;"># deploy firewall
</span></code></pre>
<h3 id="1-3-secure-ssh">1.3) Secure SSH<a class="zola-anchor" href="#1-3-secure-ssh" aria-label="Anchor link for: 1-3-secure-ssh"
><span class="anchor-icon">#</span></a
>
</h3>
-<p>SSH allows remote access to our servers over secure, encrypted
-channels. By default, users can log in with their password
-using SSH. But password authentication is susceptible to brute force attacks, so we should disable password logins on our server and only allow public-key authentication only.</p>
+<p>SSH allows remote access to our servers over secure, encrypted channels.
+By default, users can log in with their password using SSH. But password
+authentication <a href="https://wiki.archlinux.org/title/OpenSSH#Protecting_against_brute_force_attacks">is susceptible to brute force
+attacks</a>,
+so we should <a href="https://wiki.archlinux.org/title/OpenSSH#Force_public_key_authentication">disable password logins on our server and only allow
+public-key authentication
+only</a>.</p>
<h3 id="1-3-1-generate-key-pair">1.3.1) Generate key pair<a class="zola-anchor" href="#1-3-1-generate-key-pair" aria-label="Anchor link for: 1-3-1-generate-key-pair"
><span class="anchor-icon">#</span></a
>
@@ -139,7 +145,10 @@ the server, let's disable password authentication on the server:</p
><span class="anchor-icon">#</span></a
>
</h3>
-<p>We will be using <code>fail2ban</code> for intrusion prevention by blackiisting entities (users, bots, etc.) based on failed login attempts.</p>
+<p>We will be using
+<a href="https://www.fail2ban.org/wiki/index.php/Main_Page"><code>fail2ban</code></a> for
+intrusion prevention by blacklisting entities (users, bots, etc.) based
+on failed login attempts.</p>
<h4 id="1-3-1-install-fail2ban">1.3.1) Install <code>fail2ban</code><a class="zola-anchor" href="#1-3-1-install-fail2ban" aria-label="Anchor link for: 1-3-1-install-fail2ban"
><span class="anchor-icon">#</span></a
>
@@ -323,7 +332,8 @@ authority to get our SSL certificates.</p>
will have to log in every three months and renew the
certificate. If you fail or forget it, your visitors will see security
warnings on your website.</p>
-<p>Thankfully, Let's Encrypt provides automation through <code>certbot</code></p>
+<p>Thankfully, there is a way to automate this process through
+<a href="https://certbot.eff.org/"><code>certbot</code></a></p>
<h4 id="2-3-1-install-certbot">2.3.1) Install <code>certbot</code>:<a class="zola-anchor" href="#2-3-1-install-certbot" aria-label="Anchor link for: 2-3-1-install-certbot"
><span class="anchor-icon">#</span></a
>
diff --git a/blog/index.html b/blog/index.html
index 95dbce4..8b3ad67 100644
--- a/blog/index.html
+++ b/blog/index.html
@@ -265,8 +265,8 @@ general development ecosystem" />
>#JAMStack
- #git#lets-encrypt
https://librepages.org/tags/bare-metal/
- https://librepages.org/tags/git/
+ https://librepages.org/tags/jamstack/
- https://librepages.org/tags/jamstack/
+ https://librepages.org/tags/lets-encrypt/
https://librepages.org/tags/nginx/
diff --git a/tags/bare-metal/atom.xml b/tags/bare-metal/atom.xml
index a3e2293..964d7db 100644
--- a/tags/bare-metal/atom.xml
+++ b/tags/bare-metal/atom.xml
@@ -19,10 +19,9 @@ but knowing how to do it manually using industry standard
technologies always helps!</p>
<p>We will be using the following technologies to deploy our website:</p>
<ol>
-<li>GNU/Linux server(Debian)</li>
-<li>Nginx (webs server)</li>
-<li>Let's Encrypt (for HTTPS)</li>
-<li>Gitea (but any Git hosting works)</li>
+<li><a href="https://debian.org">GNU/Linux server(Debian)</a></li>
+<li><a href="https://www.nginx.com/">Nginx</a> (webs server)</li>
+<li><a href="https://letsencrypt.org/">Let's Encrypt</a> (for HTTPS)</li>
</ol>
<p>Let's get started!</p>
<h2 id="1-setup-debian-gnu-linux">1. Setup Debian GNU/Linux<a class="zola-anchor" href="#1-setup-debian-gnu-linux" aria-label="Anchor link for: 1-setup-debian-gnu-linux"
@@ -53,25 +52,32 @@ from a lower-privileged account. Let's make our account sudo capable:<
><span class="anchor-icon">#</span></a
>
</h3>
-<p>Uncomplicated Firewall(<code>ufw</code>) is a popular firewall that is easy to
-set up and maintain. For most installations, this should be enough.
-System administrators use firewalls to open only the ports that they
-think should receive traffic from external networks. Without it, all
-ports will be open, causing a security nightmare.</p>
+<p><a href="https://wiki.ubuntu.com/UncomplicatedFirewall">Uncomplicated
+Firewall(<code>ufw</code>)</a> is a
+popular firewall that is easy to set up and maintain. For most
+installations, this should be enough. System administrators use
+firewalls to open only the ports that they think should receive traffic
+from external networks. Without it, all ports will be open, causing a
+security nightmare.</p>
<p>We will require standard SSH (22), and the standard web ports (80 and
443). A comprehensive list of services and the list of ports the listen
-on is available at `/etc/services.</p>
-<pre data-lang="bash $ sudo apt update && apt upgrade # update system $ sudo apt" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash $ sudo apt update && apt upgrade # update system $ sudo apt "><code class="language-bash $ sudo apt update && apt upgrade # update system $ sudo apt" data-lang="bash $ sudo apt update && apt upgrade # update system $ sudo apt"><span>install ufw # we are using `ufw` for the firewall
-</span><span>$ sudo ufw allow ssh # allow SSH traffic on port 22, required to log into the server
-</span><span>$ sudo ufw enable # deploy firewall
+on is available at <code>/etc/services</code>.</p>
+<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> sudo apt update && </span><span style="color:#bf616a;">apt</span><span> upgrade </span><span style="color:#65737e;"># update system
+</span><span style="color:#bf616a;">$</span><span> sudo apt install ufw </span><span style="color:#65737e;"># we are using `ufw` for the firewall
+</span><span style="color:#bf616a;">$</span><span> sudo ufw allow ssh </span><span style="color:#65737e;"># allow SSH traffic on port 22, required to log into the server
+</span><span style="color:#bf616a;">$</span><span> sudo ufw enable </span><span style="color:#65737e;"># deploy firewall
</span></code></pre>
<h3 id="1-3-secure-ssh">1.3) Secure SSH<a class="zola-anchor" href="#1-3-secure-ssh" aria-label="Anchor link for: 1-3-secure-ssh"
><span class="anchor-icon">#</span></a
>
</h3>
-<p>SSH allows remote access to our servers over secure, encrypted
-channels. By default, users can log in with their password
-using SSH. But password authentication is susceptible to brute force attacks, so we should disable password logins on our server and only allow public-key authentication only.</p>
+<p>SSH allows remote access to our servers over secure, encrypted channels.
+By default, users can log in with their password using SSH. But password
+authentication <a href="https://wiki.archlinux.org/title/OpenSSH#Protecting_against_brute_force_attacks">is susceptible to brute force
+attacks</a>,
+so we should <a href="https://wiki.archlinux.org/title/OpenSSH#Force_public_key_authentication">disable password logins on our server and only allow
+public-key authentication
+only</a>.</p>
<h3 id="1-3-1-generate-key-pair">1.3.1) Generate key pair<a class="zola-anchor" href="#1-3-1-generate-key-pair" aria-label="Anchor link for: 1-3-1-generate-key-pair"
><span class="anchor-icon">#</span></a
>
@@ -139,7 +145,10 @@ the server, let's disable password authentication on the server:</p
><span class="anchor-icon">#</span></a
>
</h3>
-<p>We will be using <code>fail2ban</code> for intrusion prevention by blackiisting entities (users, bots, etc.) based on failed login attempts.</p>
+<p>We will be using
+<a href="https://www.fail2ban.org/wiki/index.php/Main_Page"><code>fail2ban</code></a> for
+intrusion prevention by blacklisting entities (users, bots, etc.) based
+on failed login attempts.</p>
<h4 id="1-3-1-install-fail2ban">1.3.1) Install <code>fail2ban</code><a class="zola-anchor" href="#1-3-1-install-fail2ban" aria-label="Anchor link for: 1-3-1-install-fail2ban"
><span class="anchor-icon">#</span></a
>
@@ -323,7 +332,8 @@ authority to get our SSL certificates.</p>
will have to log in every three months and renew the
certificate. If you fail or forget it, your visitors will see security
warnings on your website.</p>
-<p>Thankfully, Let's Encrypt provides automation through <code>certbot</code></p>
+<p>Thankfully, there is a way to automate this process through
+<a href="https://certbot.eff.org/"><code>certbot</code></a></p>
<h4 id="2-3-1-install-certbot">2.3.1) Install <code>certbot</code>:<a class="zola-anchor" href="#2-3-1-install-certbot" aria-label="Anchor link for: 2-3-1-install-certbot"
><span class="anchor-icon">#</span></a
>
diff --git a/tags/bare-metal/index.html b/tags/bare-metal/index.html
index dd82e17..68d9f76 100644
--- a/tags/bare-metal/index.html
+++ b/tags/bare-metal/index.html
@@ -259,7 +259,7 @@
#JAMStack
- #git
+ #lets-encrypt
#self-hosting
diff --git a/tags/index.html b/tags/index.html
index 4209f40..d4b7f3c 100644
--- a/tags/index.html
+++ b/tags/index.html
@@ -252,26 +252,6 @@
-
-
- #git
-
-
-
-
-
-
-
-
-
-
-
-
-
#JAMStack
@@ -292,6 +272,26 @@
+
+
+ #lets-encrypt
+
+
+
+
+
+
+
+
+
+
+
+
+
#nginx
diff --git a/tags/jamstack/atom.xml b/tags/jamstack/atom.xml
index a769f0b..ab83efb 100644
--- a/tags/jamstack/atom.xml
+++ b/tags/jamstack/atom.xml
@@ -19,10 +19,9 @@ but knowing how to do it manually using industry standard
technologies always helps!</p>
<p>We will be using the following technologies to deploy our website:</p>
<ol>
-<li>GNU/Linux server(Debian)</li>
-<li>Nginx (webs server)</li>
-<li>Let's Encrypt (for HTTPS)</li>
-<li>Gitea (but any Git hosting works)</li>
+<li><a href="https://debian.org">GNU/Linux server(Debian)</a></li>
+<li><a href="https://www.nginx.com/">Nginx</a> (webs server)</li>
+<li><a href="https://letsencrypt.org/">Let's Encrypt</a> (for HTTPS)</li>
</ol>
<p>Let's get started!</p>
<h2 id="1-setup-debian-gnu-linux">1. Setup Debian GNU/Linux<a class="zola-anchor" href="#1-setup-debian-gnu-linux" aria-label="Anchor link for: 1-setup-debian-gnu-linux"
@@ -53,25 +52,32 @@ from a lower-privileged account. Let's make our account sudo capable:<
><span class="anchor-icon">#</span></a
>
</h3>
-<p>Uncomplicated Firewall(<code>ufw</code>) is a popular firewall that is easy to
-set up and maintain. For most installations, this should be enough.
-System administrators use firewalls to open only the ports that they
-think should receive traffic from external networks. Without it, all
-ports will be open, causing a security nightmare.</p>
+<p><a href="https://wiki.ubuntu.com/UncomplicatedFirewall">Uncomplicated
+Firewall(<code>ufw</code>)</a> is a
+popular firewall that is easy to set up and maintain. For most
+installations, this should be enough. System administrators use
+firewalls to open only the ports that they think should receive traffic
+from external networks. Without it, all ports will be open, causing a
+security nightmare.</p>
<p>We will require standard SSH (22), and the standard web ports (80 and
443). A comprehensive list of services and the list of ports the listen
-on is available at `/etc/services.</p>
-<pre data-lang="bash $ sudo apt update && apt upgrade # update system $ sudo apt" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash $ sudo apt update && apt upgrade # update system $ sudo apt "><code class="language-bash $ sudo apt update && apt upgrade # update system $ sudo apt" data-lang="bash $ sudo apt update && apt upgrade # update system $ sudo apt"><span>install ufw # we are using `ufw` for the firewall
-</span><span>$ sudo ufw allow ssh # allow SSH traffic on port 22, required to log into the server
-</span><span>$ sudo ufw enable # deploy firewall
+on is available at <code>/etc/services</code>.</p>
+<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> sudo apt update && </span><span style="color:#bf616a;">apt</span><span> upgrade </span><span style="color:#65737e;"># update system
+</span><span style="color:#bf616a;">$</span><span> sudo apt install ufw </span><span style="color:#65737e;"># we are using `ufw` for the firewall
+</span><span style="color:#bf616a;">$</span><span> sudo ufw allow ssh </span><span style="color:#65737e;"># allow SSH traffic on port 22, required to log into the server
+</span><span style="color:#bf616a;">$</span><span> sudo ufw enable </span><span style="color:#65737e;"># deploy firewall
</span></code></pre>
<h3 id="1-3-secure-ssh">1.3) Secure SSH<a class="zola-anchor" href="#1-3-secure-ssh" aria-label="Anchor link for: 1-3-secure-ssh"
><span class="anchor-icon">#</span></a
>
</h3>
-<p>SSH allows remote access to our servers over secure, encrypted
-channels. By default, users can log in with their password
-using SSH. But password authentication is susceptible to brute force attacks, so we should disable password logins on our server and only allow public-key authentication only.</p>
+<p>SSH allows remote access to our servers over secure, encrypted channels.
+By default, users can log in with their password using SSH. But password
+authentication <a href="https://wiki.archlinux.org/title/OpenSSH#Protecting_against_brute_force_attacks">is susceptible to brute force
+attacks</a>,
+so we should <a href="https://wiki.archlinux.org/title/OpenSSH#Force_public_key_authentication">disable password logins on our server and only allow
+public-key authentication
+only</a>.</p>
<h3 id="1-3-1-generate-key-pair">1.3.1) Generate key pair<a class="zola-anchor" href="#1-3-1-generate-key-pair" aria-label="Anchor link for: 1-3-1-generate-key-pair"
><span class="anchor-icon">#</span></a
>
@@ -139,7 +145,10 @@ the server, let's disable password authentication on the server:</p
><span class="anchor-icon">#</span></a
>
</h3>
-<p>We will be using <code>fail2ban</code> for intrusion prevention by blackiisting entities (users, bots, etc.) based on failed login attempts.</p>
+<p>We will be using
+<a href="https://www.fail2ban.org/wiki/index.php/Main_Page"><code>fail2ban</code></a> for
+intrusion prevention by blacklisting entities (users, bots, etc.) based
+on failed login attempts.</p>
<h4 id="1-3-1-install-fail2ban">1.3.1) Install <code>fail2ban</code><a class="zola-anchor" href="#1-3-1-install-fail2ban" aria-label="Anchor link for: 1-3-1-install-fail2ban"
><span class="anchor-icon">#</span></a
>
@@ -323,7 +332,8 @@ authority to get our SSL certificates.</p>
will have to log in every three months and renew the
certificate. If you fail or forget it, your visitors will see security
warnings on your website.</p>
-<p>Thankfully, Let's Encrypt provides automation through <code>certbot</code></p>
+<p>Thankfully, there is a way to automate this process through
+<a href="https://certbot.eff.org/"><code>certbot</code></a></p>
<h4 id="2-3-1-install-certbot">2.3.1) Install <code>certbot</code>:<a class="zola-anchor" href="#2-3-1-install-certbot" aria-label="Anchor link for: 2-3-1-install-certbot"
><span class="anchor-icon">#</span></a
>
diff --git a/tags/jamstack/index.html b/tags/jamstack/index.html
index c546ba7..0ad8177 100644
--- a/tags/jamstack/index.html
+++ b/tags/jamstack/index.html
@@ -259,7 +259,7 @@
#JAMStack
- #git
+ #lets-encrypt
#self-hosting
diff --git a/tags/git/atom.xml b/tags/lets-encrypt/atom.xml
similarity index 91%
rename from tags/git/atom.xml
rename to tags/lets-encrypt/atom.xml
index e30b870..3b97185 100644
--- a/tags/git/atom.xml
+++ b/tags/lets-encrypt/atom.xml
@@ -1,11 +1,11 @@
- - git
-
+ - lets-encrypt
+
Zola
2022-09-10T00:00:00+00:00
- https://librepages.org/tags/git/atom.xml
+ https://librepages.org/tags/lets-encrypt/atom.xml
How to deploy a website WITHOUT LibrePages
2022-09-10T00:00:00+00:00
@@ -19,10 +19,9 @@ but knowing how to do it manually using industry standard
technologies always helps!</p>
<p>We will be using the following technologies to deploy our website:</p>
<ol>
-<li>GNU/Linux server(Debian)</li>
-<li>Nginx (webs server)</li>
-<li>Let's Encrypt (for HTTPS)</li>
-<li>Gitea (but any Git hosting works)</li>
+<li><a href="https://debian.org">GNU/Linux server(Debian)</a></li>
+<li><a href="https://www.nginx.com/">Nginx</a> (webs server)</li>
+<li><a href="https://letsencrypt.org/">Let's Encrypt</a> (for HTTPS)</li>
</ol>
<p>Let's get started!</p>
<h2 id="1-setup-debian-gnu-linux">1. Setup Debian GNU/Linux<a class="zola-anchor" href="#1-setup-debian-gnu-linux" aria-label="Anchor link for: 1-setup-debian-gnu-linux"
@@ -53,25 +52,32 @@ from a lower-privileged account. Let's make our account sudo capable:<
><span class="anchor-icon">#</span></a
>
</h3>
-<p>Uncomplicated Firewall(<code>ufw</code>) is a popular firewall that is easy to
-set up and maintain. For most installations, this should be enough.
-System administrators use firewalls to open only the ports that they
-think should receive traffic from external networks. Without it, all
-ports will be open, causing a security nightmare.</p>
+<p><a href="https://wiki.ubuntu.com/UncomplicatedFirewall">Uncomplicated
+Firewall(<code>ufw</code>)</a> is a
+popular firewall that is easy to set up and maintain. For most
+installations, this should be enough. System administrators use
+firewalls to open only the ports that they think should receive traffic
+from external networks. Without it, all ports will be open, causing a
+security nightmare.</p>
<p>We will require standard SSH (22), and the standard web ports (80 and
443). A comprehensive list of services and the list of ports the listen
-on is available at `/etc/services.</p>
-<pre data-lang="bash $ sudo apt update && apt upgrade # update system $ sudo apt" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash $ sudo apt update && apt upgrade # update system $ sudo apt "><code class="language-bash $ sudo apt update && apt upgrade # update system $ sudo apt" data-lang="bash $ sudo apt update && apt upgrade # update system $ sudo apt"><span>install ufw # we are using `ufw` for the firewall
-</span><span>$ sudo ufw allow ssh # allow SSH traffic on port 22, required to log into the server
-</span><span>$ sudo ufw enable # deploy firewall
+on is available at <code>/etc/services</code>.</p>
+<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> sudo apt update && </span><span style="color:#bf616a;">apt</span><span> upgrade </span><span style="color:#65737e;"># update system
+</span><span style="color:#bf616a;">$</span><span> sudo apt install ufw </span><span style="color:#65737e;"># we are using `ufw` for the firewall
+</span><span style="color:#bf616a;">$</span><span> sudo ufw allow ssh </span><span style="color:#65737e;"># allow SSH traffic on port 22, required to log into the server
+</span><span style="color:#bf616a;">$</span><span> sudo ufw enable </span><span style="color:#65737e;"># deploy firewall
</span></code></pre>
<h3 id="1-3-secure-ssh">1.3) Secure SSH<a class="zola-anchor" href="#1-3-secure-ssh" aria-label="Anchor link for: 1-3-secure-ssh"
><span class="anchor-icon">#</span></a
>
</h3>
-<p>SSH allows remote access to our servers over secure, encrypted
-channels. By default, users can log in with their password
-using SSH. But password authentication is susceptible to brute force attacks, so we should disable password logins on our server and only allow public-key authentication only.</p>
+<p>SSH allows remote access to our servers over secure, encrypted channels.
+By default, users can log in with their password using SSH. But password
+authentication <a href="https://wiki.archlinux.org/title/OpenSSH#Protecting_against_brute_force_attacks">is susceptible to brute force
+attacks</a>,
+so we should <a href="https://wiki.archlinux.org/title/OpenSSH#Force_public_key_authentication">disable password logins on our server and only allow
+public-key authentication
+only</a>.</p>
<h3 id="1-3-1-generate-key-pair">1.3.1) Generate key pair<a class="zola-anchor" href="#1-3-1-generate-key-pair" aria-label="Anchor link for: 1-3-1-generate-key-pair"
><span class="anchor-icon">#</span></a
>
@@ -139,7 +145,10 @@ the server, let's disable password authentication on the server:</p
><span class="anchor-icon">#</span></a
>
</h3>
-<p>We will be using <code>fail2ban</code> for intrusion prevention by blackiisting entities (users, bots, etc.) based on failed login attempts.</p>
+<p>We will be using
+<a href="https://www.fail2ban.org/wiki/index.php/Main_Page"><code>fail2ban</code></a> for
+intrusion prevention by blacklisting entities (users, bots, etc.) based
+on failed login attempts.</p>
<h4 id="1-3-1-install-fail2ban">1.3.1) Install <code>fail2ban</code><a class="zola-anchor" href="#1-3-1-install-fail2ban" aria-label="Anchor link for: 1-3-1-install-fail2ban"
><span class="anchor-icon">#</span></a
>
@@ -323,7 +332,8 @@ authority to get our SSL certificates.</p>
will have to log in every three months and renew the
certificate. If you fail or forget it, your visitors will see security
warnings on your website.</p>
-<p>Thankfully, Let's Encrypt provides automation through <code>certbot</code></p>
+<p>Thankfully, there is a way to automate this process through
+<a href="https://certbot.eff.org/"><code>certbot</code></a></p>
<h4 id="2-3-1-install-certbot">2.3.1) Install <code>certbot</code>:<a class="zola-anchor" href="#2-3-1-install-certbot" aria-label="Anchor link for: 2-3-1-install-certbot"
><span class="anchor-icon">#</span></a
>
diff --git a/tags/git/index.html b/tags/lets-encrypt/index.html
similarity index 94%
rename from tags/git/index.html
rename to tags/lets-encrypt/index.html
index 2b843fe..12fed4b 100644
--- a/tags/git/index.html
+++ b/tags/lets-encrypt/index.html
@@ -34,21 +34,21 @@
- git | LibrePages: JAMstack platform with focus on privacy and speed
+ lets-encrypt | LibrePages: JAMstack platform with focus on privacy and speed
-
+
-
+
-
+
- #git
-
+ #lets-encrypt
+
#JAMStack
- #git
+ #lets-encrypt
#self-hosting
diff --git a/tags/nginx/atom.xml b/tags/nginx/atom.xml
index 1a8f781..dd07a65 100644
--- a/tags/nginx/atom.xml
+++ b/tags/nginx/atom.xml
@@ -19,10 +19,9 @@ but knowing how to do it manually using industry standard
technologies always helps!</p>
<p>We will be using the following technologies to deploy our website:</p>
<ol>
-<li>GNU/Linux server(Debian)</li>
-<li>Nginx (webs server)</li>
-<li>Let's Encrypt (for HTTPS)</li>
-<li>Gitea (but any Git hosting works)</li>
+<li><a href="https://debian.org">GNU/Linux server(Debian)</a></li>
+<li><a href="https://www.nginx.com/">Nginx</a> (webs server)</li>
+<li><a href="https://letsencrypt.org/">Let's Encrypt</a> (for HTTPS)</li>
</ol>
<p>Let's get started!</p>
<h2 id="1-setup-debian-gnu-linux">1. Setup Debian GNU/Linux<a class="zola-anchor" href="#1-setup-debian-gnu-linux" aria-label="Anchor link for: 1-setup-debian-gnu-linux"
@@ -53,25 +52,32 @@ from a lower-privileged account. Let's make our account sudo capable:<
><span class="anchor-icon">#</span></a
>
</h3>
-<p>Uncomplicated Firewall(<code>ufw</code>) is a popular firewall that is easy to
-set up and maintain. For most installations, this should be enough.
-System administrators use firewalls to open only the ports that they
-think should receive traffic from external networks. Without it, all
-ports will be open, causing a security nightmare.</p>
+<p><a href="https://wiki.ubuntu.com/UncomplicatedFirewall">Uncomplicated
+Firewall(<code>ufw</code>)</a> is a
+popular firewall that is easy to set up and maintain. For most
+installations, this should be enough. System administrators use
+firewalls to open only the ports that they think should receive traffic
+from external networks. Without it, all ports will be open, causing a
+security nightmare.</p>
<p>We will require standard SSH (22), and the standard web ports (80 and
443). A comprehensive list of services and the list of ports the listen
-on is available at `/etc/services.</p>
-<pre data-lang="bash $ sudo apt update && apt upgrade # update system $ sudo apt" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash $ sudo apt update && apt upgrade # update system $ sudo apt "><code class="language-bash $ sudo apt update && apt upgrade # update system $ sudo apt" data-lang="bash $ sudo apt update && apt upgrade # update system $ sudo apt"><span>install ufw # we are using `ufw` for the firewall
-</span><span>$ sudo ufw allow ssh # allow SSH traffic on port 22, required to log into the server
-</span><span>$ sudo ufw enable # deploy firewall
+on is available at <code>/etc/services</code>.</p>
+<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> sudo apt update && </span><span style="color:#bf616a;">apt</span><span> upgrade </span><span style="color:#65737e;"># update system
+</span><span style="color:#bf616a;">$</span><span> sudo apt install ufw </span><span style="color:#65737e;"># we are using `ufw` for the firewall
+</span><span style="color:#bf616a;">$</span><span> sudo ufw allow ssh </span><span style="color:#65737e;"># allow SSH traffic on port 22, required to log into the server
+</span><span style="color:#bf616a;">$</span><span> sudo ufw enable </span><span style="color:#65737e;"># deploy firewall
</span></code></pre>
<h3 id="1-3-secure-ssh">1.3) Secure SSH<a class="zola-anchor" href="#1-3-secure-ssh" aria-label="Anchor link for: 1-3-secure-ssh"
><span class="anchor-icon">#</span></a
>
</h3>
-<p>SSH allows remote access to our servers over secure, encrypted
-channels. By default, users can log in with their password
-using SSH. But password authentication is susceptible to brute force attacks, so we should disable password logins on our server and only allow public-key authentication only.</p>
+<p>SSH allows remote access to our servers over secure, encrypted channels.
+By default, users can log in with their password using SSH. But password
+authentication <a href="https://wiki.archlinux.org/title/OpenSSH#Protecting_against_brute_force_attacks">is susceptible to brute force
+attacks</a>,
+so we should <a href="https://wiki.archlinux.org/title/OpenSSH#Force_public_key_authentication">disable password logins on our server and only allow
+public-key authentication
+only</a>.</p>
<h3 id="1-3-1-generate-key-pair">1.3.1) Generate key pair<a class="zola-anchor" href="#1-3-1-generate-key-pair" aria-label="Anchor link for: 1-3-1-generate-key-pair"
><span class="anchor-icon">#</span></a
>
@@ -139,7 +145,10 @@ the server, let's disable password authentication on the server:</p
><span class="anchor-icon">#</span></a
>
</h3>
-<p>We will be using <code>fail2ban</code> for intrusion prevention by blackiisting entities (users, bots, etc.) based on failed login attempts.</p>
+<p>We will be using
+<a href="https://www.fail2ban.org/wiki/index.php/Main_Page"><code>fail2ban</code></a> for
+intrusion prevention by blacklisting entities (users, bots, etc.) based
+on failed login attempts.</p>
<h4 id="1-3-1-install-fail2ban">1.3.1) Install <code>fail2ban</code><a class="zola-anchor" href="#1-3-1-install-fail2ban" aria-label="Anchor link for: 1-3-1-install-fail2ban"
><span class="anchor-icon">#</span></a
>
@@ -323,7 +332,8 @@ authority to get our SSL certificates.</p>
will have to log in every three months and renew the
certificate. If you fail or forget it, your visitors will see security
warnings on your website.</p>
-<p>Thankfully, Let's Encrypt provides automation through <code>certbot</code></p>
+<p>Thankfully, there is a way to automate this process through
+<a href="https://certbot.eff.org/"><code>certbot</code></a></p>
<h4 id="2-3-1-install-certbot">2.3.1) Install <code>certbot</code>:<a class="zola-anchor" href="#2-3-1-install-certbot" aria-label="Anchor link for: 2-3-1-install-certbot"
><span class="anchor-icon">#</span></a
>
diff --git a/tags/nginx/index.html b/tags/nginx/index.html
index 6d10fc5..6bfca84 100644
--- a/tags/nginx/index.html
+++ b/tags/nginx/index.html
@@ -259,7 +259,7 @@
#JAMStack
- #git
+ #lets-encrypt
#self-hosting
diff --git a/tags/self-hosting/atom.xml b/tags/self-hosting/atom.xml
index 881be5a..8241a2b 100644
--- a/tags/self-hosting/atom.xml
+++ b/tags/self-hosting/atom.xml
@@ -19,10 +19,9 @@ but knowing how to do it manually using industry standard
technologies always helps!</p>
<p>We will be using the following technologies to deploy our website:</p>
<ol>
-<li>GNU/Linux server(Debian)</li>
-<li>Nginx (webs server)</li>
-<li>Let's Encrypt (for HTTPS)</li>
-<li>Gitea (but any Git hosting works)</li>
+<li><a href="https://debian.org">GNU/Linux server(Debian)</a></li>
+<li><a href="https://www.nginx.com/">Nginx</a> (webs server)</li>
+<li><a href="https://letsencrypt.org/">Let's Encrypt</a> (for HTTPS)</li>
</ol>
<p>Let's get started!</p>
<h2 id="1-setup-debian-gnu-linux">1. Setup Debian GNU/Linux<a class="zola-anchor" href="#1-setup-debian-gnu-linux" aria-label="Anchor link for: 1-setup-debian-gnu-linux"
@@ -53,25 +52,32 @@ from a lower-privileged account. Let's make our account sudo capable:<
><span class="anchor-icon">#</span></a
>
</h3>
-<p>Uncomplicated Firewall(<code>ufw</code>) is a popular firewall that is easy to
-set up and maintain. For most installations, this should be enough.
-System administrators use firewalls to open only the ports that they
-think should receive traffic from external networks. Without it, all
-ports will be open, causing a security nightmare.</p>
+<p><a href="https://wiki.ubuntu.com/UncomplicatedFirewall">Uncomplicated
+Firewall(<code>ufw</code>)</a> is a
+popular firewall that is easy to set up and maintain. For most
+installations, this should be enough. System administrators use
+firewalls to open only the ports that they think should receive traffic
+from external networks. Without it, all ports will be open, causing a
+security nightmare.</p>
<p>We will require standard SSH (22), and the standard web ports (80 and
443). A comprehensive list of services and the list of ports the listen
-on is available at `/etc/services.</p>
-<pre data-lang="bash $ sudo apt update && apt upgrade # update system $ sudo apt" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash $ sudo apt update && apt upgrade # update system $ sudo apt "><code class="language-bash $ sudo apt update && apt upgrade # update system $ sudo apt" data-lang="bash $ sudo apt update && apt upgrade # update system $ sudo apt"><span>install ufw # we are using `ufw` for the firewall
-</span><span>$ sudo ufw allow ssh # allow SSH traffic on port 22, required to log into the server
-</span><span>$ sudo ufw enable # deploy firewall
+on is available at <code>/etc/services</code>.</p>
+<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> sudo apt update && </span><span style="color:#bf616a;">apt</span><span> upgrade </span><span style="color:#65737e;"># update system
+</span><span style="color:#bf616a;">$</span><span> sudo apt install ufw </span><span style="color:#65737e;"># we are using `ufw` for the firewall
+</span><span style="color:#bf616a;">$</span><span> sudo ufw allow ssh </span><span style="color:#65737e;"># allow SSH traffic on port 22, required to log into the server
+</span><span style="color:#bf616a;">$</span><span> sudo ufw enable </span><span style="color:#65737e;"># deploy firewall
</span></code></pre>
<h3 id="1-3-secure-ssh">1.3) Secure SSH<a class="zola-anchor" href="#1-3-secure-ssh" aria-label="Anchor link for: 1-3-secure-ssh"
><span class="anchor-icon">#</span></a
>
</h3>
-<p>SSH allows remote access to our servers over secure, encrypted
-channels. By default, users can log in with their password
-using SSH. But password authentication is susceptible to brute force attacks, so we should disable password logins on our server and only allow public-key authentication only.</p>
+<p>SSH allows remote access to our servers over secure, encrypted channels.
+By default, users can log in with their password using SSH. But password
+authentication <a href="https://wiki.archlinux.org/title/OpenSSH#Protecting_against_brute_force_attacks">is susceptible to brute force
+attacks</a>,
+so we should <a href="https://wiki.archlinux.org/title/OpenSSH#Force_public_key_authentication">disable password logins on our server and only allow
+public-key authentication
+only</a>.</p>
<h3 id="1-3-1-generate-key-pair">1.3.1) Generate key pair<a class="zola-anchor" href="#1-3-1-generate-key-pair" aria-label="Anchor link for: 1-3-1-generate-key-pair"
><span class="anchor-icon">#</span></a
>
@@ -139,7 +145,10 @@ the server, let's disable password authentication on the server:</p
><span class="anchor-icon">#</span></a
>
</h3>
-<p>We will be using <code>fail2ban</code> for intrusion prevention by blackiisting entities (users, bots, etc.) based on failed login attempts.</p>
+<p>We will be using
+<a href="https://www.fail2ban.org/wiki/index.php/Main_Page"><code>fail2ban</code></a> for
+intrusion prevention by blacklisting entities (users, bots, etc.) based
+on failed login attempts.</p>
<h4 id="1-3-1-install-fail2ban">1.3.1) Install <code>fail2ban</code><a class="zola-anchor" href="#1-3-1-install-fail2ban" aria-label="Anchor link for: 1-3-1-install-fail2ban"
><span class="anchor-icon">#</span></a
>
@@ -323,7 +332,8 @@ authority to get our SSL certificates.</p>
will have to log in every three months and renew the
certificate. If you fail or forget it, your visitors will see security
warnings on your website.</p>
-<p>Thankfully, Let's Encrypt provides automation through <code>certbot</code></p>
+<p>Thankfully, there is a way to automate this process through
+<a href="https://certbot.eff.org/"><code>certbot</code></a></p>
<h4 id="2-3-1-install-certbot">2.3.1) Install <code>certbot</code>:<a class="zola-anchor" href="#2-3-1-install-certbot" aria-label="Anchor link for: 2-3-1-install-certbot"
><span class="anchor-icon">#</span></a
>
diff --git a/tags/self-hosting/index.html b/tags/self-hosting/index.html
index 41f8ff2..bf6ecf2 100644
--- a/tags/self-hosting/index.html
+++ b/tags/self-hosting/index.html
@@ -259,7 +259,7 @@
#JAMStack
- #git
+ #lets-encrypt
#self-hosting