new deploy: 2022-09-12T10:31:15+00:00

blog/2022-09-10-how-to-publish-website-without-librepages/index.html

@@ -405,10 +405,9 @@ but knowing how to do it manually using industry standard
 technologies always helps!</p>
 <p>We will be using the following technologies to deploy our website:</p>
 <ol>
-<li>GNU/Linux server(Debian)</li>
+<li><a href="https://debian.org">GNU/Linux server(Debian)</a></li>
-<li>Nginx (webs server)</li>
+<li><a href="https://www.nginx.com/">Nginx</a> (webs server)</li>
-<li>Let's Encrypt (for HTTPS)</li>
+<li><a href="https://letsencrypt.org/">Let's Encrypt</a> (for HTTPS)</li>
-<li>Gitea (but any Git hosting works)</li>
 </ol>
 <p>Let's get started!</p>
 <h2 id="1-setup-debian-gnu-linux">1. Setup Debian GNU/Linux<a class="zola-anchor" href="#1-setup-debian-gnu-linux" aria-label="Anchor link for: 1-setup-debian-gnu-linux"
@@ -439,25 +438,32 @@ from a lower-privileged account. Let's make our account sudo capable:</p>
   ><span class="anchor-icon">#</span></a
 >
 </h3>
-<p>Uncomplicated Firewall(<code>ufw</code>) is a popular firewall that is easy to
+<p><a href="https://wiki.ubuntu.com/UncomplicatedFirewall">Uncomplicated
-set up and maintain. For most installations, this should be enough.
+Firewall(<code>ufw</code>)</a> is a
-System administrators use firewalls to open only the ports that they
+popular firewall that is easy to set up and maintain. For most
-think should receive traffic from external networks. Without it, all
+installations, this should be enough. System administrators use
-ports will be open, causing a security nightmare.</p>
+firewalls to open only the ports that they think should receive traffic
+from external networks. Without it, all ports will be open, causing a
+security nightmare.</p>
 <p>We will require standard SSH (22), and the standard web ports (80 and
 443). A comprehensive list of services and the list of ports the listen
-on is available at `/etc/services.</p>
+on is available at <code>/etc/services</code>.</p>
-<pre data-lang="bash $ sudo apt update && apt upgrade # update system $ sudo apt" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash $ sudo apt update && apt upgrade # update system $ sudo apt "><code class="language-bash $ sudo apt update && apt upgrade # update system $ sudo apt" data-lang="bash $ sudo apt update && apt upgrade # update system $ sudo apt"><span>install ufw # we are using `ufw` for the firewall
+<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> sudo apt update &amp;&amp; </span><span style="color:#bf616a;">apt</span><span> upgrade </span><span style="color:#65737e;"># update system
-</span><span>$ sudo ufw allow ssh # allow SSH traffic on port 22, required to log into the server
+</span><span style="color:#bf616a;">$</span><span> sudo apt install ufw </span><span style="color:#65737e;"># we are using `ufw` for the firewall
-</span><span>$ sudo ufw enable # deploy firewall
+</span><span style="color:#bf616a;">$</span><span> sudo ufw allow ssh </span><span style="color:#65737e;"># allow SSH traffic on port 22, required to log into the server
+</span><span style="color:#bf616a;">$</span><span> sudo ufw enable </span><span style="color:#65737e;"># deploy firewall
 </span></code></pre>
 <h3 id="1-3-secure-ssh">1.3) Secure SSH<a class="zola-anchor" href="#1-3-secure-ssh" aria-label="Anchor link for: 1-3-secure-ssh"
   ><span class="anchor-icon">#</span></a
 >
 </h3>
-<p>SSH allows remote access to our servers over secure, encrypted
+<p>SSH allows remote access to our servers over secure, encrypted channels.
-channels. By default, users can log in with their password
+By default, users can log in with their password using SSH. But password
-using SSH. But password authentication is susceptible to brute force attacks, so we should disable password logins on our server and only allow public-key authentication only.</p>
+authentication <a href="https://wiki.archlinux.org/title/OpenSSH#Protecting_against_brute_force_attacks">is susceptible to brute force
+attacks</a>,
+so we should <a href="https://wiki.archlinux.org/title/OpenSSH#Force_public_key_authentication">disable password logins on our server and only allow
+public-key authentication
+only</a>.</p>
 <h3 id="1-3-1-generate-key-pair">1.3.1) Generate key pair<a class="zola-anchor" href="#1-3-1-generate-key-pair" aria-label="Anchor link for: 1-3-1-generate-key-pair"
   ><span class="anchor-icon">#</span></a
 >
@@ -525,7 +531,10 @@ the server, let's disable password authentication on the server:</p>
   ><span class="anchor-icon">#</span></a
 >
 </h3>
-<p>We will be using <code>fail2ban</code> for intrusion prevention by blackiisting entities (users, bots, etc.) based on failed login attempts.</p>
+<p>We will be using
+<a href="https://www.fail2ban.org/wiki/index.php/Main_Page"><code>fail2ban</code></a> for
+intrusion prevention by blacklisting entities (users, bots, etc.) based
+on failed login attempts.</p>
 <h4 id="1-3-1-install-fail2ban">1.3.1) Install <code>fail2ban</code><a class="zola-anchor" href="#1-3-1-install-fail2ban" aria-label="Anchor link for: 1-3-1-install-fail2ban"
   ><span class="anchor-icon">#</span></a
 >
@@ -709,7 +718,8 @@ authority to get our SSL certificates.</p>
 will have to log in every three months and renew the
 certificate. If you fail or forget it, your visitors will see security
 warnings on your website.</p>
-<p>Thankfully, Let's Encrypt provides automation through <code>certbot</code></p>
+<p>Thankfully, there is a way to automate this process through
+<a href="https://certbot.eff.org/"><code>certbot</code></a></p>
 <h4 id="2-3-1-install-certbot">2.3.1) Install <code>certbot</code>:<a class="zola-anchor" href="#2-3-1-install-certbot" aria-label="Anchor link for: 2-3-1-install-certbot"
   ><span class="anchor-icon">#</span></a
 >
@@ -760,7 +770,7 @@ you.</p>
 		
 		<a class="blog__post-tag" href="/tags/jamstack">#JAMStack</a>
 		
-		<a class="blog__post-tag" href="/tags/git">#git</a>
+		<a class="blog__post-tag" href="/tags/lets-encrypt">#lets-encrypt</a>
 		
 		<a class="blog__post-tag" href="/tags/self-hosting">#self-hosting</a>
 		

blog/atom.xml

@@ -19,10 +19,9 @@ but knowing how to do it manually using industry standard
 technologies always helps!</p>
 <p>We will be using the following technologies to deploy our website:</p>
 <ol>
-<li>GNU/Linux server(Debian)</li>
+<li><a href="https://debian.org">GNU/Linux server(Debian)</a></li>
-<li>Nginx (webs server)</li>
+<li><a href="https://www.nginx.com/">Nginx</a> (webs server)</li>
-<li>Let's Encrypt (for HTTPS)</li>
+<li><a href="https://letsencrypt.org/">Let's Encrypt</a> (for HTTPS)</li>
-<li>Gitea (but any Git hosting works)</li>
 </ol>
 <p>Let's get started!</p>
 <h2 id="1-setup-debian-gnu-linux">1. Setup Debian GNU/Linux<a class="zola-anchor" href="#1-setup-debian-gnu-linux" aria-label="Anchor link for: 1-setup-debian-gnu-linux"
@@ -53,25 +52,32 @@ from a lower-privileged account. Let's make our account sudo capable:<&#
   ><span class="anchor-icon">#</span></a
 >
 </h3>
-<p>Uncomplicated Firewall(<code>ufw</code>) is a popular firewall that is easy to
+<p><a href="https://wiki.ubuntu.com/UncomplicatedFirewall">Uncomplicated
-set up and maintain. For most installations, this should be enough.
+Firewall(<code>ufw</code>)</a> is a
-System administrators use firewalls to open only the ports that they
+popular firewall that is easy to set up and maintain. For most
-think should receive traffic from external networks. Without it, all
+installations, this should be enough. System administrators use
-ports will be open, causing a security nightmare.</p>
+firewalls to open only the ports that they think should receive traffic
+from external networks. Without it, all ports will be open, causing a
+security nightmare.</p>
 <p>We will require standard SSH (22), and the standard web ports (80 and
 443). A comprehensive list of services and the list of ports the listen
-on is available at `/etc/services.</p>
+on is available at <code>/etc/services</code>.</p>
-<pre data-lang="bash $ sudo apt update && apt upgrade # update system $ sudo apt" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash $ sudo apt update && apt upgrade # update system $ sudo apt "><code class="language-bash $ sudo apt update && apt upgrade # update system $ sudo apt" data-lang="bash $ sudo apt update && apt upgrade # update system $ sudo apt"><span>install ufw # we are using `ufw` for the firewall
+<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> sudo apt update && </span><span style="color:#bf616a;">apt</span><span> upgrade </span><span style="color:#65737e;"># update system
-</span><span>$ sudo ufw allow ssh # allow SSH traffic on port 22, required to log into the server
+</span><span style="color:#bf616a;">$</span><span> sudo apt install ufw </span><span style="color:#65737e;"># we are using `ufw` for the firewall
-</span><span>$ sudo ufw enable # deploy firewall
+</span><span style="color:#bf616a;">$</span><span> sudo ufw allow ssh </span><span style="color:#65737e;"># allow SSH traffic on port 22, required to log into the server
+</span><span style="color:#bf616a;">$</span><span> sudo ufw enable </span><span style="color:#65737e;"># deploy firewall
 </span></code></pre>
 <h3 id="1-3-secure-ssh">1.3) Secure SSH<a class="zola-anchor" href="#1-3-secure-ssh" aria-label="Anchor link for: 1-3-secure-ssh"
   ><span class="anchor-icon">#</span></a
 >
 </h3>
-<p>SSH allows remote access to our servers over secure, encrypted
+<p>SSH allows remote access to our servers over secure, encrypted channels.
-channels. By default, users can log in with their password
+By default, users can log in with their password using SSH. But password
-using SSH. But password authentication is susceptible to brute force attacks, so we should disable password logins on our server and only allow public-key authentication only.</p>
+authentication <a href="https://wiki.archlinux.org/title/OpenSSH#Protecting_against_brute_force_attacks">is susceptible to brute force
+attacks</a>,
+so we should <a href="https://wiki.archlinux.org/title/OpenSSH#Force_public_key_authentication">disable password logins on our server and only allow
+public-key authentication
+only</a>.</p>
 <h3 id="1-3-1-generate-key-pair">1.3.1) Generate key pair<a class="zola-anchor" href="#1-3-1-generate-key-pair" aria-label="Anchor link for: 1-3-1-generate-key-pair"
   ><span class="anchor-icon">#</span></a
 >
@@ -139,7 +145,10 @@ the server, let's disable password authentication on the server:</p
   ><span class="anchor-icon">#</span></a
 >
 </h3>
-<p>We will be using <code>fail2ban</code> for intrusion prevention by blackiisting entities (users, bots, etc.) based on failed login attempts.</p>
+<p>We will be using
+<a href="https://www.fail2ban.org/wiki/index.php/Main_Page"><code>fail2ban</code></a> for
+intrusion prevention by blacklisting entities (users, bots, etc.) based
+on failed login attempts.</p>
 <h4 id="1-3-1-install-fail2ban">1.3.1) Install <code>fail2ban</code><a class="zola-anchor" href="#1-3-1-install-fail2ban" aria-label="Anchor link for: 1-3-1-install-fail2ban"
   ><span class="anchor-icon">#</span></a
 >
@@ -323,7 +332,8 @@ authority to get our SSL certificates.</p>
 will have to log in every three months and renew the
 certificate. If you fail or forget it, your visitors will see security
 warnings on your website.</p>
-<p>Thankfully, Let's Encrypt provides automation through <code>certbot</code></p>
+<p>Thankfully, there is a way to automate this process through
+<a href="https://certbot.eff.org/"><code>certbot</code></a></p>
 <h4 id="2-3-1-install-certbot">2.3.1) Install <code>certbot</code>:<a class="zola-anchor" href="#2-3-1-install-certbot" aria-label="Anchor link for: 2-3-1-install-certbot"
   ><span class="anchor-icon">#</span></a
 >

blog/index.html

@@ -265,8 +265,8 @@ general development ecosystem" />
 					>#JAMStack</a
 				>
 				
-				<a class="blog__post-tag" href="/tags/git"
+				<a class="blog__post-tag" href="/tags/lets-encrypt"
-					>#git</a
+					>#lets-encrypt</a
 				>
 				
 				<a class="blog__post-tag" href="/tags/self-hosting"

sitemap.xml

@@ -29,10 +29,10 @@
         <loc>https://librepages.org/tags/bare-metal/</loc>
     </url>
     <url>
-        <loc>https://librepages.org/tags/git/</loc>
+        <loc>https://librepages.org/tags/jamstack/</loc>
     </url>
     <url>
-        <loc>https://librepages.org/tags/jamstack/</loc>
+        <loc>https://librepages.org/tags/lets-encrypt/</loc>
     </url>
     <url>
         <loc>https://librepages.org/tags/nginx/</loc>

tags/bare-metal/atom.xml

@@ -19,10 +19,9 @@ but knowing how to do it manually using industry standard
 technologies always helps!</p>
 <p>We will be using the following technologies to deploy our website:</p>
 <ol>
-<li>GNU/Linux server(Debian)</li>
+<li><a href="https://debian.org">GNU/Linux server(Debian)</a></li>
-<li>Nginx (webs server)</li>
+<li><a href="https://www.nginx.com/">Nginx</a> (webs server)</li>
-<li>Let's Encrypt (for HTTPS)</li>
+<li><a href="https://letsencrypt.org/">Let's Encrypt</a> (for HTTPS)</li>
-<li>Gitea (but any Git hosting works)</li>
 </ol>
 <p>Let's get started!</p>
 <h2 id="1-setup-debian-gnu-linux">1. Setup Debian GNU/Linux<a class="zola-anchor" href="#1-setup-debian-gnu-linux" aria-label="Anchor link for: 1-setup-debian-gnu-linux"
@@ -53,25 +52,32 @@ from a lower-privileged account. Let's make our account sudo capable:<&#
   ><span class="anchor-icon">#</span></a
 >
 </h3>
-<p>Uncomplicated Firewall(<code>ufw</code>) is a popular firewall that is easy to
+<p><a href="https://wiki.ubuntu.com/UncomplicatedFirewall">Uncomplicated
-set up and maintain. For most installations, this should be enough.
+Firewall(<code>ufw</code>)</a> is a
-System administrators use firewalls to open only the ports that they
+popular firewall that is easy to set up and maintain. For most
-think should receive traffic from external networks. Without it, all
+installations, this should be enough. System administrators use
-ports will be open, causing a security nightmare.</p>
+firewalls to open only the ports that they think should receive traffic
+from external networks. Without it, all ports will be open, causing a
+security nightmare.</p>
 <p>We will require standard SSH (22), and the standard web ports (80 and
 443). A comprehensive list of services and the list of ports the listen
-on is available at `/etc/services.</p>
+on is available at <code>/etc/services</code>.</p>
-<pre data-lang="bash $ sudo apt update && apt upgrade # update system $ sudo apt" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash $ sudo apt update && apt upgrade # update system $ sudo apt "><code class="language-bash $ sudo apt update && apt upgrade # update system $ sudo apt" data-lang="bash $ sudo apt update && apt upgrade # update system $ sudo apt"><span>install ufw # we are using `ufw` for the firewall
+<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> sudo apt update && </span><span style="color:#bf616a;">apt</span><span> upgrade </span><span style="color:#65737e;"># update system
-</span><span>$ sudo ufw allow ssh # allow SSH traffic on port 22, required to log into the server
+</span><span style="color:#bf616a;">$</span><span> sudo apt install ufw </span><span style="color:#65737e;"># we are using `ufw` for the firewall
-</span><span>$ sudo ufw enable # deploy firewall
+</span><span style="color:#bf616a;">$</span><span> sudo ufw allow ssh </span><span style="color:#65737e;"># allow SSH traffic on port 22, required to log into the server
+</span><span style="color:#bf616a;">$</span><span> sudo ufw enable </span><span style="color:#65737e;"># deploy firewall
 </span></code></pre>
 <h3 id="1-3-secure-ssh">1.3) Secure SSH<a class="zola-anchor" href="#1-3-secure-ssh" aria-label="Anchor link for: 1-3-secure-ssh"
   ><span class="anchor-icon">#</span></a
 >
 </h3>
-<p>SSH allows remote access to our servers over secure, encrypted
+<p>SSH allows remote access to our servers over secure, encrypted channels.
-channels. By default, users can log in with their password
+By default, users can log in with their password using SSH. But password
-using SSH. But password authentication is susceptible to brute force attacks, so we should disable password logins on our server and only allow public-key authentication only.</p>
+authentication <a href="https://wiki.archlinux.org/title/OpenSSH#Protecting_against_brute_force_attacks">is susceptible to brute force
+attacks</a>,
+so we should <a href="https://wiki.archlinux.org/title/OpenSSH#Force_public_key_authentication">disable password logins on our server and only allow
+public-key authentication
+only</a>.</p>
 <h3 id="1-3-1-generate-key-pair">1.3.1) Generate key pair<a class="zola-anchor" href="#1-3-1-generate-key-pair" aria-label="Anchor link for: 1-3-1-generate-key-pair"
   ><span class="anchor-icon">#</span></a
 >
@@ -139,7 +145,10 @@ the server, let's disable password authentication on the server:</p
   ><span class="anchor-icon">#</span></a
 >
 </h3>
-<p>We will be using <code>fail2ban</code> for intrusion prevention by blackiisting entities (users, bots, etc.) based on failed login attempts.</p>
+<p>We will be using
+<a href="https://www.fail2ban.org/wiki/index.php/Main_Page"><code>fail2ban</code></a> for
+intrusion prevention by blacklisting entities (users, bots, etc.) based
+on failed login attempts.</p>
 <h4 id="1-3-1-install-fail2ban">1.3.1) Install <code>fail2ban</code><a class="zola-anchor" href="#1-3-1-install-fail2ban" aria-label="Anchor link for: 1-3-1-install-fail2ban"
   ><span class="anchor-icon">#</span></a
 >
@@ -323,7 +332,8 @@ authority to get our SSL certificates.</p>
 will have to log in every three months and renew the
 certificate. If you fail or forget it, your visitors will see security
 warnings on your website.</p>
-<p>Thankfully, Let's Encrypt provides automation through <code>certbot</code></p>
+<p>Thankfully, there is a way to automate this process through
+<a href="https://certbot.eff.org/"><code>certbot</code></a></p>
 <h4 id="2-3-1-install-certbot">2.3.1) Install <code>certbot</code>:<a class="zola-anchor" href="#2-3-1-install-certbot" aria-label="Anchor link for: 2-3-1-install-certbot"
   ><span class="anchor-icon">#</span></a
 >

tags/bare-metal/index.html

@@ -259,7 +259,7 @@
                   
                     <a class="blog__post-tag" href="/tags/JAMStack">#JAMStack</a>
                   
-                    <a class="blog__post-tag" href="/tags/git">#git</a>
+                    <a class="blog__post-tag" href="/tags/lets-encrypt">#lets-encrypt</a>
                   
                     <a class="blog__post-tag" href="/tags/self-hosting">#self-hosting</a>
                   

tags/index.html

@@ -252,26 +252,6 @@
               </li>
             </a>
                           
-              <li class="tag__item">
-				<a href="https://librepages.org/tags/git/" class="tag__item-link">
-				  <h2 class="tag__item-title">#git</h2>
-                  
-                  
-                  
-                    
-                  
-                  <span class="tag__meta">1 entry</span>
-                </a>
-				  <a class="tag__rss-link" href="https:&#x2F;&#x2F;librepages.org&#x2F;tags&#x2F;git&#x2F;atom.xml" target="_blank" rel="noopener" title="RSS">
-					<img
-					  src="https://librepages.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
-                      class="tag__rss-icon" 
-					  alt="RSS icon"
-					/>
-				  </a>
-              </li>
-            </a>
-                          
               <li class="tag__item">
 				<a href="https://librepages.org/tags/jamstack/" class="tag__item-link">
 				  <h2 class="tag__item-title">#JAMStack</h2>
@@ -292,6 +272,26 @@
               </li>
             </a>
                           
+              <li class="tag__item">
+				<a href="https://librepages.org/tags/lets-encrypt/" class="tag__item-link">
+				  <h2 class="tag__item-title">#lets-encrypt</h2>
+                  
+                  
+                  
+                    
+                  
+                  <span class="tag__meta">1 entry</span>
+                </a>
+				  <a class="tag__rss-link" href="https:&#x2F;&#x2F;librepages.org&#x2F;tags&#x2F;lets-encrypt&#x2F;atom.xml" target="_blank" rel="noopener" title="RSS">
+					<img
+					  src="https://librepages.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
+                      class="tag__rss-icon" 
+					  alt="RSS icon"
+					/>
+				  </a>
+              </li>
+            </a>
+                          
               <li class="tag__item">
 				<a href="https://librepages.org/tags/nginx/" class="tag__item-link">
 				  <h2 class="tag__item-title">#nginx</h2>

tags/jamstack/atom.xml

@@ -19,10 +19,9 @@ but knowing how to do it manually using industry standard
 technologies always helps!</p>
 <p>We will be using the following technologies to deploy our website:</p>
 <ol>
-<li>GNU/Linux server(Debian)</li>
+<li><a href="https://debian.org">GNU/Linux server(Debian)</a></li>
-<li>Nginx (webs server)</li>
+<li><a href="https://www.nginx.com/">Nginx</a> (webs server)</li>
-<li>Let's Encrypt (for HTTPS)</li>
+<li><a href="https://letsencrypt.org/">Let's Encrypt</a> (for HTTPS)</li>
-<li>Gitea (but any Git hosting works)</li>
 </ol>
 <p>Let's get started!</p>
 <h2 id="1-setup-debian-gnu-linux">1. Setup Debian GNU/Linux<a class="zola-anchor" href="#1-setup-debian-gnu-linux" aria-label="Anchor link for: 1-setup-debian-gnu-linux"
@@ -53,25 +52,32 @@ from a lower-privileged account. Let's make our account sudo capable:<&#
   ><span class="anchor-icon">#</span></a
 >
 </h3>
-<p>Uncomplicated Firewall(<code>ufw</code>) is a popular firewall that is easy to
+<p><a href="https://wiki.ubuntu.com/UncomplicatedFirewall">Uncomplicated
-set up and maintain. For most installations, this should be enough.
+Firewall(<code>ufw</code>)</a> is a
-System administrators use firewalls to open only the ports that they
+popular firewall that is easy to set up and maintain. For most
-think should receive traffic from external networks. Without it, all
+installations, this should be enough. System administrators use
-ports will be open, causing a security nightmare.</p>
+firewalls to open only the ports that they think should receive traffic
+from external networks. Without it, all ports will be open, causing a
+security nightmare.</p>
 <p>We will require standard SSH (22), and the standard web ports (80 and
 443). A comprehensive list of services and the list of ports the listen
-on is available at `/etc/services.</p>
+on is available at <code>/etc/services</code>.</p>
-<pre data-lang="bash $ sudo apt update && apt upgrade # update system $ sudo apt" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash $ sudo apt update && apt upgrade # update system $ sudo apt "><code class="language-bash $ sudo apt update && apt upgrade # update system $ sudo apt" data-lang="bash $ sudo apt update && apt upgrade # update system $ sudo apt"><span>install ufw # we are using `ufw` for the firewall
+<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> sudo apt update && </span><span style="color:#bf616a;">apt</span><span> upgrade </span><span style="color:#65737e;"># update system
-</span><span>$ sudo ufw allow ssh # allow SSH traffic on port 22, required to log into the server
+</span><span style="color:#bf616a;">$</span><span> sudo apt install ufw </span><span style="color:#65737e;"># we are using `ufw` for the firewall
-</span><span>$ sudo ufw enable # deploy firewall
+</span><span style="color:#bf616a;">$</span><span> sudo ufw allow ssh </span><span style="color:#65737e;"># allow SSH traffic on port 22, required to log into the server
+</span><span style="color:#bf616a;">$</span><span> sudo ufw enable </span><span style="color:#65737e;"># deploy firewall
 </span></code></pre>
 <h3 id="1-3-secure-ssh">1.3) Secure SSH<a class="zola-anchor" href="#1-3-secure-ssh" aria-label="Anchor link for: 1-3-secure-ssh"
   ><span class="anchor-icon">#</span></a
 >
 </h3>
-<p>SSH allows remote access to our servers over secure, encrypted
+<p>SSH allows remote access to our servers over secure, encrypted channels.
-channels. By default, users can log in with their password
+By default, users can log in with their password using SSH. But password
-using SSH. But password authentication is susceptible to brute force attacks, so we should disable password logins on our server and only allow public-key authentication only.</p>
+authentication <a href="https://wiki.archlinux.org/title/OpenSSH#Protecting_against_brute_force_attacks">is susceptible to brute force
+attacks</a>,
+so we should <a href="https://wiki.archlinux.org/title/OpenSSH#Force_public_key_authentication">disable password logins on our server and only allow
+public-key authentication
+only</a>.</p>
 <h3 id="1-3-1-generate-key-pair">1.3.1) Generate key pair<a class="zola-anchor" href="#1-3-1-generate-key-pair" aria-label="Anchor link for: 1-3-1-generate-key-pair"
   ><span class="anchor-icon">#</span></a
 >
@@ -139,7 +145,10 @@ the server, let's disable password authentication on the server:</p
   ><span class="anchor-icon">#</span></a
 >
 </h3>
-<p>We will be using <code>fail2ban</code> for intrusion prevention by blackiisting entities (users, bots, etc.) based on failed login attempts.</p>
+<p>We will be using
+<a href="https://www.fail2ban.org/wiki/index.php/Main_Page"><code>fail2ban</code></a> for
+intrusion prevention by blacklisting entities (users, bots, etc.) based
+on failed login attempts.</p>
 <h4 id="1-3-1-install-fail2ban">1.3.1) Install <code>fail2ban</code><a class="zola-anchor" href="#1-3-1-install-fail2ban" aria-label="Anchor link for: 1-3-1-install-fail2ban"
   ><span class="anchor-icon">#</span></a
 >
@@ -323,7 +332,8 @@ authority to get our SSL certificates.</p>
 will have to log in every three months and renew the
 certificate. If you fail or forget it, your visitors will see security
 warnings on your website.</p>
-<p>Thankfully, Let's Encrypt provides automation through <code>certbot</code></p>
+<p>Thankfully, there is a way to automate this process through
+<a href="https://certbot.eff.org/"><code>certbot</code></a></p>
 <h4 id="2-3-1-install-certbot">2.3.1) Install <code>certbot</code>:<a class="zola-anchor" href="#2-3-1-install-certbot" aria-label="Anchor link for: 2-3-1-install-certbot"
   ><span class="anchor-icon">#</span></a
 >

tags/jamstack/index.html

@@ -259,7 +259,7 @@
                   
                     <a class="blog__post-tag" href="/tags/JAMStack">#JAMStack</a>
                   
-                    <a class="blog__post-tag" href="/tags/git">#git</a>
+                    <a class="blog__post-tag" href="/tags/lets-encrypt">#lets-encrypt</a>
                   
                     <a class="blog__post-tag" href="/tags/self-hosting">#self-hosting</a>
                   

tags/lets-encrypt/atom.xml

@@ -1,11 +1,11 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
-	<title> - git</title>
+	<title> - lets-encrypt</title>
-	<link href="https://librepages.org/tags/git/atom.xml" rel="self" type="application/atom+xml"/>
+	<link href="https://librepages.org/tags/lets-encrypt/atom.xml" rel="self" type="application/atom+xml"/>
   <link href="https://librepages.org"/>
 	<generator uri="https://www.getzola.org/">Zola</generator>
 	<updated>2022-09-10T00:00:00+00:00</updated>
-	<id>https://librepages.org/tags/git/atom.xml</id>
+	<id>https://librepages.org/tags/lets-encrypt/atom.xml</id>
 	<entry xml:lang="en">
 		<title>How to deploy a website WITHOUT LibrePages</title>
 		<published>2022-09-10T00:00:00+00:00</published>
@@ -19,10 +19,9 @@ but knowing how to do it manually using industry standard
 technologies always helps!&lt;&#x2F;p&gt;
 &lt;p&gt;We will be using the following technologies to deploy our website:&lt;&#x2F;p&gt;
 &lt;ol&gt;
-&lt;li&gt;GNU&#x2F;Linux server(Debian)&lt;&#x2F;li&gt;
+&lt;li&gt;&lt;a href=&quot;https:&#x2F;&#x2F;debian.org&quot;&gt;GNU&#x2F;Linux server(Debian)&lt;&#x2F;a&gt;&lt;&#x2F;li&gt;
-&lt;li&gt;Nginx (webs server)&lt;&#x2F;li&gt;
+&lt;li&gt;&lt;a href=&quot;https:&#x2F;&#x2F;www.nginx.com&#x2F;&quot;&gt;Nginx&lt;&#x2F;a&gt; (webs server)&lt;&#x2F;li&gt;
-&lt;li&gt;Let&#x27;s Encrypt (for HTTPS)&lt;&#x2F;li&gt;
+&lt;li&gt;&lt;a href=&quot;https:&#x2F;&#x2F;letsencrypt.org&#x2F;&quot;&gt;Let&#x27;s Encrypt&lt;&#x2F;a&gt; (for HTTPS)&lt;&#x2F;li&gt;
-&lt;li&gt;Gitea (but any Git hosting works)&lt;&#x2F;li&gt;
 &lt;&#x2F;ol&gt;
 &lt;p&gt;Let&#x27;s get started!&lt;&#x2F;p&gt;
 &lt;h2 id=&quot;1-setup-debian-gnu-linux&quot;&gt;1. Setup Debian GNU&#x2F;Linux&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-setup-debian-gnu-linux&quot; aria-label=&quot;Anchor link for: 1-setup-debian-gnu-linux&quot;
@@ -53,25 +52,32 @@ from a lower-privileged account. Let&#x27;s make our account sudo capable:&lt;&#
   &gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
 &gt;
 &lt;&#x2F;h3&gt;
-&lt;p&gt;Uncomplicated Firewall(&lt;code&gt;ufw&lt;&#x2F;code&gt;) is a popular firewall that is easy to
+&lt;p&gt;&lt;a href=&quot;https:&#x2F;&#x2F;wiki.ubuntu.com&#x2F;UncomplicatedFirewall&quot;&gt;Uncomplicated
-set up and maintain. For most installations, this should be enough.
+Firewall(&lt;code&gt;ufw&lt;&#x2F;code&gt;)&lt;&#x2F;a&gt; is a
-System administrators use firewalls to open only the ports that they
+popular firewall that is easy to set up and maintain. For most
-think should receive traffic from external networks. Without it, all
+installations, this should be enough. System administrators use
-ports will be open, causing a security nightmare.&lt;&#x2F;p&gt;
+firewalls to open only the ports that they think should receive traffic
+from external networks. Without it, all ports will be open, causing a
+security nightmare.&lt;&#x2F;p&gt;
 &lt;p&gt;We will require standard SSH (22), and the standard web ports (80 and
 443). A comprehensive list of services and the list of ports the listen
-on is available at `&#x2F;etc&#x2F;services.&lt;&#x2F;p&gt;
+on is available at &lt;code&gt;&#x2F;etc&#x2F;services&lt;&#x2F;code&gt;.&lt;&#x2F;p&gt;
-&lt;pre data-lang=&quot;bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt &quot;&gt;&lt;code class=&quot;language-bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt&quot; data-lang=&quot;bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt&quot;&gt;&lt;span&gt;install ufw # we are using `ufw` for the firewall
+&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo apt update &amp;amp;&amp;amp; &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;apt&lt;&#x2F;span&gt;&lt;span&gt; upgrade &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# update system
-&lt;&#x2F;span&gt;&lt;span&gt;$ sudo ufw allow ssh # allow SSH traffic on port 22, required to log into the server
+&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo apt install ufw &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# we are using `ufw` for the firewall
-&lt;&#x2F;span&gt;&lt;span&gt;$ sudo ufw enable # deploy firewall
+&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo ufw allow ssh &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# allow SSH traffic on port 22, required to log into the server
+&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo ufw enable &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# deploy firewall
 &lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
 &lt;h3 id=&quot;1-3-secure-ssh&quot;&gt;1.3) Secure SSH&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-secure-ssh&quot; aria-label=&quot;Anchor link for: 1-3-secure-ssh&quot;
   &gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
 &gt;
 &lt;&#x2F;h3&gt;
-&lt;p&gt;SSH allows remote access to our servers over secure, encrypted
+&lt;p&gt;SSH allows remote access to our servers over secure, encrypted channels.
-channels. By default, users can log in with their password
+By default, users can log in with their password using SSH. But password
-using SSH. But password authentication is susceptible to brute force attacks, so we should disable password logins on our server and only allow public-key authentication only.&lt;&#x2F;p&gt;
+authentication &lt;a href=&quot;https:&#x2F;&#x2F;wiki.archlinux.org&#x2F;title&#x2F;OpenSSH#Protecting_against_brute_force_attacks&quot;&gt;is susceptible to brute force
+attacks&lt;&#x2F;a&gt;,
+so we should &lt;a href=&quot;https:&#x2F;&#x2F;wiki.archlinux.org&#x2F;title&#x2F;OpenSSH#Force_public_key_authentication&quot;&gt;disable password logins on our server and only allow
+public-key authentication
+only&lt;&#x2F;a&gt;.&lt;&#x2F;p&gt;
 &lt;h3 id=&quot;1-3-1-generate-key-pair&quot;&gt;1.3.1) Generate key pair&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-1-generate-key-pair&quot; aria-label=&quot;Anchor link for: 1-3-1-generate-key-pair&quot;
   &gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
 &gt;
@@ -139,7 +145,10 @@ the server, let&#x27;s disable password authentication on the server:&lt;&#x2F;p
   &gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
 &gt;
 &lt;&#x2F;h3&gt;
-&lt;p&gt;We will be using &lt;code&gt;fail2ban&lt;&#x2F;code&gt; for intrusion prevention by blackiisting entities (users, bots, etc.) based on failed login attempts.&lt;&#x2F;p&gt;
+&lt;p&gt;We will be using
+&lt;a href=&quot;https:&#x2F;&#x2F;www.fail2ban.org&#x2F;wiki&#x2F;index.php&#x2F;Main_Page&quot;&gt;&lt;code&gt;fail2ban&lt;&#x2F;code&gt;&lt;&#x2F;a&gt; for
+intrusion prevention by blacklisting entities (users, bots, etc.) based
+on failed login attempts.&lt;&#x2F;p&gt;
 &lt;h4 id=&quot;1-3-1-install-fail2ban&quot;&gt;1.3.1) Install &lt;code&gt;fail2ban&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-1-install-fail2ban&quot; aria-label=&quot;Anchor link for: 1-3-1-install-fail2ban&quot;
   &gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
 &gt;
@@ -323,7 +332,8 @@ authority to get our SSL certificates.&lt;&#x2F;p&gt;
 will have to log in every three months and renew the
 certificate. If you fail or forget it, your visitors will see security
 warnings on your website.&lt;&#x2F;p&gt;
-&lt;p&gt;Thankfully, Let&#x27;s Encrypt provides automation through &lt;code&gt;certbot&lt;&#x2F;code&gt;&lt;&#x2F;p&gt;
+&lt;p&gt;Thankfully, there is a way to automate this process through
+&lt;a href=&quot;https:&#x2F;&#x2F;certbot.eff.org&#x2F;&quot;&gt;&lt;code&gt;certbot&lt;&#x2F;code&gt;&lt;&#x2F;a&gt;&lt;&#x2F;p&gt;
 &lt;h4 id=&quot;2-3-1-install-certbot&quot;&gt;2.3.1) Install &lt;code&gt;certbot&lt;&#x2F;code&gt;:&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-3-1-install-certbot&quot; aria-label=&quot;Anchor link for: 2-3-1-install-certbot&quot;
   &gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
 &gt;

tags/lets-encrypt/index.html

@@ -34,21 +34,21 @@
     <meta name="referrer" content="no-referrer-when-downgrade" />
     <meta name="viewport" content="width=device-width, initial-scale=1" />
 
-    <title>git | LibrePages: JAMstack platform with focus on privacy and speed</title>
+    <title>lets-encrypt | LibrePages: JAMstack platform with focus on privacy and speed</title>
     <meta name="referrer" content="no-referrer-when-downgrade" />
     <meta name="viewport" content="width=device-width, initial-scale=1" />
 
-    <meta name="description" content="git" />
+    <meta name="description" content="lets-encrypt" />
     
 
-    <meta property="og:title" content="git | LibrePages: JAMstack platform with focus on privacy and speed" />
+    <meta property="og:title" content="lets-encrypt | LibrePages: JAMstack platform with focus on privacy and speed" />
     <meta property="og:type" content="article" />
     <meta property="og:url" content="https:&#x2F;&#x2F;librepages.org" />
 
-    <meta property="og:description" content="git" />
+    <meta property="og:description" content="lets-encrypt" />
     <meta
       property="og:site_name"
-      content="git | LibrePages: JAMstack platform with focus on privacy and speed"
+      content="lets-encrypt | LibrePages: JAMstack platform with focus on privacy and speed"
     />
   <link
     rel="apple-touch-icon"
@@ -228,8 +228,8 @@
 <div class="blog__container">
 
     <div class="tag__title-container">
-    <h1 class="tag__title">#git</h1>
+    <h1 class="tag__title">#lets-encrypt</h1>
-    <a class="tag__rss-link--single" href="https:&#x2F;&#x2F;librepages.org&#x2F;tags&#x2F;git&#x2F;atom.xml" target="_blank" rel="noopener" title="RSS">
+    <a class="tag__rss-link--single" href="https:&#x2F;&#x2F;librepages.org&#x2F;tags&#x2F;lets-encrypt&#x2F;atom.xml" target="_blank" rel="noopener" title="RSS">
       <img
         src="https://librepages.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
         class="tag__rss-icon--single" 
@@ -259,7 +259,7 @@
                   
                     <a class="blog__post-tag" href="/tags/JAMStack">#JAMStack</a>
                   
-                    <a class="blog__post-tag" href="/tags/git">#git</a>
+                    <a class="blog__post-tag" href="/tags/lets-encrypt">#lets-encrypt</a>
                   
                     <a class="blog__post-tag" href="/tags/self-hosting">#self-hosting</a>
                   

tags/nginx/atom.xml

@@ -19,10 +19,9 @@ but knowing how to do it manually using industry standard
 technologies always helps!</p>
 <p>We will be using the following technologies to deploy our website:</p>
 <ol>
-<li>GNU/Linux server(Debian)</li>
+<li><a href="https://debian.org">GNU/Linux server(Debian)</a></li>
-<li>Nginx (webs server)</li>
+<li><a href="https://www.nginx.com/">Nginx</a> (webs server)</li>
-<li>Let's Encrypt (for HTTPS)</li>
+<li><a href="https://letsencrypt.org/">Let's Encrypt</a> (for HTTPS)</li>
-<li>Gitea (but any Git hosting works)</li>
 </ol>
 <p>Let's get started!</p>
 <h2 id="1-setup-debian-gnu-linux">1. Setup Debian GNU/Linux<a class="zola-anchor" href="#1-setup-debian-gnu-linux" aria-label="Anchor link for: 1-setup-debian-gnu-linux"
@@ -53,25 +52,32 @@ from a lower-privileged account. Let's make our account sudo capable:<&#
   ><span class="anchor-icon">#</span></a
 >
 </h3>
-<p>Uncomplicated Firewall(<code>ufw</code>) is a popular firewall that is easy to
+<p><a href="https://wiki.ubuntu.com/UncomplicatedFirewall">Uncomplicated
-set up and maintain. For most installations, this should be enough.
+Firewall(<code>ufw</code>)</a> is a
-System administrators use firewalls to open only the ports that they
+popular firewall that is easy to set up and maintain. For most
-think should receive traffic from external networks. Without it, all
+installations, this should be enough. System administrators use
-ports will be open, causing a security nightmare.</p>
+firewalls to open only the ports that they think should receive traffic
+from external networks. Without it, all ports will be open, causing a
+security nightmare.</p>
 <p>We will require standard SSH (22), and the standard web ports (80 and
 443). A comprehensive list of services and the list of ports the listen
-on is available at `/etc/services.</p>
+on is available at <code>/etc/services</code>.</p>
-<pre data-lang="bash $ sudo apt update && apt upgrade # update system $ sudo apt" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash $ sudo apt update && apt upgrade # update system $ sudo apt "><code class="language-bash $ sudo apt update && apt upgrade # update system $ sudo apt" data-lang="bash $ sudo apt update && apt upgrade # update system $ sudo apt"><span>install ufw # we are using `ufw` for the firewall
+<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> sudo apt update && </span><span style="color:#bf616a;">apt</span><span> upgrade </span><span style="color:#65737e;"># update system
-</span><span>$ sudo ufw allow ssh # allow SSH traffic on port 22, required to log into the server
+</span><span style="color:#bf616a;">$</span><span> sudo apt install ufw </span><span style="color:#65737e;"># we are using `ufw` for the firewall
-</span><span>$ sudo ufw enable # deploy firewall
+</span><span style="color:#bf616a;">$</span><span> sudo ufw allow ssh </span><span style="color:#65737e;"># allow SSH traffic on port 22, required to log into the server
+</span><span style="color:#bf616a;">$</span><span> sudo ufw enable </span><span style="color:#65737e;"># deploy firewall
 </span></code></pre>
 <h3 id="1-3-secure-ssh">1.3) Secure SSH<a class="zola-anchor" href="#1-3-secure-ssh" aria-label="Anchor link for: 1-3-secure-ssh"
   ><span class="anchor-icon">#</span></a
 >
 </h3>
-<p>SSH allows remote access to our servers over secure, encrypted
+<p>SSH allows remote access to our servers over secure, encrypted channels.
-channels. By default, users can log in with their password
+By default, users can log in with their password using SSH. But password
-using SSH. But password authentication is susceptible to brute force attacks, so we should disable password logins on our server and only allow public-key authentication only.</p>
+authentication <a href="https://wiki.archlinux.org/title/OpenSSH#Protecting_against_brute_force_attacks">is susceptible to brute force
+attacks</a>,
+so we should <a href="https://wiki.archlinux.org/title/OpenSSH#Force_public_key_authentication">disable password logins on our server and only allow
+public-key authentication
+only</a>.</p>
 <h3 id="1-3-1-generate-key-pair">1.3.1) Generate key pair<a class="zola-anchor" href="#1-3-1-generate-key-pair" aria-label="Anchor link for: 1-3-1-generate-key-pair"
   ><span class="anchor-icon">#</span></a
 >
@@ -139,7 +145,10 @@ the server, let's disable password authentication on the server:</p
   ><span class="anchor-icon">#</span></a
 >
 </h3>
-<p>We will be using <code>fail2ban</code> for intrusion prevention by blackiisting entities (users, bots, etc.) based on failed login attempts.</p>
+<p>We will be using
+<a href="https://www.fail2ban.org/wiki/index.php/Main_Page"><code>fail2ban</code></a> for
+intrusion prevention by blacklisting entities (users, bots, etc.) based
+on failed login attempts.</p>
 <h4 id="1-3-1-install-fail2ban">1.3.1) Install <code>fail2ban</code><a class="zola-anchor" href="#1-3-1-install-fail2ban" aria-label="Anchor link for: 1-3-1-install-fail2ban"
   ><span class="anchor-icon">#</span></a
 >
@@ -323,7 +332,8 @@ authority to get our SSL certificates.</p>
 will have to log in every three months and renew the
 certificate. If you fail or forget it, your visitors will see security
 warnings on your website.</p>
-<p>Thankfully, Let's Encrypt provides automation through <code>certbot</code></p>
+<p>Thankfully, there is a way to automate this process through
+<a href="https://certbot.eff.org/"><code>certbot</code></a></p>
 <h4 id="2-3-1-install-certbot">2.3.1) Install <code>certbot</code>:<a class="zola-anchor" href="#2-3-1-install-certbot" aria-label="Anchor link for: 2-3-1-install-certbot"
   ><span class="anchor-icon">#</span></a
 >

tags/nginx/index.html

@@ -259,7 +259,7 @@
                   
                     <a class="blog__post-tag" href="/tags/JAMStack">#JAMStack</a>
                   
-                    <a class="blog__post-tag" href="/tags/git">#git</a>
+                    <a class="blog__post-tag" href="/tags/lets-encrypt">#lets-encrypt</a>
                   
                     <a class="blog__post-tag" href="/tags/self-hosting">#self-hosting</a>
                   

tags/self-hosting/atom.xml

@@ -19,10 +19,9 @@ but knowing how to do it manually using industry standard
 technologies always helps!</p>
 <p>We will be using the following technologies to deploy our website:</p>
 <ol>
-<li>GNU/Linux server(Debian)</li>
+<li><a href="https://debian.org">GNU/Linux server(Debian)</a></li>
-<li>Nginx (webs server)</li>
+<li><a href="https://www.nginx.com/">Nginx</a> (webs server)</li>
-<li>Let's Encrypt (for HTTPS)</li>
+<li><a href="https://letsencrypt.org/">Let's Encrypt</a> (for HTTPS)</li>
-<li>Gitea (but any Git hosting works)</li>
 </ol>
 <p>Let's get started!</p>
 <h2 id="1-setup-debian-gnu-linux">1. Setup Debian GNU/Linux<a class="zola-anchor" href="#1-setup-debian-gnu-linux" aria-label="Anchor link for: 1-setup-debian-gnu-linux"
@@ -53,25 +52,32 @@ from a lower-privileged account. Let's make our account sudo capable:<&#
   ><span class="anchor-icon">#</span></a
 >
 </h3>
-<p>Uncomplicated Firewall(<code>ufw</code>) is a popular firewall that is easy to
+<p><a href="https://wiki.ubuntu.com/UncomplicatedFirewall">Uncomplicated
-set up and maintain. For most installations, this should be enough.
+Firewall(<code>ufw</code>)</a> is a
-System administrators use firewalls to open only the ports that they
+popular firewall that is easy to set up and maintain. For most
-think should receive traffic from external networks. Without it, all
+installations, this should be enough. System administrators use
-ports will be open, causing a security nightmare.</p>
+firewalls to open only the ports that they think should receive traffic
+from external networks. Without it, all ports will be open, causing a
+security nightmare.</p>
 <p>We will require standard SSH (22), and the standard web ports (80 and
 443). A comprehensive list of services and the list of ports the listen
-on is available at `/etc/services.</p>
+on is available at <code>/etc/services</code>.</p>
-<pre data-lang="bash $ sudo apt update && apt upgrade # update system $ sudo apt" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash $ sudo apt update && apt upgrade # update system $ sudo apt "><code class="language-bash $ sudo apt update && apt upgrade # update system $ sudo apt" data-lang="bash $ sudo apt update && apt upgrade # update system $ sudo apt"><span>install ufw # we are using `ufw` for the firewall
+<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> sudo apt update && </span><span style="color:#bf616a;">apt</span><span> upgrade </span><span style="color:#65737e;"># update system
-</span><span>$ sudo ufw allow ssh # allow SSH traffic on port 22, required to log into the server
+</span><span style="color:#bf616a;">$</span><span> sudo apt install ufw </span><span style="color:#65737e;"># we are using `ufw` for the firewall
-</span><span>$ sudo ufw enable # deploy firewall
+</span><span style="color:#bf616a;">$</span><span> sudo ufw allow ssh </span><span style="color:#65737e;"># allow SSH traffic on port 22, required to log into the server
+</span><span style="color:#bf616a;">$</span><span> sudo ufw enable </span><span style="color:#65737e;"># deploy firewall
 </span></code></pre>
 <h3 id="1-3-secure-ssh">1.3) Secure SSH<a class="zola-anchor" href="#1-3-secure-ssh" aria-label="Anchor link for: 1-3-secure-ssh"
   ><span class="anchor-icon">#</span></a
 >
 </h3>
-<p>SSH allows remote access to our servers over secure, encrypted
+<p>SSH allows remote access to our servers over secure, encrypted channels.
-channels. By default, users can log in with their password
+By default, users can log in with their password using SSH. But password
-using SSH. But password authentication is susceptible to brute force attacks, so we should disable password logins on our server and only allow public-key authentication only.</p>
+authentication <a href="https://wiki.archlinux.org/title/OpenSSH#Protecting_against_brute_force_attacks">is susceptible to brute force
+attacks</a>,
+so we should <a href="https://wiki.archlinux.org/title/OpenSSH#Force_public_key_authentication">disable password logins on our server and only allow
+public-key authentication
+only</a>.</p>
 <h3 id="1-3-1-generate-key-pair">1.3.1) Generate key pair<a class="zola-anchor" href="#1-3-1-generate-key-pair" aria-label="Anchor link for: 1-3-1-generate-key-pair"
   ><span class="anchor-icon">#</span></a
 >
@@ -139,7 +145,10 @@ the server, let's disable password authentication on the server:</p
   ><span class="anchor-icon">#</span></a
 >
 </h3>
-<p>We will be using <code>fail2ban</code> for intrusion prevention by blackiisting entities (users, bots, etc.) based on failed login attempts.</p>
+<p>We will be using
+<a href="https://www.fail2ban.org/wiki/index.php/Main_Page"><code>fail2ban</code></a> for
+intrusion prevention by blacklisting entities (users, bots, etc.) based
+on failed login attempts.</p>
 <h4 id="1-3-1-install-fail2ban">1.3.1) Install <code>fail2ban</code><a class="zola-anchor" href="#1-3-1-install-fail2ban" aria-label="Anchor link for: 1-3-1-install-fail2ban"
   ><span class="anchor-icon">#</span></a
 >
@@ -323,7 +332,8 @@ authority to get our SSL certificates.</p>
 will have to log in every three months and renew the
 certificate. If you fail or forget it, your visitors will see security
 warnings on your website.</p>
-<p>Thankfully, Let's Encrypt provides automation through <code>certbot</code></p>
+<p>Thankfully, there is a way to automate this process through
+<a href="https://certbot.eff.org/"><code>certbot</code></a></p>
 <h4 id="2-3-1-install-certbot">2.3.1) Install <code>certbot</code>:<a class="zola-anchor" href="#2-3-1-install-certbot" aria-label="Anchor link for: 2-3-1-install-certbot"
   ><span class="anchor-icon">#</span></a
 >

tags/self-hosting/index.html

@@ -259,7 +259,7 @@
                   
                     <a class="blog__post-tag" href="/tags/JAMStack">#JAMStack</a>
                   
-                    <a class="blog__post-tag" href="/tags/git">#git</a>
+                    <a class="blog__post-tag" href="/tags/lets-encrypt">#lets-encrypt</a>
                   
                     <a class="blog__post-tag" href="/tags/self-hosting">#self-hosting</a>