new deploy: 2022-09-12T09:36:40+00:00

This commit is contained in:
Aravinth Manivannan 2022-09-12 09:36:40 +00:00
parent 60f7bfe78e
commit 531f439b5f
25 changed files with 5139 additions and 11 deletions

View file

@ -274,7 +274,7 @@ built with Free Software.</p>
<a href="/privacy-policy" title="Privacy Policy">Privacy</a>
<span class="footer__column-divider--mobile-only">|</span>
<a
href="https://github.com/realaravinth/librepges"
href="https://git.batsense.net/LibrePages"
rel="noreferrer"
target="_blank"
title="Status"

View file

@ -0,0 +1,824 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width" />
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png" />
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png" />
<link rel="manifest" href="/site.webmanifest" />
<link rel="me" href="https://gts.batsense.net.net/@librepages" />
<link rel="stylesheet" href="https://librepages.org/main.css" />
<link
rel="stylesheet"
media="screen and (max-width: 1300px)"
href="https://librepages.org/mobile.css"
/>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="stylesheet" href="https://librepages.org/main.css" />
<link
rel="stylesheet"
media="screen and (max-width: 1300px)"
href="https://librepages.org/mobile.css"
/>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>How to deploy a website WITHOUT LibrePages | LibrePages: JAMstack platform with focus on privacy and speed</title>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="description" content="Automation services like LibrePages exist to make lives easier but how do you do the same manually, on self-hosted hardware, or in the cloud?" />
<meta property="og:title" content="How to deploy a website WITHOUT LibrePages | LibrePages: JAMstack platform with focus on privacy and speed" />
<meta property="og:type" content="article" />
<meta property="og:url" content="https:&#x2F;&#x2F;librepages.org" />
<meta property="og:description" content="Automation services like LibrePages exist to make lives easier but how do you do the same manually, on self-hosted hardware, or in the cloud?" />
<meta
property="og:site_name"
content="How to deploy a website WITHOUT LibrePages | LibrePages: JAMstack platform with focus on privacy and speed"
/>
<link
rel="apple-touch-icon"
sizes="57x57"
href="https://librepages.org/apple-icon-57x57.png?h=aa7556c6917e2715fc5cd91b0f71abf54c25fb3f4596b83938485bd339b3ee5c"
/>
<link
rel="apple-touch-icon"
sizes="60x60"
href="https://librepages.org/apple-icon-60x60.png?h=3c65021633e27b12573a4d95ee104960edeeb8448d016cc4a3a8c009956f455b"
/>
<link
rel="apple-touch-icon"
sizes="72x72"
href="https://librepages.org/apple-icon-72x72.png?h=7e6ea650d40b0c229eb8991d4bdaaeaf3a4fdc37b4c91c7e0f6705f4ccbd4823"
/>
<link
rel="apple-touch-icon"
sizes="76x76"
href="https://librepages.org/apple-icon-76x76.png?h=14cc3b66876cc79fe49f4bdf43cfa342dd12249fb32ebb4bf5895cac9fd2eaba"
/>
<link
rel="apple-touch-icon"
sizes="114x114"
href="https://librepages.org/apple-icon-114x114.png?h=a7e320f87a86aa0e037e78635c5f5042e02bf3adaf5c7a3163a108b004f1874e"
/>
<link
rel="apple-touch-icon"
sizes="120x120"
href="https://librepages.org/apple-icon-120x120.png?h=0555c76525ad4b8e974217be648c2691643b0ae09c1447bee571bdf51d324e5a"
/>
<link
rel="apple-touch-icon"
sizes="144x144"
href="https://librepages.org/apple-icon-144x144.png?h=3c6dcd632f3eca17cf7cc6153e9b372183518168754e2d8adb6bc549cfc89694"
/>
<link
rel="apple-touch-icon"
sizes="152x152"
href="https://librepages.org/apple-icon-152x152.png?h=0de6ee6daa86c4800faa71c0ba940a749b025c83f1150b19f7817bac9558344e"
/>
<link
rel="apple-touch-icon"
sizes="180x180"
href="https://librepages.org/apple-icon-180x180.png?h=4015bdb0896669f24d0be4e93fc9625c771a746060906dd94ed07ed2b3a88ede"
/>
<link
rel="icon"
type="image/png"
sizes="192x192"
href="https://librepages.org/android-icon-192x192.png?h=4065738be7277800667ab5dab97c610d8b76f7c9d7835266ecf440a1336b179a"
/>
<link
rel="icon"
type="image/png"
sizes="32x32"
href="https://librepages.org/favicon-32x32.png?h=19f5fc89580c10a37da127a18cb6d18427f8604617fe3c1d163a5528c4832094"
/>
<link
rel="icon"
type="image/png"
sizes="96x96"
href="https://librepages.org/favicon-96x96.png?h=f1dbc55e44179d839832093c008b0bedea79c3b21b1af68adb6d70c3e21227f5"
/>
<link
rel="icon"
type="image/png"
sizes="16x16"
href="https://librepages.org/favicon-16x16.png?h=a7056d65f8aa73fbaf9e97dcd2e685ac67489a76c0b8e715936970b118d74700"
/>
<link
rel="manifest"
href="https://librepages.org/manifest.json?h=27eca3e8297eb7ff340deb3849b210185a459b3845456aa4d0036f6d966b3518"
/>
<meta name="msapplication-TileColor" content="#ffffff" />
<meta
name="msapplication-TileImage"
content="https://librepages.org/ms-icon-144x144.png?h=3c6dcd632f3eca17cf7cc6153e9b372183518168754e2d8adb6bc549cfc89694"
/>
<meta name="theme-color" content="#ffffff" />
</head>
<!-- Matomo -->
<script>
var _paq = (window._paq = window._paq || []);
/* tracker methods like "setCustomDimension" should be called before "trackPageView" */
_paq.push(["setCookieDomain", "*.librepages.org"]);
_paq.push(["trackPageView"]);
_paq.push(["enableLinkTracking"]);
(function () {
var u = "//matomo.librepages.org/";
_paq.push(["setTrackerUrl", u + "matomo.php"]);
_paq.push(["setSiteId", "3"]);
var d = document,
g = d.createElement("script"),
s = d.getElementsByTagName("script")[0];
g.async = true;
g.src = u + "matomo.js";
s.parentNode.insertBefore(g, s);
})();
</script>
<noscript
><p>
<img
src="//matomo.librepages.org/matomo.php?idsite=3&amp;rec=1"
style="border: 0"
alt=""
/></p
></noscript>
<!-- End Matomo Code -->
</head>
<body class="base">
<header><nav class="nav__container">
<input type="checkbox" class="nav__toggle" id="nav__toggle" />
<div class="nav__header">
<a class="nav__logo-container" href="/">
<p class="nav__home-btn">LibrePages</p>
</a>
<label class="nav__hamburger-menu" for="nav__toggle">
<span class="nav__hamburger-inner"></span>
</label>
</div>
<div class="nav__spacer--small"></div>
<div class="nav__link-group">
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="&#x2F;about&#x2F;">About</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="&#x2F;blog&#x2F;">Blog</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;matrix.to&#x2F;#&#x2F;#librepages:matrix.batsense.net">Chat</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;docs.librepages.org">Docs</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;gts.batsense.net&#x2F;@librepages">Fediverse</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;git.batsense.net&#x2F;LibrePages">Source Code</a>
</div>
</div>
<div class="nav__spacer"></div>
<div class="nav__link-group--small">
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;demo.librepages.org&#x2F;">Demo</a>
</div>
</div>
</nav>
</header>
<!-- See ../sass/main.scss. Required for pushing footer to the very
bottom of the page -->
<div class="main__content-container">
<main>
<div class="page__container">
<h1 class="page__group-title">How to deploy a website WITHOUT LibrePages</h1>
<p class="blog__post-meta">
<a href="https:&#x2F;&#x2F;batsense.net" class="post__author">Aravinth Manivannan</a>
&middot; 10
September
,
2022 &middot; <b>9 min read</b>
</p>
<div class="blog__content">
<aside class="toc">
<h2>Table of Contents</h2>
<ul>
<li>
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/#1-setup-debian-gnu-linux">1. Setup Debian GNU&#x2F;Linux</a>
<ul>
<li>
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/#1-1-give-your-account-sudo-privileges">1.1) Give your account sudo privileges</a>
</li>
<li>
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/#1-2-install-and-setup-firewall-ufw">1.2) Install and setup firewall(ufw)</a>
</li>
<li>
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/#1-3-secure-ssh">1.3) Secure SSH</a>
</li>
<li>
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/#1-3-1-generate-key-pair">1.3.1) Generate key pair</a>
</li>
<li>
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/#1-3-2-setup-public-key-authentication">1.3.2) Setup public-key authentication</a>
</li>
<li>
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/#1-3-3-disable-ssh-password-authentication">1.3.3) Disable SSH password authentication</a>
</li>
<li>
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/#1-3-install-and-setup-fail2ban">1.3) Install and setup fail2ban</a>
<ul>
<li>
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/#1-3-1-install-fail2ban">1.3.1) Install fail2ban</a>
</li>
<li>
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/#1-3-2-enable-fail2ban-for-sshd">1.3.2) Enable fail2ban for sshd</a>
</li>
<li>
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/#1-3-3-configure-fail2ban-to-start-on-boot">1.3.3) Configure fail2ban to start on boot</a>
</li>
</ul>
</li>
<li>
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/#1-4-install-and-setup-nginx">1.4) Install and setup nginx</a>
<ul>
<li>
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/#1-4-1-install-nginx">1.4.1) Install nginx:</a>
</li>
<li>
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/#1-4-2-allow-web-traffic-open-ports-80-and-443">1.4.2) Allow web traffic: open ports 80 and 443</a>
</li>
<li>
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/#1-4-2-configure-nginx-to-start-on-boot">1.4.2) Configure nginx to start on boot</a>
</li>
</ul>
</li>
</ul>
</li>
<li>
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/#2-deploy-website">2) Deploy website</a>
<ul>
<li>
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/#2-1-install-the-webpage-on-the-server">2.1) Install the webpage on the server</a>
</li>
<li>
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/#2-2-serve-webpage-on-a-custom-domain">2.2) Serve webpage on a custom domain</a>
<ul>
<li>
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/#2-2-1-buy-a-domain-if-you-don-t-own-one-already">2.2.1) Buy a domain if you don&#x27;t own one already</a>
</li>
<li>
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/#2-2-2-go-to-the-domain-s-dns-dashboard-and-add-the-following-record">2.2.2) Go to the domain&#x27;s DNS dashboard and add the following record</a>
</li>
<li>
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/#2-2-3-setup-nginx-to-serve-the-website-at-http-your-domain">2.2.3) Setup nginx to serve the website at http:&#x2F;&#x2F;&lt;your-domain.</a>
</li>
</ul>
</li>
<li>
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/#2-3-install-certbot-to-set-up-https">2.3) Install certbot to set up HTTPS</a>
<ul>
<li>
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/#2-3-1-install-certbot">2.3.1) Install certbot:</a>
</li>
<li>
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/#2-3-2-get-a-certificate-for-your-domain">2.3.2) Get a certificate for &lt;your-domain&gt;</a>
</li>
<li>
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/#2-3-3-setup-cronjob-to-automate-ssl-certificate-renewals">2.3.3) Setup cronjob to automate SSL certificate renewals</a>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</aside>
<p>In this <del>blog post</del> tutorial, I'll show you how to deploy a personal
website. LibrePages automates everything that is discussed in this
tutorial and lets you focus on creating content. Automation is good
but knowing how to do it manually using industry standard
technologies always helps!</p>
<p>We will be using the following technologies to deploy our website:</p>
<ol>
<li>GNU/Linux server(Debian)</li>
<li>Nginx (webs server)</li>
<li>Let's Encrypt (for HTTPS)</li>
<li>Gitea (but any Git hosting works)</li>
</ol>
<p>Let's get started!</p>
<h2 id="1-setup-debian-gnu-linux">1. Setup Debian GNU/Linux<a class="zola-anchor" href="#1-setup-debian-gnu-linux" aria-label="Anchor link for: 1-setup-debian-gnu-linux"
><span class="anchor-icon">#</span></a
>
</h2>
<p>We are going to start with a fresh GNU/Linux installation, you could get
one from a cloud provider like <a href="https://www.digitalocean.com">Digital
Ocean</a> (not affiliated).</p>
<h3 id="1-1-give-your-account-sudo-privileges">1.1) Give your account <code>sudo</code> privileges<a class="zola-anchor" href="#1-1-give-your-account-sudo-privileges" aria-label="Anchor link for: 1-1-give-your-account-sudo-privileges"
><span class="anchor-icon">#</span></a
>
</h3>
<p>On GNU/Linux systems, the <code>root</code> account is the most powerful user account.
It is good practice to avoid working as <code>root</code> since a careless mistake
could wipe the entire system out.</p>
<p><code>sudo</code> give the ability to execute commands with <code>root</code> capabilities
from a lower-privileged account. Let's make our account sudo capable:</p>
<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">su </span><span style="color:#65737e;"># become root
</span><span>
</span><span style="color:#65737e;"># add `realaravinth`, my account` to `sudo` group to be able to use `sudo`
</span><span style="color:#bf616a;">usermod -aG</span><span> sudo realaravinth </span><span style="color:#65737e;"># my account is called `realaravinth`, replace it with yours
</span><span style="color:#96b5b4;">exit
</span><span style="color:#bf616a;">$</span><span> exit
</span></code></pre>
<p>Log out and log back in.</p>
<h3 id="1-2-install-and-setup-firewall-ufw">1.2) Install and setup firewall(<code>ufw</code>)<a class="zola-anchor" href="#1-2-install-and-setup-firewall-ufw" aria-label="Anchor link for: 1-2-install-and-setup-firewall-ufw"
><span class="anchor-icon">#</span></a
>
</h3>
<p>Uncomplicated Firewall(<code>ufw</code>) is a popular firewall that is easy to
set up and maintain. For most installations, this should be enough.
System administrators use firewalls to open only the ports that they
think should receive traffic from external networks. Without it, all
ports will be open, causing a security nightmare.</p>
<p>We will require standard SSH (22), and the standard web ports (80 and
443). A comprehensive list of services and the list of ports the listen
on is available at `/etc/services.</p>
<pre data-lang="bash $ sudo apt update && apt upgrade # update system $ sudo apt" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash $ sudo apt update && apt upgrade # update system $ sudo apt "><code class="language-bash $ sudo apt update && apt upgrade # update system $ sudo apt" data-lang="bash $ sudo apt update && apt upgrade # update system $ sudo apt"><span>install ufw # we are using `ufw` for the firewall
</span><span>$ sudo ufw allow ssh # allow SSH traffic on port 22, required to log into the server
</span><span>$ sudo ufw enable # deploy firewall
</span></code></pre>
<h3 id="1-3-secure-ssh">1.3) Secure SSH<a class="zola-anchor" href="#1-3-secure-ssh" aria-label="Anchor link for: 1-3-secure-ssh"
><span class="anchor-icon">#</span></a
>
</h3>
<p>SSH allows remote access to our servers over secure, encrypted
channels. By default, users can log in with their password
using SSH. But password authentication is susceptible to brute force attacks, so we should disable password logins on our server and only allow public-key authentication only.</p>
<h3 id="1-3-1-generate-key-pair">1.3.1) Generate key pair<a class="zola-anchor" href="#1-3-1-generate-key-pair" aria-label="Anchor link for: 1-3-1-generate-key-pair"
><span class="anchor-icon">#</span></a
>
</h3>
<p>On your local computer, generate an SSH key pair:</p>
<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> ssh-keygen
</span><span style="color:#bf616a;">Generating</span><span> public/private rsa key pair.
</span><span style="color:#bf616a;">Enter</span><span> file in which to save the key (/home/realaravinth/.ssh/id_rsa)</span><span style="color:#96b5b4;">:
</span><span style="color:#bf616a;">Enter</span><span> passphrase (empty for no passphrase)</span><span style="color:#96b5b4;">:
</span><span style="color:#bf616a;">Enter</span><span> same passphrase again:
</span><span style="color:#bf616a;">Your</span><span> identification has been saved in /home/realaravinth/.ssh/id_rsa
</span><span style="color:#bf616a;">Your</span><span> public key has been saved in /home/realaravinth/.ssh/id_rsa.pub
</span><span style="color:#bf616a;">The</span><span> key fingerprint is:
</span><span style="color:#bf616a;">SHA256:i2DE1b9BQb9DqV0r6O9MfPeVqUwfww1/T8wIXL2Xqdo</span><span> realaravinth@myserver.com
</span><span style="color:#bf616a;">The</span><span> key&#39;</span><span style="color:#a3be8c;">s random art image is:
</span><span style="color:#a3be8c;">+---[RSA 3072]----+
</span><span style="color:#a3be8c;">| .. .o. |
</span><span style="color:#a3be8c;">| . . . .. . . |
</span><span style="color:#a3be8c;">| o o + o .|
</span><span style="color:#a3be8c;">| . o* + .+|
</span><span style="color:#a3be8c;">| o S ooB o+.|
</span><span style="color:#a3be8c;">| . . . o.. +o*=|
</span><span style="color:#a3be8c;">| . . . ooo*X|
</span><span style="color:#a3be8c;">| +=.ooB|
</span><span style="color:#a3be8c;">| o+E .o|
</span><span style="color:#a3be8c;">+----[SHA256]-----+
</span></code></pre>
<p>Set a strong password the program prompts for one and save it somewhere
safe. Your public key will be at <code>~/.ssh/id_rsa.pub</code> and your private key at
<code>~/.ssh/id_rsa</code>. <strong>Never share the private key with anyone</strong>.</p>
<h3 id="1-3-2-setup-public-key-authentication">1.3.2) Setup public-key authentication<a class="zola-anchor" href="#1-3-2-setup-public-key-authentication" aria-label="Anchor link for: 1-3-2-setup-public-key-authentication"
><span class="anchor-icon">#</span></a
>
</h3>
<p>We have to copy the public key that we generated in the previous setup
onto our server:</p>
<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> ssh-copy-id</span><span style="color:#bf616a;"> -i ~</span><span>/.ssh/id_rsa.pub myserver.com
</span><span style="color:#bf616a;">/usr/bin/ssh-copy-id:</span><span> INFO: Source of key(s) </span><span style="color:#bf616a;">to</span><span> be installed: &quot;</span><span style="color:#a3be8c;">/home/realaravinth/.ssh/id_rsa.pub</span><span>&quot;
</span><span style="color:#bf616a;">/usr/bin/ssh-copy-id:</span><span> INFO: attempting to log in with the new key(s)</span><span style="color:#bf616a;">,</span><span> to filter out any that are already installed
</span><span style="color:#bf616a;">/usr/bin/ssh-copy-id:</span><span> INFO: 1 key(s) </span><span style="color:#bf616a;">remain</span><span> to be installed -- if you are prompted now it is to install the new keys
</span><span style="color:#bf616a;">realaravinth@myserver.com</span><span>&#39;</span><span style="color:#a3be8c;">s password:
</span><span style="color:#a3be8c;">
</span><span style="color:#a3be8c;">Number of key(s) added: 1
</span><span style="color:#a3be8c;">
</span><span style="color:#a3be8c;">Now try logging into the machine, with: &quot;ssh </span><span>&#39;</span><span style="color:#bf616a;">myserver.com</span><span>&#39;</span><span style="color:#a3be8c;">&quot;
</span><span style="color:#a3be8c;">and check to make sure that only the key(s) you wanted were added.
</span></code></pre>
<h3 id="1-3-3-disable-ssh-password-authentication">1.3.3) Disable SSH password authentication<a class="zola-anchor" href="#1-3-3-disable-ssh-password-authentication" aria-label="Anchor link for: 1-3-3-disable-ssh-password-authentication"
><span class="anchor-icon">#</span></a
>
</h3>
<blockquote>
<p><strong>NOTE: Verify you can log into your account before proceeding</strong></p>
</blockquote>
<p>Now that we have a private-key authentication setup on both the client and
the server, let's disable password authentication on the server:</p>
<p>Open <code>/etc/ssh/sshd_config</code> and add the following lines:</p>
<pre style="background-color:#2b303b;color:#c0c5ce;"><code><span>PubkeyAuthentication yes
</span><span>PasswordAuthentication no
</span></code></pre>
<p>And restart the SSH server:</p>
<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> sudo systemctl restart sshd
</span></code></pre>
<h3 id="1-3-install-and-setup-fail2ban">1.3) Install and setup <code>fail2ban</code><a class="zola-anchor" href="#1-3-install-and-setup-fail2ban" aria-label="Anchor link for: 1-3-install-and-setup-fail2ban"
><span class="anchor-icon">#</span></a
>
</h3>
<p>We will be using <code>fail2ban</code> for intrusion prevention by blackiisting entities (users, bots, etc.) based on failed login attempts.</p>
<h4 id="1-3-1-install-fail2ban">1.3.1) Install <code>fail2ban</code><a class="zola-anchor" href="#1-3-1-install-fail2ban" aria-label="Anchor link for: 1-3-1-install-fail2ban"
><span class="anchor-icon">#</span></a
>
</h4>
<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> sudo apt install fail2ban
</span></code></pre>
<h4 id="1-3-2-enable-fail2ban-for-sshd">1.3.2) Enable <code>fail2ban</code> for <code>sshd</code><a class="zola-anchor" href="#1-3-2-enable-fail2ban-for-sshd" aria-label="Anchor link for: 1-3-2-enable-fail2ban-for-sshd"
><span class="anchor-icon">#</span></a
>
</h4>
<pre data-lang="yml" style="background-color:#2b303b;color:#c0c5ce;" class="language-yml "><code class="language-yml" data-lang="yml"><span>[</span><span style="color:#a3be8c;">sshd</span><span>]
</span><span style="color:#a3be8c;">enabled = true
</span></code></pre>
<h4 id="1-3-3-configure-fail2ban-to-start-on-boot">1.3.3) Configure <code>fail2ban</code> to start on boot<a class="zola-anchor" href="#1-3-3-configure-fail2ban-to-start-on-boot" aria-label="Anchor link for: 1-3-3-configure-fail2ban-to-start-on-boot"
><span class="anchor-icon">#</span></a
>
</h4>
<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> sudo systemctl enable fail2ban
</span><span style="color:#bf616a;">$</span><span> sudo systemctl start fail2ban
</span></code></pre>
<h3 id="1-4-install-and-setup-nginx">1.4) Install and setup <code>nginx</code><a class="zola-anchor" href="#1-4-install-and-setup-nginx" aria-label="Anchor link for: 1-4-install-and-setup-nginx"
><span class="anchor-icon">#</span></a
>
</h3>
<p><code>nginx</code> is a popular web server that can be used to serve static sites.
It is fast, stable, and easy to set up.</p>
<p>To install, run the following command:</p>
<h4 id="1-4-1-install-nginx">1.4.1) Install <code>nginx</code>:<a class="zola-anchor" href="#1-4-1-install-nginx" aria-label="Anchor link for: 1-4-1-install-nginx"
><span class="anchor-icon">#</span></a
>
</h4>
<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> sudo apt install nginx
</span></code></pre>
<h4 id="1-4-2-allow-web-traffic-open-ports-80-and-443">1.4.2) Allow web traffic: open ports <code>80</code> and <code>443</code><a class="zola-anchor" href="#1-4-2-allow-web-traffic-open-ports-80-and-443" aria-label="Anchor link for: 1-4-2-allow-web-traffic-open-ports-80-and-443"
><span class="anchor-icon">#</span></a
>
</h4>
<p>Ports <code>80</code> is the default for HTTP and <code>443</code> for HTTPS. To serve
web traffic, we'll have to Configure <code>ufw</code> to accept traffic on them:</p>
<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> sudo ufw allow 80 </span><span style="color:#65737e;"># open ports 80 HTTP traffic
</span><span style="color:#bf616a;">$</span><span> sudo ufw allow 443 </span><span style="color:#65737e;"># open ports 443 for HTTPS traffic
</span></code></pre>
<h4 id="1-4-2-configure-nginx-to-start-on-boot">1.4.2) Configure <code>nginx</code> to start on boot<a class="zola-anchor" href="#1-4-2-configure-nginx-to-start-on-boot" aria-label="Anchor link for: 1-4-2-configure-nginx-to-start-on-boot"
><span class="anchor-icon">#</span></a
>
</h4>
<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> sudo systemtl enable nginx </span><span style="color:#65737e;"># automatically start nginx on boot
</span><span style="color:#bf616a;">$</span><span> sudo systemtl start nginx </span><span style="color:#65737e;"># start nginx server
</span></code></pre>
<p>And verify it works:</p>
<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> curl localhost
</span><span>&lt;!DOCTYPE </span><span style="color:#bf616a;">html</span><span>&gt;
</span><span>&lt;html&gt;
</span><span>&lt;head&gt;
</span><span>&lt;title&gt;Welcome </span><span style="color:#bf616a;">to</span><span> nginx!&lt;/title&gt;
</span><span>&lt;style&gt;
</span><span> </span><span style="color:#bf616a;">body </span><span>{
</span><span> width: 35em;
</span><span> margin: 0 auto;
</span><span> font-family: Tahoma, Verdana, Arial, sans-serif;
</span><span> }
</span><span>&lt;/style&gt;
</span><span>&lt;/head&gt;
</span><span>&lt;body&gt;
</span><span>&lt;h1&gt;Welcome </span><span style="color:#bf616a;">to</span><span> nginx!&lt;/h1&gt;
</span><span>&lt;p&gt;If </span><span style="color:#bf616a;">you</span><span> see this page, the nginx web server is successfully installed and
</span><span style="color:#bf616a;">working.</span><span> Further configuration is required.&lt;/p&gt;
</span><span>
</span><span>&lt;p&gt;For </span><span style="color:#bf616a;">online</span><span> documentation and support please refer to
</span><span>&lt;a </span><span style="color:#bf616a;">href</span><span>=&quot;</span><span style="color:#a3be8c;">http://nginx.org/</span><span>&quot;&gt;nginx.org&lt;/a&gt;.&lt;br/&gt;
</span><span style="color:#bf616a;">Commercial</span><span> support is available at
</span><span>&lt;a </span><span style="color:#bf616a;">href</span><span>=&quot;</span><span style="color:#a3be8c;">http://nginx.com/</span><span>&quot;&gt;nginx.com&lt;/a&gt;.&lt;/p&gt;
</span><span>
</span><span>&lt;p&gt;&lt;em&gt;Thank </span><span style="color:#bf616a;">you</span><span> for using nginx.&lt;/em&gt;&lt;/p&gt;
</span><span>&lt;/body&gt;
</span><span>&lt;/html&gt;
</span></code></pre>
<p><code>nginx</code> is working!</p>
<h2 id="2-deploy-website">2) Deploy website<a class="zola-anchor" href="#2-deploy-website" aria-label="Anchor link for: 2-deploy-website"
><span class="anchor-icon">#</span></a
>
</h2>
<p>For this demo, we'll deploy a single file(<code>index.html</code>)
HTML website.</p>
<h3 id="2-1-install-the-webpage-on-the-server">2.1) Install the webpage on the server<a class="zola-anchor" href="#2-1-install-the-webpage-on-the-server" aria-label="Anchor link for: 2-1-install-the-webpage-on-the-server"
><span class="anchor-icon">#</span></a
>
</h3>
<p>Edit <code>/var/www/html/index.html</code> and add the following HTML to it:</p>
<pre data-lang="html" style="background-color:#2b303b;color:#c0c5ce;" class="language-html "><code class="language-html" data-lang="html"><span>&lt;!</span><span style="color:#b48ead;">DOCTYPE </span><span style="color:#d08770;">html</span><span>&gt;
</span><span>&lt;</span><span style="color:#bf616a;">html</span><span>&gt;
</span><span> &lt;</span><span style="color:#bf616a;">head</span><span>&gt;
</span><span> &lt;</span><span style="color:#bf616a;">title</span><span>&gt;My cool website!&lt;/</span><span style="color:#bf616a;">title</span><span>&gt;
</span><span> &lt;/</span><span style="color:#bf616a;">head</span><span>&gt;
</span><span> &lt;</span><span style="color:#bf616a;">body</span><span>&gt;
</span><span> &lt;</span><span style="color:#bf616a;">h1</span><span>&gt;Welcome to my website! o/&lt;/</span><span style="color:#bf616a;">h1</span><span>&gt;
</span><span> &lt;/</span><span style="color:#bf616a;">body</span><span>&gt;
</span><span>&lt;/</span><span style="color:#bf616a;">html</span><span>&gt;
</span></code></pre>
<p>The webpage should now be available on localhost, and we should see it when we run the following command:</p>
<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> curl localhost
</span><span>&lt;!DOCTYPE </span><span style="color:#bf616a;">html</span><span>&gt;
</span><span>&lt;html&gt;
</span><span> &lt;head&gt;
</span><span> &lt;title&gt;My </span><span style="color:#bf616a;">cool</span><span> website!&lt;/title&gt;
</span><span> &lt;/head&gt;
</span><span> &lt;body&gt;
</span><span> &lt;h1&gt;Welcome </span><span style="color:#bf616a;">to</span><span> my website! o/&lt;/h1&gt;
</span><span> &lt;/body&gt;
</span><span>&lt;/html&gt;
</span></code></pre>
<h3 id="2-2-serve-webpage-on-a-custom-domain">2.2) Serve webpage on a custom domain<a class="zola-anchor" href="#2-2-serve-webpage-on-a-custom-domain" aria-label="Anchor link for: 2-2-serve-webpage-on-a-custom-domain"
><span class="anchor-icon">#</span></a
>
</h3>
<h4 id="2-2-1-buy-a-domain-if-you-don-t-own-one-already">2.2.1) Buy a domain if you don't own one already<a class="zola-anchor" href="#2-2-1-buy-a-domain-if-you-don-t-own-one-already" aria-label="Anchor link for: 2-2-1-buy-a-domain-if-you-don-t-own-one-already"
><span class="anchor-icon">#</span></a
>
</h4>
<h4 id="2-2-2-go-to-the-domain-s-dns-dashboard-and-add-the-following-record">2.2.2) Go to the domain's DNS dashboard and add the following record<a class="zola-anchor" href="#2-2-2-go-to-the-domain-s-dns-dashboard-and-add-the-following-record" aria-label="Anchor link for: 2-2-2-go-to-the-domain-s-dns-dashboard-and-add-the-following-record"
><span class="anchor-icon">#</span></a
>
</h4>
<pre style="background-color:#2b303b;color:#c0c5ce;"><code><span>@ A 300 &lt;your server IP address&gt;
</span></code></pre>
<h4 id="2-2-3-setup-nginx-to-serve-the-website-at-http-your-domain">2.2.3) Setup <code>nginx</code> to serve the website at <code>http://&lt;your-domain.</code><a class="zola-anchor" href="#2-2-3-setup-nginx-to-serve-the-website-at-http-your-domain" aria-label="Anchor link for: 2-2-3-setup-nginx-to-serve-the-website-at-http-your-domain"
><span class="anchor-icon">#</span></a
>
</h4>
<p>Open <code>/etc/nginx/sites-available/your-domain</code> and add the following:</p>
<pre style="background-color:#2b303b;color:#c0c5ce;"><code><span>server {
</span><span> # serve website on port 80
</span><span> listen [::]:80;
</span><span> listen 80;
</span><span>
</span><span> # write error logs to file
</span><span> error_log /var/log/nginx/&lt;your-domain&gt;.error.log;
</span><span> # write access logs to file
</span><span> access_log /var/log/nginx/&lt;your-domain&gt;.access.log;
</span><span>
</span><span> # serve only on this domain:
</span><span> server_name &lt;your-domain&gt;; # replace me
</span><span>
</span><span>
</span><span> # use files from this directory
</span><span> root /var/www/html/;
</span><span>
</span><span> # remove .html from URL; it is cleaner this way
</span><span> rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent;
</span><span>
</span><span> # when a request is received, try the index.html in the directory
</span><span> # or $uri.html
</span><span> try_files $uri/index.html $uri.html $uri/ $uri =404;
</span><span>}
</span></code></pre>
<p>It is good practice to have all <code>nginx</code> deployment configurations in
<code>/etc/nginx/sites-available/</code> directory and link production websites to
`/etc/nginx/sites-enabled directory. Doing so allows you to
work-in-progress configurations or delete deployments without losing
the configuration files.</p>
<p>Let's enable <code>&lt;your-domain&gt;</code></p>
<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> sudo ln</span><span style="color:#bf616a;"> -s</span><span> /etc/nginx/sites-available/&lt;your-domain&gt; /etc/nginx/sites-available/&lt;your-domain&gt;
</span></code></pre>
<p>Verify configurations before deploying, <code>nginx</code> has a command
to do it:</p>
<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> sudo nginx</span><span style="color:#bf616a;"> -t
</span></code></pre>
<p>If there are no errors, reload <code>nginx</code> to deploy the website:</p>
<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> sudo nginx</span><span style="color:#bf616a;"> -s</span><span> reload
</span></code></pre>
<p>Your webpage should now be accessible at <code>http://&lt;your-domain&gt;</code>!</p>
<h3 id="2-3-install-certbot-to-set-up-https">2.3) Install <code>certbot</code> to set up HTTPS<a class="zola-anchor" href="#2-3-install-certbot-to-set-up-https" aria-label="Anchor link for: 2-3-install-certbot-to-set-up-https"
><span class="anchor-icon">#</span></a
>
</h3>
<p>HTTP is insecure. We'll have to set up SSL to serve our website using
HTTPS. To do that, we will be using <a href="https://letsencrypt.org/">Let's
Encrypt</a> a popular nonprofit certificate
authority to get our SSL certificates.</p>
<p>SSL certificates come with set lifetimes, so we renew them before they expire. The process, when done manually, is demanding: you
will have to log in every three months and renew the
certificate. If you fail or forget it, your visitors will see security
warnings on your website.</p>
<p>Thankfully, Let's Encrypt provides automation through <code>certbot</code></p>
<h4 id="2-3-1-install-certbot">2.3.1) Install <code>certbot</code>:<a class="zola-anchor" href="#2-3-1-install-certbot" aria-label="Anchor link for: 2-3-1-install-certbot"
><span class="anchor-icon">#</span></a
>
</h4>
<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> sudo apt install certbot python3-certbot-nginx
</span></code></pre>
<h4 id="2-3-2-get-a-certificate-for-your-domain">2.3.2) Get a certificate for <code>&lt;your-domain&gt;</code><a class="zola-anchor" href="#2-3-2-get-a-certificate-for-your-domain" aria-label="Anchor link for: 2-3-2-get-a-certificate-for-your-domain"
><span class="anchor-icon">#</span></a
>
</h4>
<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> sudo certbot</span><span style="color:#bf616a;"> --nginx -d </span><span>&lt;your-domain&gt;
</span></code></pre>
<p><code>certbot</code> will prompt you for an email ID, and ask you to accept their
terms and conditions, privacy policy, etc. Be sure to read them before
agreeing to them. It will then try to authenticate your domain ownership
using the <a href="https://en.wikipedia.org/wiki/Automatic_Certificate_Management_Environment">ACME
protocol</a>.
By configuring the DNS to point to our server and by telling <code>nginx</code> at
that domain.</p>
<p>When it has verified ownership, it will automatically issue, deploy the
certificate on <code>nginx</code> and setup redirects.</p>
<h4 id="2-3-3-setup-cronjob-to-automate-ssl-certificate-renewals">2.3.3) Setup cronjob to automate SSL certificate renewals<a class="zola-anchor" href="#2-3-3-setup-cronjob-to-automate-ssl-certificate-renewals" aria-label="Anchor link for: 2-3-3-setup-cronjob-to-automate-ssl-certificate-renewals"
><span class="anchor-icon">#</span></a
>
</h4>
<p>Become root and edit crontab</p>
<pre data-lang="bash" style="background-color:#2b303b;color:#c0c5ce;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#bf616a;">$</span><span> su
</span><span style="color:#bf616a;">crontab -e
</span></code></pre>
<p>Add the following job and exit:</p>
<pre style="background-color:#2b303b;color:#c0c5ce;"><code><span>0 */12 * * * certbot -n --nginx renew
</span></code></pre>
<p>It will attempt to renew SSL certificates every 12 hours. If a the
certificate is due for renewal, <code>certbot</code> will go through the ACME
challenge, get the new certificates and automatically deploy them for
you.</p>
<p>Now our GNU/Linux server is configured and ready to serve our website at
<code>http://&lt;your-website&gt;</code>!</p>
</div>
<br />
<br />
<div class="blog__post-tag-container">
<a class="blog__post-tag" href="/tags/bare-metal">#bare-metal</a>
<a class="blog__post-tag" href="/tags/nginx">#nginx</a>
<a class="blog__post-tag" href="/tags/jamstack">#JAMStack</a>
<a class="blog__post-tag" href="/tags/git">#git</a>
<a class="blog__post-tag" href="/tags/self-hosting">#self-hosting</a>
</div>
</div>
</main>
<footer>
<div class="footer__container">
<!-- <div class="footer__column"> --->
<p class="footer__column license__conatiner">
All text <a
class="license__link"
rel="noreferrer"
href="http://creativecommons.org/licenses/by-sa/4.0/"
target="_blank"
>&nbsp;CC-BY-SA&nbsp;</a
>
&amp; code
<a
class="license__link"
rel="noreferrer"
href="https://www.gnu.org/licenses/agpl-3.0.en.html"
target="_blank"
>&nbsp;AGPL&nbsp;</a
>
</p>
<!-- </div> -->
<div class="footer__column--center">
<a href="/blog/atom.xml" target="_blank" rel="noopener" title="RSS">
<img
src="https://librepages.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
class="footer__icon"
alt="Email icon"
/>
</a>
</div>
<div class="footer__column">
<a href="/about" title="About">About</a>
<a href="/coc" title="Code of Conduct">CoC</a>
<span class="footer__column-divider--mobile-only">|</span>
<a href="/legalese" title="Legalese">Legalese</a>
<a href="/privacy-policy" title="Privacy Policy">Privacy</a>
<span class="footer__column-divider--mobile-only">|</span>
<a
href="https://git.batsense.net/LibrePages"
rel="noreferrer"
target="_blank"
title="Status"
>Source Code</a
>
<!--
<a href="/tos" title="Terms of Service">ToS</a>
-->
</div>
</div>
</footer>
</div>
</body>
</html>

367
blog/atom.xml Normal file
View file

@ -0,0 +1,367 @@
<?xml version="1.0" encoding="UTF-8"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
<title> - Posts</title>
<link href="https://librepages.org/blog/atom.xml" rel="self" type="application/atom+xml"/>
<link href="https://librepages.org/blog/"/>
<generator uri="https://www.getzola.org/">Zola</generator>
<updated>2022-09-10T00:00:00+00:00</updated>
<id>https://librepages.org/blog/atom.xml</id>
<entry xml:lang="en">
<title>How to deploy a website WITHOUT LibrePages</title>
<published>2022-09-10T00:00:00+00:00</published>
<updated>2022-09-10T00:00:00+00:00</updated>
<link href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/" type="text/html"/>
<id>https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/</id>
<content type="html">&lt;p&gt;In this &lt;del&gt;blog post&lt;&#x2F;del&gt; tutorial, I&#x27;ll show you how to deploy a personal
website. LibrePages automates everything that is discussed in this
tutorial and lets you focus on creating content. Automation is good
but knowing how to do it manually using industry standard
technologies always helps!&lt;&#x2F;p&gt;
&lt;p&gt;We will be using the following technologies to deploy our website:&lt;&#x2F;p&gt;
&lt;ol&gt;
&lt;li&gt;GNU&#x2F;Linux server(Debian)&lt;&#x2F;li&gt;
&lt;li&gt;Nginx (webs server)&lt;&#x2F;li&gt;
&lt;li&gt;Let&#x27;s Encrypt (for HTTPS)&lt;&#x2F;li&gt;
&lt;li&gt;Gitea (but any Git hosting works)&lt;&#x2F;li&gt;
&lt;&#x2F;ol&gt;
&lt;p&gt;Let&#x27;s get started!&lt;&#x2F;p&gt;
&lt;h2 id=&quot;1-setup-debian-gnu-linux&quot;&gt;1. Setup Debian GNU&#x2F;Linux&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-setup-debian-gnu-linux&quot; aria-label=&quot;Anchor link for: 1-setup-debian-gnu-linux&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h2&gt;
&lt;p&gt;We are going to start with a fresh GNU&#x2F;Linux installation, you could get
one from a cloud provider like &lt;a href=&quot;https:&#x2F;&#x2F;www.digitalocean.com&quot;&gt;Digital
Ocean&lt;&#x2F;a&gt; (not affiliated).&lt;&#x2F;p&gt;
&lt;h3 id=&quot;1-1-give-your-account-sudo-privileges&quot;&gt;1.1) Give your account &lt;code&gt;sudo&lt;&#x2F;code&gt; privileges&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-1-give-your-account-sudo-privileges&quot; aria-label=&quot;Anchor link for: 1-1-give-your-account-sudo-privileges&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;On GNU&#x2F;Linux systems, the &lt;code&gt;root&lt;&#x2F;code&gt; account is the most powerful user account.
It is good practice to avoid working as &lt;code&gt;root&lt;&#x2F;code&gt; since a careless mistake
could wipe the entire system out.&lt;&#x2F;p&gt;
&lt;p&gt;&lt;code&gt;sudo&lt;&#x2F;code&gt; give the ability to execute commands with &lt;code&gt;root&lt;&#x2F;code&gt; capabilities
from a lower-privileged account. Let&#x27;s make our account sudo capable:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;su &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# become root
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# add `realaravinth`, my account` to `sudo` group to be able to use `sudo`
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;usermod -aG&lt;&#x2F;span&gt;&lt;span&gt; sudo realaravinth &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# my account is called `realaravinth`, replace it with yours
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#96b5b4;&quot;&gt;exit
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; exit
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Log out and log back in.&lt;&#x2F;p&gt;
&lt;h3 id=&quot;1-2-install-and-setup-firewall-ufw&quot;&gt;1.2) Install and setup firewall(&lt;code&gt;ufw&lt;&#x2F;code&gt;)&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-2-install-and-setup-firewall-ufw&quot; aria-label=&quot;Anchor link for: 1-2-install-and-setup-firewall-ufw&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;Uncomplicated Firewall(&lt;code&gt;ufw&lt;&#x2F;code&gt;) is a popular firewall that is easy to
set up and maintain. For most installations, this should be enough.
System administrators use firewalls to open only the ports that they
think should receive traffic from external networks. Without it, all
ports will be open, causing a security nightmare.&lt;&#x2F;p&gt;
&lt;p&gt;We will require standard SSH (22), and the standard web ports (80 and
443). A comprehensive list of services and the list of ports the listen
on is available at `&#x2F;etc&#x2F;services.&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt &quot;&gt;&lt;code class=&quot;language-bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt&quot; data-lang=&quot;bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt&quot;&gt;&lt;span&gt;install ufw # we are using `ufw` for the firewall
&lt;&#x2F;span&gt;&lt;span&gt;$ sudo ufw allow ssh # allow SSH traffic on port 22, required to log into the server
&lt;&#x2F;span&gt;&lt;span&gt;$ sudo ufw enable # deploy firewall
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;1-3-secure-ssh&quot;&gt;1.3) Secure SSH&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-secure-ssh&quot; aria-label=&quot;Anchor link for: 1-3-secure-ssh&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;SSH allows remote access to our servers over secure, encrypted
channels. By default, users can log in with their password
using SSH. But password authentication is susceptible to brute force attacks, so we should disable password logins on our server and only allow public-key authentication only.&lt;&#x2F;p&gt;
&lt;h3 id=&quot;1-3-1-generate-key-pair&quot;&gt;1.3.1) Generate key pair&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-1-generate-key-pair&quot; aria-label=&quot;Anchor link for: 1-3-1-generate-key-pair&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;On your local computer, generate an SSH key pair:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; ssh-keygen
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Generating&lt;&#x2F;span&gt;&lt;span&gt; public&#x2F;private rsa key pair.
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Enter&lt;&#x2F;span&gt;&lt;span&gt; file in which to save the key (&#x2F;home&#x2F;realaravinth&#x2F;.ssh&#x2F;id_rsa)&lt;&#x2F;span&gt;&lt;span style=&quot;color:#96b5b4;&quot;&gt;:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Enter&lt;&#x2F;span&gt;&lt;span&gt; passphrase (empty for no passphrase)&lt;&#x2F;span&gt;&lt;span style=&quot;color:#96b5b4;&quot;&gt;:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Enter&lt;&#x2F;span&gt;&lt;span&gt; same passphrase again:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Your&lt;&#x2F;span&gt;&lt;span&gt; identification has been saved in &#x2F;home&#x2F;realaravinth&#x2F;.ssh&#x2F;id_rsa
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Your&lt;&#x2F;span&gt;&lt;span&gt; public key has been saved in &#x2F;home&#x2F;realaravinth&#x2F;.ssh&#x2F;id_rsa.pub
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;The&lt;&#x2F;span&gt;&lt;span&gt; key fingerprint is:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;SHA256:i2DE1b9BQb9DqV0r6O9MfPeVqUwfww1&#x2F;T8wIXL2Xqdo&lt;&#x2F;span&gt;&lt;span&gt; realaravinth@myserver.com
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;The&lt;&#x2F;span&gt;&lt;span&gt; key&amp;#39;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;s random art image is:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;+---[RSA 3072]----+
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| .. .o. |
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| . . . .. . . |
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| o o + o .|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| . o* + .+|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| o S ooB o+.|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| . . . o.. +o*=|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| . . . ooo*X|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| +=.ooB|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| o+E .o|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;+----[SHA256]-----+
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Set a strong password the program prompts for one and save it somewhere
safe. Your public key will be at &lt;code&gt;~&#x2F;.ssh&#x2F;id_rsa.pub&lt;&#x2F;code&gt; and your private key at
&lt;code&gt;~&#x2F;.ssh&#x2F;id_rsa&lt;&#x2F;code&gt;. &lt;strong&gt;Never share the private key with anyone&lt;&#x2F;strong&gt;.&lt;&#x2F;p&gt;
&lt;h3 id=&quot;1-3-2-setup-public-key-authentication&quot;&gt;1.3.2) Setup public-key authentication&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-2-setup-public-key-authentication&quot; aria-label=&quot;Anchor link for: 1-3-2-setup-public-key-authentication&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;We have to copy the public key that we generated in the previous setup
onto our server:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; ssh-copy-id&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; -i ~&lt;&#x2F;span&gt;&lt;span&gt;&#x2F;.ssh&#x2F;id_rsa.pub myserver.com
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;&#x2F;usr&#x2F;bin&#x2F;ssh-copy-id:&lt;&#x2F;span&gt;&lt;span&gt; INFO: Source of key(s) &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;to&lt;&#x2F;span&gt;&lt;span&gt; be installed: &amp;quot;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;&#x2F;home&#x2F;realaravinth&#x2F;.ssh&#x2F;id_rsa.pub&lt;&#x2F;span&gt;&lt;span&gt;&amp;quot;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;&#x2F;usr&#x2F;bin&#x2F;ssh-copy-id:&lt;&#x2F;span&gt;&lt;span&gt; INFO: attempting to log in with the new key(s)&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;,&lt;&#x2F;span&gt;&lt;span&gt; to filter out any that are already installed
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;&#x2F;usr&#x2F;bin&#x2F;ssh-copy-id:&lt;&#x2F;span&gt;&lt;span&gt; INFO: 1 key(s) &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;remain&lt;&#x2F;span&gt;&lt;span&gt; to be installed -- if you are prompted now it is to install the new keys
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;realaravinth@myserver.com&lt;&#x2F;span&gt;&lt;span&gt;&amp;#39;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;s password:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;Number of key(s) added: 1
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;Now try logging into the machine, with: &amp;quot;ssh &lt;&#x2F;span&gt;&lt;span&gt;&amp;#39;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;myserver.com&lt;&#x2F;span&gt;&lt;span&gt;&amp;#39;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;&amp;quot;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;and check to make sure that only the key(s) you wanted were added.
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;1-3-3-disable-ssh-password-authentication&quot;&gt;1.3.3) Disable SSH password authentication&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-3-disable-ssh-password-authentication&quot; aria-label=&quot;Anchor link for: 1-3-3-disable-ssh-password-authentication&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;NOTE: Verify you can log into your account before proceeding&lt;&#x2F;strong&gt;&lt;&#x2F;p&gt;
&lt;&#x2F;blockquote&gt;
&lt;p&gt;Now that we have a private-key authentication setup on both the client and
the server, let&#x27;s disable password authentication on the server:&lt;&#x2F;p&gt;
&lt;p&gt;Open &lt;code&gt;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&lt;&#x2F;code&gt; and add the following lines:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;PubkeyAuthentication yes
&lt;&#x2F;span&gt;&lt;span&gt;PasswordAuthentication no
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;And restart the SSH server:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemctl restart sshd
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;1-3-install-and-setup-fail2ban&quot;&gt;1.3) Install and setup &lt;code&gt;fail2ban&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-install-and-setup-fail2ban&quot; aria-label=&quot;Anchor link for: 1-3-install-and-setup-fail2ban&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;We will be using &lt;code&gt;fail2ban&lt;&#x2F;code&gt; for intrusion prevention by blackiisting entities (users, bots, etc.) based on failed login attempts.&lt;&#x2F;p&gt;
&lt;h4 id=&quot;1-3-1-install-fail2ban&quot;&gt;1.3.1) Install &lt;code&gt;fail2ban&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-1-install-fail2ban&quot; aria-label=&quot;Anchor link for: 1-3-1-install-fail2ban&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo apt install fail2ban
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;1-3-2-enable-fail2ban-for-sshd&quot;&gt;1.3.2) Enable &lt;code&gt;fail2ban&lt;&#x2F;code&gt; for &lt;code&gt;sshd&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-2-enable-fail2ban-for-sshd&quot; aria-label=&quot;Anchor link for: 1-3-2-enable-fail2ban-for-sshd&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;yml&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-yml &quot;&gt;&lt;code class=&quot;language-yml&quot; data-lang=&quot;yml&quot;&gt;&lt;span&gt;[&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;sshd&lt;&#x2F;span&gt;&lt;span&gt;]
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;enabled = true
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;1-3-3-configure-fail2ban-to-start-on-boot&quot;&gt;1.3.3) Configure &lt;code&gt;fail2ban&lt;&#x2F;code&gt; to start on boot&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-3-configure-fail2ban-to-start-on-boot&quot; aria-label=&quot;Anchor link for: 1-3-3-configure-fail2ban-to-start-on-boot&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemctl enable fail2ban
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemctl start fail2ban
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;1-4-install-and-setup-nginx&quot;&gt;1.4) Install and setup &lt;code&gt;nginx&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-4-install-and-setup-nginx&quot; aria-label=&quot;Anchor link for: 1-4-install-and-setup-nginx&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;&lt;code&gt;nginx&lt;&#x2F;code&gt; is a popular web server that can be used to serve static sites.
It is fast, stable, and easy to set up.&lt;&#x2F;p&gt;
&lt;p&gt;To install, run the following command:&lt;&#x2F;p&gt;
&lt;h4 id=&quot;1-4-1-install-nginx&quot;&gt;1.4.1) Install &lt;code&gt;nginx&lt;&#x2F;code&gt;:&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-4-1-install-nginx&quot; aria-label=&quot;Anchor link for: 1-4-1-install-nginx&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo apt install nginx
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;1-4-2-allow-web-traffic-open-ports-80-and-443&quot;&gt;1.4.2) Allow web traffic: open ports &lt;code&gt;80&lt;&#x2F;code&gt; and &lt;code&gt;443&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-4-2-allow-web-traffic-open-ports-80-and-443&quot; aria-label=&quot;Anchor link for: 1-4-2-allow-web-traffic-open-ports-80-and-443&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;p&gt;Ports &lt;code&gt;80&lt;&#x2F;code&gt; is the default for HTTP and &lt;code&gt;443&lt;&#x2F;code&gt; for HTTPS. To serve
web traffic, we&#x27;ll have to Configure &lt;code&gt;ufw&lt;&#x2F;code&gt; to accept traffic on them:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo ufw allow 80 &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# open ports 80 HTTP traffic
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo ufw allow 443 &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# open ports 443 for HTTPS traffic
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;1-4-2-configure-nginx-to-start-on-boot&quot;&gt;1.4.2) Configure &lt;code&gt;nginx&lt;&#x2F;code&gt; to start on boot&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-4-2-configure-nginx-to-start-on-boot&quot; aria-label=&quot;Anchor link for: 1-4-2-configure-nginx-to-start-on-boot&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemtl enable nginx &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# automatically start nginx on boot
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemtl start nginx &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# start nginx server
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;And verify it works:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; curl localhost
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;!DOCTYPE &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;html&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;head&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;title&amp;gt;Welcome &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;to&lt;&#x2F;span&gt;&lt;span&gt; nginx!&amp;lt;&#x2F;title&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;style&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;body &lt;&#x2F;span&gt;&lt;span&gt;{
&lt;&#x2F;span&gt;&lt;span&gt; width: 35em;
&lt;&#x2F;span&gt;&lt;span&gt; margin: 0 auto;
&lt;&#x2F;span&gt;&lt;span&gt; font-family: Tahoma, Verdana, Arial, sans-serif;
&lt;&#x2F;span&gt;&lt;span&gt; }
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;style&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;head&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;body&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;h1&amp;gt;Welcome &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;to&lt;&#x2F;span&gt;&lt;span&gt; nginx!&amp;lt;&#x2F;h1&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;p&amp;gt;If &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;you&lt;&#x2F;span&gt;&lt;span&gt; see this page, the nginx web server is successfully installed and
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;working.&lt;&#x2F;span&gt;&lt;span&gt; Further configuration is required.&amp;lt;&#x2F;p&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;p&amp;gt;For &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;online&lt;&#x2F;span&gt;&lt;span&gt; documentation and support please refer to
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;a &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;href&lt;&#x2F;span&gt;&lt;span&gt;=&amp;quot;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;http:&#x2F;&#x2F;nginx.org&#x2F;&lt;&#x2F;span&gt;&lt;span&gt;&amp;quot;&amp;gt;nginx.org&amp;lt;&#x2F;a&amp;gt;.&amp;lt;br&#x2F;&amp;gt;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Commercial&lt;&#x2F;span&gt;&lt;span&gt; support is available at
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;a &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;href&lt;&#x2F;span&gt;&lt;span&gt;=&amp;quot;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;http:&#x2F;&#x2F;nginx.com&#x2F;&lt;&#x2F;span&gt;&lt;span&gt;&amp;quot;&amp;gt;nginx.com&amp;lt;&#x2F;a&amp;gt;.&amp;lt;&#x2F;p&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;p&amp;gt;&amp;lt;em&amp;gt;Thank &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;you&lt;&#x2F;span&gt;&lt;span&gt; for using nginx.&amp;lt;&#x2F;em&amp;gt;&amp;lt;&#x2F;p&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;body&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;html&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;&lt;code&gt;nginx&lt;&#x2F;code&gt; is working!&lt;&#x2F;p&gt;
&lt;h2 id=&quot;2-deploy-website&quot;&gt;2) Deploy website&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-deploy-website&quot; aria-label=&quot;Anchor link for: 2-deploy-website&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h2&gt;
&lt;p&gt;For this demo, we&#x27;ll deploy a single file(&lt;code&gt;index.html&lt;&#x2F;code&gt;)
HTML website.&lt;&#x2F;p&gt;
&lt;h3 id=&quot;2-1-install-the-webpage-on-the-server&quot;&gt;2.1) Install the webpage on the server&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-1-install-the-webpage-on-the-server&quot; aria-label=&quot;Anchor link for: 2-1-install-the-webpage-on-the-server&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;Edit &lt;code&gt;&#x2F;var&#x2F;www&#x2F;html&#x2F;index.html&lt;&#x2F;code&gt; and add the following HTML to it:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;html&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-html &quot;&gt;&lt;code class=&quot;language-html&quot; data-lang=&quot;html&quot;&gt;&lt;span&gt;&amp;lt;!&lt;&#x2F;span&gt;&lt;span style=&quot;color:#b48ead;&quot;&gt;DOCTYPE &lt;&#x2F;span&gt;&lt;span style=&quot;color:#d08770;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;head&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;title&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;My cool website!&amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;title&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;head&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;body&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;h1&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;Welcome to my website! o&#x2F;&amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;h1&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;body&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;The webpage should now be available on localhost, and we should see it when we run the following command:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; curl localhost
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;!DOCTYPE &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;html&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;head&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;title&amp;gt;My &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;cool&lt;&#x2F;span&gt;&lt;span&gt; website!&amp;lt;&#x2F;title&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&#x2F;head&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;body&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;h1&amp;gt;Welcome &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;to&lt;&#x2F;span&gt;&lt;span&gt; my website! o&#x2F;&amp;lt;&#x2F;h1&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&#x2F;body&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;html&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;2-2-serve-webpage-on-a-custom-domain&quot;&gt;2.2) Serve webpage on a custom domain&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-2-serve-webpage-on-a-custom-domain&quot; aria-label=&quot;Anchor link for: 2-2-serve-webpage-on-a-custom-domain&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;h4 id=&quot;2-2-1-buy-a-domain-if-you-don-t-own-one-already&quot;&gt;2.2.1) Buy a domain if you don&#x27;t own one already&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-2-1-buy-a-domain-if-you-don-t-own-one-already&quot; aria-label=&quot;Anchor link for: 2-2-1-buy-a-domain-if-you-don-t-own-one-already&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;h4 id=&quot;2-2-2-go-to-the-domain-s-dns-dashboard-and-add-the-following-record&quot;&gt;2.2.2) Go to the domain&#x27;s DNS dashboard and add the following record&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-2-2-go-to-the-domain-s-dns-dashboard-and-add-the-following-record&quot; aria-label=&quot;Anchor link for: 2-2-2-go-to-the-domain-s-dns-dashboard-and-add-the-following-record&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;@ A 300 &amp;lt;your server IP address&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;2-2-3-setup-nginx-to-serve-the-website-at-http-your-domain&quot;&gt;2.2.3) Setup &lt;code&gt;nginx&lt;&#x2F;code&gt; to serve the website at &lt;code&gt;http:&#x2F;&#x2F;&amp;lt;your-domain.&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-2-3-setup-nginx-to-serve-the-website-at-http-your-domain&quot; aria-label=&quot;Anchor link for: 2-2-3-setup-nginx-to-serve-the-website-at-http-your-domain&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;p&gt;Open &lt;code&gt;&#x2F;etc&#x2F;nginx&#x2F;sites-available&#x2F;your-domain&lt;&#x2F;code&gt; and add the following:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;server {
&lt;&#x2F;span&gt;&lt;span&gt; # serve website on port 80
&lt;&#x2F;span&gt;&lt;span&gt; listen [::]:80;
&lt;&#x2F;span&gt;&lt;span&gt; listen 80;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # write error logs to file
&lt;&#x2F;span&gt;&lt;span&gt; error_log &#x2F;var&#x2F;log&#x2F;nginx&#x2F;&amp;lt;your-domain&amp;gt;.error.log;
&lt;&#x2F;span&gt;&lt;span&gt; # write access logs to file
&lt;&#x2F;span&gt;&lt;span&gt; access_log &#x2F;var&#x2F;log&#x2F;nginx&#x2F;&amp;lt;your-domain&amp;gt;.access.log;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # serve only on this domain:
&lt;&#x2F;span&gt;&lt;span&gt; server_name &amp;lt;your-domain&amp;gt;; # replace me
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # use files from this directory
&lt;&#x2F;span&gt;&lt;span&gt; root &#x2F;var&#x2F;www&#x2F;html&#x2F;;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # remove .html from URL; it is cleaner this way
&lt;&#x2F;span&gt;&lt;span&gt; rewrite ^(&#x2F;.*)\.html(\?.*)?$ $1$2 permanent;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # when a request is received, try the index.html in the directory
&lt;&#x2F;span&gt;&lt;span&gt; # or $uri.html
&lt;&#x2F;span&gt;&lt;span&gt; try_files $uri&#x2F;index.html $uri.html $uri&#x2F; $uri =404;
&lt;&#x2F;span&gt;&lt;span&gt;}
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;It is good practice to have all &lt;code&gt;nginx&lt;&#x2F;code&gt; deployment configurations in
&lt;code&gt;&#x2F;etc&#x2F;nginx&#x2F;sites-available&#x2F;&lt;&#x2F;code&gt; directory and link production websites to
`&#x2F;etc&#x2F;nginx&#x2F;sites-enabled directory. Doing so allows you to
work-in-progress configurations or delete deployments without losing
the configuration files.&lt;&#x2F;p&gt;
&lt;p&gt;Let&#x27;s enable &lt;code&gt;&amp;lt;your-domain&amp;gt;&lt;&#x2F;code&gt;&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo ln&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; -s&lt;&#x2F;span&gt;&lt;span&gt; &#x2F;etc&#x2F;nginx&#x2F;sites-available&#x2F;&amp;lt;your-domain&amp;gt; &#x2F;etc&#x2F;nginx&#x2F;sites-available&#x2F;&amp;lt;your-domain&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Verify configurations before deploying, &lt;code&gt;nginx&lt;&#x2F;code&gt; has a command
to do it:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo nginx&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; -t
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;If there are no errors, reload &lt;code&gt;nginx&lt;&#x2F;code&gt; to deploy the website:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo nginx&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; -s&lt;&#x2F;span&gt;&lt;span&gt; reload
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Your webpage should now be accessible at &lt;code&gt;http:&#x2F;&#x2F;&amp;lt;your-domain&amp;gt;&lt;&#x2F;code&gt;!&lt;&#x2F;p&gt;
&lt;h3 id=&quot;2-3-install-certbot-to-set-up-https&quot;&gt;2.3) Install &lt;code&gt;certbot&lt;&#x2F;code&gt; to set up HTTPS&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-3-install-certbot-to-set-up-https&quot; aria-label=&quot;Anchor link for: 2-3-install-certbot-to-set-up-https&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;HTTP is insecure. We&#x27;ll have to set up SSL to serve our website using
HTTPS. To do that, we will be using &lt;a href=&quot;https:&#x2F;&#x2F;letsencrypt.org&#x2F;&quot;&gt;Let&#x27;s
Encrypt&lt;&#x2F;a&gt; a popular nonprofit certificate
authority to get our SSL certificates.&lt;&#x2F;p&gt;
&lt;p&gt;SSL certificates come with set lifetimes, so we renew them before they expire. The process, when done manually, is demanding: you
will have to log in every three months and renew the
certificate. If you fail or forget it, your visitors will see security
warnings on your website.&lt;&#x2F;p&gt;
&lt;p&gt;Thankfully, Let&#x27;s Encrypt provides automation through &lt;code&gt;certbot&lt;&#x2F;code&gt;&lt;&#x2F;p&gt;
&lt;h4 id=&quot;2-3-1-install-certbot&quot;&gt;2.3.1) Install &lt;code&gt;certbot&lt;&#x2F;code&gt;:&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-3-1-install-certbot&quot; aria-label=&quot;Anchor link for: 2-3-1-install-certbot&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo apt install certbot python3-certbot-nginx
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;2-3-2-get-a-certificate-for-your-domain&quot;&gt;2.3.2) Get a certificate for &lt;code&gt;&amp;lt;your-domain&amp;gt;&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-3-2-get-a-certificate-for-your-domain&quot; aria-label=&quot;Anchor link for: 2-3-2-get-a-certificate-for-your-domain&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo certbot&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; --nginx -d &lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;your-domain&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;&lt;code&gt;certbot&lt;&#x2F;code&gt; will prompt you for an email ID, and ask you to accept their
terms and conditions, privacy policy, etc. Be sure to read them before
agreeing to them. It will then try to authenticate your domain ownership
using the &lt;a href=&quot;https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Automatic_Certificate_Management_Environment&quot;&gt;ACME
protocol&lt;&#x2F;a&gt;.
By configuring the DNS to point to our server and by telling &lt;code&gt;nginx&lt;&#x2F;code&gt; at
that domain.&lt;&#x2F;p&gt;
&lt;p&gt;When it has verified ownership, it will automatically issue, deploy the
certificate on &lt;code&gt;nginx&lt;&#x2F;code&gt; and setup redirects.&lt;&#x2F;p&gt;
&lt;h4 id=&quot;2-3-3-setup-cronjob-to-automate-ssl-certificate-renewals&quot;&gt;2.3.3) Setup cronjob to automate SSL certificate renewals&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-3-3-setup-cronjob-to-automate-ssl-certificate-renewals&quot; aria-label=&quot;Anchor link for: 2-3-3-setup-cronjob-to-automate-ssl-certificate-renewals&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;p&gt;Become root and edit crontab&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; su
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;crontab -e
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Add the following job and exit:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;0 *&#x2F;12 * * * certbot -n --nginx renew
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;It will attempt to renew SSL certificates every 12 hours. If a the
certificate is due for renewal, &lt;code&gt;certbot&lt;&#x2F;code&gt; will go through the ACME
challenge, get the new certificates and automatically deploy them for
you.&lt;&#x2F;p&gt;
&lt;p&gt;Now our GNU&#x2F;Linux server is configured and ready to serve our website at
&lt;code&gt;http:&#x2F;&#x2F;&amp;lt;your-website&amp;gt;&lt;&#x2F;code&gt;!&lt;&#x2F;p&gt;
</content>
</entry>
</feed>

View file

@ -227,6 +227,55 @@ general development ecosystem" />
<ul class="blog__list">
<li class="blog__post-item">
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/" class="blog__post-link">
<h2 class="blog__post-title">How to deploy a website WITHOUT LibrePages</h2>
<p class="blog__post-meta">
<a href="https:&#x2F;&#x2F;batsense.net" class="post__author">Aravinth Manivannan</a>
&middot; 10
September
,
2022 &middot; <b>9 min read</b>
</p>
<p class="blog__post-description">
Automation services like LibrePages exist to make lives easier but how do you do the same manually, on self-hosted hardware, or in the cloud?
</p>
</a>
<div class="blog__post-tag-container">
<a class="blog__post-tag" href="/tags/bare-metal"
>#bare-metal</a
>
<a class="blog__post-tag" href="/tags/nginx"
>#nginx</a
>
<a class="blog__post-tag" href="/tags/jamstack"
>#JAMStack</a
>
<a class="blog__post-tag" href="/tags/git"
>#git</a
>
<a class="blog__post-tag" href="/tags/self-hosting"
>#self-hosting</a
>
</div>
</li>
</ul>
</div>
<link rel="alternate" type="application/rss+xml" title="RSS"
@ -269,7 +318,7 @@ href="https://librepages.org/rss.xml"> </main>
<a href="/privacy-policy" title="Privacy Policy">Privacy</a>
<span class="footer__column-divider--mobile-only">|</span>
<a
href="https://github.com/realaravinth/librepges"
href="https://git.batsense.net/LibrePages"
rel="noreferrer"
target="_blank"
title="Status"

View file

@ -1 +1 @@
.blog__content img{max-width:100%;display:block}.blog__content video{max-width:100%;display:block}.blog__content li{margin-left:40px}.blog__content a:hover{color:#0056b3;text-decoration:underline}.blog__content code{word-wrap:break-word;overflow-wrap:break-word}.blog__content table{border-collapse:collapse;caption-side:bottom;border-color:#e9ecef;text-align:center;width:100%}.blog__content table>thead{vertical-align:bottom;border-bottom:1px solid #cdc8ca;text-align:center}.blog__content table th{text-align:center}.blog__content table td{margin:auto;padding:10px;border-bottom:1px solid #edddd1}.blog__content p,.blog__content h2,.blog__content h3{margin:10px 0}.blog__content pre{padding:10px 10px 10px 20px;border-radius:8px;font-size:0.95rem;overflow:auto}.blog__content pre{font-family:monospace, monospace;font-display:auto;font-size:1em}.blog__content p{margin:30px 0}.blog__container{margin:auto;max-width:50%}.blog__list{list-style:none}.blog__post-link,.blog__post-link:visited{text-decoration:none;color:inherit}.blog__title{margin:35px 0}.blog__post-link{display:block}.blog__post-item{border-bottom:1px dashed #333;margin:10px;padding:10px}.blog__post-item:hover{background-color:lightgray}.blog__post-item:last-child{border-bottom:none}.blog__post-description{font-size:0.9rem;margin:5px 0}.blog__post-tag{font-size:0.7rem;font-family:monospace, monospace}.blog__post-tag:hover{color:#0056b3;text-decoration:underline}.blog__post-meta{font-size:0.7rem}.blog__post-title{font-size:1.4rem;font-weight:550}.blog__post-tag-container{margin:0}.blog__post-warning{background:yellow;padding:5px;margin:10px;border-left:10px solid orange}.blog__post-warning *{margin:5px !important}
.blog__content img{max-width:100%;display:block}.blog__content video{max-width:100%;display:block}.blog__content li{margin-left:40px}.blog__content a:hover{color:#0056b3;text-decoration:underline}.blog__content code{word-wrap:break-word;overflow-wrap:break-word}.blog__content table{border-collapse:collapse;caption-side:bottom;border-color:#e9ecef;text-align:center;width:100%}.blog__content table>thead{vertical-align:bottom;border-bottom:1px solid #cdc8ca;text-align:center}.blog__content table th{text-align:center}.blog__content table td{margin:auto;padding:10px;border-bottom:1px solid #edddd1}.blog__content p,.blog__content h2,.blog__content h3,.blog__content h4,.blog__content h5,.blog__content h6{margin:10px 0}.blog__content pre{padding:10px 10px 10px 20px;border-radius:8px;font-size:0.95rem;overflow:auto}.blog__content pre{font-family:monospace, monospace;font-display:auto;font-size:1em}.blog__content p{margin:30px 0}.blog__container{margin:auto;max-width:50%}.blog__list{list-style:none}.blog__post-link,.blog__post-link:visited{text-decoration:none;color:inherit}.blog__title{margin:35px 0}.blog__post-link{display:block}.blog__post-item{border-bottom:1px dashed #333;margin:10px;padding:10px}.blog__post-item:hover{background-color:lightgray}.blog__post-item:last-child{border-bottom:none}.blog__post-description{font-size:0.9rem;margin:5px 0}.blog__post-tag{font-size:0.7rem;font-family:monospace, monospace}.blog__post-tag:hover{color:#0056b3;text-decoration:underline}.blog__post-meta{font-size:0.7rem}.blog__post-title{font-size:1.4rem;font-weight:550}.blog__post-tag-container{margin:0}.blog__post-warning{background:yellow;padding:5px;margin:10px;border-left:10px solid orange}.blog__post-warning *{margin:5px !important}

View file

@ -303,7 +303,7 @@
<a href="/privacy-policy" title="Privacy Policy">Privacy</a>
<span class="footer__column-divider--mobile-only">|</span>
<a
href="https://github.com/realaravinth/librepges"
href="https://git.batsense.net/LibrePages"
rel="noreferrer"
target="_blank"
title="Status"

View file

@ -311,7 +311,7 @@
<a href="/privacy-policy" title="Privacy Policy">Privacy</a>
<span class="footer__column-divider--mobile-only">|</span>
<a
href="https://github.com/realaravinth/librepges"
href="https://git.batsense.net/LibrePages"
rel="noreferrer"
target="_blank"
title="Status"

View file

@ -321,7 +321,7 @@ They can be reached at contact@librepages.org.</p>
<a href="/privacy-policy" title="Privacy Policy">Privacy</a>
<span class="footer__column-divider--mobile-only">|</span>
<a
href="https://github.com/realaravinth/librepges"
href="https://git.batsense.net/LibrePages"
rel="noreferrer"
target="_blank"
title="Status"

File diff suppressed because one or more lines are too long

View file

@ -1 +1 @@
header{z-index:5;position:sticky;top:0;background-color:#fff}.nav__container{display:flex;flex-direction:row;box-sizing:border-box;width:100%;padding-top:5px;border-bottom:1px solid #d3d3d3}.nav__home-btn{font-weight:bold;margin:auto;margin-left:10px}.nav__hamburger-menu{display:none}.nav__spacer--small{width:100px;margin:auto}.nav__spacer{flex:4;margin:auto}.nav__logo-container{display:inline-flex;text-decoration:none}.nav__logo-container:hover{color:#0056b3;text-decoration:underline}.nav__toggle{display:none}.nav__logo{display:inline-flex;margin:auto;padding:5px;width:40px}.nav__link-group{flex:1.5;list-style:none;display:flex;flex-direction:row;align-items:center;align-self:center;margin:auto;text-align:center}.nav__link-group--small{flex:1.5;list-style:none;display:flex;flex-direction:row;align-items:center;align-self:center;margin:auto;text-align:center;flex:0.5;margin-right:10px}.nav__link-container{display:flex;padding:10px;height:100%;margin:auto}.nav__link-container--action{display:flex;padding:10px;height:100%;margin:auto;background-color:green;padding:15px}.nav__link-container--action .nav__link{color:white !important}.nav__link{text-decoration:none;color:black !important;font-weight:600;font-size:14px}.nav__link:hover{color:#0056b3;text-decoration:underline}
header{z-index:5;position:sticky;top:0;background-color:#fff}.nav__container{display:flex;flex-direction:row;box-sizing:border-box;width:100%;padding-top:5px;border-bottom:1px solid #d3d3d3}.nav__home-btn{font-weight:bold;margin:auto;margin-left:10px}.nav__hamburger-menu{display:none}.nav__spacer--small{width:100px;margin:auto}.nav__spacer{flex:3;margin:auto}.nav__logo-container{display:inline-flex;text-decoration:none}.nav__logo-container:hover{color:#0056b3;text-decoration:underline}.nav__toggle{display:none}.nav__logo{display:inline-flex;margin:auto;padding:5px;width:40px}.nav__link-group{flex:1.5;list-style:none;display:flex;flex-direction:row;align-items:center;align-self:center;margin:auto;text-align:center}.nav__link-group--small{flex:1.5;list-style:none;display:flex;flex-direction:row;align-items:center;align-self:center;margin:auto;text-align:center;flex:0.5;margin-right:10px}.nav__link-container{display:flex;padding:10px;height:100%;margin:auto}.nav__link-container--action{display:flex;padding:10px;height:100%;margin:auto;background-color:green;padding:15px}.nav__link-container--action .nav__link{color:white !important}.nav__link{text-decoration:none;color:black !important;font-weight:600;font-size:14px}.nav__link:hover{color:#0056b3;text-decoration:underline}

View file

@ -1 +1 @@
.page__container{width:50%;margin:auto;padding:50px 0}.page__group{display:flex;flex-direction:column}.page__group-title{margin:20px auto}.page__group-content{display:flex;flex-direction:column}.page__group-content img{max-width:100%;display:block}.page__group-content video{max-width:100%;display:block}.page__group-content li{margin-left:40px}.page__group-content a:hover{color:#0056b3;text-decoration:underline}.page__group-content code{word-wrap:break-word;overflow-wrap:break-word}.page__group-content table{border-collapse:collapse;caption-side:bottom;border-color:#e9ecef;text-align:center;width:100%}.page__group-content table>thead{vertical-align:bottom;border-bottom:1px solid #cdc8ca;text-align:center}.page__group-content table th{text-align:center}.page__group-content table td{margin:auto;padding:10px;border-bottom:1px solid #edddd1}.page__group-content p,.page__group-content h2,.page__group-content h3{margin:10px 0}.page__group-content pre{padding:10px 10px 10px 20px;border-radius:8px;font-size:0.95rem;overflow:auto}.page__group-content pre{font-family:monospace, monospace;font-display:auto;font-size:1em}.page__preview-banner{width:10%;height:min(250px, 50vh);margin:20px auto}.page__banner{width:100%;height:max(450px, 50vh);margin:20px auto}
.page__container{width:50%;margin:auto;padding:50px 0}.page__group{display:flex;flex-direction:column}.page__group-title{margin:20px auto}.page__group-content{display:flex;flex-direction:column}.page__group-content img{max-width:100%;display:block}.page__group-content video{max-width:100%;display:block}.page__group-content li{margin-left:40px}.page__group-content a:hover{color:#0056b3;text-decoration:underline}.page__group-content code{word-wrap:break-word;overflow-wrap:break-word}.page__group-content table{border-collapse:collapse;caption-side:bottom;border-color:#e9ecef;text-align:center;width:100%}.page__group-content table>thead{vertical-align:bottom;border-bottom:1px solid #cdc8ca;text-align:center}.page__group-content table th{text-align:center}.page__group-content table td{margin:auto;padding:10px;border-bottom:1px solid #edddd1}.page__group-content p,.page__group-content h2,.page__group-content h3,.page__group-content h4,.page__group-content h5,.page__group-content h6{margin:10px 0}.page__group-content pre{padding:10px 10px 10px 20px;border-radius:8px;font-size:0.95rem;overflow:auto}.page__group-content pre{font-family:monospace, monospace;font-display:auto;font-size:1em}.page__preview-banner{width:10%;height:min(250px, 50vh);margin:20px auto}.page__banner{width:100%;height:max(450px, 50vh);margin:20px auto}

View file

@ -305,7 +305,7 @@ see. This is derived from the User-Agent HTTP header. For example: <em>Chrome</e
<a href="/privacy-policy" title="Privacy Policy">Privacy</a>
<span class="footer__column-divider--mobile-only">|</span>
<a
href="https://github.com/realaravinth/librepges"
href="https://git.batsense.net/LibrePages"
rel="noreferrer"
target="_blank"
title="Status"

File diff suppressed because one or more lines are too long

View file

@ -9,6 +9,10 @@
<url>
<loc>https://librepages.org/blog/</loc>
</url>
<url>
<loc>https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/</loc>
<lastmod>2022-09-10</lastmod>
</url>
<url>
<loc>https://librepages.org/coc/</loc>
</url>
@ -18,4 +22,22 @@
<url>
<loc>https://librepages.org/privacy-policy/</loc>
</url>
<url>
<loc>https://librepages.org/tags/</loc>
</url>
<url>
<loc>https://librepages.org/tags/bare-metal/</loc>
</url>
<url>
<loc>https://librepages.org/tags/git/</loc>
</url>
<url>
<loc>https://librepages.org/tags/jamstack/</loc>
</url>
<url>
<loc>https://librepages.org/tags/nginx/</loc>
</url>
<url>
<loc>https://librepages.org/tags/self-hosting/</loc>
</url>
</urlset>

367
tags/bare-metal/atom.xml Normal file
View file

@ -0,0 +1,367 @@
<?xml version="1.0" encoding="UTF-8"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
<title> - bare-metal</title>
<link href="https://librepages.org/tags/bare-metal/atom.xml" rel="self" type="application/atom+xml"/>
<link href="https://librepages.org"/>
<generator uri="https://www.getzola.org/">Zola</generator>
<updated>2022-09-10T00:00:00+00:00</updated>
<id>https://librepages.org/tags/bare-metal/atom.xml</id>
<entry xml:lang="en">
<title>How to deploy a website WITHOUT LibrePages</title>
<published>2022-09-10T00:00:00+00:00</published>
<updated>2022-09-10T00:00:00+00:00</updated>
<link href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/" type="text/html"/>
<id>https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/</id>
<content type="html">&lt;p&gt;In this &lt;del&gt;blog post&lt;&#x2F;del&gt; tutorial, I&#x27;ll show you how to deploy a personal
website. LibrePages automates everything that is discussed in this
tutorial and lets you focus on creating content. Automation is good
but knowing how to do it manually using industry standard
technologies always helps!&lt;&#x2F;p&gt;
&lt;p&gt;We will be using the following technologies to deploy our website:&lt;&#x2F;p&gt;
&lt;ol&gt;
&lt;li&gt;GNU&#x2F;Linux server(Debian)&lt;&#x2F;li&gt;
&lt;li&gt;Nginx (webs server)&lt;&#x2F;li&gt;
&lt;li&gt;Let&#x27;s Encrypt (for HTTPS)&lt;&#x2F;li&gt;
&lt;li&gt;Gitea (but any Git hosting works)&lt;&#x2F;li&gt;
&lt;&#x2F;ol&gt;
&lt;p&gt;Let&#x27;s get started!&lt;&#x2F;p&gt;
&lt;h2 id=&quot;1-setup-debian-gnu-linux&quot;&gt;1. Setup Debian GNU&#x2F;Linux&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-setup-debian-gnu-linux&quot; aria-label=&quot;Anchor link for: 1-setup-debian-gnu-linux&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h2&gt;
&lt;p&gt;We are going to start with a fresh GNU&#x2F;Linux installation, you could get
one from a cloud provider like &lt;a href=&quot;https:&#x2F;&#x2F;www.digitalocean.com&quot;&gt;Digital
Ocean&lt;&#x2F;a&gt; (not affiliated).&lt;&#x2F;p&gt;
&lt;h3 id=&quot;1-1-give-your-account-sudo-privileges&quot;&gt;1.1) Give your account &lt;code&gt;sudo&lt;&#x2F;code&gt; privileges&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-1-give-your-account-sudo-privileges&quot; aria-label=&quot;Anchor link for: 1-1-give-your-account-sudo-privileges&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;On GNU&#x2F;Linux systems, the &lt;code&gt;root&lt;&#x2F;code&gt; account is the most powerful user account.
It is good practice to avoid working as &lt;code&gt;root&lt;&#x2F;code&gt; since a careless mistake
could wipe the entire system out.&lt;&#x2F;p&gt;
&lt;p&gt;&lt;code&gt;sudo&lt;&#x2F;code&gt; give the ability to execute commands with &lt;code&gt;root&lt;&#x2F;code&gt; capabilities
from a lower-privileged account. Let&#x27;s make our account sudo capable:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;su &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# become root
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# add `realaravinth`, my account` to `sudo` group to be able to use `sudo`
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;usermod -aG&lt;&#x2F;span&gt;&lt;span&gt; sudo realaravinth &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# my account is called `realaravinth`, replace it with yours
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#96b5b4;&quot;&gt;exit
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; exit
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Log out and log back in.&lt;&#x2F;p&gt;
&lt;h3 id=&quot;1-2-install-and-setup-firewall-ufw&quot;&gt;1.2) Install and setup firewall(&lt;code&gt;ufw&lt;&#x2F;code&gt;)&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-2-install-and-setup-firewall-ufw&quot; aria-label=&quot;Anchor link for: 1-2-install-and-setup-firewall-ufw&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;Uncomplicated Firewall(&lt;code&gt;ufw&lt;&#x2F;code&gt;) is a popular firewall that is easy to
set up and maintain. For most installations, this should be enough.
System administrators use firewalls to open only the ports that they
think should receive traffic from external networks. Without it, all
ports will be open, causing a security nightmare.&lt;&#x2F;p&gt;
&lt;p&gt;We will require standard SSH (22), and the standard web ports (80 and
443). A comprehensive list of services and the list of ports the listen
on is available at `&#x2F;etc&#x2F;services.&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt &quot;&gt;&lt;code class=&quot;language-bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt&quot; data-lang=&quot;bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt&quot;&gt;&lt;span&gt;install ufw # we are using `ufw` for the firewall
&lt;&#x2F;span&gt;&lt;span&gt;$ sudo ufw allow ssh # allow SSH traffic on port 22, required to log into the server
&lt;&#x2F;span&gt;&lt;span&gt;$ sudo ufw enable # deploy firewall
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;1-3-secure-ssh&quot;&gt;1.3) Secure SSH&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-secure-ssh&quot; aria-label=&quot;Anchor link for: 1-3-secure-ssh&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;SSH allows remote access to our servers over secure, encrypted
channels. By default, users can log in with their password
using SSH. But password authentication is susceptible to brute force attacks, so we should disable password logins on our server and only allow public-key authentication only.&lt;&#x2F;p&gt;
&lt;h3 id=&quot;1-3-1-generate-key-pair&quot;&gt;1.3.1) Generate key pair&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-1-generate-key-pair&quot; aria-label=&quot;Anchor link for: 1-3-1-generate-key-pair&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;On your local computer, generate an SSH key pair:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; ssh-keygen
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Generating&lt;&#x2F;span&gt;&lt;span&gt; public&#x2F;private rsa key pair.
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Enter&lt;&#x2F;span&gt;&lt;span&gt; file in which to save the key (&#x2F;home&#x2F;realaravinth&#x2F;.ssh&#x2F;id_rsa)&lt;&#x2F;span&gt;&lt;span style=&quot;color:#96b5b4;&quot;&gt;:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Enter&lt;&#x2F;span&gt;&lt;span&gt; passphrase (empty for no passphrase)&lt;&#x2F;span&gt;&lt;span style=&quot;color:#96b5b4;&quot;&gt;:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Enter&lt;&#x2F;span&gt;&lt;span&gt; same passphrase again:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Your&lt;&#x2F;span&gt;&lt;span&gt; identification has been saved in &#x2F;home&#x2F;realaravinth&#x2F;.ssh&#x2F;id_rsa
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Your&lt;&#x2F;span&gt;&lt;span&gt; public key has been saved in &#x2F;home&#x2F;realaravinth&#x2F;.ssh&#x2F;id_rsa.pub
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;The&lt;&#x2F;span&gt;&lt;span&gt; key fingerprint is:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;SHA256:i2DE1b9BQb9DqV0r6O9MfPeVqUwfww1&#x2F;T8wIXL2Xqdo&lt;&#x2F;span&gt;&lt;span&gt; realaravinth@myserver.com
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;The&lt;&#x2F;span&gt;&lt;span&gt; key&amp;#39;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;s random art image is:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;+---[RSA 3072]----+
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| .. .o. |
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| . . . .. . . |
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| o o + o .|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| . o* + .+|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| o S ooB o+.|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| . . . o.. +o*=|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| . . . ooo*X|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| +=.ooB|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| o+E .o|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;+----[SHA256]-----+
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Set a strong password the program prompts for one and save it somewhere
safe. Your public key will be at &lt;code&gt;~&#x2F;.ssh&#x2F;id_rsa.pub&lt;&#x2F;code&gt; and your private key at
&lt;code&gt;~&#x2F;.ssh&#x2F;id_rsa&lt;&#x2F;code&gt;. &lt;strong&gt;Never share the private key with anyone&lt;&#x2F;strong&gt;.&lt;&#x2F;p&gt;
&lt;h3 id=&quot;1-3-2-setup-public-key-authentication&quot;&gt;1.3.2) Setup public-key authentication&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-2-setup-public-key-authentication&quot; aria-label=&quot;Anchor link for: 1-3-2-setup-public-key-authentication&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;We have to copy the public key that we generated in the previous setup
onto our server:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; ssh-copy-id&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; -i ~&lt;&#x2F;span&gt;&lt;span&gt;&#x2F;.ssh&#x2F;id_rsa.pub myserver.com
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;&#x2F;usr&#x2F;bin&#x2F;ssh-copy-id:&lt;&#x2F;span&gt;&lt;span&gt; INFO: Source of key(s) &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;to&lt;&#x2F;span&gt;&lt;span&gt; be installed: &amp;quot;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;&#x2F;home&#x2F;realaravinth&#x2F;.ssh&#x2F;id_rsa.pub&lt;&#x2F;span&gt;&lt;span&gt;&amp;quot;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;&#x2F;usr&#x2F;bin&#x2F;ssh-copy-id:&lt;&#x2F;span&gt;&lt;span&gt; INFO: attempting to log in with the new key(s)&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;,&lt;&#x2F;span&gt;&lt;span&gt; to filter out any that are already installed
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;&#x2F;usr&#x2F;bin&#x2F;ssh-copy-id:&lt;&#x2F;span&gt;&lt;span&gt; INFO: 1 key(s) &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;remain&lt;&#x2F;span&gt;&lt;span&gt; to be installed -- if you are prompted now it is to install the new keys
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;realaravinth@myserver.com&lt;&#x2F;span&gt;&lt;span&gt;&amp;#39;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;s password:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;Number of key(s) added: 1
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;Now try logging into the machine, with: &amp;quot;ssh &lt;&#x2F;span&gt;&lt;span&gt;&amp;#39;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;myserver.com&lt;&#x2F;span&gt;&lt;span&gt;&amp;#39;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;&amp;quot;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;and check to make sure that only the key(s) you wanted were added.
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;1-3-3-disable-ssh-password-authentication&quot;&gt;1.3.3) Disable SSH password authentication&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-3-disable-ssh-password-authentication&quot; aria-label=&quot;Anchor link for: 1-3-3-disable-ssh-password-authentication&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;NOTE: Verify you can log into your account before proceeding&lt;&#x2F;strong&gt;&lt;&#x2F;p&gt;
&lt;&#x2F;blockquote&gt;
&lt;p&gt;Now that we have a private-key authentication setup on both the client and
the server, let&#x27;s disable password authentication on the server:&lt;&#x2F;p&gt;
&lt;p&gt;Open &lt;code&gt;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&lt;&#x2F;code&gt; and add the following lines:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;PubkeyAuthentication yes
&lt;&#x2F;span&gt;&lt;span&gt;PasswordAuthentication no
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;And restart the SSH server:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemctl restart sshd
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;1-3-install-and-setup-fail2ban&quot;&gt;1.3) Install and setup &lt;code&gt;fail2ban&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-install-and-setup-fail2ban&quot; aria-label=&quot;Anchor link for: 1-3-install-and-setup-fail2ban&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;We will be using &lt;code&gt;fail2ban&lt;&#x2F;code&gt; for intrusion prevention by blackiisting entities (users, bots, etc.) based on failed login attempts.&lt;&#x2F;p&gt;
&lt;h4 id=&quot;1-3-1-install-fail2ban&quot;&gt;1.3.1) Install &lt;code&gt;fail2ban&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-1-install-fail2ban&quot; aria-label=&quot;Anchor link for: 1-3-1-install-fail2ban&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo apt install fail2ban
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;1-3-2-enable-fail2ban-for-sshd&quot;&gt;1.3.2) Enable &lt;code&gt;fail2ban&lt;&#x2F;code&gt; for &lt;code&gt;sshd&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-2-enable-fail2ban-for-sshd&quot; aria-label=&quot;Anchor link for: 1-3-2-enable-fail2ban-for-sshd&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;yml&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-yml &quot;&gt;&lt;code class=&quot;language-yml&quot; data-lang=&quot;yml&quot;&gt;&lt;span&gt;[&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;sshd&lt;&#x2F;span&gt;&lt;span&gt;]
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;enabled = true
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;1-3-3-configure-fail2ban-to-start-on-boot&quot;&gt;1.3.3) Configure &lt;code&gt;fail2ban&lt;&#x2F;code&gt; to start on boot&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-3-configure-fail2ban-to-start-on-boot&quot; aria-label=&quot;Anchor link for: 1-3-3-configure-fail2ban-to-start-on-boot&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemctl enable fail2ban
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemctl start fail2ban
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;1-4-install-and-setup-nginx&quot;&gt;1.4) Install and setup &lt;code&gt;nginx&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-4-install-and-setup-nginx&quot; aria-label=&quot;Anchor link for: 1-4-install-and-setup-nginx&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;&lt;code&gt;nginx&lt;&#x2F;code&gt; is a popular web server that can be used to serve static sites.
It is fast, stable, and easy to set up.&lt;&#x2F;p&gt;
&lt;p&gt;To install, run the following command:&lt;&#x2F;p&gt;
&lt;h4 id=&quot;1-4-1-install-nginx&quot;&gt;1.4.1) Install &lt;code&gt;nginx&lt;&#x2F;code&gt;:&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-4-1-install-nginx&quot; aria-label=&quot;Anchor link for: 1-4-1-install-nginx&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo apt install nginx
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;1-4-2-allow-web-traffic-open-ports-80-and-443&quot;&gt;1.4.2) Allow web traffic: open ports &lt;code&gt;80&lt;&#x2F;code&gt; and &lt;code&gt;443&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-4-2-allow-web-traffic-open-ports-80-and-443&quot; aria-label=&quot;Anchor link for: 1-4-2-allow-web-traffic-open-ports-80-and-443&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;p&gt;Ports &lt;code&gt;80&lt;&#x2F;code&gt; is the default for HTTP and &lt;code&gt;443&lt;&#x2F;code&gt; for HTTPS. To serve
web traffic, we&#x27;ll have to Configure &lt;code&gt;ufw&lt;&#x2F;code&gt; to accept traffic on them:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo ufw allow 80 &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# open ports 80 HTTP traffic
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo ufw allow 443 &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# open ports 443 for HTTPS traffic
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;1-4-2-configure-nginx-to-start-on-boot&quot;&gt;1.4.2) Configure &lt;code&gt;nginx&lt;&#x2F;code&gt; to start on boot&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-4-2-configure-nginx-to-start-on-boot&quot; aria-label=&quot;Anchor link for: 1-4-2-configure-nginx-to-start-on-boot&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemtl enable nginx &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# automatically start nginx on boot
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemtl start nginx &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# start nginx server
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;And verify it works:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; curl localhost
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;!DOCTYPE &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;html&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;head&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;title&amp;gt;Welcome &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;to&lt;&#x2F;span&gt;&lt;span&gt; nginx!&amp;lt;&#x2F;title&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;style&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;body &lt;&#x2F;span&gt;&lt;span&gt;{
&lt;&#x2F;span&gt;&lt;span&gt; width: 35em;
&lt;&#x2F;span&gt;&lt;span&gt; margin: 0 auto;
&lt;&#x2F;span&gt;&lt;span&gt; font-family: Tahoma, Verdana, Arial, sans-serif;
&lt;&#x2F;span&gt;&lt;span&gt; }
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;style&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;head&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;body&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;h1&amp;gt;Welcome &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;to&lt;&#x2F;span&gt;&lt;span&gt; nginx!&amp;lt;&#x2F;h1&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;p&amp;gt;If &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;you&lt;&#x2F;span&gt;&lt;span&gt; see this page, the nginx web server is successfully installed and
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;working.&lt;&#x2F;span&gt;&lt;span&gt; Further configuration is required.&amp;lt;&#x2F;p&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;p&amp;gt;For &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;online&lt;&#x2F;span&gt;&lt;span&gt; documentation and support please refer to
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;a &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;href&lt;&#x2F;span&gt;&lt;span&gt;=&amp;quot;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;http:&#x2F;&#x2F;nginx.org&#x2F;&lt;&#x2F;span&gt;&lt;span&gt;&amp;quot;&amp;gt;nginx.org&amp;lt;&#x2F;a&amp;gt;.&amp;lt;br&#x2F;&amp;gt;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Commercial&lt;&#x2F;span&gt;&lt;span&gt; support is available at
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;a &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;href&lt;&#x2F;span&gt;&lt;span&gt;=&amp;quot;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;http:&#x2F;&#x2F;nginx.com&#x2F;&lt;&#x2F;span&gt;&lt;span&gt;&amp;quot;&amp;gt;nginx.com&amp;lt;&#x2F;a&amp;gt;.&amp;lt;&#x2F;p&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;p&amp;gt;&amp;lt;em&amp;gt;Thank &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;you&lt;&#x2F;span&gt;&lt;span&gt; for using nginx.&amp;lt;&#x2F;em&amp;gt;&amp;lt;&#x2F;p&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;body&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;html&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;&lt;code&gt;nginx&lt;&#x2F;code&gt; is working!&lt;&#x2F;p&gt;
&lt;h2 id=&quot;2-deploy-website&quot;&gt;2) Deploy website&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-deploy-website&quot; aria-label=&quot;Anchor link for: 2-deploy-website&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h2&gt;
&lt;p&gt;For this demo, we&#x27;ll deploy a single file(&lt;code&gt;index.html&lt;&#x2F;code&gt;)
HTML website.&lt;&#x2F;p&gt;
&lt;h3 id=&quot;2-1-install-the-webpage-on-the-server&quot;&gt;2.1) Install the webpage on the server&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-1-install-the-webpage-on-the-server&quot; aria-label=&quot;Anchor link for: 2-1-install-the-webpage-on-the-server&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;Edit &lt;code&gt;&#x2F;var&#x2F;www&#x2F;html&#x2F;index.html&lt;&#x2F;code&gt; and add the following HTML to it:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;html&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-html &quot;&gt;&lt;code class=&quot;language-html&quot; data-lang=&quot;html&quot;&gt;&lt;span&gt;&amp;lt;!&lt;&#x2F;span&gt;&lt;span style=&quot;color:#b48ead;&quot;&gt;DOCTYPE &lt;&#x2F;span&gt;&lt;span style=&quot;color:#d08770;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;head&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;title&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;My cool website!&amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;title&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;head&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;body&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;h1&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;Welcome to my website! o&#x2F;&amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;h1&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;body&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;The webpage should now be available on localhost, and we should see it when we run the following command:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; curl localhost
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;!DOCTYPE &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;html&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;head&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;title&amp;gt;My &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;cool&lt;&#x2F;span&gt;&lt;span&gt; website!&amp;lt;&#x2F;title&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&#x2F;head&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;body&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;h1&amp;gt;Welcome &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;to&lt;&#x2F;span&gt;&lt;span&gt; my website! o&#x2F;&amp;lt;&#x2F;h1&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&#x2F;body&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;html&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;2-2-serve-webpage-on-a-custom-domain&quot;&gt;2.2) Serve webpage on a custom domain&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-2-serve-webpage-on-a-custom-domain&quot; aria-label=&quot;Anchor link for: 2-2-serve-webpage-on-a-custom-domain&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;h4 id=&quot;2-2-1-buy-a-domain-if-you-don-t-own-one-already&quot;&gt;2.2.1) Buy a domain if you don&#x27;t own one already&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-2-1-buy-a-domain-if-you-don-t-own-one-already&quot; aria-label=&quot;Anchor link for: 2-2-1-buy-a-domain-if-you-don-t-own-one-already&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;h4 id=&quot;2-2-2-go-to-the-domain-s-dns-dashboard-and-add-the-following-record&quot;&gt;2.2.2) Go to the domain&#x27;s DNS dashboard and add the following record&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-2-2-go-to-the-domain-s-dns-dashboard-and-add-the-following-record&quot; aria-label=&quot;Anchor link for: 2-2-2-go-to-the-domain-s-dns-dashboard-and-add-the-following-record&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;@ A 300 &amp;lt;your server IP address&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;2-2-3-setup-nginx-to-serve-the-website-at-http-your-domain&quot;&gt;2.2.3) Setup &lt;code&gt;nginx&lt;&#x2F;code&gt; to serve the website at &lt;code&gt;http:&#x2F;&#x2F;&amp;lt;your-domain.&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-2-3-setup-nginx-to-serve-the-website-at-http-your-domain&quot; aria-label=&quot;Anchor link for: 2-2-3-setup-nginx-to-serve-the-website-at-http-your-domain&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;p&gt;Open &lt;code&gt;&#x2F;etc&#x2F;nginx&#x2F;sites-available&#x2F;your-domain&lt;&#x2F;code&gt; and add the following:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;server {
&lt;&#x2F;span&gt;&lt;span&gt; # serve website on port 80
&lt;&#x2F;span&gt;&lt;span&gt; listen [::]:80;
&lt;&#x2F;span&gt;&lt;span&gt; listen 80;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # write error logs to file
&lt;&#x2F;span&gt;&lt;span&gt; error_log &#x2F;var&#x2F;log&#x2F;nginx&#x2F;&amp;lt;your-domain&amp;gt;.error.log;
&lt;&#x2F;span&gt;&lt;span&gt; # write access logs to file
&lt;&#x2F;span&gt;&lt;span&gt; access_log &#x2F;var&#x2F;log&#x2F;nginx&#x2F;&amp;lt;your-domain&amp;gt;.access.log;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # serve only on this domain:
&lt;&#x2F;span&gt;&lt;span&gt; server_name &amp;lt;your-domain&amp;gt;; # replace me
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # use files from this directory
&lt;&#x2F;span&gt;&lt;span&gt; root &#x2F;var&#x2F;www&#x2F;html&#x2F;;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # remove .html from URL; it is cleaner this way
&lt;&#x2F;span&gt;&lt;span&gt; rewrite ^(&#x2F;.*)\.html(\?.*)?$ $1$2 permanent;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # when a request is received, try the index.html in the directory
&lt;&#x2F;span&gt;&lt;span&gt; # or $uri.html
&lt;&#x2F;span&gt;&lt;span&gt; try_files $uri&#x2F;index.html $uri.html $uri&#x2F; $uri =404;
&lt;&#x2F;span&gt;&lt;span&gt;}
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;It is good practice to have all &lt;code&gt;nginx&lt;&#x2F;code&gt; deployment configurations in
&lt;code&gt;&#x2F;etc&#x2F;nginx&#x2F;sites-available&#x2F;&lt;&#x2F;code&gt; directory and link production websites to
`&#x2F;etc&#x2F;nginx&#x2F;sites-enabled directory. Doing so allows you to
work-in-progress configurations or delete deployments without losing
the configuration files.&lt;&#x2F;p&gt;
&lt;p&gt;Let&#x27;s enable &lt;code&gt;&amp;lt;your-domain&amp;gt;&lt;&#x2F;code&gt;&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo ln&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; -s&lt;&#x2F;span&gt;&lt;span&gt; &#x2F;etc&#x2F;nginx&#x2F;sites-available&#x2F;&amp;lt;your-domain&amp;gt; &#x2F;etc&#x2F;nginx&#x2F;sites-available&#x2F;&amp;lt;your-domain&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Verify configurations before deploying, &lt;code&gt;nginx&lt;&#x2F;code&gt; has a command
to do it:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo nginx&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; -t
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;If there are no errors, reload &lt;code&gt;nginx&lt;&#x2F;code&gt; to deploy the website:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo nginx&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; -s&lt;&#x2F;span&gt;&lt;span&gt; reload
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Your webpage should now be accessible at &lt;code&gt;http:&#x2F;&#x2F;&amp;lt;your-domain&amp;gt;&lt;&#x2F;code&gt;!&lt;&#x2F;p&gt;
&lt;h3 id=&quot;2-3-install-certbot-to-set-up-https&quot;&gt;2.3) Install &lt;code&gt;certbot&lt;&#x2F;code&gt; to set up HTTPS&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-3-install-certbot-to-set-up-https&quot; aria-label=&quot;Anchor link for: 2-3-install-certbot-to-set-up-https&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;HTTP is insecure. We&#x27;ll have to set up SSL to serve our website using
HTTPS. To do that, we will be using &lt;a href=&quot;https:&#x2F;&#x2F;letsencrypt.org&#x2F;&quot;&gt;Let&#x27;s
Encrypt&lt;&#x2F;a&gt; a popular nonprofit certificate
authority to get our SSL certificates.&lt;&#x2F;p&gt;
&lt;p&gt;SSL certificates come with set lifetimes, so we renew them before they expire. The process, when done manually, is demanding: you
will have to log in every three months and renew the
certificate. If you fail or forget it, your visitors will see security
warnings on your website.&lt;&#x2F;p&gt;
&lt;p&gt;Thankfully, Let&#x27;s Encrypt provides automation through &lt;code&gt;certbot&lt;&#x2F;code&gt;&lt;&#x2F;p&gt;
&lt;h4 id=&quot;2-3-1-install-certbot&quot;&gt;2.3.1) Install &lt;code&gt;certbot&lt;&#x2F;code&gt;:&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-3-1-install-certbot&quot; aria-label=&quot;Anchor link for: 2-3-1-install-certbot&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo apt install certbot python3-certbot-nginx
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;2-3-2-get-a-certificate-for-your-domain&quot;&gt;2.3.2) Get a certificate for &lt;code&gt;&amp;lt;your-domain&amp;gt;&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-3-2-get-a-certificate-for-your-domain&quot; aria-label=&quot;Anchor link for: 2-3-2-get-a-certificate-for-your-domain&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo certbot&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; --nginx -d &lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;your-domain&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;&lt;code&gt;certbot&lt;&#x2F;code&gt; will prompt you for an email ID, and ask you to accept their
terms and conditions, privacy policy, etc. Be sure to read them before
agreeing to them. It will then try to authenticate your domain ownership
using the &lt;a href=&quot;https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Automatic_Certificate_Management_Environment&quot;&gt;ACME
protocol&lt;&#x2F;a&gt;.
By configuring the DNS to point to our server and by telling &lt;code&gt;nginx&lt;&#x2F;code&gt; at
that domain.&lt;&#x2F;p&gt;
&lt;p&gt;When it has verified ownership, it will automatically issue, deploy the
certificate on &lt;code&gt;nginx&lt;&#x2F;code&gt; and setup redirects.&lt;&#x2F;p&gt;
&lt;h4 id=&quot;2-3-3-setup-cronjob-to-automate-ssl-certificate-renewals&quot;&gt;2.3.3) Setup cronjob to automate SSL certificate renewals&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-3-3-setup-cronjob-to-automate-ssl-certificate-renewals&quot; aria-label=&quot;Anchor link for: 2-3-3-setup-cronjob-to-automate-ssl-certificate-renewals&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;p&gt;Become root and edit crontab&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; su
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;crontab -e
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Add the following job and exit:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;0 *&#x2F;12 * * * certbot -n --nginx renew
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;It will attempt to renew SSL certificates every 12 hours. If a the
certificate is due for renewal, &lt;code&gt;certbot&lt;&#x2F;code&gt; will go through the ACME
challenge, get the new certificates and automatically deploy them for
you.&lt;&#x2F;p&gt;
&lt;p&gt;Now our GNU&#x2F;Linux server is configured and ready to serve our website at
&lt;code&gt;http:&#x2F;&#x2F;&amp;lt;your-website&amp;gt;&lt;&#x2F;code&gt;!&lt;&#x2F;p&gt;
</content>
</entry>
</feed>

328
tags/bare-metal/index.html Normal file
View file

@ -0,0 +1,328 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width" />
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png" />
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png" />
<link rel="manifest" href="/site.webmanifest" />
<link rel="me" href="https://gts.batsense.net.net/@librepages" />
<link rel="stylesheet" href="https://librepages.org/main.css" />
<link
rel="stylesheet"
media="screen and (max-width: 1300px)"
href="https://librepages.org/mobile.css"
/>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="stylesheet" href="https://librepages.org/main.css" />
<link
rel="stylesheet"
media="screen and (max-width: 1300px)"
href="https://librepages.org/mobile.css"
/>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>bare-metal | LibrePages: JAMstack platform with focus on privacy and speed</title>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="description" content="bare-metal" />
<meta property="og:title" content="bare-metal | LibrePages: JAMstack platform with focus on privacy and speed" />
<meta property="og:type" content="article" />
<meta property="og:url" content="https:&#x2F;&#x2F;librepages.org" />
<meta property="og:description" content="bare-metal" />
<meta
property="og:site_name"
content="bare-metal | LibrePages: JAMstack platform with focus on privacy and speed"
/>
<link
rel="apple-touch-icon"
sizes="57x57"
href="https://librepages.org/apple-icon-57x57.png?h=aa7556c6917e2715fc5cd91b0f71abf54c25fb3f4596b83938485bd339b3ee5c"
/>
<link
rel="apple-touch-icon"
sizes="60x60"
href="https://librepages.org/apple-icon-60x60.png?h=3c65021633e27b12573a4d95ee104960edeeb8448d016cc4a3a8c009956f455b"
/>
<link
rel="apple-touch-icon"
sizes="72x72"
href="https://librepages.org/apple-icon-72x72.png?h=7e6ea650d40b0c229eb8991d4bdaaeaf3a4fdc37b4c91c7e0f6705f4ccbd4823"
/>
<link
rel="apple-touch-icon"
sizes="76x76"
href="https://librepages.org/apple-icon-76x76.png?h=14cc3b66876cc79fe49f4bdf43cfa342dd12249fb32ebb4bf5895cac9fd2eaba"
/>
<link
rel="apple-touch-icon"
sizes="114x114"
href="https://librepages.org/apple-icon-114x114.png?h=a7e320f87a86aa0e037e78635c5f5042e02bf3adaf5c7a3163a108b004f1874e"
/>
<link
rel="apple-touch-icon"
sizes="120x120"
href="https://librepages.org/apple-icon-120x120.png?h=0555c76525ad4b8e974217be648c2691643b0ae09c1447bee571bdf51d324e5a"
/>
<link
rel="apple-touch-icon"
sizes="144x144"
href="https://librepages.org/apple-icon-144x144.png?h=3c6dcd632f3eca17cf7cc6153e9b372183518168754e2d8adb6bc549cfc89694"
/>
<link
rel="apple-touch-icon"
sizes="152x152"
href="https://librepages.org/apple-icon-152x152.png?h=0de6ee6daa86c4800faa71c0ba940a749b025c83f1150b19f7817bac9558344e"
/>
<link
rel="apple-touch-icon"
sizes="180x180"
href="https://librepages.org/apple-icon-180x180.png?h=4015bdb0896669f24d0be4e93fc9625c771a746060906dd94ed07ed2b3a88ede"
/>
<link
rel="icon"
type="image/png"
sizes="192x192"
href="https://librepages.org/android-icon-192x192.png?h=4065738be7277800667ab5dab97c610d8b76f7c9d7835266ecf440a1336b179a"
/>
<link
rel="icon"
type="image/png"
sizes="32x32"
href="https://librepages.org/favicon-32x32.png?h=19f5fc89580c10a37da127a18cb6d18427f8604617fe3c1d163a5528c4832094"
/>
<link
rel="icon"
type="image/png"
sizes="96x96"
href="https://librepages.org/favicon-96x96.png?h=f1dbc55e44179d839832093c008b0bedea79c3b21b1af68adb6d70c3e21227f5"
/>
<link
rel="icon"
type="image/png"
sizes="16x16"
href="https://librepages.org/favicon-16x16.png?h=a7056d65f8aa73fbaf9e97dcd2e685ac67489a76c0b8e715936970b118d74700"
/>
<link
rel="manifest"
href="https://librepages.org/manifest.json?h=27eca3e8297eb7ff340deb3849b210185a459b3845456aa4d0036f6d966b3518"
/>
<meta name="msapplication-TileColor" content="#ffffff" />
<meta
name="msapplication-TileImage"
content="https://librepages.org/ms-icon-144x144.png?h=3c6dcd632f3eca17cf7cc6153e9b372183518168754e2d8adb6bc549cfc89694"
/>
<meta name="theme-color" content="#ffffff" />
</head>
<!-- Matomo -->
<script>
var _paq = (window._paq = window._paq || []);
/* tracker methods like "setCustomDimension" should be called before "trackPageView" */
_paq.push(["setCookieDomain", "*.librepages.org"]);
_paq.push(["trackPageView"]);
_paq.push(["enableLinkTracking"]);
(function () {
var u = "//matomo.librepages.org/";
_paq.push(["setTrackerUrl", u + "matomo.php"]);
_paq.push(["setSiteId", "3"]);
var d = document,
g = d.createElement("script"),
s = d.getElementsByTagName("script")[0];
g.async = true;
g.src = u + "matomo.js";
s.parentNode.insertBefore(g, s);
})();
</script>
<noscript
><p>
<img
src="//matomo.librepages.org/matomo.php?idsite=3&amp;rec=1"
style="border: 0"
alt=""
/></p
></noscript>
<!-- End Matomo Code -->
</head>
<body class="base">
<header><nav class="nav__container">
<input type="checkbox" class="nav__toggle" id="nav__toggle" />
<div class="nav__header">
<a class="nav__logo-container" href="/">
<p class="nav__home-btn">LibrePages</p>
</a>
<label class="nav__hamburger-menu" for="nav__toggle">
<span class="nav__hamburger-inner"></span>
</label>
</div>
<div class="nav__spacer--small"></div>
<div class="nav__link-group">
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="&#x2F;about&#x2F;">About</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="&#x2F;blog&#x2F;">Blog</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;matrix.to&#x2F;#&#x2F;#librepages:matrix.batsense.net">Chat</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;docs.librepages.org">Docs</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;gts.batsense.net&#x2F;@librepages">Fediverse</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;git.batsense.net&#x2F;LibrePages">Source Code</a>
</div>
</div>
<div class="nav__spacer"></div>
<div class="nav__link-group--small">
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;demo.librepages.org&#x2F;">Demo</a>
</div>
</div>
</nav>
</header>
<!-- See ../sass/main.scss. Required for pushing footer to the very
bottom of the page -->
<div class="main__content-container">
<main>
<div class="blog__container">
<div class="tag__title-container">
<h1 class="tag__title">#bare-metal</h1>
<a class="tag__rss-link--single" href="https:&#x2F;&#x2F;librepages.org&#x2F;tags&#x2F;bare-metal&#x2F;atom.xml" target="_blank" rel="noopener" title="RSS">
<img
src="https://librepages.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
class="tag__rss-icon--single"
alt="RSS icon"
/>
</a></div>
<ul class="blog__list">
<li class="blog__post-item">
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/" class="blog__post-link">
<h2 class="blog__post-title">How to deploy a website WITHOUT LibrePages</h2>
<p class="blog__post-meta">
10
September
,
2022 &middot; <b>9 min read</b>
</p>
<p class="blog__post-description">Automation services like LibrePages exist to make lives easier but how do you do the same manually, on self-hosted hardware, or in the cloud? </p>
</a>
<div class="blog__post-tag-container">
<a class="blog__post-tag" href="/tags/bare-metal">#bare-metal</a>
<a class="blog__post-tag" href="/tags/nginx">#nginx</a>
<a class="blog__post-tag" href="/tags/JAMStack">#JAMStack</a>
<a class="blog__post-tag" href="/tags/git">#git</a>
<a class="blog__post-tag" href="/tags/self-hosting">#self-hosting</a>
</div>
</li>
</ul>
</div>
<link rel="alternate" type="application/rss+xml" title="RSS" href="https://librepages.org/rss.xml">
</main>
<footer>
<div class="footer__container">
<!-- <div class="footer__column"> --->
<p class="footer__column license__conatiner">
All text <a
class="license__link"
rel="noreferrer"
href="http://creativecommons.org/licenses/by-sa/4.0/"
target="_blank"
>&nbsp;CC-BY-SA&nbsp;</a
>
&amp; code
<a
class="license__link"
rel="noreferrer"
href="https://www.gnu.org/licenses/agpl-3.0.en.html"
target="_blank"
>&nbsp;AGPL&nbsp;</a
>
</p>
<!-- </div> -->
<div class="footer__column--center">
<a href="/blog/atom.xml" target="_blank" rel="noopener" title="RSS">
<img
src="https://librepages.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
class="footer__icon"
alt="Email icon"
/>
</a>
</div>
<div class="footer__column">
<a href="/about" title="About">About</a>
<a href="/coc" title="Code of Conduct">CoC</a>
<span class="footer__column-divider--mobile-only">|</span>
<a href="/legalese" title="Legalese">Legalese</a>
<a href="/privacy-policy" title="Privacy Policy">Privacy</a>
<span class="footer__column-divider--mobile-only">|</span>
<a
href="https://git.batsense.net/LibrePages"
rel="noreferrer"
target="_blank"
title="Status"
>Source Code</a
>
<!--
<a href="/tos" title="Terms of Service">ToS</a>
-->
</div>
</div>
</footer>
</div>
</body>
</html>

367
tags/git/atom.xml Normal file
View file

@ -0,0 +1,367 @@
<?xml version="1.0" encoding="UTF-8"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
<title> - git</title>
<link href="https://librepages.org/tags/git/atom.xml" rel="self" type="application/atom+xml"/>
<link href="https://librepages.org"/>
<generator uri="https://www.getzola.org/">Zola</generator>
<updated>2022-09-10T00:00:00+00:00</updated>
<id>https://librepages.org/tags/git/atom.xml</id>
<entry xml:lang="en">
<title>How to deploy a website WITHOUT LibrePages</title>
<published>2022-09-10T00:00:00+00:00</published>
<updated>2022-09-10T00:00:00+00:00</updated>
<link href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/" type="text/html"/>
<id>https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/</id>
<content type="html">&lt;p&gt;In this &lt;del&gt;blog post&lt;&#x2F;del&gt; tutorial, I&#x27;ll show you how to deploy a personal
website. LibrePages automates everything that is discussed in this
tutorial and lets you focus on creating content. Automation is good
but knowing how to do it manually using industry standard
technologies always helps!&lt;&#x2F;p&gt;
&lt;p&gt;We will be using the following technologies to deploy our website:&lt;&#x2F;p&gt;
&lt;ol&gt;
&lt;li&gt;GNU&#x2F;Linux server(Debian)&lt;&#x2F;li&gt;
&lt;li&gt;Nginx (webs server)&lt;&#x2F;li&gt;
&lt;li&gt;Let&#x27;s Encrypt (for HTTPS)&lt;&#x2F;li&gt;
&lt;li&gt;Gitea (but any Git hosting works)&lt;&#x2F;li&gt;
&lt;&#x2F;ol&gt;
&lt;p&gt;Let&#x27;s get started!&lt;&#x2F;p&gt;
&lt;h2 id=&quot;1-setup-debian-gnu-linux&quot;&gt;1. Setup Debian GNU&#x2F;Linux&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-setup-debian-gnu-linux&quot; aria-label=&quot;Anchor link for: 1-setup-debian-gnu-linux&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h2&gt;
&lt;p&gt;We are going to start with a fresh GNU&#x2F;Linux installation, you could get
one from a cloud provider like &lt;a href=&quot;https:&#x2F;&#x2F;www.digitalocean.com&quot;&gt;Digital
Ocean&lt;&#x2F;a&gt; (not affiliated).&lt;&#x2F;p&gt;
&lt;h3 id=&quot;1-1-give-your-account-sudo-privileges&quot;&gt;1.1) Give your account &lt;code&gt;sudo&lt;&#x2F;code&gt; privileges&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-1-give-your-account-sudo-privileges&quot; aria-label=&quot;Anchor link for: 1-1-give-your-account-sudo-privileges&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;On GNU&#x2F;Linux systems, the &lt;code&gt;root&lt;&#x2F;code&gt; account is the most powerful user account.
It is good practice to avoid working as &lt;code&gt;root&lt;&#x2F;code&gt; since a careless mistake
could wipe the entire system out.&lt;&#x2F;p&gt;
&lt;p&gt;&lt;code&gt;sudo&lt;&#x2F;code&gt; give the ability to execute commands with &lt;code&gt;root&lt;&#x2F;code&gt; capabilities
from a lower-privileged account. Let&#x27;s make our account sudo capable:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;su &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# become root
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# add `realaravinth`, my account` to `sudo` group to be able to use `sudo`
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;usermod -aG&lt;&#x2F;span&gt;&lt;span&gt; sudo realaravinth &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# my account is called `realaravinth`, replace it with yours
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#96b5b4;&quot;&gt;exit
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; exit
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Log out and log back in.&lt;&#x2F;p&gt;
&lt;h3 id=&quot;1-2-install-and-setup-firewall-ufw&quot;&gt;1.2) Install and setup firewall(&lt;code&gt;ufw&lt;&#x2F;code&gt;)&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-2-install-and-setup-firewall-ufw&quot; aria-label=&quot;Anchor link for: 1-2-install-and-setup-firewall-ufw&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;Uncomplicated Firewall(&lt;code&gt;ufw&lt;&#x2F;code&gt;) is a popular firewall that is easy to
set up and maintain. For most installations, this should be enough.
System administrators use firewalls to open only the ports that they
think should receive traffic from external networks. Without it, all
ports will be open, causing a security nightmare.&lt;&#x2F;p&gt;
&lt;p&gt;We will require standard SSH (22), and the standard web ports (80 and
443). A comprehensive list of services and the list of ports the listen
on is available at `&#x2F;etc&#x2F;services.&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt &quot;&gt;&lt;code class=&quot;language-bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt&quot; data-lang=&quot;bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt&quot;&gt;&lt;span&gt;install ufw # we are using `ufw` for the firewall
&lt;&#x2F;span&gt;&lt;span&gt;$ sudo ufw allow ssh # allow SSH traffic on port 22, required to log into the server
&lt;&#x2F;span&gt;&lt;span&gt;$ sudo ufw enable # deploy firewall
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;1-3-secure-ssh&quot;&gt;1.3) Secure SSH&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-secure-ssh&quot; aria-label=&quot;Anchor link for: 1-3-secure-ssh&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;SSH allows remote access to our servers over secure, encrypted
channels. By default, users can log in with their password
using SSH. But password authentication is susceptible to brute force attacks, so we should disable password logins on our server and only allow public-key authentication only.&lt;&#x2F;p&gt;
&lt;h3 id=&quot;1-3-1-generate-key-pair&quot;&gt;1.3.1) Generate key pair&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-1-generate-key-pair&quot; aria-label=&quot;Anchor link for: 1-3-1-generate-key-pair&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;On your local computer, generate an SSH key pair:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; ssh-keygen
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Generating&lt;&#x2F;span&gt;&lt;span&gt; public&#x2F;private rsa key pair.
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Enter&lt;&#x2F;span&gt;&lt;span&gt; file in which to save the key (&#x2F;home&#x2F;realaravinth&#x2F;.ssh&#x2F;id_rsa)&lt;&#x2F;span&gt;&lt;span style=&quot;color:#96b5b4;&quot;&gt;:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Enter&lt;&#x2F;span&gt;&lt;span&gt; passphrase (empty for no passphrase)&lt;&#x2F;span&gt;&lt;span style=&quot;color:#96b5b4;&quot;&gt;:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Enter&lt;&#x2F;span&gt;&lt;span&gt; same passphrase again:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Your&lt;&#x2F;span&gt;&lt;span&gt; identification has been saved in &#x2F;home&#x2F;realaravinth&#x2F;.ssh&#x2F;id_rsa
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Your&lt;&#x2F;span&gt;&lt;span&gt; public key has been saved in &#x2F;home&#x2F;realaravinth&#x2F;.ssh&#x2F;id_rsa.pub
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;The&lt;&#x2F;span&gt;&lt;span&gt; key fingerprint is:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;SHA256:i2DE1b9BQb9DqV0r6O9MfPeVqUwfww1&#x2F;T8wIXL2Xqdo&lt;&#x2F;span&gt;&lt;span&gt; realaravinth@myserver.com
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;The&lt;&#x2F;span&gt;&lt;span&gt; key&amp;#39;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;s random art image is:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;+---[RSA 3072]----+
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| .. .o. |
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| . . . .. . . |
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| o o + o .|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| . o* + .+|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| o S ooB o+.|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| . . . o.. +o*=|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| . . . ooo*X|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| +=.ooB|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| o+E .o|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;+----[SHA256]-----+
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Set a strong password the program prompts for one and save it somewhere
safe. Your public key will be at &lt;code&gt;~&#x2F;.ssh&#x2F;id_rsa.pub&lt;&#x2F;code&gt; and your private key at
&lt;code&gt;~&#x2F;.ssh&#x2F;id_rsa&lt;&#x2F;code&gt;. &lt;strong&gt;Never share the private key with anyone&lt;&#x2F;strong&gt;.&lt;&#x2F;p&gt;
&lt;h3 id=&quot;1-3-2-setup-public-key-authentication&quot;&gt;1.3.2) Setup public-key authentication&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-2-setup-public-key-authentication&quot; aria-label=&quot;Anchor link for: 1-3-2-setup-public-key-authentication&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;We have to copy the public key that we generated in the previous setup
onto our server:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; ssh-copy-id&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; -i ~&lt;&#x2F;span&gt;&lt;span&gt;&#x2F;.ssh&#x2F;id_rsa.pub myserver.com
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;&#x2F;usr&#x2F;bin&#x2F;ssh-copy-id:&lt;&#x2F;span&gt;&lt;span&gt; INFO: Source of key(s) &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;to&lt;&#x2F;span&gt;&lt;span&gt; be installed: &amp;quot;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;&#x2F;home&#x2F;realaravinth&#x2F;.ssh&#x2F;id_rsa.pub&lt;&#x2F;span&gt;&lt;span&gt;&amp;quot;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;&#x2F;usr&#x2F;bin&#x2F;ssh-copy-id:&lt;&#x2F;span&gt;&lt;span&gt; INFO: attempting to log in with the new key(s)&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;,&lt;&#x2F;span&gt;&lt;span&gt; to filter out any that are already installed
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;&#x2F;usr&#x2F;bin&#x2F;ssh-copy-id:&lt;&#x2F;span&gt;&lt;span&gt; INFO: 1 key(s) &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;remain&lt;&#x2F;span&gt;&lt;span&gt; to be installed -- if you are prompted now it is to install the new keys
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;realaravinth@myserver.com&lt;&#x2F;span&gt;&lt;span&gt;&amp;#39;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;s password:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;Number of key(s) added: 1
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;Now try logging into the machine, with: &amp;quot;ssh &lt;&#x2F;span&gt;&lt;span&gt;&amp;#39;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;myserver.com&lt;&#x2F;span&gt;&lt;span&gt;&amp;#39;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;&amp;quot;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;and check to make sure that only the key(s) you wanted were added.
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;1-3-3-disable-ssh-password-authentication&quot;&gt;1.3.3) Disable SSH password authentication&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-3-disable-ssh-password-authentication&quot; aria-label=&quot;Anchor link for: 1-3-3-disable-ssh-password-authentication&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;NOTE: Verify you can log into your account before proceeding&lt;&#x2F;strong&gt;&lt;&#x2F;p&gt;
&lt;&#x2F;blockquote&gt;
&lt;p&gt;Now that we have a private-key authentication setup on both the client and
the server, let&#x27;s disable password authentication on the server:&lt;&#x2F;p&gt;
&lt;p&gt;Open &lt;code&gt;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&lt;&#x2F;code&gt; and add the following lines:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;PubkeyAuthentication yes
&lt;&#x2F;span&gt;&lt;span&gt;PasswordAuthentication no
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;And restart the SSH server:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemctl restart sshd
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;1-3-install-and-setup-fail2ban&quot;&gt;1.3) Install and setup &lt;code&gt;fail2ban&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-install-and-setup-fail2ban&quot; aria-label=&quot;Anchor link for: 1-3-install-and-setup-fail2ban&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;We will be using &lt;code&gt;fail2ban&lt;&#x2F;code&gt; for intrusion prevention by blackiisting entities (users, bots, etc.) based on failed login attempts.&lt;&#x2F;p&gt;
&lt;h4 id=&quot;1-3-1-install-fail2ban&quot;&gt;1.3.1) Install &lt;code&gt;fail2ban&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-1-install-fail2ban&quot; aria-label=&quot;Anchor link for: 1-3-1-install-fail2ban&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo apt install fail2ban
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;1-3-2-enable-fail2ban-for-sshd&quot;&gt;1.3.2) Enable &lt;code&gt;fail2ban&lt;&#x2F;code&gt; for &lt;code&gt;sshd&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-2-enable-fail2ban-for-sshd&quot; aria-label=&quot;Anchor link for: 1-3-2-enable-fail2ban-for-sshd&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;yml&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-yml &quot;&gt;&lt;code class=&quot;language-yml&quot; data-lang=&quot;yml&quot;&gt;&lt;span&gt;[&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;sshd&lt;&#x2F;span&gt;&lt;span&gt;]
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;enabled = true
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;1-3-3-configure-fail2ban-to-start-on-boot&quot;&gt;1.3.3) Configure &lt;code&gt;fail2ban&lt;&#x2F;code&gt; to start on boot&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-3-configure-fail2ban-to-start-on-boot&quot; aria-label=&quot;Anchor link for: 1-3-3-configure-fail2ban-to-start-on-boot&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemctl enable fail2ban
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemctl start fail2ban
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;1-4-install-and-setup-nginx&quot;&gt;1.4) Install and setup &lt;code&gt;nginx&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-4-install-and-setup-nginx&quot; aria-label=&quot;Anchor link for: 1-4-install-and-setup-nginx&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;&lt;code&gt;nginx&lt;&#x2F;code&gt; is a popular web server that can be used to serve static sites.
It is fast, stable, and easy to set up.&lt;&#x2F;p&gt;
&lt;p&gt;To install, run the following command:&lt;&#x2F;p&gt;
&lt;h4 id=&quot;1-4-1-install-nginx&quot;&gt;1.4.1) Install &lt;code&gt;nginx&lt;&#x2F;code&gt;:&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-4-1-install-nginx&quot; aria-label=&quot;Anchor link for: 1-4-1-install-nginx&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo apt install nginx
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;1-4-2-allow-web-traffic-open-ports-80-and-443&quot;&gt;1.4.2) Allow web traffic: open ports &lt;code&gt;80&lt;&#x2F;code&gt; and &lt;code&gt;443&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-4-2-allow-web-traffic-open-ports-80-and-443&quot; aria-label=&quot;Anchor link for: 1-4-2-allow-web-traffic-open-ports-80-and-443&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;p&gt;Ports &lt;code&gt;80&lt;&#x2F;code&gt; is the default for HTTP and &lt;code&gt;443&lt;&#x2F;code&gt; for HTTPS. To serve
web traffic, we&#x27;ll have to Configure &lt;code&gt;ufw&lt;&#x2F;code&gt; to accept traffic on them:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo ufw allow 80 &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# open ports 80 HTTP traffic
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo ufw allow 443 &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# open ports 443 for HTTPS traffic
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;1-4-2-configure-nginx-to-start-on-boot&quot;&gt;1.4.2) Configure &lt;code&gt;nginx&lt;&#x2F;code&gt; to start on boot&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-4-2-configure-nginx-to-start-on-boot&quot; aria-label=&quot;Anchor link for: 1-4-2-configure-nginx-to-start-on-boot&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemtl enable nginx &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# automatically start nginx on boot
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemtl start nginx &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# start nginx server
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;And verify it works:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; curl localhost
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;!DOCTYPE &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;html&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;head&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;title&amp;gt;Welcome &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;to&lt;&#x2F;span&gt;&lt;span&gt; nginx!&amp;lt;&#x2F;title&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;style&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;body &lt;&#x2F;span&gt;&lt;span&gt;{
&lt;&#x2F;span&gt;&lt;span&gt; width: 35em;
&lt;&#x2F;span&gt;&lt;span&gt; margin: 0 auto;
&lt;&#x2F;span&gt;&lt;span&gt; font-family: Tahoma, Verdana, Arial, sans-serif;
&lt;&#x2F;span&gt;&lt;span&gt; }
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;style&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;head&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;body&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;h1&amp;gt;Welcome &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;to&lt;&#x2F;span&gt;&lt;span&gt; nginx!&amp;lt;&#x2F;h1&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;p&amp;gt;If &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;you&lt;&#x2F;span&gt;&lt;span&gt; see this page, the nginx web server is successfully installed and
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;working.&lt;&#x2F;span&gt;&lt;span&gt; Further configuration is required.&amp;lt;&#x2F;p&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;p&amp;gt;For &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;online&lt;&#x2F;span&gt;&lt;span&gt; documentation and support please refer to
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;a &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;href&lt;&#x2F;span&gt;&lt;span&gt;=&amp;quot;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;http:&#x2F;&#x2F;nginx.org&#x2F;&lt;&#x2F;span&gt;&lt;span&gt;&amp;quot;&amp;gt;nginx.org&amp;lt;&#x2F;a&amp;gt;.&amp;lt;br&#x2F;&amp;gt;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Commercial&lt;&#x2F;span&gt;&lt;span&gt; support is available at
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;a &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;href&lt;&#x2F;span&gt;&lt;span&gt;=&amp;quot;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;http:&#x2F;&#x2F;nginx.com&#x2F;&lt;&#x2F;span&gt;&lt;span&gt;&amp;quot;&amp;gt;nginx.com&amp;lt;&#x2F;a&amp;gt;.&amp;lt;&#x2F;p&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;p&amp;gt;&amp;lt;em&amp;gt;Thank &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;you&lt;&#x2F;span&gt;&lt;span&gt; for using nginx.&amp;lt;&#x2F;em&amp;gt;&amp;lt;&#x2F;p&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;body&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;html&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;&lt;code&gt;nginx&lt;&#x2F;code&gt; is working!&lt;&#x2F;p&gt;
&lt;h2 id=&quot;2-deploy-website&quot;&gt;2) Deploy website&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-deploy-website&quot; aria-label=&quot;Anchor link for: 2-deploy-website&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h2&gt;
&lt;p&gt;For this demo, we&#x27;ll deploy a single file(&lt;code&gt;index.html&lt;&#x2F;code&gt;)
HTML website.&lt;&#x2F;p&gt;
&lt;h3 id=&quot;2-1-install-the-webpage-on-the-server&quot;&gt;2.1) Install the webpage on the server&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-1-install-the-webpage-on-the-server&quot; aria-label=&quot;Anchor link for: 2-1-install-the-webpage-on-the-server&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;Edit &lt;code&gt;&#x2F;var&#x2F;www&#x2F;html&#x2F;index.html&lt;&#x2F;code&gt; and add the following HTML to it:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;html&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-html &quot;&gt;&lt;code class=&quot;language-html&quot; data-lang=&quot;html&quot;&gt;&lt;span&gt;&amp;lt;!&lt;&#x2F;span&gt;&lt;span style=&quot;color:#b48ead;&quot;&gt;DOCTYPE &lt;&#x2F;span&gt;&lt;span style=&quot;color:#d08770;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;head&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;title&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;My cool website!&amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;title&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;head&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;body&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;h1&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;Welcome to my website! o&#x2F;&amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;h1&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;body&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;The webpage should now be available on localhost, and we should see it when we run the following command:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; curl localhost
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;!DOCTYPE &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;html&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;head&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;title&amp;gt;My &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;cool&lt;&#x2F;span&gt;&lt;span&gt; website!&amp;lt;&#x2F;title&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&#x2F;head&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;body&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;h1&amp;gt;Welcome &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;to&lt;&#x2F;span&gt;&lt;span&gt; my website! o&#x2F;&amp;lt;&#x2F;h1&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&#x2F;body&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;html&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;2-2-serve-webpage-on-a-custom-domain&quot;&gt;2.2) Serve webpage on a custom domain&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-2-serve-webpage-on-a-custom-domain&quot; aria-label=&quot;Anchor link for: 2-2-serve-webpage-on-a-custom-domain&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;h4 id=&quot;2-2-1-buy-a-domain-if-you-don-t-own-one-already&quot;&gt;2.2.1) Buy a domain if you don&#x27;t own one already&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-2-1-buy-a-domain-if-you-don-t-own-one-already&quot; aria-label=&quot;Anchor link for: 2-2-1-buy-a-domain-if-you-don-t-own-one-already&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;h4 id=&quot;2-2-2-go-to-the-domain-s-dns-dashboard-and-add-the-following-record&quot;&gt;2.2.2) Go to the domain&#x27;s DNS dashboard and add the following record&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-2-2-go-to-the-domain-s-dns-dashboard-and-add-the-following-record&quot; aria-label=&quot;Anchor link for: 2-2-2-go-to-the-domain-s-dns-dashboard-and-add-the-following-record&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;@ A 300 &amp;lt;your server IP address&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;2-2-3-setup-nginx-to-serve-the-website-at-http-your-domain&quot;&gt;2.2.3) Setup &lt;code&gt;nginx&lt;&#x2F;code&gt; to serve the website at &lt;code&gt;http:&#x2F;&#x2F;&amp;lt;your-domain.&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-2-3-setup-nginx-to-serve-the-website-at-http-your-domain&quot; aria-label=&quot;Anchor link for: 2-2-3-setup-nginx-to-serve-the-website-at-http-your-domain&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;p&gt;Open &lt;code&gt;&#x2F;etc&#x2F;nginx&#x2F;sites-available&#x2F;your-domain&lt;&#x2F;code&gt; and add the following:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;server {
&lt;&#x2F;span&gt;&lt;span&gt; # serve website on port 80
&lt;&#x2F;span&gt;&lt;span&gt; listen [::]:80;
&lt;&#x2F;span&gt;&lt;span&gt; listen 80;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # write error logs to file
&lt;&#x2F;span&gt;&lt;span&gt; error_log &#x2F;var&#x2F;log&#x2F;nginx&#x2F;&amp;lt;your-domain&amp;gt;.error.log;
&lt;&#x2F;span&gt;&lt;span&gt; # write access logs to file
&lt;&#x2F;span&gt;&lt;span&gt; access_log &#x2F;var&#x2F;log&#x2F;nginx&#x2F;&amp;lt;your-domain&amp;gt;.access.log;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # serve only on this domain:
&lt;&#x2F;span&gt;&lt;span&gt; server_name &amp;lt;your-domain&amp;gt;; # replace me
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # use files from this directory
&lt;&#x2F;span&gt;&lt;span&gt; root &#x2F;var&#x2F;www&#x2F;html&#x2F;;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # remove .html from URL; it is cleaner this way
&lt;&#x2F;span&gt;&lt;span&gt; rewrite ^(&#x2F;.*)\.html(\?.*)?$ $1$2 permanent;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # when a request is received, try the index.html in the directory
&lt;&#x2F;span&gt;&lt;span&gt; # or $uri.html
&lt;&#x2F;span&gt;&lt;span&gt; try_files $uri&#x2F;index.html $uri.html $uri&#x2F; $uri =404;
&lt;&#x2F;span&gt;&lt;span&gt;}
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;It is good practice to have all &lt;code&gt;nginx&lt;&#x2F;code&gt; deployment configurations in
&lt;code&gt;&#x2F;etc&#x2F;nginx&#x2F;sites-available&#x2F;&lt;&#x2F;code&gt; directory and link production websites to
`&#x2F;etc&#x2F;nginx&#x2F;sites-enabled directory. Doing so allows you to
work-in-progress configurations or delete deployments without losing
the configuration files.&lt;&#x2F;p&gt;
&lt;p&gt;Let&#x27;s enable &lt;code&gt;&amp;lt;your-domain&amp;gt;&lt;&#x2F;code&gt;&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo ln&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; -s&lt;&#x2F;span&gt;&lt;span&gt; &#x2F;etc&#x2F;nginx&#x2F;sites-available&#x2F;&amp;lt;your-domain&amp;gt; &#x2F;etc&#x2F;nginx&#x2F;sites-available&#x2F;&amp;lt;your-domain&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Verify configurations before deploying, &lt;code&gt;nginx&lt;&#x2F;code&gt; has a command
to do it:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo nginx&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; -t
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;If there are no errors, reload &lt;code&gt;nginx&lt;&#x2F;code&gt; to deploy the website:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo nginx&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; -s&lt;&#x2F;span&gt;&lt;span&gt; reload
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Your webpage should now be accessible at &lt;code&gt;http:&#x2F;&#x2F;&amp;lt;your-domain&amp;gt;&lt;&#x2F;code&gt;!&lt;&#x2F;p&gt;
&lt;h3 id=&quot;2-3-install-certbot-to-set-up-https&quot;&gt;2.3) Install &lt;code&gt;certbot&lt;&#x2F;code&gt; to set up HTTPS&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-3-install-certbot-to-set-up-https&quot; aria-label=&quot;Anchor link for: 2-3-install-certbot-to-set-up-https&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;HTTP is insecure. We&#x27;ll have to set up SSL to serve our website using
HTTPS. To do that, we will be using &lt;a href=&quot;https:&#x2F;&#x2F;letsencrypt.org&#x2F;&quot;&gt;Let&#x27;s
Encrypt&lt;&#x2F;a&gt; a popular nonprofit certificate
authority to get our SSL certificates.&lt;&#x2F;p&gt;
&lt;p&gt;SSL certificates come with set lifetimes, so we renew them before they expire. The process, when done manually, is demanding: you
will have to log in every three months and renew the
certificate. If you fail or forget it, your visitors will see security
warnings on your website.&lt;&#x2F;p&gt;
&lt;p&gt;Thankfully, Let&#x27;s Encrypt provides automation through &lt;code&gt;certbot&lt;&#x2F;code&gt;&lt;&#x2F;p&gt;
&lt;h4 id=&quot;2-3-1-install-certbot&quot;&gt;2.3.1) Install &lt;code&gt;certbot&lt;&#x2F;code&gt;:&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-3-1-install-certbot&quot; aria-label=&quot;Anchor link for: 2-3-1-install-certbot&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo apt install certbot python3-certbot-nginx
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;2-3-2-get-a-certificate-for-your-domain&quot;&gt;2.3.2) Get a certificate for &lt;code&gt;&amp;lt;your-domain&amp;gt;&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-3-2-get-a-certificate-for-your-domain&quot; aria-label=&quot;Anchor link for: 2-3-2-get-a-certificate-for-your-domain&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo certbot&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; --nginx -d &lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;your-domain&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;&lt;code&gt;certbot&lt;&#x2F;code&gt; will prompt you for an email ID, and ask you to accept their
terms and conditions, privacy policy, etc. Be sure to read them before
agreeing to them. It will then try to authenticate your domain ownership
using the &lt;a href=&quot;https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Automatic_Certificate_Management_Environment&quot;&gt;ACME
protocol&lt;&#x2F;a&gt;.
By configuring the DNS to point to our server and by telling &lt;code&gt;nginx&lt;&#x2F;code&gt; at
that domain.&lt;&#x2F;p&gt;
&lt;p&gt;When it has verified ownership, it will automatically issue, deploy the
certificate on &lt;code&gt;nginx&lt;&#x2F;code&gt; and setup redirects.&lt;&#x2F;p&gt;
&lt;h4 id=&quot;2-3-3-setup-cronjob-to-automate-ssl-certificate-renewals&quot;&gt;2.3.3) Setup cronjob to automate SSL certificate renewals&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-3-3-setup-cronjob-to-automate-ssl-certificate-renewals&quot; aria-label=&quot;Anchor link for: 2-3-3-setup-cronjob-to-automate-ssl-certificate-renewals&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;p&gt;Become root and edit crontab&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; su
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;crontab -e
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Add the following job and exit:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;0 *&#x2F;12 * * * certbot -n --nginx renew
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;It will attempt to renew SSL certificates every 12 hours. If a the
certificate is due for renewal, &lt;code&gt;certbot&lt;&#x2F;code&gt; will go through the ACME
challenge, get the new certificates and automatically deploy them for
you.&lt;&#x2F;p&gt;
&lt;p&gt;Now our GNU&#x2F;Linux server is configured and ready to serve our website at
&lt;code&gt;http:&#x2F;&#x2F;&amp;lt;your-website&amp;gt;&lt;&#x2F;code&gt;!&lt;&#x2F;p&gt;
</content>
</entry>
</feed>

328
tags/git/index.html Normal file
View file

@ -0,0 +1,328 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width" />
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png" />
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png" />
<link rel="manifest" href="/site.webmanifest" />
<link rel="me" href="https://gts.batsense.net.net/@librepages" />
<link rel="stylesheet" href="https://librepages.org/main.css" />
<link
rel="stylesheet"
media="screen and (max-width: 1300px)"
href="https://librepages.org/mobile.css"
/>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="stylesheet" href="https://librepages.org/main.css" />
<link
rel="stylesheet"
media="screen and (max-width: 1300px)"
href="https://librepages.org/mobile.css"
/>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>git | LibrePages: JAMstack platform with focus on privacy and speed</title>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="description" content="git" />
<meta property="og:title" content="git | LibrePages: JAMstack platform with focus on privacy and speed" />
<meta property="og:type" content="article" />
<meta property="og:url" content="https:&#x2F;&#x2F;librepages.org" />
<meta property="og:description" content="git" />
<meta
property="og:site_name"
content="git | LibrePages: JAMstack platform with focus on privacy and speed"
/>
<link
rel="apple-touch-icon"
sizes="57x57"
href="https://librepages.org/apple-icon-57x57.png?h=aa7556c6917e2715fc5cd91b0f71abf54c25fb3f4596b83938485bd339b3ee5c"
/>
<link
rel="apple-touch-icon"
sizes="60x60"
href="https://librepages.org/apple-icon-60x60.png?h=3c65021633e27b12573a4d95ee104960edeeb8448d016cc4a3a8c009956f455b"
/>
<link
rel="apple-touch-icon"
sizes="72x72"
href="https://librepages.org/apple-icon-72x72.png?h=7e6ea650d40b0c229eb8991d4bdaaeaf3a4fdc37b4c91c7e0f6705f4ccbd4823"
/>
<link
rel="apple-touch-icon"
sizes="76x76"
href="https://librepages.org/apple-icon-76x76.png?h=14cc3b66876cc79fe49f4bdf43cfa342dd12249fb32ebb4bf5895cac9fd2eaba"
/>
<link
rel="apple-touch-icon"
sizes="114x114"
href="https://librepages.org/apple-icon-114x114.png?h=a7e320f87a86aa0e037e78635c5f5042e02bf3adaf5c7a3163a108b004f1874e"
/>
<link
rel="apple-touch-icon"
sizes="120x120"
href="https://librepages.org/apple-icon-120x120.png?h=0555c76525ad4b8e974217be648c2691643b0ae09c1447bee571bdf51d324e5a"
/>
<link
rel="apple-touch-icon"
sizes="144x144"
href="https://librepages.org/apple-icon-144x144.png?h=3c6dcd632f3eca17cf7cc6153e9b372183518168754e2d8adb6bc549cfc89694"
/>
<link
rel="apple-touch-icon"
sizes="152x152"
href="https://librepages.org/apple-icon-152x152.png?h=0de6ee6daa86c4800faa71c0ba940a749b025c83f1150b19f7817bac9558344e"
/>
<link
rel="apple-touch-icon"
sizes="180x180"
href="https://librepages.org/apple-icon-180x180.png?h=4015bdb0896669f24d0be4e93fc9625c771a746060906dd94ed07ed2b3a88ede"
/>
<link
rel="icon"
type="image/png"
sizes="192x192"
href="https://librepages.org/android-icon-192x192.png?h=4065738be7277800667ab5dab97c610d8b76f7c9d7835266ecf440a1336b179a"
/>
<link
rel="icon"
type="image/png"
sizes="32x32"
href="https://librepages.org/favicon-32x32.png?h=19f5fc89580c10a37da127a18cb6d18427f8604617fe3c1d163a5528c4832094"
/>
<link
rel="icon"
type="image/png"
sizes="96x96"
href="https://librepages.org/favicon-96x96.png?h=f1dbc55e44179d839832093c008b0bedea79c3b21b1af68adb6d70c3e21227f5"
/>
<link
rel="icon"
type="image/png"
sizes="16x16"
href="https://librepages.org/favicon-16x16.png?h=a7056d65f8aa73fbaf9e97dcd2e685ac67489a76c0b8e715936970b118d74700"
/>
<link
rel="manifest"
href="https://librepages.org/manifest.json?h=27eca3e8297eb7ff340deb3849b210185a459b3845456aa4d0036f6d966b3518"
/>
<meta name="msapplication-TileColor" content="#ffffff" />
<meta
name="msapplication-TileImage"
content="https://librepages.org/ms-icon-144x144.png?h=3c6dcd632f3eca17cf7cc6153e9b372183518168754e2d8adb6bc549cfc89694"
/>
<meta name="theme-color" content="#ffffff" />
</head>
<!-- Matomo -->
<script>
var _paq = (window._paq = window._paq || []);
/* tracker methods like "setCustomDimension" should be called before "trackPageView" */
_paq.push(["setCookieDomain", "*.librepages.org"]);
_paq.push(["trackPageView"]);
_paq.push(["enableLinkTracking"]);
(function () {
var u = "//matomo.librepages.org/";
_paq.push(["setTrackerUrl", u + "matomo.php"]);
_paq.push(["setSiteId", "3"]);
var d = document,
g = d.createElement("script"),
s = d.getElementsByTagName("script")[0];
g.async = true;
g.src = u + "matomo.js";
s.parentNode.insertBefore(g, s);
})();
</script>
<noscript
><p>
<img
src="//matomo.librepages.org/matomo.php?idsite=3&amp;rec=1"
style="border: 0"
alt=""
/></p
></noscript>
<!-- End Matomo Code -->
</head>
<body class="base">
<header><nav class="nav__container">
<input type="checkbox" class="nav__toggle" id="nav__toggle" />
<div class="nav__header">
<a class="nav__logo-container" href="/">
<p class="nav__home-btn">LibrePages</p>
</a>
<label class="nav__hamburger-menu" for="nav__toggle">
<span class="nav__hamburger-inner"></span>
</label>
</div>
<div class="nav__spacer--small"></div>
<div class="nav__link-group">
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="&#x2F;about&#x2F;">About</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="&#x2F;blog&#x2F;">Blog</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;matrix.to&#x2F;#&#x2F;#librepages:matrix.batsense.net">Chat</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;docs.librepages.org">Docs</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;gts.batsense.net&#x2F;@librepages">Fediverse</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;git.batsense.net&#x2F;LibrePages">Source Code</a>
</div>
</div>
<div class="nav__spacer"></div>
<div class="nav__link-group--small">
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;demo.librepages.org&#x2F;">Demo</a>
</div>
</div>
</nav>
</header>
<!-- See ../sass/main.scss. Required for pushing footer to the very
bottom of the page -->
<div class="main__content-container">
<main>
<div class="blog__container">
<div class="tag__title-container">
<h1 class="tag__title">#git</h1>
<a class="tag__rss-link--single" href="https:&#x2F;&#x2F;librepages.org&#x2F;tags&#x2F;git&#x2F;atom.xml" target="_blank" rel="noopener" title="RSS">
<img
src="https://librepages.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
class="tag__rss-icon--single"
alt="RSS icon"
/>
</a></div>
<ul class="blog__list">
<li class="blog__post-item">
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/" class="blog__post-link">
<h2 class="blog__post-title">How to deploy a website WITHOUT LibrePages</h2>
<p class="blog__post-meta">
10
September
,
2022 &middot; <b>9 min read</b>
</p>
<p class="blog__post-description">Automation services like LibrePages exist to make lives easier but how do you do the same manually, on self-hosted hardware, or in the cloud? </p>
</a>
<div class="blog__post-tag-container">
<a class="blog__post-tag" href="/tags/bare-metal">#bare-metal</a>
<a class="blog__post-tag" href="/tags/nginx">#nginx</a>
<a class="blog__post-tag" href="/tags/JAMStack">#JAMStack</a>
<a class="blog__post-tag" href="/tags/git">#git</a>
<a class="blog__post-tag" href="/tags/self-hosting">#self-hosting</a>
</div>
</li>
</ul>
</div>
<link rel="alternate" type="application/rss+xml" title="RSS" href="https://librepages.org/rss.xml">
</main>
<footer>
<div class="footer__container">
<!-- <div class="footer__column"> --->
<p class="footer__column license__conatiner">
All text <a
class="license__link"
rel="noreferrer"
href="http://creativecommons.org/licenses/by-sa/4.0/"
target="_blank"
>&nbsp;CC-BY-SA&nbsp;</a
>
&amp; code
<a
class="license__link"
rel="noreferrer"
href="https://www.gnu.org/licenses/agpl-3.0.en.html"
target="_blank"
>&nbsp;AGPL&nbsp;</a
>
</p>
<!-- </div> -->
<div class="footer__column--center">
<a href="/blog/atom.xml" target="_blank" rel="noopener" title="RSS">
<img
src="https://librepages.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
class="footer__icon"
alt="Email icon"
/>
</a>
</div>
<div class="footer__column">
<a href="/about" title="About">About</a>
<a href="/coc" title="Code of Conduct">CoC</a>
<span class="footer__column-divider--mobile-only">|</span>
<a href="/legalese" title="Legalese">Legalese</a>
<a href="/privacy-policy" title="Privacy Policy">Privacy</a>
<span class="footer__column-divider--mobile-only">|</span>
<a
href="https://git.batsense.net/LibrePages"
rel="noreferrer"
target="_blank"
title="Status"
>Source Code</a
>
<!--
<a href="/tos" title="Terms of Service">ToS</a>
-->
</div>
</div>
</footer>
</div>
</body>
</html>

391
tags/index.html Normal file
View file

@ -0,0 +1,391 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width" />
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png" />
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png" />
<link rel="manifest" href="/site.webmanifest" />
<link rel="me" href="https://gts.batsense.net.net/@librepages" />
<link rel="stylesheet" href="https://librepages.org/main.css" />
<link
rel="stylesheet"
media="screen and (max-width: 1300px)"
href="https://librepages.org/mobile.css"
/>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="stylesheet" href="https://librepages.org/main.css" />
<link
rel="stylesheet"
media="screen and (max-width: 1300px)"
href="https://librepages.org/mobile.css"
/>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>tags | LibrePages: JAMstack platform with focus on privacy and speed</title>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="description" content="tags" />
<meta property="og:title" content="tags | LibrePages: JAMstack platform with focus on privacy and speed" />
<meta property="og:type" content="article" />
<meta property="og:url" content="https:&#x2F;&#x2F;librepages.org" />
<meta property="og:description" content="tags" />
<meta
property="og:site_name"
content="tags | LibrePages: JAMstack platform with focus on privacy and speed"
/>
<link
rel="apple-touch-icon"
sizes="57x57"
href="https://librepages.org/apple-icon-57x57.png?h=aa7556c6917e2715fc5cd91b0f71abf54c25fb3f4596b83938485bd339b3ee5c"
/>
<link
rel="apple-touch-icon"
sizes="60x60"
href="https://librepages.org/apple-icon-60x60.png?h=3c65021633e27b12573a4d95ee104960edeeb8448d016cc4a3a8c009956f455b"
/>
<link
rel="apple-touch-icon"
sizes="72x72"
href="https://librepages.org/apple-icon-72x72.png?h=7e6ea650d40b0c229eb8991d4bdaaeaf3a4fdc37b4c91c7e0f6705f4ccbd4823"
/>
<link
rel="apple-touch-icon"
sizes="76x76"
href="https://librepages.org/apple-icon-76x76.png?h=14cc3b66876cc79fe49f4bdf43cfa342dd12249fb32ebb4bf5895cac9fd2eaba"
/>
<link
rel="apple-touch-icon"
sizes="114x114"
href="https://librepages.org/apple-icon-114x114.png?h=a7e320f87a86aa0e037e78635c5f5042e02bf3adaf5c7a3163a108b004f1874e"
/>
<link
rel="apple-touch-icon"
sizes="120x120"
href="https://librepages.org/apple-icon-120x120.png?h=0555c76525ad4b8e974217be648c2691643b0ae09c1447bee571bdf51d324e5a"
/>
<link
rel="apple-touch-icon"
sizes="144x144"
href="https://librepages.org/apple-icon-144x144.png?h=3c6dcd632f3eca17cf7cc6153e9b372183518168754e2d8adb6bc549cfc89694"
/>
<link
rel="apple-touch-icon"
sizes="152x152"
href="https://librepages.org/apple-icon-152x152.png?h=0de6ee6daa86c4800faa71c0ba940a749b025c83f1150b19f7817bac9558344e"
/>
<link
rel="apple-touch-icon"
sizes="180x180"
href="https://librepages.org/apple-icon-180x180.png?h=4015bdb0896669f24d0be4e93fc9625c771a746060906dd94ed07ed2b3a88ede"
/>
<link
rel="icon"
type="image/png"
sizes="192x192"
href="https://librepages.org/android-icon-192x192.png?h=4065738be7277800667ab5dab97c610d8b76f7c9d7835266ecf440a1336b179a"
/>
<link
rel="icon"
type="image/png"
sizes="32x32"
href="https://librepages.org/favicon-32x32.png?h=19f5fc89580c10a37da127a18cb6d18427f8604617fe3c1d163a5528c4832094"
/>
<link
rel="icon"
type="image/png"
sizes="96x96"
href="https://librepages.org/favicon-96x96.png?h=f1dbc55e44179d839832093c008b0bedea79c3b21b1af68adb6d70c3e21227f5"
/>
<link
rel="icon"
type="image/png"
sizes="16x16"
href="https://librepages.org/favicon-16x16.png?h=a7056d65f8aa73fbaf9e97dcd2e685ac67489a76c0b8e715936970b118d74700"
/>
<link
rel="manifest"
href="https://librepages.org/manifest.json?h=27eca3e8297eb7ff340deb3849b210185a459b3845456aa4d0036f6d966b3518"
/>
<meta name="msapplication-TileColor" content="#ffffff" />
<meta
name="msapplication-TileImage"
content="https://librepages.org/ms-icon-144x144.png?h=3c6dcd632f3eca17cf7cc6153e9b372183518168754e2d8adb6bc549cfc89694"
/>
<meta name="theme-color" content="#ffffff" />
</head>
<!-- Matomo -->
<script>
var _paq = (window._paq = window._paq || []);
/* tracker methods like "setCustomDimension" should be called before "trackPageView" */
_paq.push(["setCookieDomain", "*.librepages.org"]);
_paq.push(["trackPageView"]);
_paq.push(["enableLinkTracking"]);
(function () {
var u = "//matomo.librepages.org/";
_paq.push(["setTrackerUrl", u + "matomo.php"]);
_paq.push(["setSiteId", "3"]);
var d = document,
g = d.createElement("script"),
s = d.getElementsByTagName("script")[0];
g.async = true;
g.src = u + "matomo.js";
s.parentNode.insertBefore(g, s);
})();
</script>
<noscript
><p>
<img
src="//matomo.librepages.org/matomo.php?idsite=3&amp;rec=1"
style="border: 0"
alt=""
/></p
></noscript>
<!-- End Matomo Code -->
</head>
<body class="base">
<header><nav class="nav__container">
<input type="checkbox" class="nav__toggle" id="nav__toggle" />
<div class="nav__header">
<a class="nav__logo-container" href="/">
<p class="nav__home-btn">LibrePages</p>
</a>
<label class="nav__hamburger-menu" for="nav__toggle">
<span class="nav__hamburger-inner"></span>
</label>
</div>
<div class="nav__spacer--small"></div>
<div class="nav__link-group">
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="&#x2F;about&#x2F;">About</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="&#x2F;blog&#x2F;">Blog</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;matrix.to&#x2F;#&#x2F;#librepages:matrix.batsense.net">Chat</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;docs.librepages.org">Docs</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;gts.batsense.net&#x2F;@librepages">Fediverse</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;git.batsense.net&#x2F;LibrePages">Source Code</a>
</div>
</div>
<div class="nav__spacer"></div>
<div class="nav__link-group--small">
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;demo.librepages.org&#x2F;">Demo</a>
</div>
</div>
</nav>
</header>
<!-- See ../sass/main.scss. Required for pushing footer to the very
bottom of the page -->
<div class="main__content-container">
<main>
<div class="blog__container">
<ul class="blog__list">
<li class="tag__item">
<a href="https://librepages.org/tags/bare-metal/" class="tag__item-link">
<h2 class="tag__item-title">#bare-metal</h2>
<span class="tag__meta">1 entry</span>
</a>
<a class="tag__rss-link" href="https:&#x2F;&#x2F;librepages.org&#x2F;tags&#x2F;bare-metal&#x2F;atom.xml" target="_blank" rel="noopener" title="RSS">
<img
src="https://librepages.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
class="tag__rss-icon"
alt="RSS icon"
/>
</a>
</li>
</a>
<li class="tag__item">
<a href="https://librepages.org/tags/git/" class="tag__item-link">
<h2 class="tag__item-title">#git</h2>
<span class="tag__meta">1 entry</span>
</a>
<a class="tag__rss-link" href="https:&#x2F;&#x2F;librepages.org&#x2F;tags&#x2F;git&#x2F;atom.xml" target="_blank" rel="noopener" title="RSS">
<img
src="https://librepages.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
class="tag__rss-icon"
alt="RSS icon"
/>
</a>
</li>
</a>
<li class="tag__item">
<a href="https://librepages.org/tags/jamstack/" class="tag__item-link">
<h2 class="tag__item-title">#JAMStack</h2>
<span class="tag__meta">1 entry</span>
</a>
<a class="tag__rss-link" href="https:&#x2F;&#x2F;librepages.org&#x2F;tags&#x2F;jamstack&#x2F;atom.xml" target="_blank" rel="noopener" title="RSS">
<img
src="https://librepages.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
class="tag__rss-icon"
alt="RSS icon"
/>
</a>
</li>
</a>
<li class="tag__item">
<a href="https://librepages.org/tags/nginx/" class="tag__item-link">
<h2 class="tag__item-title">#nginx</h2>
<span class="tag__meta">1 entry</span>
</a>
<a class="tag__rss-link" href="https:&#x2F;&#x2F;librepages.org&#x2F;tags&#x2F;nginx&#x2F;atom.xml" target="_blank" rel="noopener" title="RSS">
<img
src="https://librepages.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
class="tag__rss-icon"
alt="RSS icon"
/>
</a>
</li>
</a>
<li class="tag__item">
<a href="https://librepages.org/tags/self-hosting/" class="tag__item-link">
<h2 class="tag__item-title">#self-hosting</h2>
<span class="tag__meta">1 entry</span>
</a>
<a class="tag__rss-link" href="https:&#x2F;&#x2F;librepages.org&#x2F;tags&#x2F;self-hosting&#x2F;atom.xml" target="_blank" rel="noopener" title="RSS">
<img
src="https://librepages.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
class="tag__rss-icon"
alt="RSS icon"
/>
</a>
</li>
</a>
</ul>
</div>
</main>
<footer>
<div class="footer__container">
<!-- <div class="footer__column"> --->
<p class="footer__column license__conatiner">
All text <a
class="license__link"
rel="noreferrer"
href="http://creativecommons.org/licenses/by-sa/4.0/"
target="_blank"
>&nbsp;CC-BY-SA&nbsp;</a
>
&amp; code
<a
class="license__link"
rel="noreferrer"
href="https://www.gnu.org/licenses/agpl-3.0.en.html"
target="_blank"
>&nbsp;AGPL&nbsp;</a
>
</p>
<!-- </div> -->
<div class="footer__column--center">
<a href="/blog/atom.xml" target="_blank" rel="noopener" title="RSS">
<img
src="https://librepages.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
class="footer__icon"
alt="Email icon"
/>
</a>
</div>
<div class="footer__column">
<a href="/about" title="About">About</a>
<a href="/coc" title="Code of Conduct">CoC</a>
<span class="footer__column-divider--mobile-only">|</span>
<a href="/legalese" title="Legalese">Legalese</a>
<a href="/privacy-policy" title="Privacy Policy">Privacy</a>
<span class="footer__column-divider--mobile-only">|</span>
<a
href="https://git.batsense.net/LibrePages"
rel="noreferrer"
target="_blank"
title="Status"
>Source Code</a
>
<!--
<a href="/tos" title="Terms of Service">ToS</a>
-->
</div>
</div>
</footer>
</div>
</body>
</html>

367
tags/jamstack/atom.xml Normal file
View file

@ -0,0 +1,367 @@
<?xml version="1.0" encoding="UTF-8"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
<title> - JAMStack</title>
<link href="https://librepages.org/tags/jamstack/atom.xml" rel="self" type="application/atom+xml"/>
<link href="https://librepages.org"/>
<generator uri="https://www.getzola.org/">Zola</generator>
<updated>2022-09-10T00:00:00+00:00</updated>
<id>https://librepages.org/tags/jamstack/atom.xml</id>
<entry xml:lang="en">
<title>How to deploy a website WITHOUT LibrePages</title>
<published>2022-09-10T00:00:00+00:00</published>
<updated>2022-09-10T00:00:00+00:00</updated>
<link href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/" type="text/html"/>
<id>https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/</id>
<content type="html">&lt;p&gt;In this &lt;del&gt;blog post&lt;&#x2F;del&gt; tutorial, I&#x27;ll show you how to deploy a personal
website. LibrePages automates everything that is discussed in this
tutorial and lets you focus on creating content. Automation is good
but knowing how to do it manually using industry standard
technologies always helps!&lt;&#x2F;p&gt;
&lt;p&gt;We will be using the following technologies to deploy our website:&lt;&#x2F;p&gt;
&lt;ol&gt;
&lt;li&gt;GNU&#x2F;Linux server(Debian)&lt;&#x2F;li&gt;
&lt;li&gt;Nginx (webs server)&lt;&#x2F;li&gt;
&lt;li&gt;Let&#x27;s Encrypt (for HTTPS)&lt;&#x2F;li&gt;
&lt;li&gt;Gitea (but any Git hosting works)&lt;&#x2F;li&gt;
&lt;&#x2F;ol&gt;
&lt;p&gt;Let&#x27;s get started!&lt;&#x2F;p&gt;
&lt;h2 id=&quot;1-setup-debian-gnu-linux&quot;&gt;1. Setup Debian GNU&#x2F;Linux&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-setup-debian-gnu-linux&quot; aria-label=&quot;Anchor link for: 1-setup-debian-gnu-linux&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h2&gt;
&lt;p&gt;We are going to start with a fresh GNU&#x2F;Linux installation, you could get
one from a cloud provider like &lt;a href=&quot;https:&#x2F;&#x2F;www.digitalocean.com&quot;&gt;Digital
Ocean&lt;&#x2F;a&gt; (not affiliated).&lt;&#x2F;p&gt;
&lt;h3 id=&quot;1-1-give-your-account-sudo-privileges&quot;&gt;1.1) Give your account &lt;code&gt;sudo&lt;&#x2F;code&gt; privileges&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-1-give-your-account-sudo-privileges&quot; aria-label=&quot;Anchor link for: 1-1-give-your-account-sudo-privileges&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;On GNU&#x2F;Linux systems, the &lt;code&gt;root&lt;&#x2F;code&gt; account is the most powerful user account.
It is good practice to avoid working as &lt;code&gt;root&lt;&#x2F;code&gt; since a careless mistake
could wipe the entire system out.&lt;&#x2F;p&gt;
&lt;p&gt;&lt;code&gt;sudo&lt;&#x2F;code&gt; give the ability to execute commands with &lt;code&gt;root&lt;&#x2F;code&gt; capabilities
from a lower-privileged account. Let&#x27;s make our account sudo capable:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;su &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# become root
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# add `realaravinth`, my account` to `sudo` group to be able to use `sudo`
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;usermod -aG&lt;&#x2F;span&gt;&lt;span&gt; sudo realaravinth &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# my account is called `realaravinth`, replace it with yours
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#96b5b4;&quot;&gt;exit
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; exit
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Log out and log back in.&lt;&#x2F;p&gt;
&lt;h3 id=&quot;1-2-install-and-setup-firewall-ufw&quot;&gt;1.2) Install and setup firewall(&lt;code&gt;ufw&lt;&#x2F;code&gt;)&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-2-install-and-setup-firewall-ufw&quot; aria-label=&quot;Anchor link for: 1-2-install-and-setup-firewall-ufw&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;Uncomplicated Firewall(&lt;code&gt;ufw&lt;&#x2F;code&gt;) is a popular firewall that is easy to
set up and maintain. For most installations, this should be enough.
System administrators use firewalls to open only the ports that they
think should receive traffic from external networks. Without it, all
ports will be open, causing a security nightmare.&lt;&#x2F;p&gt;
&lt;p&gt;We will require standard SSH (22), and the standard web ports (80 and
443). A comprehensive list of services and the list of ports the listen
on is available at `&#x2F;etc&#x2F;services.&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt &quot;&gt;&lt;code class=&quot;language-bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt&quot; data-lang=&quot;bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt&quot;&gt;&lt;span&gt;install ufw # we are using `ufw` for the firewall
&lt;&#x2F;span&gt;&lt;span&gt;$ sudo ufw allow ssh # allow SSH traffic on port 22, required to log into the server
&lt;&#x2F;span&gt;&lt;span&gt;$ sudo ufw enable # deploy firewall
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;1-3-secure-ssh&quot;&gt;1.3) Secure SSH&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-secure-ssh&quot; aria-label=&quot;Anchor link for: 1-3-secure-ssh&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;SSH allows remote access to our servers over secure, encrypted
channels. By default, users can log in with their password
using SSH. But password authentication is susceptible to brute force attacks, so we should disable password logins on our server and only allow public-key authentication only.&lt;&#x2F;p&gt;
&lt;h3 id=&quot;1-3-1-generate-key-pair&quot;&gt;1.3.1) Generate key pair&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-1-generate-key-pair&quot; aria-label=&quot;Anchor link for: 1-3-1-generate-key-pair&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;On your local computer, generate an SSH key pair:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; ssh-keygen
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Generating&lt;&#x2F;span&gt;&lt;span&gt; public&#x2F;private rsa key pair.
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Enter&lt;&#x2F;span&gt;&lt;span&gt; file in which to save the key (&#x2F;home&#x2F;realaravinth&#x2F;.ssh&#x2F;id_rsa)&lt;&#x2F;span&gt;&lt;span style=&quot;color:#96b5b4;&quot;&gt;:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Enter&lt;&#x2F;span&gt;&lt;span&gt; passphrase (empty for no passphrase)&lt;&#x2F;span&gt;&lt;span style=&quot;color:#96b5b4;&quot;&gt;:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Enter&lt;&#x2F;span&gt;&lt;span&gt; same passphrase again:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Your&lt;&#x2F;span&gt;&lt;span&gt; identification has been saved in &#x2F;home&#x2F;realaravinth&#x2F;.ssh&#x2F;id_rsa
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Your&lt;&#x2F;span&gt;&lt;span&gt; public key has been saved in &#x2F;home&#x2F;realaravinth&#x2F;.ssh&#x2F;id_rsa.pub
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;The&lt;&#x2F;span&gt;&lt;span&gt; key fingerprint is:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;SHA256:i2DE1b9BQb9DqV0r6O9MfPeVqUwfww1&#x2F;T8wIXL2Xqdo&lt;&#x2F;span&gt;&lt;span&gt; realaravinth@myserver.com
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;The&lt;&#x2F;span&gt;&lt;span&gt; key&amp;#39;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;s random art image is:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;+---[RSA 3072]----+
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| .. .o. |
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| . . . .. . . |
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| o o + o .|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| . o* + .+|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| o S ooB o+.|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| . . . o.. +o*=|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| . . . ooo*X|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| +=.ooB|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| o+E .o|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;+----[SHA256]-----+
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Set a strong password the program prompts for one and save it somewhere
safe. Your public key will be at &lt;code&gt;~&#x2F;.ssh&#x2F;id_rsa.pub&lt;&#x2F;code&gt; and your private key at
&lt;code&gt;~&#x2F;.ssh&#x2F;id_rsa&lt;&#x2F;code&gt;. &lt;strong&gt;Never share the private key with anyone&lt;&#x2F;strong&gt;.&lt;&#x2F;p&gt;
&lt;h3 id=&quot;1-3-2-setup-public-key-authentication&quot;&gt;1.3.2) Setup public-key authentication&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-2-setup-public-key-authentication&quot; aria-label=&quot;Anchor link for: 1-3-2-setup-public-key-authentication&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;We have to copy the public key that we generated in the previous setup
onto our server:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; ssh-copy-id&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; -i ~&lt;&#x2F;span&gt;&lt;span&gt;&#x2F;.ssh&#x2F;id_rsa.pub myserver.com
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;&#x2F;usr&#x2F;bin&#x2F;ssh-copy-id:&lt;&#x2F;span&gt;&lt;span&gt; INFO: Source of key(s) &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;to&lt;&#x2F;span&gt;&lt;span&gt; be installed: &amp;quot;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;&#x2F;home&#x2F;realaravinth&#x2F;.ssh&#x2F;id_rsa.pub&lt;&#x2F;span&gt;&lt;span&gt;&amp;quot;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;&#x2F;usr&#x2F;bin&#x2F;ssh-copy-id:&lt;&#x2F;span&gt;&lt;span&gt; INFO: attempting to log in with the new key(s)&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;,&lt;&#x2F;span&gt;&lt;span&gt; to filter out any that are already installed
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;&#x2F;usr&#x2F;bin&#x2F;ssh-copy-id:&lt;&#x2F;span&gt;&lt;span&gt; INFO: 1 key(s) &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;remain&lt;&#x2F;span&gt;&lt;span&gt; to be installed -- if you are prompted now it is to install the new keys
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;realaravinth@myserver.com&lt;&#x2F;span&gt;&lt;span&gt;&amp;#39;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;s password:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;Number of key(s) added: 1
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;Now try logging into the machine, with: &amp;quot;ssh &lt;&#x2F;span&gt;&lt;span&gt;&amp;#39;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;myserver.com&lt;&#x2F;span&gt;&lt;span&gt;&amp;#39;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;&amp;quot;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;and check to make sure that only the key(s) you wanted were added.
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;1-3-3-disable-ssh-password-authentication&quot;&gt;1.3.3) Disable SSH password authentication&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-3-disable-ssh-password-authentication&quot; aria-label=&quot;Anchor link for: 1-3-3-disable-ssh-password-authentication&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;NOTE: Verify you can log into your account before proceeding&lt;&#x2F;strong&gt;&lt;&#x2F;p&gt;
&lt;&#x2F;blockquote&gt;
&lt;p&gt;Now that we have a private-key authentication setup on both the client and
the server, let&#x27;s disable password authentication on the server:&lt;&#x2F;p&gt;
&lt;p&gt;Open &lt;code&gt;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&lt;&#x2F;code&gt; and add the following lines:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;PubkeyAuthentication yes
&lt;&#x2F;span&gt;&lt;span&gt;PasswordAuthentication no
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;And restart the SSH server:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemctl restart sshd
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;1-3-install-and-setup-fail2ban&quot;&gt;1.3) Install and setup &lt;code&gt;fail2ban&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-install-and-setup-fail2ban&quot; aria-label=&quot;Anchor link for: 1-3-install-and-setup-fail2ban&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;We will be using &lt;code&gt;fail2ban&lt;&#x2F;code&gt; for intrusion prevention by blackiisting entities (users, bots, etc.) based on failed login attempts.&lt;&#x2F;p&gt;
&lt;h4 id=&quot;1-3-1-install-fail2ban&quot;&gt;1.3.1) Install &lt;code&gt;fail2ban&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-1-install-fail2ban&quot; aria-label=&quot;Anchor link for: 1-3-1-install-fail2ban&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo apt install fail2ban
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;1-3-2-enable-fail2ban-for-sshd&quot;&gt;1.3.2) Enable &lt;code&gt;fail2ban&lt;&#x2F;code&gt; for &lt;code&gt;sshd&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-2-enable-fail2ban-for-sshd&quot; aria-label=&quot;Anchor link for: 1-3-2-enable-fail2ban-for-sshd&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;yml&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-yml &quot;&gt;&lt;code class=&quot;language-yml&quot; data-lang=&quot;yml&quot;&gt;&lt;span&gt;[&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;sshd&lt;&#x2F;span&gt;&lt;span&gt;]
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;enabled = true
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;1-3-3-configure-fail2ban-to-start-on-boot&quot;&gt;1.3.3) Configure &lt;code&gt;fail2ban&lt;&#x2F;code&gt; to start on boot&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-3-configure-fail2ban-to-start-on-boot&quot; aria-label=&quot;Anchor link for: 1-3-3-configure-fail2ban-to-start-on-boot&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemctl enable fail2ban
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemctl start fail2ban
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;1-4-install-and-setup-nginx&quot;&gt;1.4) Install and setup &lt;code&gt;nginx&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-4-install-and-setup-nginx&quot; aria-label=&quot;Anchor link for: 1-4-install-and-setup-nginx&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;&lt;code&gt;nginx&lt;&#x2F;code&gt; is a popular web server that can be used to serve static sites.
It is fast, stable, and easy to set up.&lt;&#x2F;p&gt;
&lt;p&gt;To install, run the following command:&lt;&#x2F;p&gt;
&lt;h4 id=&quot;1-4-1-install-nginx&quot;&gt;1.4.1) Install &lt;code&gt;nginx&lt;&#x2F;code&gt;:&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-4-1-install-nginx&quot; aria-label=&quot;Anchor link for: 1-4-1-install-nginx&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo apt install nginx
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;1-4-2-allow-web-traffic-open-ports-80-and-443&quot;&gt;1.4.2) Allow web traffic: open ports &lt;code&gt;80&lt;&#x2F;code&gt; and &lt;code&gt;443&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-4-2-allow-web-traffic-open-ports-80-and-443&quot; aria-label=&quot;Anchor link for: 1-4-2-allow-web-traffic-open-ports-80-and-443&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;p&gt;Ports &lt;code&gt;80&lt;&#x2F;code&gt; is the default for HTTP and &lt;code&gt;443&lt;&#x2F;code&gt; for HTTPS. To serve
web traffic, we&#x27;ll have to Configure &lt;code&gt;ufw&lt;&#x2F;code&gt; to accept traffic on them:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo ufw allow 80 &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# open ports 80 HTTP traffic
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo ufw allow 443 &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# open ports 443 for HTTPS traffic
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;1-4-2-configure-nginx-to-start-on-boot&quot;&gt;1.4.2) Configure &lt;code&gt;nginx&lt;&#x2F;code&gt; to start on boot&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-4-2-configure-nginx-to-start-on-boot&quot; aria-label=&quot;Anchor link for: 1-4-2-configure-nginx-to-start-on-boot&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemtl enable nginx &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# automatically start nginx on boot
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemtl start nginx &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# start nginx server
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;And verify it works:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; curl localhost
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;!DOCTYPE &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;html&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;head&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;title&amp;gt;Welcome &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;to&lt;&#x2F;span&gt;&lt;span&gt; nginx!&amp;lt;&#x2F;title&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;style&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;body &lt;&#x2F;span&gt;&lt;span&gt;{
&lt;&#x2F;span&gt;&lt;span&gt; width: 35em;
&lt;&#x2F;span&gt;&lt;span&gt; margin: 0 auto;
&lt;&#x2F;span&gt;&lt;span&gt; font-family: Tahoma, Verdana, Arial, sans-serif;
&lt;&#x2F;span&gt;&lt;span&gt; }
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;style&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;head&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;body&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;h1&amp;gt;Welcome &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;to&lt;&#x2F;span&gt;&lt;span&gt; nginx!&amp;lt;&#x2F;h1&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;p&amp;gt;If &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;you&lt;&#x2F;span&gt;&lt;span&gt; see this page, the nginx web server is successfully installed and
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;working.&lt;&#x2F;span&gt;&lt;span&gt; Further configuration is required.&amp;lt;&#x2F;p&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;p&amp;gt;For &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;online&lt;&#x2F;span&gt;&lt;span&gt; documentation and support please refer to
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;a &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;href&lt;&#x2F;span&gt;&lt;span&gt;=&amp;quot;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;http:&#x2F;&#x2F;nginx.org&#x2F;&lt;&#x2F;span&gt;&lt;span&gt;&amp;quot;&amp;gt;nginx.org&amp;lt;&#x2F;a&amp;gt;.&amp;lt;br&#x2F;&amp;gt;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Commercial&lt;&#x2F;span&gt;&lt;span&gt; support is available at
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;a &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;href&lt;&#x2F;span&gt;&lt;span&gt;=&amp;quot;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;http:&#x2F;&#x2F;nginx.com&#x2F;&lt;&#x2F;span&gt;&lt;span&gt;&amp;quot;&amp;gt;nginx.com&amp;lt;&#x2F;a&amp;gt;.&amp;lt;&#x2F;p&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;p&amp;gt;&amp;lt;em&amp;gt;Thank &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;you&lt;&#x2F;span&gt;&lt;span&gt; for using nginx.&amp;lt;&#x2F;em&amp;gt;&amp;lt;&#x2F;p&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;body&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;html&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;&lt;code&gt;nginx&lt;&#x2F;code&gt; is working!&lt;&#x2F;p&gt;
&lt;h2 id=&quot;2-deploy-website&quot;&gt;2) Deploy website&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-deploy-website&quot; aria-label=&quot;Anchor link for: 2-deploy-website&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h2&gt;
&lt;p&gt;For this demo, we&#x27;ll deploy a single file(&lt;code&gt;index.html&lt;&#x2F;code&gt;)
HTML website.&lt;&#x2F;p&gt;
&lt;h3 id=&quot;2-1-install-the-webpage-on-the-server&quot;&gt;2.1) Install the webpage on the server&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-1-install-the-webpage-on-the-server&quot; aria-label=&quot;Anchor link for: 2-1-install-the-webpage-on-the-server&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;Edit &lt;code&gt;&#x2F;var&#x2F;www&#x2F;html&#x2F;index.html&lt;&#x2F;code&gt; and add the following HTML to it:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;html&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-html &quot;&gt;&lt;code class=&quot;language-html&quot; data-lang=&quot;html&quot;&gt;&lt;span&gt;&amp;lt;!&lt;&#x2F;span&gt;&lt;span style=&quot;color:#b48ead;&quot;&gt;DOCTYPE &lt;&#x2F;span&gt;&lt;span style=&quot;color:#d08770;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;head&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;title&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;My cool website!&amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;title&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;head&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;body&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;h1&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;Welcome to my website! o&#x2F;&amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;h1&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;body&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;The webpage should now be available on localhost, and we should see it when we run the following command:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; curl localhost
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;!DOCTYPE &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;html&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;head&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;title&amp;gt;My &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;cool&lt;&#x2F;span&gt;&lt;span&gt; website!&amp;lt;&#x2F;title&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&#x2F;head&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;body&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;h1&amp;gt;Welcome &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;to&lt;&#x2F;span&gt;&lt;span&gt; my website! o&#x2F;&amp;lt;&#x2F;h1&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&#x2F;body&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;html&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;2-2-serve-webpage-on-a-custom-domain&quot;&gt;2.2) Serve webpage on a custom domain&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-2-serve-webpage-on-a-custom-domain&quot; aria-label=&quot;Anchor link for: 2-2-serve-webpage-on-a-custom-domain&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;h4 id=&quot;2-2-1-buy-a-domain-if-you-don-t-own-one-already&quot;&gt;2.2.1) Buy a domain if you don&#x27;t own one already&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-2-1-buy-a-domain-if-you-don-t-own-one-already&quot; aria-label=&quot;Anchor link for: 2-2-1-buy-a-domain-if-you-don-t-own-one-already&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;h4 id=&quot;2-2-2-go-to-the-domain-s-dns-dashboard-and-add-the-following-record&quot;&gt;2.2.2) Go to the domain&#x27;s DNS dashboard and add the following record&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-2-2-go-to-the-domain-s-dns-dashboard-and-add-the-following-record&quot; aria-label=&quot;Anchor link for: 2-2-2-go-to-the-domain-s-dns-dashboard-and-add-the-following-record&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;@ A 300 &amp;lt;your server IP address&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;2-2-3-setup-nginx-to-serve-the-website-at-http-your-domain&quot;&gt;2.2.3) Setup &lt;code&gt;nginx&lt;&#x2F;code&gt; to serve the website at &lt;code&gt;http:&#x2F;&#x2F;&amp;lt;your-domain.&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-2-3-setup-nginx-to-serve-the-website-at-http-your-domain&quot; aria-label=&quot;Anchor link for: 2-2-3-setup-nginx-to-serve-the-website-at-http-your-domain&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;p&gt;Open &lt;code&gt;&#x2F;etc&#x2F;nginx&#x2F;sites-available&#x2F;your-domain&lt;&#x2F;code&gt; and add the following:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;server {
&lt;&#x2F;span&gt;&lt;span&gt; # serve website on port 80
&lt;&#x2F;span&gt;&lt;span&gt; listen [::]:80;
&lt;&#x2F;span&gt;&lt;span&gt; listen 80;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # write error logs to file
&lt;&#x2F;span&gt;&lt;span&gt; error_log &#x2F;var&#x2F;log&#x2F;nginx&#x2F;&amp;lt;your-domain&amp;gt;.error.log;
&lt;&#x2F;span&gt;&lt;span&gt; # write access logs to file
&lt;&#x2F;span&gt;&lt;span&gt; access_log &#x2F;var&#x2F;log&#x2F;nginx&#x2F;&amp;lt;your-domain&amp;gt;.access.log;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # serve only on this domain:
&lt;&#x2F;span&gt;&lt;span&gt; server_name &amp;lt;your-domain&amp;gt;; # replace me
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # use files from this directory
&lt;&#x2F;span&gt;&lt;span&gt; root &#x2F;var&#x2F;www&#x2F;html&#x2F;;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # remove .html from URL; it is cleaner this way
&lt;&#x2F;span&gt;&lt;span&gt; rewrite ^(&#x2F;.*)\.html(\?.*)?$ $1$2 permanent;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # when a request is received, try the index.html in the directory
&lt;&#x2F;span&gt;&lt;span&gt; # or $uri.html
&lt;&#x2F;span&gt;&lt;span&gt; try_files $uri&#x2F;index.html $uri.html $uri&#x2F; $uri =404;
&lt;&#x2F;span&gt;&lt;span&gt;}
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;It is good practice to have all &lt;code&gt;nginx&lt;&#x2F;code&gt; deployment configurations in
&lt;code&gt;&#x2F;etc&#x2F;nginx&#x2F;sites-available&#x2F;&lt;&#x2F;code&gt; directory and link production websites to
`&#x2F;etc&#x2F;nginx&#x2F;sites-enabled directory. Doing so allows you to
work-in-progress configurations or delete deployments without losing
the configuration files.&lt;&#x2F;p&gt;
&lt;p&gt;Let&#x27;s enable &lt;code&gt;&amp;lt;your-domain&amp;gt;&lt;&#x2F;code&gt;&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo ln&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; -s&lt;&#x2F;span&gt;&lt;span&gt; &#x2F;etc&#x2F;nginx&#x2F;sites-available&#x2F;&amp;lt;your-domain&amp;gt; &#x2F;etc&#x2F;nginx&#x2F;sites-available&#x2F;&amp;lt;your-domain&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Verify configurations before deploying, &lt;code&gt;nginx&lt;&#x2F;code&gt; has a command
to do it:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo nginx&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; -t
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;If there are no errors, reload &lt;code&gt;nginx&lt;&#x2F;code&gt; to deploy the website:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo nginx&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; -s&lt;&#x2F;span&gt;&lt;span&gt; reload
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Your webpage should now be accessible at &lt;code&gt;http:&#x2F;&#x2F;&amp;lt;your-domain&amp;gt;&lt;&#x2F;code&gt;!&lt;&#x2F;p&gt;
&lt;h3 id=&quot;2-3-install-certbot-to-set-up-https&quot;&gt;2.3) Install &lt;code&gt;certbot&lt;&#x2F;code&gt; to set up HTTPS&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-3-install-certbot-to-set-up-https&quot; aria-label=&quot;Anchor link for: 2-3-install-certbot-to-set-up-https&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;HTTP is insecure. We&#x27;ll have to set up SSL to serve our website using
HTTPS. To do that, we will be using &lt;a href=&quot;https:&#x2F;&#x2F;letsencrypt.org&#x2F;&quot;&gt;Let&#x27;s
Encrypt&lt;&#x2F;a&gt; a popular nonprofit certificate
authority to get our SSL certificates.&lt;&#x2F;p&gt;
&lt;p&gt;SSL certificates come with set lifetimes, so we renew them before they expire. The process, when done manually, is demanding: you
will have to log in every three months and renew the
certificate. If you fail or forget it, your visitors will see security
warnings on your website.&lt;&#x2F;p&gt;
&lt;p&gt;Thankfully, Let&#x27;s Encrypt provides automation through &lt;code&gt;certbot&lt;&#x2F;code&gt;&lt;&#x2F;p&gt;
&lt;h4 id=&quot;2-3-1-install-certbot&quot;&gt;2.3.1) Install &lt;code&gt;certbot&lt;&#x2F;code&gt;:&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-3-1-install-certbot&quot; aria-label=&quot;Anchor link for: 2-3-1-install-certbot&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo apt install certbot python3-certbot-nginx
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;2-3-2-get-a-certificate-for-your-domain&quot;&gt;2.3.2) Get a certificate for &lt;code&gt;&amp;lt;your-domain&amp;gt;&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-3-2-get-a-certificate-for-your-domain&quot; aria-label=&quot;Anchor link for: 2-3-2-get-a-certificate-for-your-domain&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo certbot&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; --nginx -d &lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;your-domain&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;&lt;code&gt;certbot&lt;&#x2F;code&gt; will prompt you for an email ID, and ask you to accept their
terms and conditions, privacy policy, etc. Be sure to read them before
agreeing to them. It will then try to authenticate your domain ownership
using the &lt;a href=&quot;https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Automatic_Certificate_Management_Environment&quot;&gt;ACME
protocol&lt;&#x2F;a&gt;.
By configuring the DNS to point to our server and by telling &lt;code&gt;nginx&lt;&#x2F;code&gt; at
that domain.&lt;&#x2F;p&gt;
&lt;p&gt;When it has verified ownership, it will automatically issue, deploy the
certificate on &lt;code&gt;nginx&lt;&#x2F;code&gt; and setup redirects.&lt;&#x2F;p&gt;
&lt;h4 id=&quot;2-3-3-setup-cronjob-to-automate-ssl-certificate-renewals&quot;&gt;2.3.3) Setup cronjob to automate SSL certificate renewals&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-3-3-setup-cronjob-to-automate-ssl-certificate-renewals&quot; aria-label=&quot;Anchor link for: 2-3-3-setup-cronjob-to-automate-ssl-certificate-renewals&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;p&gt;Become root and edit crontab&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; su
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;crontab -e
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Add the following job and exit:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;0 *&#x2F;12 * * * certbot -n --nginx renew
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;It will attempt to renew SSL certificates every 12 hours. If a the
certificate is due for renewal, &lt;code&gt;certbot&lt;&#x2F;code&gt; will go through the ACME
challenge, get the new certificates and automatically deploy them for
you.&lt;&#x2F;p&gt;
&lt;p&gt;Now our GNU&#x2F;Linux server is configured and ready to serve our website at
&lt;code&gt;http:&#x2F;&#x2F;&amp;lt;your-website&amp;gt;&lt;&#x2F;code&gt;!&lt;&#x2F;p&gt;
</content>
</entry>
</feed>

328
tags/jamstack/index.html Normal file
View file

@ -0,0 +1,328 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width" />
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png" />
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png" />
<link rel="manifest" href="/site.webmanifest" />
<link rel="me" href="https://gts.batsense.net.net/@librepages" />
<link rel="stylesheet" href="https://librepages.org/main.css" />
<link
rel="stylesheet"
media="screen and (max-width: 1300px)"
href="https://librepages.org/mobile.css"
/>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="stylesheet" href="https://librepages.org/main.css" />
<link
rel="stylesheet"
media="screen and (max-width: 1300px)"
href="https://librepages.org/mobile.css"
/>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>JAMStack | LibrePages: JAMstack platform with focus on privacy and speed</title>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="description" content="JAMStack" />
<meta property="og:title" content="JAMStack | LibrePages: JAMstack platform with focus on privacy and speed" />
<meta property="og:type" content="article" />
<meta property="og:url" content="https:&#x2F;&#x2F;librepages.org" />
<meta property="og:description" content="JAMStack" />
<meta
property="og:site_name"
content="JAMStack | LibrePages: JAMstack platform with focus on privacy and speed"
/>
<link
rel="apple-touch-icon"
sizes="57x57"
href="https://librepages.org/apple-icon-57x57.png?h=aa7556c6917e2715fc5cd91b0f71abf54c25fb3f4596b83938485bd339b3ee5c"
/>
<link
rel="apple-touch-icon"
sizes="60x60"
href="https://librepages.org/apple-icon-60x60.png?h=3c65021633e27b12573a4d95ee104960edeeb8448d016cc4a3a8c009956f455b"
/>
<link
rel="apple-touch-icon"
sizes="72x72"
href="https://librepages.org/apple-icon-72x72.png?h=7e6ea650d40b0c229eb8991d4bdaaeaf3a4fdc37b4c91c7e0f6705f4ccbd4823"
/>
<link
rel="apple-touch-icon"
sizes="76x76"
href="https://librepages.org/apple-icon-76x76.png?h=14cc3b66876cc79fe49f4bdf43cfa342dd12249fb32ebb4bf5895cac9fd2eaba"
/>
<link
rel="apple-touch-icon"
sizes="114x114"
href="https://librepages.org/apple-icon-114x114.png?h=a7e320f87a86aa0e037e78635c5f5042e02bf3adaf5c7a3163a108b004f1874e"
/>
<link
rel="apple-touch-icon"
sizes="120x120"
href="https://librepages.org/apple-icon-120x120.png?h=0555c76525ad4b8e974217be648c2691643b0ae09c1447bee571bdf51d324e5a"
/>
<link
rel="apple-touch-icon"
sizes="144x144"
href="https://librepages.org/apple-icon-144x144.png?h=3c6dcd632f3eca17cf7cc6153e9b372183518168754e2d8adb6bc549cfc89694"
/>
<link
rel="apple-touch-icon"
sizes="152x152"
href="https://librepages.org/apple-icon-152x152.png?h=0de6ee6daa86c4800faa71c0ba940a749b025c83f1150b19f7817bac9558344e"
/>
<link
rel="apple-touch-icon"
sizes="180x180"
href="https://librepages.org/apple-icon-180x180.png?h=4015bdb0896669f24d0be4e93fc9625c771a746060906dd94ed07ed2b3a88ede"
/>
<link
rel="icon"
type="image/png"
sizes="192x192"
href="https://librepages.org/android-icon-192x192.png?h=4065738be7277800667ab5dab97c610d8b76f7c9d7835266ecf440a1336b179a"
/>
<link
rel="icon"
type="image/png"
sizes="32x32"
href="https://librepages.org/favicon-32x32.png?h=19f5fc89580c10a37da127a18cb6d18427f8604617fe3c1d163a5528c4832094"
/>
<link
rel="icon"
type="image/png"
sizes="96x96"
href="https://librepages.org/favicon-96x96.png?h=f1dbc55e44179d839832093c008b0bedea79c3b21b1af68adb6d70c3e21227f5"
/>
<link
rel="icon"
type="image/png"
sizes="16x16"
href="https://librepages.org/favicon-16x16.png?h=a7056d65f8aa73fbaf9e97dcd2e685ac67489a76c0b8e715936970b118d74700"
/>
<link
rel="manifest"
href="https://librepages.org/manifest.json?h=27eca3e8297eb7ff340deb3849b210185a459b3845456aa4d0036f6d966b3518"
/>
<meta name="msapplication-TileColor" content="#ffffff" />
<meta
name="msapplication-TileImage"
content="https://librepages.org/ms-icon-144x144.png?h=3c6dcd632f3eca17cf7cc6153e9b372183518168754e2d8adb6bc549cfc89694"
/>
<meta name="theme-color" content="#ffffff" />
</head>
<!-- Matomo -->
<script>
var _paq = (window._paq = window._paq || []);
/* tracker methods like "setCustomDimension" should be called before "trackPageView" */
_paq.push(["setCookieDomain", "*.librepages.org"]);
_paq.push(["trackPageView"]);
_paq.push(["enableLinkTracking"]);
(function () {
var u = "//matomo.librepages.org/";
_paq.push(["setTrackerUrl", u + "matomo.php"]);
_paq.push(["setSiteId", "3"]);
var d = document,
g = d.createElement("script"),
s = d.getElementsByTagName("script")[0];
g.async = true;
g.src = u + "matomo.js";
s.parentNode.insertBefore(g, s);
})();
</script>
<noscript
><p>
<img
src="//matomo.librepages.org/matomo.php?idsite=3&amp;rec=1"
style="border: 0"
alt=""
/></p
></noscript>
<!-- End Matomo Code -->
</head>
<body class="base">
<header><nav class="nav__container">
<input type="checkbox" class="nav__toggle" id="nav__toggle" />
<div class="nav__header">
<a class="nav__logo-container" href="/">
<p class="nav__home-btn">LibrePages</p>
</a>
<label class="nav__hamburger-menu" for="nav__toggle">
<span class="nav__hamburger-inner"></span>
</label>
</div>
<div class="nav__spacer--small"></div>
<div class="nav__link-group">
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="&#x2F;about&#x2F;">About</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="&#x2F;blog&#x2F;">Blog</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;matrix.to&#x2F;#&#x2F;#librepages:matrix.batsense.net">Chat</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;docs.librepages.org">Docs</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;gts.batsense.net&#x2F;@librepages">Fediverse</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;git.batsense.net&#x2F;LibrePages">Source Code</a>
</div>
</div>
<div class="nav__spacer"></div>
<div class="nav__link-group--small">
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;demo.librepages.org&#x2F;">Demo</a>
</div>
</div>
</nav>
</header>
<!-- See ../sass/main.scss. Required for pushing footer to the very
bottom of the page -->
<div class="main__content-container">
<main>
<div class="blog__container">
<div class="tag__title-container">
<h1 class="tag__title">#JAMStack</h1>
<a class="tag__rss-link--single" href="https:&#x2F;&#x2F;librepages.org&#x2F;tags&#x2F;jamstack&#x2F;atom.xml" target="_blank" rel="noopener" title="RSS">
<img
src="https://librepages.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
class="tag__rss-icon--single"
alt="RSS icon"
/>
</a></div>
<ul class="blog__list">
<li class="blog__post-item">
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/" class="blog__post-link">
<h2 class="blog__post-title">How to deploy a website WITHOUT LibrePages</h2>
<p class="blog__post-meta">
10
September
,
2022 &middot; <b>9 min read</b>
</p>
<p class="blog__post-description">Automation services like LibrePages exist to make lives easier but how do you do the same manually, on self-hosted hardware, or in the cloud? </p>
</a>
<div class="blog__post-tag-container">
<a class="blog__post-tag" href="/tags/bare-metal">#bare-metal</a>
<a class="blog__post-tag" href="/tags/nginx">#nginx</a>
<a class="blog__post-tag" href="/tags/JAMStack">#JAMStack</a>
<a class="blog__post-tag" href="/tags/git">#git</a>
<a class="blog__post-tag" href="/tags/self-hosting">#self-hosting</a>
</div>
</li>
</ul>
</div>
<link rel="alternate" type="application/rss+xml" title="RSS" href="https://librepages.org/rss.xml">
</main>
<footer>
<div class="footer__container">
<!-- <div class="footer__column"> --->
<p class="footer__column license__conatiner">
All text <a
class="license__link"
rel="noreferrer"
href="http://creativecommons.org/licenses/by-sa/4.0/"
target="_blank"
>&nbsp;CC-BY-SA&nbsp;</a
>
&amp; code
<a
class="license__link"
rel="noreferrer"
href="https://www.gnu.org/licenses/agpl-3.0.en.html"
target="_blank"
>&nbsp;AGPL&nbsp;</a
>
</p>
<!-- </div> -->
<div class="footer__column--center">
<a href="/blog/atom.xml" target="_blank" rel="noopener" title="RSS">
<img
src="https://librepages.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
class="footer__icon"
alt="Email icon"
/>
</a>
</div>
<div class="footer__column">
<a href="/about" title="About">About</a>
<a href="/coc" title="Code of Conduct">CoC</a>
<span class="footer__column-divider--mobile-only">|</span>
<a href="/legalese" title="Legalese">Legalese</a>
<a href="/privacy-policy" title="Privacy Policy">Privacy</a>
<span class="footer__column-divider--mobile-only">|</span>
<a
href="https://git.batsense.net/LibrePages"
rel="noreferrer"
target="_blank"
title="Status"
>Source Code</a
>
<!--
<a href="/tos" title="Terms of Service">ToS</a>
-->
</div>
</div>
</footer>
</div>
</body>
</html>

367
tags/nginx/atom.xml Normal file
View file

@ -0,0 +1,367 @@
<?xml version="1.0" encoding="UTF-8"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
<title> - nginx</title>
<link href="https://librepages.org/tags/nginx/atom.xml" rel="self" type="application/atom+xml"/>
<link href="https://librepages.org"/>
<generator uri="https://www.getzola.org/">Zola</generator>
<updated>2022-09-10T00:00:00+00:00</updated>
<id>https://librepages.org/tags/nginx/atom.xml</id>
<entry xml:lang="en">
<title>How to deploy a website WITHOUT LibrePages</title>
<published>2022-09-10T00:00:00+00:00</published>
<updated>2022-09-10T00:00:00+00:00</updated>
<link href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/" type="text/html"/>
<id>https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/</id>
<content type="html">&lt;p&gt;In this &lt;del&gt;blog post&lt;&#x2F;del&gt; tutorial, I&#x27;ll show you how to deploy a personal
website. LibrePages automates everything that is discussed in this
tutorial and lets you focus on creating content. Automation is good
but knowing how to do it manually using industry standard
technologies always helps!&lt;&#x2F;p&gt;
&lt;p&gt;We will be using the following technologies to deploy our website:&lt;&#x2F;p&gt;
&lt;ol&gt;
&lt;li&gt;GNU&#x2F;Linux server(Debian)&lt;&#x2F;li&gt;
&lt;li&gt;Nginx (webs server)&lt;&#x2F;li&gt;
&lt;li&gt;Let&#x27;s Encrypt (for HTTPS)&lt;&#x2F;li&gt;
&lt;li&gt;Gitea (but any Git hosting works)&lt;&#x2F;li&gt;
&lt;&#x2F;ol&gt;
&lt;p&gt;Let&#x27;s get started!&lt;&#x2F;p&gt;
&lt;h2 id=&quot;1-setup-debian-gnu-linux&quot;&gt;1. Setup Debian GNU&#x2F;Linux&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-setup-debian-gnu-linux&quot; aria-label=&quot;Anchor link for: 1-setup-debian-gnu-linux&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h2&gt;
&lt;p&gt;We are going to start with a fresh GNU&#x2F;Linux installation, you could get
one from a cloud provider like &lt;a href=&quot;https:&#x2F;&#x2F;www.digitalocean.com&quot;&gt;Digital
Ocean&lt;&#x2F;a&gt; (not affiliated).&lt;&#x2F;p&gt;
&lt;h3 id=&quot;1-1-give-your-account-sudo-privileges&quot;&gt;1.1) Give your account &lt;code&gt;sudo&lt;&#x2F;code&gt; privileges&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-1-give-your-account-sudo-privileges&quot; aria-label=&quot;Anchor link for: 1-1-give-your-account-sudo-privileges&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;On GNU&#x2F;Linux systems, the &lt;code&gt;root&lt;&#x2F;code&gt; account is the most powerful user account.
It is good practice to avoid working as &lt;code&gt;root&lt;&#x2F;code&gt; since a careless mistake
could wipe the entire system out.&lt;&#x2F;p&gt;
&lt;p&gt;&lt;code&gt;sudo&lt;&#x2F;code&gt; give the ability to execute commands with &lt;code&gt;root&lt;&#x2F;code&gt; capabilities
from a lower-privileged account. Let&#x27;s make our account sudo capable:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;su &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# become root
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# add `realaravinth`, my account` to `sudo` group to be able to use `sudo`
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;usermod -aG&lt;&#x2F;span&gt;&lt;span&gt; sudo realaravinth &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# my account is called `realaravinth`, replace it with yours
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#96b5b4;&quot;&gt;exit
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; exit
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Log out and log back in.&lt;&#x2F;p&gt;
&lt;h3 id=&quot;1-2-install-and-setup-firewall-ufw&quot;&gt;1.2) Install and setup firewall(&lt;code&gt;ufw&lt;&#x2F;code&gt;)&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-2-install-and-setup-firewall-ufw&quot; aria-label=&quot;Anchor link for: 1-2-install-and-setup-firewall-ufw&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;Uncomplicated Firewall(&lt;code&gt;ufw&lt;&#x2F;code&gt;) is a popular firewall that is easy to
set up and maintain. For most installations, this should be enough.
System administrators use firewalls to open only the ports that they
think should receive traffic from external networks. Without it, all
ports will be open, causing a security nightmare.&lt;&#x2F;p&gt;
&lt;p&gt;We will require standard SSH (22), and the standard web ports (80 and
443). A comprehensive list of services and the list of ports the listen
on is available at `&#x2F;etc&#x2F;services.&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt &quot;&gt;&lt;code class=&quot;language-bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt&quot; data-lang=&quot;bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt&quot;&gt;&lt;span&gt;install ufw # we are using `ufw` for the firewall
&lt;&#x2F;span&gt;&lt;span&gt;$ sudo ufw allow ssh # allow SSH traffic on port 22, required to log into the server
&lt;&#x2F;span&gt;&lt;span&gt;$ sudo ufw enable # deploy firewall
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;1-3-secure-ssh&quot;&gt;1.3) Secure SSH&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-secure-ssh&quot; aria-label=&quot;Anchor link for: 1-3-secure-ssh&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;SSH allows remote access to our servers over secure, encrypted
channels. By default, users can log in with their password
using SSH. But password authentication is susceptible to brute force attacks, so we should disable password logins on our server and only allow public-key authentication only.&lt;&#x2F;p&gt;
&lt;h3 id=&quot;1-3-1-generate-key-pair&quot;&gt;1.3.1) Generate key pair&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-1-generate-key-pair&quot; aria-label=&quot;Anchor link for: 1-3-1-generate-key-pair&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;On your local computer, generate an SSH key pair:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; ssh-keygen
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Generating&lt;&#x2F;span&gt;&lt;span&gt; public&#x2F;private rsa key pair.
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Enter&lt;&#x2F;span&gt;&lt;span&gt; file in which to save the key (&#x2F;home&#x2F;realaravinth&#x2F;.ssh&#x2F;id_rsa)&lt;&#x2F;span&gt;&lt;span style=&quot;color:#96b5b4;&quot;&gt;:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Enter&lt;&#x2F;span&gt;&lt;span&gt; passphrase (empty for no passphrase)&lt;&#x2F;span&gt;&lt;span style=&quot;color:#96b5b4;&quot;&gt;:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Enter&lt;&#x2F;span&gt;&lt;span&gt; same passphrase again:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Your&lt;&#x2F;span&gt;&lt;span&gt; identification has been saved in &#x2F;home&#x2F;realaravinth&#x2F;.ssh&#x2F;id_rsa
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Your&lt;&#x2F;span&gt;&lt;span&gt; public key has been saved in &#x2F;home&#x2F;realaravinth&#x2F;.ssh&#x2F;id_rsa.pub
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;The&lt;&#x2F;span&gt;&lt;span&gt; key fingerprint is:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;SHA256:i2DE1b9BQb9DqV0r6O9MfPeVqUwfww1&#x2F;T8wIXL2Xqdo&lt;&#x2F;span&gt;&lt;span&gt; realaravinth@myserver.com
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;The&lt;&#x2F;span&gt;&lt;span&gt; key&amp;#39;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;s random art image is:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;+---[RSA 3072]----+
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| .. .o. |
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| . . . .. . . |
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| o o + o .|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| . o* + .+|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| o S ooB o+.|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| . . . o.. +o*=|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| . . . ooo*X|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| +=.ooB|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| o+E .o|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;+----[SHA256]-----+
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Set a strong password the program prompts for one and save it somewhere
safe. Your public key will be at &lt;code&gt;~&#x2F;.ssh&#x2F;id_rsa.pub&lt;&#x2F;code&gt; and your private key at
&lt;code&gt;~&#x2F;.ssh&#x2F;id_rsa&lt;&#x2F;code&gt;. &lt;strong&gt;Never share the private key with anyone&lt;&#x2F;strong&gt;.&lt;&#x2F;p&gt;
&lt;h3 id=&quot;1-3-2-setup-public-key-authentication&quot;&gt;1.3.2) Setup public-key authentication&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-2-setup-public-key-authentication&quot; aria-label=&quot;Anchor link for: 1-3-2-setup-public-key-authentication&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;We have to copy the public key that we generated in the previous setup
onto our server:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; ssh-copy-id&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; -i ~&lt;&#x2F;span&gt;&lt;span&gt;&#x2F;.ssh&#x2F;id_rsa.pub myserver.com
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;&#x2F;usr&#x2F;bin&#x2F;ssh-copy-id:&lt;&#x2F;span&gt;&lt;span&gt; INFO: Source of key(s) &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;to&lt;&#x2F;span&gt;&lt;span&gt; be installed: &amp;quot;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;&#x2F;home&#x2F;realaravinth&#x2F;.ssh&#x2F;id_rsa.pub&lt;&#x2F;span&gt;&lt;span&gt;&amp;quot;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;&#x2F;usr&#x2F;bin&#x2F;ssh-copy-id:&lt;&#x2F;span&gt;&lt;span&gt; INFO: attempting to log in with the new key(s)&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;,&lt;&#x2F;span&gt;&lt;span&gt; to filter out any that are already installed
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;&#x2F;usr&#x2F;bin&#x2F;ssh-copy-id:&lt;&#x2F;span&gt;&lt;span&gt; INFO: 1 key(s) &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;remain&lt;&#x2F;span&gt;&lt;span&gt; to be installed -- if you are prompted now it is to install the new keys
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;realaravinth@myserver.com&lt;&#x2F;span&gt;&lt;span&gt;&amp;#39;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;s password:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;Number of key(s) added: 1
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;Now try logging into the machine, with: &amp;quot;ssh &lt;&#x2F;span&gt;&lt;span&gt;&amp;#39;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;myserver.com&lt;&#x2F;span&gt;&lt;span&gt;&amp;#39;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;&amp;quot;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;and check to make sure that only the key(s) you wanted were added.
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;1-3-3-disable-ssh-password-authentication&quot;&gt;1.3.3) Disable SSH password authentication&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-3-disable-ssh-password-authentication&quot; aria-label=&quot;Anchor link for: 1-3-3-disable-ssh-password-authentication&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;NOTE: Verify you can log into your account before proceeding&lt;&#x2F;strong&gt;&lt;&#x2F;p&gt;
&lt;&#x2F;blockquote&gt;
&lt;p&gt;Now that we have a private-key authentication setup on both the client and
the server, let&#x27;s disable password authentication on the server:&lt;&#x2F;p&gt;
&lt;p&gt;Open &lt;code&gt;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&lt;&#x2F;code&gt; and add the following lines:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;PubkeyAuthentication yes
&lt;&#x2F;span&gt;&lt;span&gt;PasswordAuthentication no
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;And restart the SSH server:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemctl restart sshd
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;1-3-install-and-setup-fail2ban&quot;&gt;1.3) Install and setup &lt;code&gt;fail2ban&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-install-and-setup-fail2ban&quot; aria-label=&quot;Anchor link for: 1-3-install-and-setup-fail2ban&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;We will be using &lt;code&gt;fail2ban&lt;&#x2F;code&gt; for intrusion prevention by blackiisting entities (users, bots, etc.) based on failed login attempts.&lt;&#x2F;p&gt;
&lt;h4 id=&quot;1-3-1-install-fail2ban&quot;&gt;1.3.1) Install &lt;code&gt;fail2ban&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-1-install-fail2ban&quot; aria-label=&quot;Anchor link for: 1-3-1-install-fail2ban&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo apt install fail2ban
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;1-3-2-enable-fail2ban-for-sshd&quot;&gt;1.3.2) Enable &lt;code&gt;fail2ban&lt;&#x2F;code&gt; for &lt;code&gt;sshd&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-2-enable-fail2ban-for-sshd&quot; aria-label=&quot;Anchor link for: 1-3-2-enable-fail2ban-for-sshd&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;yml&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-yml &quot;&gt;&lt;code class=&quot;language-yml&quot; data-lang=&quot;yml&quot;&gt;&lt;span&gt;[&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;sshd&lt;&#x2F;span&gt;&lt;span&gt;]
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;enabled = true
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;1-3-3-configure-fail2ban-to-start-on-boot&quot;&gt;1.3.3) Configure &lt;code&gt;fail2ban&lt;&#x2F;code&gt; to start on boot&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-3-configure-fail2ban-to-start-on-boot&quot; aria-label=&quot;Anchor link for: 1-3-3-configure-fail2ban-to-start-on-boot&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemctl enable fail2ban
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemctl start fail2ban
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;1-4-install-and-setup-nginx&quot;&gt;1.4) Install and setup &lt;code&gt;nginx&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-4-install-and-setup-nginx&quot; aria-label=&quot;Anchor link for: 1-4-install-and-setup-nginx&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;&lt;code&gt;nginx&lt;&#x2F;code&gt; is a popular web server that can be used to serve static sites.
It is fast, stable, and easy to set up.&lt;&#x2F;p&gt;
&lt;p&gt;To install, run the following command:&lt;&#x2F;p&gt;
&lt;h4 id=&quot;1-4-1-install-nginx&quot;&gt;1.4.1) Install &lt;code&gt;nginx&lt;&#x2F;code&gt;:&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-4-1-install-nginx&quot; aria-label=&quot;Anchor link for: 1-4-1-install-nginx&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo apt install nginx
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;1-4-2-allow-web-traffic-open-ports-80-and-443&quot;&gt;1.4.2) Allow web traffic: open ports &lt;code&gt;80&lt;&#x2F;code&gt; and &lt;code&gt;443&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-4-2-allow-web-traffic-open-ports-80-and-443&quot; aria-label=&quot;Anchor link for: 1-4-2-allow-web-traffic-open-ports-80-and-443&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;p&gt;Ports &lt;code&gt;80&lt;&#x2F;code&gt; is the default for HTTP and &lt;code&gt;443&lt;&#x2F;code&gt; for HTTPS. To serve
web traffic, we&#x27;ll have to Configure &lt;code&gt;ufw&lt;&#x2F;code&gt; to accept traffic on them:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo ufw allow 80 &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# open ports 80 HTTP traffic
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo ufw allow 443 &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# open ports 443 for HTTPS traffic
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;1-4-2-configure-nginx-to-start-on-boot&quot;&gt;1.4.2) Configure &lt;code&gt;nginx&lt;&#x2F;code&gt; to start on boot&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-4-2-configure-nginx-to-start-on-boot&quot; aria-label=&quot;Anchor link for: 1-4-2-configure-nginx-to-start-on-boot&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemtl enable nginx &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# automatically start nginx on boot
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemtl start nginx &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# start nginx server
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;And verify it works:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; curl localhost
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;!DOCTYPE &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;html&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;head&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;title&amp;gt;Welcome &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;to&lt;&#x2F;span&gt;&lt;span&gt; nginx!&amp;lt;&#x2F;title&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;style&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;body &lt;&#x2F;span&gt;&lt;span&gt;{
&lt;&#x2F;span&gt;&lt;span&gt; width: 35em;
&lt;&#x2F;span&gt;&lt;span&gt; margin: 0 auto;
&lt;&#x2F;span&gt;&lt;span&gt; font-family: Tahoma, Verdana, Arial, sans-serif;
&lt;&#x2F;span&gt;&lt;span&gt; }
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;style&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;head&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;body&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;h1&amp;gt;Welcome &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;to&lt;&#x2F;span&gt;&lt;span&gt; nginx!&amp;lt;&#x2F;h1&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;p&amp;gt;If &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;you&lt;&#x2F;span&gt;&lt;span&gt; see this page, the nginx web server is successfully installed and
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;working.&lt;&#x2F;span&gt;&lt;span&gt; Further configuration is required.&amp;lt;&#x2F;p&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;p&amp;gt;For &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;online&lt;&#x2F;span&gt;&lt;span&gt; documentation and support please refer to
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;a &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;href&lt;&#x2F;span&gt;&lt;span&gt;=&amp;quot;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;http:&#x2F;&#x2F;nginx.org&#x2F;&lt;&#x2F;span&gt;&lt;span&gt;&amp;quot;&amp;gt;nginx.org&amp;lt;&#x2F;a&amp;gt;.&amp;lt;br&#x2F;&amp;gt;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Commercial&lt;&#x2F;span&gt;&lt;span&gt; support is available at
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;a &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;href&lt;&#x2F;span&gt;&lt;span&gt;=&amp;quot;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;http:&#x2F;&#x2F;nginx.com&#x2F;&lt;&#x2F;span&gt;&lt;span&gt;&amp;quot;&amp;gt;nginx.com&amp;lt;&#x2F;a&amp;gt;.&amp;lt;&#x2F;p&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;p&amp;gt;&amp;lt;em&amp;gt;Thank &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;you&lt;&#x2F;span&gt;&lt;span&gt; for using nginx.&amp;lt;&#x2F;em&amp;gt;&amp;lt;&#x2F;p&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;body&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;html&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;&lt;code&gt;nginx&lt;&#x2F;code&gt; is working!&lt;&#x2F;p&gt;
&lt;h2 id=&quot;2-deploy-website&quot;&gt;2) Deploy website&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-deploy-website&quot; aria-label=&quot;Anchor link for: 2-deploy-website&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h2&gt;
&lt;p&gt;For this demo, we&#x27;ll deploy a single file(&lt;code&gt;index.html&lt;&#x2F;code&gt;)
HTML website.&lt;&#x2F;p&gt;
&lt;h3 id=&quot;2-1-install-the-webpage-on-the-server&quot;&gt;2.1) Install the webpage on the server&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-1-install-the-webpage-on-the-server&quot; aria-label=&quot;Anchor link for: 2-1-install-the-webpage-on-the-server&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;Edit &lt;code&gt;&#x2F;var&#x2F;www&#x2F;html&#x2F;index.html&lt;&#x2F;code&gt; and add the following HTML to it:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;html&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-html &quot;&gt;&lt;code class=&quot;language-html&quot; data-lang=&quot;html&quot;&gt;&lt;span&gt;&amp;lt;!&lt;&#x2F;span&gt;&lt;span style=&quot;color:#b48ead;&quot;&gt;DOCTYPE &lt;&#x2F;span&gt;&lt;span style=&quot;color:#d08770;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;head&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;title&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;My cool website!&amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;title&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;head&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;body&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;h1&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;Welcome to my website! o&#x2F;&amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;h1&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;body&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;The webpage should now be available on localhost, and we should see it when we run the following command:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; curl localhost
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;!DOCTYPE &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;html&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;head&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;title&amp;gt;My &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;cool&lt;&#x2F;span&gt;&lt;span&gt; website!&amp;lt;&#x2F;title&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&#x2F;head&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;body&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;h1&amp;gt;Welcome &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;to&lt;&#x2F;span&gt;&lt;span&gt; my website! o&#x2F;&amp;lt;&#x2F;h1&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&#x2F;body&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;html&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;2-2-serve-webpage-on-a-custom-domain&quot;&gt;2.2) Serve webpage on a custom domain&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-2-serve-webpage-on-a-custom-domain&quot; aria-label=&quot;Anchor link for: 2-2-serve-webpage-on-a-custom-domain&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;h4 id=&quot;2-2-1-buy-a-domain-if-you-don-t-own-one-already&quot;&gt;2.2.1) Buy a domain if you don&#x27;t own one already&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-2-1-buy-a-domain-if-you-don-t-own-one-already&quot; aria-label=&quot;Anchor link for: 2-2-1-buy-a-domain-if-you-don-t-own-one-already&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;h4 id=&quot;2-2-2-go-to-the-domain-s-dns-dashboard-and-add-the-following-record&quot;&gt;2.2.2) Go to the domain&#x27;s DNS dashboard and add the following record&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-2-2-go-to-the-domain-s-dns-dashboard-and-add-the-following-record&quot; aria-label=&quot;Anchor link for: 2-2-2-go-to-the-domain-s-dns-dashboard-and-add-the-following-record&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;@ A 300 &amp;lt;your server IP address&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;2-2-3-setup-nginx-to-serve-the-website-at-http-your-domain&quot;&gt;2.2.3) Setup &lt;code&gt;nginx&lt;&#x2F;code&gt; to serve the website at &lt;code&gt;http:&#x2F;&#x2F;&amp;lt;your-domain.&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-2-3-setup-nginx-to-serve-the-website-at-http-your-domain&quot; aria-label=&quot;Anchor link for: 2-2-3-setup-nginx-to-serve-the-website-at-http-your-domain&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;p&gt;Open &lt;code&gt;&#x2F;etc&#x2F;nginx&#x2F;sites-available&#x2F;your-domain&lt;&#x2F;code&gt; and add the following:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;server {
&lt;&#x2F;span&gt;&lt;span&gt; # serve website on port 80
&lt;&#x2F;span&gt;&lt;span&gt; listen [::]:80;
&lt;&#x2F;span&gt;&lt;span&gt; listen 80;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # write error logs to file
&lt;&#x2F;span&gt;&lt;span&gt; error_log &#x2F;var&#x2F;log&#x2F;nginx&#x2F;&amp;lt;your-domain&amp;gt;.error.log;
&lt;&#x2F;span&gt;&lt;span&gt; # write access logs to file
&lt;&#x2F;span&gt;&lt;span&gt; access_log &#x2F;var&#x2F;log&#x2F;nginx&#x2F;&amp;lt;your-domain&amp;gt;.access.log;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # serve only on this domain:
&lt;&#x2F;span&gt;&lt;span&gt; server_name &amp;lt;your-domain&amp;gt;; # replace me
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # use files from this directory
&lt;&#x2F;span&gt;&lt;span&gt; root &#x2F;var&#x2F;www&#x2F;html&#x2F;;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # remove .html from URL; it is cleaner this way
&lt;&#x2F;span&gt;&lt;span&gt; rewrite ^(&#x2F;.*)\.html(\?.*)?$ $1$2 permanent;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # when a request is received, try the index.html in the directory
&lt;&#x2F;span&gt;&lt;span&gt; # or $uri.html
&lt;&#x2F;span&gt;&lt;span&gt; try_files $uri&#x2F;index.html $uri.html $uri&#x2F; $uri =404;
&lt;&#x2F;span&gt;&lt;span&gt;}
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;It is good practice to have all &lt;code&gt;nginx&lt;&#x2F;code&gt; deployment configurations in
&lt;code&gt;&#x2F;etc&#x2F;nginx&#x2F;sites-available&#x2F;&lt;&#x2F;code&gt; directory and link production websites to
`&#x2F;etc&#x2F;nginx&#x2F;sites-enabled directory. Doing so allows you to
work-in-progress configurations or delete deployments without losing
the configuration files.&lt;&#x2F;p&gt;
&lt;p&gt;Let&#x27;s enable &lt;code&gt;&amp;lt;your-domain&amp;gt;&lt;&#x2F;code&gt;&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo ln&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; -s&lt;&#x2F;span&gt;&lt;span&gt; &#x2F;etc&#x2F;nginx&#x2F;sites-available&#x2F;&amp;lt;your-domain&amp;gt; &#x2F;etc&#x2F;nginx&#x2F;sites-available&#x2F;&amp;lt;your-domain&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Verify configurations before deploying, &lt;code&gt;nginx&lt;&#x2F;code&gt; has a command
to do it:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo nginx&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; -t
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;If there are no errors, reload &lt;code&gt;nginx&lt;&#x2F;code&gt; to deploy the website:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo nginx&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; -s&lt;&#x2F;span&gt;&lt;span&gt; reload
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Your webpage should now be accessible at &lt;code&gt;http:&#x2F;&#x2F;&amp;lt;your-domain&amp;gt;&lt;&#x2F;code&gt;!&lt;&#x2F;p&gt;
&lt;h3 id=&quot;2-3-install-certbot-to-set-up-https&quot;&gt;2.3) Install &lt;code&gt;certbot&lt;&#x2F;code&gt; to set up HTTPS&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-3-install-certbot-to-set-up-https&quot; aria-label=&quot;Anchor link for: 2-3-install-certbot-to-set-up-https&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;HTTP is insecure. We&#x27;ll have to set up SSL to serve our website using
HTTPS. To do that, we will be using &lt;a href=&quot;https:&#x2F;&#x2F;letsencrypt.org&#x2F;&quot;&gt;Let&#x27;s
Encrypt&lt;&#x2F;a&gt; a popular nonprofit certificate
authority to get our SSL certificates.&lt;&#x2F;p&gt;
&lt;p&gt;SSL certificates come with set lifetimes, so we renew them before they expire. The process, when done manually, is demanding: you
will have to log in every three months and renew the
certificate. If you fail or forget it, your visitors will see security
warnings on your website.&lt;&#x2F;p&gt;
&lt;p&gt;Thankfully, Let&#x27;s Encrypt provides automation through &lt;code&gt;certbot&lt;&#x2F;code&gt;&lt;&#x2F;p&gt;
&lt;h4 id=&quot;2-3-1-install-certbot&quot;&gt;2.3.1) Install &lt;code&gt;certbot&lt;&#x2F;code&gt;:&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-3-1-install-certbot&quot; aria-label=&quot;Anchor link for: 2-3-1-install-certbot&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo apt install certbot python3-certbot-nginx
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;2-3-2-get-a-certificate-for-your-domain&quot;&gt;2.3.2) Get a certificate for &lt;code&gt;&amp;lt;your-domain&amp;gt;&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-3-2-get-a-certificate-for-your-domain&quot; aria-label=&quot;Anchor link for: 2-3-2-get-a-certificate-for-your-domain&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo certbot&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; --nginx -d &lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;your-domain&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;&lt;code&gt;certbot&lt;&#x2F;code&gt; will prompt you for an email ID, and ask you to accept their
terms and conditions, privacy policy, etc. Be sure to read them before
agreeing to them. It will then try to authenticate your domain ownership
using the &lt;a href=&quot;https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Automatic_Certificate_Management_Environment&quot;&gt;ACME
protocol&lt;&#x2F;a&gt;.
By configuring the DNS to point to our server and by telling &lt;code&gt;nginx&lt;&#x2F;code&gt; at
that domain.&lt;&#x2F;p&gt;
&lt;p&gt;When it has verified ownership, it will automatically issue, deploy the
certificate on &lt;code&gt;nginx&lt;&#x2F;code&gt; and setup redirects.&lt;&#x2F;p&gt;
&lt;h4 id=&quot;2-3-3-setup-cronjob-to-automate-ssl-certificate-renewals&quot;&gt;2.3.3) Setup cronjob to automate SSL certificate renewals&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-3-3-setup-cronjob-to-automate-ssl-certificate-renewals&quot; aria-label=&quot;Anchor link for: 2-3-3-setup-cronjob-to-automate-ssl-certificate-renewals&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;p&gt;Become root and edit crontab&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; su
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;crontab -e
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Add the following job and exit:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;0 *&#x2F;12 * * * certbot -n --nginx renew
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;It will attempt to renew SSL certificates every 12 hours. If a the
certificate is due for renewal, &lt;code&gt;certbot&lt;&#x2F;code&gt; will go through the ACME
challenge, get the new certificates and automatically deploy them for
you.&lt;&#x2F;p&gt;
&lt;p&gt;Now our GNU&#x2F;Linux server is configured and ready to serve our website at
&lt;code&gt;http:&#x2F;&#x2F;&amp;lt;your-website&amp;gt;&lt;&#x2F;code&gt;!&lt;&#x2F;p&gt;
</content>
</entry>
</feed>

328
tags/nginx/index.html Normal file
View file

@ -0,0 +1,328 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width" />
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png" />
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png" />
<link rel="manifest" href="/site.webmanifest" />
<link rel="me" href="https://gts.batsense.net.net/@librepages" />
<link rel="stylesheet" href="https://librepages.org/main.css" />
<link
rel="stylesheet"
media="screen and (max-width: 1300px)"
href="https://librepages.org/mobile.css"
/>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="stylesheet" href="https://librepages.org/main.css" />
<link
rel="stylesheet"
media="screen and (max-width: 1300px)"
href="https://librepages.org/mobile.css"
/>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>nginx | LibrePages: JAMstack platform with focus on privacy and speed</title>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="description" content="nginx" />
<meta property="og:title" content="nginx | LibrePages: JAMstack platform with focus on privacy and speed" />
<meta property="og:type" content="article" />
<meta property="og:url" content="https:&#x2F;&#x2F;librepages.org" />
<meta property="og:description" content="nginx" />
<meta
property="og:site_name"
content="nginx | LibrePages: JAMstack platform with focus on privacy and speed"
/>
<link
rel="apple-touch-icon"
sizes="57x57"
href="https://librepages.org/apple-icon-57x57.png?h=aa7556c6917e2715fc5cd91b0f71abf54c25fb3f4596b83938485bd339b3ee5c"
/>
<link
rel="apple-touch-icon"
sizes="60x60"
href="https://librepages.org/apple-icon-60x60.png?h=3c65021633e27b12573a4d95ee104960edeeb8448d016cc4a3a8c009956f455b"
/>
<link
rel="apple-touch-icon"
sizes="72x72"
href="https://librepages.org/apple-icon-72x72.png?h=7e6ea650d40b0c229eb8991d4bdaaeaf3a4fdc37b4c91c7e0f6705f4ccbd4823"
/>
<link
rel="apple-touch-icon"
sizes="76x76"
href="https://librepages.org/apple-icon-76x76.png?h=14cc3b66876cc79fe49f4bdf43cfa342dd12249fb32ebb4bf5895cac9fd2eaba"
/>
<link
rel="apple-touch-icon"
sizes="114x114"
href="https://librepages.org/apple-icon-114x114.png?h=a7e320f87a86aa0e037e78635c5f5042e02bf3adaf5c7a3163a108b004f1874e"
/>
<link
rel="apple-touch-icon"
sizes="120x120"
href="https://librepages.org/apple-icon-120x120.png?h=0555c76525ad4b8e974217be648c2691643b0ae09c1447bee571bdf51d324e5a"
/>
<link
rel="apple-touch-icon"
sizes="144x144"
href="https://librepages.org/apple-icon-144x144.png?h=3c6dcd632f3eca17cf7cc6153e9b372183518168754e2d8adb6bc549cfc89694"
/>
<link
rel="apple-touch-icon"
sizes="152x152"
href="https://librepages.org/apple-icon-152x152.png?h=0de6ee6daa86c4800faa71c0ba940a749b025c83f1150b19f7817bac9558344e"
/>
<link
rel="apple-touch-icon"
sizes="180x180"
href="https://librepages.org/apple-icon-180x180.png?h=4015bdb0896669f24d0be4e93fc9625c771a746060906dd94ed07ed2b3a88ede"
/>
<link
rel="icon"
type="image/png"
sizes="192x192"
href="https://librepages.org/android-icon-192x192.png?h=4065738be7277800667ab5dab97c610d8b76f7c9d7835266ecf440a1336b179a"
/>
<link
rel="icon"
type="image/png"
sizes="32x32"
href="https://librepages.org/favicon-32x32.png?h=19f5fc89580c10a37da127a18cb6d18427f8604617fe3c1d163a5528c4832094"
/>
<link
rel="icon"
type="image/png"
sizes="96x96"
href="https://librepages.org/favicon-96x96.png?h=f1dbc55e44179d839832093c008b0bedea79c3b21b1af68adb6d70c3e21227f5"
/>
<link
rel="icon"
type="image/png"
sizes="16x16"
href="https://librepages.org/favicon-16x16.png?h=a7056d65f8aa73fbaf9e97dcd2e685ac67489a76c0b8e715936970b118d74700"
/>
<link
rel="manifest"
href="https://librepages.org/manifest.json?h=27eca3e8297eb7ff340deb3849b210185a459b3845456aa4d0036f6d966b3518"
/>
<meta name="msapplication-TileColor" content="#ffffff" />
<meta
name="msapplication-TileImage"
content="https://librepages.org/ms-icon-144x144.png?h=3c6dcd632f3eca17cf7cc6153e9b372183518168754e2d8adb6bc549cfc89694"
/>
<meta name="theme-color" content="#ffffff" />
</head>
<!-- Matomo -->
<script>
var _paq = (window._paq = window._paq || []);
/* tracker methods like "setCustomDimension" should be called before "trackPageView" */
_paq.push(["setCookieDomain", "*.librepages.org"]);
_paq.push(["trackPageView"]);
_paq.push(["enableLinkTracking"]);
(function () {
var u = "//matomo.librepages.org/";
_paq.push(["setTrackerUrl", u + "matomo.php"]);
_paq.push(["setSiteId", "3"]);
var d = document,
g = d.createElement("script"),
s = d.getElementsByTagName("script")[0];
g.async = true;
g.src = u + "matomo.js";
s.parentNode.insertBefore(g, s);
})();
</script>
<noscript
><p>
<img
src="//matomo.librepages.org/matomo.php?idsite=3&amp;rec=1"
style="border: 0"
alt=""
/></p
></noscript>
<!-- End Matomo Code -->
</head>
<body class="base">
<header><nav class="nav__container">
<input type="checkbox" class="nav__toggle" id="nav__toggle" />
<div class="nav__header">
<a class="nav__logo-container" href="/">
<p class="nav__home-btn">LibrePages</p>
</a>
<label class="nav__hamburger-menu" for="nav__toggle">
<span class="nav__hamburger-inner"></span>
</label>
</div>
<div class="nav__spacer--small"></div>
<div class="nav__link-group">
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="&#x2F;about&#x2F;">About</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="&#x2F;blog&#x2F;">Blog</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;matrix.to&#x2F;#&#x2F;#librepages:matrix.batsense.net">Chat</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;docs.librepages.org">Docs</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;gts.batsense.net&#x2F;@librepages">Fediverse</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;git.batsense.net&#x2F;LibrePages">Source Code</a>
</div>
</div>
<div class="nav__spacer"></div>
<div class="nav__link-group--small">
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;demo.librepages.org&#x2F;">Demo</a>
</div>
</div>
</nav>
</header>
<!-- See ../sass/main.scss. Required for pushing footer to the very
bottom of the page -->
<div class="main__content-container">
<main>
<div class="blog__container">
<div class="tag__title-container">
<h1 class="tag__title">#nginx</h1>
<a class="tag__rss-link--single" href="https:&#x2F;&#x2F;librepages.org&#x2F;tags&#x2F;nginx&#x2F;atom.xml" target="_blank" rel="noopener" title="RSS">
<img
src="https://librepages.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
class="tag__rss-icon--single"
alt="RSS icon"
/>
</a></div>
<ul class="blog__list">
<li class="blog__post-item">
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/" class="blog__post-link">
<h2 class="blog__post-title">How to deploy a website WITHOUT LibrePages</h2>
<p class="blog__post-meta">
10
September
,
2022 &middot; <b>9 min read</b>
</p>
<p class="blog__post-description">Automation services like LibrePages exist to make lives easier but how do you do the same manually, on self-hosted hardware, or in the cloud? </p>
</a>
<div class="blog__post-tag-container">
<a class="blog__post-tag" href="/tags/bare-metal">#bare-metal</a>
<a class="blog__post-tag" href="/tags/nginx">#nginx</a>
<a class="blog__post-tag" href="/tags/JAMStack">#JAMStack</a>
<a class="blog__post-tag" href="/tags/git">#git</a>
<a class="blog__post-tag" href="/tags/self-hosting">#self-hosting</a>
</div>
</li>
</ul>
</div>
<link rel="alternate" type="application/rss+xml" title="RSS" href="https://librepages.org/rss.xml">
</main>
<footer>
<div class="footer__container">
<!-- <div class="footer__column"> --->
<p class="footer__column license__conatiner">
All text <a
class="license__link"
rel="noreferrer"
href="http://creativecommons.org/licenses/by-sa/4.0/"
target="_blank"
>&nbsp;CC-BY-SA&nbsp;</a
>
&amp; code
<a
class="license__link"
rel="noreferrer"
href="https://www.gnu.org/licenses/agpl-3.0.en.html"
target="_blank"
>&nbsp;AGPL&nbsp;</a
>
</p>
<!-- </div> -->
<div class="footer__column--center">
<a href="/blog/atom.xml" target="_blank" rel="noopener" title="RSS">
<img
src="https://librepages.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
class="footer__icon"
alt="Email icon"
/>
</a>
</div>
<div class="footer__column">
<a href="/about" title="About">About</a>
<a href="/coc" title="Code of Conduct">CoC</a>
<span class="footer__column-divider--mobile-only">|</span>
<a href="/legalese" title="Legalese">Legalese</a>
<a href="/privacy-policy" title="Privacy Policy">Privacy</a>
<span class="footer__column-divider--mobile-only">|</span>
<a
href="https://git.batsense.net/LibrePages"
rel="noreferrer"
target="_blank"
title="Status"
>Source Code</a
>
<!--
<a href="/tos" title="Terms of Service">ToS</a>
-->
</div>
</div>
</footer>
</div>
</body>
</html>

367
tags/self-hosting/atom.xml Normal file
View file

@ -0,0 +1,367 @@
<?xml version="1.0" encoding="UTF-8"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
<title> - self-hosting</title>
<link href="https://librepages.org/tags/self-hosting/atom.xml" rel="self" type="application/atom+xml"/>
<link href="https://librepages.org"/>
<generator uri="https://www.getzola.org/">Zola</generator>
<updated>2022-09-10T00:00:00+00:00</updated>
<id>https://librepages.org/tags/self-hosting/atom.xml</id>
<entry xml:lang="en">
<title>How to deploy a website WITHOUT LibrePages</title>
<published>2022-09-10T00:00:00+00:00</published>
<updated>2022-09-10T00:00:00+00:00</updated>
<link href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/" type="text/html"/>
<id>https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/</id>
<content type="html">&lt;p&gt;In this &lt;del&gt;blog post&lt;&#x2F;del&gt; tutorial, I&#x27;ll show you how to deploy a personal
website. LibrePages automates everything that is discussed in this
tutorial and lets you focus on creating content. Automation is good
but knowing how to do it manually using industry standard
technologies always helps!&lt;&#x2F;p&gt;
&lt;p&gt;We will be using the following technologies to deploy our website:&lt;&#x2F;p&gt;
&lt;ol&gt;
&lt;li&gt;GNU&#x2F;Linux server(Debian)&lt;&#x2F;li&gt;
&lt;li&gt;Nginx (webs server)&lt;&#x2F;li&gt;
&lt;li&gt;Let&#x27;s Encrypt (for HTTPS)&lt;&#x2F;li&gt;
&lt;li&gt;Gitea (but any Git hosting works)&lt;&#x2F;li&gt;
&lt;&#x2F;ol&gt;
&lt;p&gt;Let&#x27;s get started!&lt;&#x2F;p&gt;
&lt;h2 id=&quot;1-setup-debian-gnu-linux&quot;&gt;1. Setup Debian GNU&#x2F;Linux&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-setup-debian-gnu-linux&quot; aria-label=&quot;Anchor link for: 1-setup-debian-gnu-linux&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h2&gt;
&lt;p&gt;We are going to start with a fresh GNU&#x2F;Linux installation, you could get
one from a cloud provider like &lt;a href=&quot;https:&#x2F;&#x2F;www.digitalocean.com&quot;&gt;Digital
Ocean&lt;&#x2F;a&gt; (not affiliated).&lt;&#x2F;p&gt;
&lt;h3 id=&quot;1-1-give-your-account-sudo-privileges&quot;&gt;1.1) Give your account &lt;code&gt;sudo&lt;&#x2F;code&gt; privileges&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-1-give-your-account-sudo-privileges&quot; aria-label=&quot;Anchor link for: 1-1-give-your-account-sudo-privileges&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;On GNU&#x2F;Linux systems, the &lt;code&gt;root&lt;&#x2F;code&gt; account is the most powerful user account.
It is good practice to avoid working as &lt;code&gt;root&lt;&#x2F;code&gt; since a careless mistake
could wipe the entire system out.&lt;&#x2F;p&gt;
&lt;p&gt;&lt;code&gt;sudo&lt;&#x2F;code&gt; give the ability to execute commands with &lt;code&gt;root&lt;&#x2F;code&gt; capabilities
from a lower-privileged account. Let&#x27;s make our account sudo capable:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;su &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# become root
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# add `realaravinth`, my account` to `sudo` group to be able to use `sudo`
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;usermod -aG&lt;&#x2F;span&gt;&lt;span&gt; sudo realaravinth &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# my account is called `realaravinth`, replace it with yours
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#96b5b4;&quot;&gt;exit
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; exit
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Log out and log back in.&lt;&#x2F;p&gt;
&lt;h3 id=&quot;1-2-install-and-setup-firewall-ufw&quot;&gt;1.2) Install and setup firewall(&lt;code&gt;ufw&lt;&#x2F;code&gt;)&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-2-install-and-setup-firewall-ufw&quot; aria-label=&quot;Anchor link for: 1-2-install-and-setup-firewall-ufw&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;Uncomplicated Firewall(&lt;code&gt;ufw&lt;&#x2F;code&gt;) is a popular firewall that is easy to
set up and maintain. For most installations, this should be enough.
System administrators use firewalls to open only the ports that they
think should receive traffic from external networks. Without it, all
ports will be open, causing a security nightmare.&lt;&#x2F;p&gt;
&lt;p&gt;We will require standard SSH (22), and the standard web ports (80 and
443). A comprehensive list of services and the list of ports the listen
on is available at `&#x2F;etc&#x2F;services.&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt &quot;&gt;&lt;code class=&quot;language-bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt&quot; data-lang=&quot;bash $ sudo apt update &amp;&amp; apt upgrade # update system $ sudo apt&quot;&gt;&lt;span&gt;install ufw # we are using `ufw` for the firewall
&lt;&#x2F;span&gt;&lt;span&gt;$ sudo ufw allow ssh # allow SSH traffic on port 22, required to log into the server
&lt;&#x2F;span&gt;&lt;span&gt;$ sudo ufw enable # deploy firewall
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;1-3-secure-ssh&quot;&gt;1.3) Secure SSH&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-secure-ssh&quot; aria-label=&quot;Anchor link for: 1-3-secure-ssh&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;SSH allows remote access to our servers over secure, encrypted
channels. By default, users can log in with their password
using SSH. But password authentication is susceptible to brute force attacks, so we should disable password logins on our server and only allow public-key authentication only.&lt;&#x2F;p&gt;
&lt;h3 id=&quot;1-3-1-generate-key-pair&quot;&gt;1.3.1) Generate key pair&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-1-generate-key-pair&quot; aria-label=&quot;Anchor link for: 1-3-1-generate-key-pair&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;On your local computer, generate an SSH key pair:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; ssh-keygen
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Generating&lt;&#x2F;span&gt;&lt;span&gt; public&#x2F;private rsa key pair.
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Enter&lt;&#x2F;span&gt;&lt;span&gt; file in which to save the key (&#x2F;home&#x2F;realaravinth&#x2F;.ssh&#x2F;id_rsa)&lt;&#x2F;span&gt;&lt;span style=&quot;color:#96b5b4;&quot;&gt;:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Enter&lt;&#x2F;span&gt;&lt;span&gt; passphrase (empty for no passphrase)&lt;&#x2F;span&gt;&lt;span style=&quot;color:#96b5b4;&quot;&gt;:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Enter&lt;&#x2F;span&gt;&lt;span&gt; same passphrase again:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Your&lt;&#x2F;span&gt;&lt;span&gt; identification has been saved in &#x2F;home&#x2F;realaravinth&#x2F;.ssh&#x2F;id_rsa
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Your&lt;&#x2F;span&gt;&lt;span&gt; public key has been saved in &#x2F;home&#x2F;realaravinth&#x2F;.ssh&#x2F;id_rsa.pub
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;The&lt;&#x2F;span&gt;&lt;span&gt; key fingerprint is:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;SHA256:i2DE1b9BQb9DqV0r6O9MfPeVqUwfww1&#x2F;T8wIXL2Xqdo&lt;&#x2F;span&gt;&lt;span&gt; realaravinth@myserver.com
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;The&lt;&#x2F;span&gt;&lt;span&gt; key&amp;#39;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;s random art image is:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;+---[RSA 3072]----+
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| .. .o. |
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| . . . .. . . |
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| o o + o .|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| . o* + .+|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| o S ooB o+.|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| . . . o.. +o*=|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| . . . ooo*X|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| +=.ooB|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;| o+E .o|
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;+----[SHA256]-----+
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Set a strong password the program prompts for one and save it somewhere
safe. Your public key will be at &lt;code&gt;~&#x2F;.ssh&#x2F;id_rsa.pub&lt;&#x2F;code&gt; and your private key at
&lt;code&gt;~&#x2F;.ssh&#x2F;id_rsa&lt;&#x2F;code&gt;. &lt;strong&gt;Never share the private key with anyone&lt;&#x2F;strong&gt;.&lt;&#x2F;p&gt;
&lt;h3 id=&quot;1-3-2-setup-public-key-authentication&quot;&gt;1.3.2) Setup public-key authentication&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-2-setup-public-key-authentication&quot; aria-label=&quot;Anchor link for: 1-3-2-setup-public-key-authentication&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;We have to copy the public key that we generated in the previous setup
onto our server:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; ssh-copy-id&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; -i ~&lt;&#x2F;span&gt;&lt;span&gt;&#x2F;.ssh&#x2F;id_rsa.pub myserver.com
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;&#x2F;usr&#x2F;bin&#x2F;ssh-copy-id:&lt;&#x2F;span&gt;&lt;span&gt; INFO: Source of key(s) &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;to&lt;&#x2F;span&gt;&lt;span&gt; be installed: &amp;quot;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;&#x2F;home&#x2F;realaravinth&#x2F;.ssh&#x2F;id_rsa.pub&lt;&#x2F;span&gt;&lt;span&gt;&amp;quot;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;&#x2F;usr&#x2F;bin&#x2F;ssh-copy-id:&lt;&#x2F;span&gt;&lt;span&gt; INFO: attempting to log in with the new key(s)&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;,&lt;&#x2F;span&gt;&lt;span&gt; to filter out any that are already installed
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;&#x2F;usr&#x2F;bin&#x2F;ssh-copy-id:&lt;&#x2F;span&gt;&lt;span&gt; INFO: 1 key(s) &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;remain&lt;&#x2F;span&gt;&lt;span&gt; to be installed -- if you are prompted now it is to install the new keys
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;realaravinth@myserver.com&lt;&#x2F;span&gt;&lt;span&gt;&amp;#39;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;s password:
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;Number of key(s) added: 1
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;Now try logging into the machine, with: &amp;quot;ssh &lt;&#x2F;span&gt;&lt;span&gt;&amp;#39;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;myserver.com&lt;&#x2F;span&gt;&lt;span&gt;&amp;#39;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;&amp;quot;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;and check to make sure that only the key(s) you wanted were added.
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;1-3-3-disable-ssh-password-authentication&quot;&gt;1.3.3) Disable SSH password authentication&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-3-disable-ssh-password-authentication&quot; aria-label=&quot;Anchor link for: 1-3-3-disable-ssh-password-authentication&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;NOTE: Verify you can log into your account before proceeding&lt;&#x2F;strong&gt;&lt;&#x2F;p&gt;
&lt;&#x2F;blockquote&gt;
&lt;p&gt;Now that we have a private-key authentication setup on both the client and
the server, let&#x27;s disable password authentication on the server:&lt;&#x2F;p&gt;
&lt;p&gt;Open &lt;code&gt;&#x2F;etc&#x2F;ssh&#x2F;sshd_config&lt;&#x2F;code&gt; and add the following lines:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;PubkeyAuthentication yes
&lt;&#x2F;span&gt;&lt;span&gt;PasswordAuthentication no
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;And restart the SSH server:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemctl restart sshd
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;1-3-install-and-setup-fail2ban&quot;&gt;1.3) Install and setup &lt;code&gt;fail2ban&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-install-and-setup-fail2ban&quot; aria-label=&quot;Anchor link for: 1-3-install-and-setup-fail2ban&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;We will be using &lt;code&gt;fail2ban&lt;&#x2F;code&gt; for intrusion prevention by blackiisting entities (users, bots, etc.) based on failed login attempts.&lt;&#x2F;p&gt;
&lt;h4 id=&quot;1-3-1-install-fail2ban&quot;&gt;1.3.1) Install &lt;code&gt;fail2ban&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-1-install-fail2ban&quot; aria-label=&quot;Anchor link for: 1-3-1-install-fail2ban&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo apt install fail2ban
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;1-3-2-enable-fail2ban-for-sshd&quot;&gt;1.3.2) Enable &lt;code&gt;fail2ban&lt;&#x2F;code&gt; for &lt;code&gt;sshd&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-2-enable-fail2ban-for-sshd&quot; aria-label=&quot;Anchor link for: 1-3-2-enable-fail2ban-for-sshd&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;yml&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-yml &quot;&gt;&lt;code class=&quot;language-yml&quot; data-lang=&quot;yml&quot;&gt;&lt;span&gt;[&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;sshd&lt;&#x2F;span&gt;&lt;span&gt;]
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;enabled = true
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;1-3-3-configure-fail2ban-to-start-on-boot&quot;&gt;1.3.3) Configure &lt;code&gt;fail2ban&lt;&#x2F;code&gt; to start on boot&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-3-3-configure-fail2ban-to-start-on-boot&quot; aria-label=&quot;Anchor link for: 1-3-3-configure-fail2ban-to-start-on-boot&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemctl enable fail2ban
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemctl start fail2ban
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;1-4-install-and-setup-nginx&quot;&gt;1.4) Install and setup &lt;code&gt;nginx&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-4-install-and-setup-nginx&quot; aria-label=&quot;Anchor link for: 1-4-install-and-setup-nginx&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;&lt;code&gt;nginx&lt;&#x2F;code&gt; is a popular web server that can be used to serve static sites.
It is fast, stable, and easy to set up.&lt;&#x2F;p&gt;
&lt;p&gt;To install, run the following command:&lt;&#x2F;p&gt;
&lt;h4 id=&quot;1-4-1-install-nginx&quot;&gt;1.4.1) Install &lt;code&gt;nginx&lt;&#x2F;code&gt;:&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-4-1-install-nginx&quot; aria-label=&quot;Anchor link for: 1-4-1-install-nginx&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo apt install nginx
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;1-4-2-allow-web-traffic-open-ports-80-and-443&quot;&gt;1.4.2) Allow web traffic: open ports &lt;code&gt;80&lt;&#x2F;code&gt; and &lt;code&gt;443&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-4-2-allow-web-traffic-open-ports-80-and-443&quot; aria-label=&quot;Anchor link for: 1-4-2-allow-web-traffic-open-ports-80-and-443&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;p&gt;Ports &lt;code&gt;80&lt;&#x2F;code&gt; is the default for HTTP and &lt;code&gt;443&lt;&#x2F;code&gt; for HTTPS. To serve
web traffic, we&#x27;ll have to Configure &lt;code&gt;ufw&lt;&#x2F;code&gt; to accept traffic on them:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo ufw allow 80 &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# open ports 80 HTTP traffic
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo ufw allow 443 &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# open ports 443 for HTTPS traffic
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;1-4-2-configure-nginx-to-start-on-boot&quot;&gt;1.4.2) Configure &lt;code&gt;nginx&lt;&#x2F;code&gt; to start on boot&lt;a class=&quot;zola-anchor&quot; href=&quot;#1-4-2-configure-nginx-to-start-on-boot&quot; aria-label=&quot;Anchor link for: 1-4-2-configure-nginx-to-start-on-boot&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemtl enable nginx &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# automatically start nginx on boot
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo systemtl start nginx &lt;&#x2F;span&gt;&lt;span style=&quot;color:#65737e;&quot;&gt;# start nginx server
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;And verify it works:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; curl localhost
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;!DOCTYPE &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;html&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;head&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;title&amp;gt;Welcome &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;to&lt;&#x2F;span&gt;&lt;span&gt; nginx!&amp;lt;&#x2F;title&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;style&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;body &lt;&#x2F;span&gt;&lt;span&gt;{
&lt;&#x2F;span&gt;&lt;span&gt; width: 35em;
&lt;&#x2F;span&gt;&lt;span&gt; margin: 0 auto;
&lt;&#x2F;span&gt;&lt;span&gt; font-family: Tahoma, Verdana, Arial, sans-serif;
&lt;&#x2F;span&gt;&lt;span&gt; }
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;style&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;head&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;body&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;h1&amp;gt;Welcome &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;to&lt;&#x2F;span&gt;&lt;span&gt; nginx!&amp;lt;&#x2F;h1&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;p&amp;gt;If &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;you&lt;&#x2F;span&gt;&lt;span&gt; see this page, the nginx web server is successfully installed and
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;working.&lt;&#x2F;span&gt;&lt;span&gt; Further configuration is required.&amp;lt;&#x2F;p&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;p&amp;gt;For &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;online&lt;&#x2F;span&gt;&lt;span&gt; documentation and support please refer to
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;a &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;href&lt;&#x2F;span&gt;&lt;span&gt;=&amp;quot;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;http:&#x2F;&#x2F;nginx.org&#x2F;&lt;&#x2F;span&gt;&lt;span&gt;&amp;quot;&amp;gt;nginx.org&amp;lt;&#x2F;a&amp;gt;.&amp;lt;br&#x2F;&amp;gt;
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;Commercial&lt;&#x2F;span&gt;&lt;span&gt; support is available at
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;a &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;href&lt;&#x2F;span&gt;&lt;span&gt;=&amp;quot;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#a3be8c;&quot;&gt;http:&#x2F;&#x2F;nginx.com&#x2F;&lt;&#x2F;span&gt;&lt;span&gt;&amp;quot;&amp;gt;nginx.com&amp;lt;&#x2F;a&amp;gt;.&amp;lt;&#x2F;p&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;p&amp;gt;&amp;lt;em&amp;gt;Thank &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;you&lt;&#x2F;span&gt;&lt;span&gt; for using nginx.&amp;lt;&#x2F;em&amp;gt;&amp;lt;&#x2F;p&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;body&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;html&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;&lt;code&gt;nginx&lt;&#x2F;code&gt; is working!&lt;&#x2F;p&gt;
&lt;h2 id=&quot;2-deploy-website&quot;&gt;2) Deploy website&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-deploy-website&quot; aria-label=&quot;Anchor link for: 2-deploy-website&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h2&gt;
&lt;p&gt;For this demo, we&#x27;ll deploy a single file(&lt;code&gt;index.html&lt;&#x2F;code&gt;)
HTML website.&lt;&#x2F;p&gt;
&lt;h3 id=&quot;2-1-install-the-webpage-on-the-server&quot;&gt;2.1) Install the webpage on the server&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-1-install-the-webpage-on-the-server&quot; aria-label=&quot;Anchor link for: 2-1-install-the-webpage-on-the-server&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;Edit &lt;code&gt;&#x2F;var&#x2F;www&#x2F;html&#x2F;index.html&lt;&#x2F;code&gt; and add the following HTML to it:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;html&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-html &quot;&gt;&lt;code class=&quot;language-html&quot; data-lang=&quot;html&quot;&gt;&lt;span&gt;&amp;lt;!&lt;&#x2F;span&gt;&lt;span style=&quot;color:#b48ead;&quot;&gt;DOCTYPE &lt;&#x2F;span&gt;&lt;span style=&quot;color:#d08770;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;head&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;title&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;My cool website!&amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;title&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;head&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;body&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;h1&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;Welcome to my website! o&#x2F;&amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;h1&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;body&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;The webpage should now be available on localhost, and we should see it when we run the following command:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; curl localhost
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;!DOCTYPE &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;html&lt;&#x2F;span&gt;&lt;span&gt;&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;html&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;head&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;title&amp;gt;My &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;cool&lt;&#x2F;span&gt;&lt;span&gt; website!&amp;lt;&#x2F;title&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&#x2F;head&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;body&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;h1&amp;gt;Welcome &lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;to&lt;&#x2F;span&gt;&lt;span&gt; my website! o&#x2F;&amp;lt;&#x2F;h1&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt; &amp;lt;&#x2F;body&amp;gt;
&lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;&#x2F;html&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h3 id=&quot;2-2-serve-webpage-on-a-custom-domain&quot;&gt;2.2) Serve webpage on a custom domain&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-2-serve-webpage-on-a-custom-domain&quot; aria-label=&quot;Anchor link for: 2-2-serve-webpage-on-a-custom-domain&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;h4 id=&quot;2-2-1-buy-a-domain-if-you-don-t-own-one-already&quot;&gt;2.2.1) Buy a domain if you don&#x27;t own one already&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-2-1-buy-a-domain-if-you-don-t-own-one-already&quot; aria-label=&quot;Anchor link for: 2-2-1-buy-a-domain-if-you-don-t-own-one-already&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;h4 id=&quot;2-2-2-go-to-the-domain-s-dns-dashboard-and-add-the-following-record&quot;&gt;2.2.2) Go to the domain&#x27;s DNS dashboard and add the following record&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-2-2-go-to-the-domain-s-dns-dashboard-and-add-the-following-record&quot; aria-label=&quot;Anchor link for: 2-2-2-go-to-the-domain-s-dns-dashboard-and-add-the-following-record&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;@ A 300 &amp;lt;your server IP address&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;2-2-3-setup-nginx-to-serve-the-website-at-http-your-domain&quot;&gt;2.2.3) Setup &lt;code&gt;nginx&lt;&#x2F;code&gt; to serve the website at &lt;code&gt;http:&#x2F;&#x2F;&amp;lt;your-domain.&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-2-3-setup-nginx-to-serve-the-website-at-http-your-domain&quot; aria-label=&quot;Anchor link for: 2-2-3-setup-nginx-to-serve-the-website-at-http-your-domain&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;p&gt;Open &lt;code&gt;&#x2F;etc&#x2F;nginx&#x2F;sites-available&#x2F;your-domain&lt;&#x2F;code&gt; and add the following:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;server {
&lt;&#x2F;span&gt;&lt;span&gt; # serve website on port 80
&lt;&#x2F;span&gt;&lt;span&gt; listen [::]:80;
&lt;&#x2F;span&gt;&lt;span&gt; listen 80;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # write error logs to file
&lt;&#x2F;span&gt;&lt;span&gt; error_log &#x2F;var&#x2F;log&#x2F;nginx&#x2F;&amp;lt;your-domain&amp;gt;.error.log;
&lt;&#x2F;span&gt;&lt;span&gt; # write access logs to file
&lt;&#x2F;span&gt;&lt;span&gt; access_log &#x2F;var&#x2F;log&#x2F;nginx&#x2F;&amp;lt;your-domain&amp;gt;.access.log;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # serve only on this domain:
&lt;&#x2F;span&gt;&lt;span&gt; server_name &amp;lt;your-domain&amp;gt;; # replace me
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # use files from this directory
&lt;&#x2F;span&gt;&lt;span&gt; root &#x2F;var&#x2F;www&#x2F;html&#x2F;;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # remove .html from URL; it is cleaner this way
&lt;&#x2F;span&gt;&lt;span&gt; rewrite ^(&#x2F;.*)\.html(\?.*)?$ $1$2 permanent;
&lt;&#x2F;span&gt;&lt;span&gt;
&lt;&#x2F;span&gt;&lt;span&gt; # when a request is received, try the index.html in the directory
&lt;&#x2F;span&gt;&lt;span&gt; # or $uri.html
&lt;&#x2F;span&gt;&lt;span&gt; try_files $uri&#x2F;index.html $uri.html $uri&#x2F; $uri =404;
&lt;&#x2F;span&gt;&lt;span&gt;}
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;It is good practice to have all &lt;code&gt;nginx&lt;&#x2F;code&gt; deployment configurations in
&lt;code&gt;&#x2F;etc&#x2F;nginx&#x2F;sites-available&#x2F;&lt;&#x2F;code&gt; directory and link production websites to
`&#x2F;etc&#x2F;nginx&#x2F;sites-enabled directory. Doing so allows you to
work-in-progress configurations or delete deployments without losing
the configuration files.&lt;&#x2F;p&gt;
&lt;p&gt;Let&#x27;s enable &lt;code&gt;&amp;lt;your-domain&amp;gt;&lt;&#x2F;code&gt;&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo ln&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; -s&lt;&#x2F;span&gt;&lt;span&gt; &#x2F;etc&#x2F;nginx&#x2F;sites-available&#x2F;&amp;lt;your-domain&amp;gt; &#x2F;etc&#x2F;nginx&#x2F;sites-available&#x2F;&amp;lt;your-domain&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Verify configurations before deploying, &lt;code&gt;nginx&lt;&#x2F;code&gt; has a command
to do it:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo nginx&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; -t
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;If there are no errors, reload &lt;code&gt;nginx&lt;&#x2F;code&gt; to deploy the website:&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo nginx&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; -s&lt;&#x2F;span&gt;&lt;span&gt; reload
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Your webpage should now be accessible at &lt;code&gt;http:&#x2F;&#x2F;&amp;lt;your-domain&amp;gt;&lt;&#x2F;code&gt;!&lt;&#x2F;p&gt;
&lt;h3 id=&quot;2-3-install-certbot-to-set-up-https&quot;&gt;2.3) Install &lt;code&gt;certbot&lt;&#x2F;code&gt; to set up HTTPS&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-3-install-certbot-to-set-up-https&quot; aria-label=&quot;Anchor link for: 2-3-install-certbot-to-set-up-https&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h3&gt;
&lt;p&gt;HTTP is insecure. We&#x27;ll have to set up SSL to serve our website using
HTTPS. To do that, we will be using &lt;a href=&quot;https:&#x2F;&#x2F;letsencrypt.org&#x2F;&quot;&gt;Let&#x27;s
Encrypt&lt;&#x2F;a&gt; a popular nonprofit certificate
authority to get our SSL certificates.&lt;&#x2F;p&gt;
&lt;p&gt;SSL certificates come with set lifetimes, so we renew them before they expire. The process, when done manually, is demanding: you
will have to log in every three months and renew the
certificate. If you fail or forget it, your visitors will see security
warnings on your website.&lt;&#x2F;p&gt;
&lt;p&gt;Thankfully, Let&#x27;s Encrypt provides automation through &lt;code&gt;certbot&lt;&#x2F;code&gt;&lt;&#x2F;p&gt;
&lt;h4 id=&quot;2-3-1-install-certbot&quot;&gt;2.3.1) Install &lt;code&gt;certbot&lt;&#x2F;code&gt;:&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-3-1-install-certbot&quot; aria-label=&quot;Anchor link for: 2-3-1-install-certbot&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo apt install certbot python3-certbot-nginx
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;h4 id=&quot;2-3-2-get-a-certificate-for-your-domain&quot;&gt;2.3.2) Get a certificate for &lt;code&gt;&amp;lt;your-domain&amp;gt;&lt;&#x2F;code&gt;&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-3-2-get-a-certificate-for-your-domain&quot; aria-label=&quot;Anchor link for: 2-3-2-get-a-certificate-for-your-domain&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; sudo certbot&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt; --nginx -d &lt;&#x2F;span&gt;&lt;span&gt;&amp;lt;your-domain&amp;gt;
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;&lt;code&gt;certbot&lt;&#x2F;code&gt; will prompt you for an email ID, and ask you to accept their
terms and conditions, privacy policy, etc. Be sure to read them before
agreeing to them. It will then try to authenticate your domain ownership
using the &lt;a href=&quot;https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Automatic_Certificate_Management_Environment&quot;&gt;ACME
protocol&lt;&#x2F;a&gt;.
By configuring the DNS to point to our server and by telling &lt;code&gt;nginx&lt;&#x2F;code&gt; at
that domain.&lt;&#x2F;p&gt;
&lt;p&gt;When it has verified ownership, it will automatically issue, deploy the
certificate on &lt;code&gt;nginx&lt;&#x2F;code&gt; and setup redirects.&lt;&#x2F;p&gt;
&lt;h4 id=&quot;2-3-3-setup-cronjob-to-automate-ssl-certificate-renewals&quot;&gt;2.3.3) Setup cronjob to automate SSL certificate renewals&lt;a class=&quot;zola-anchor&quot; href=&quot;#2-3-3-setup-cronjob-to-automate-ssl-certificate-renewals&quot; aria-label=&quot;Anchor link for: 2-3-3-setup-cronjob-to-automate-ssl-certificate-renewals&quot;
&gt;&lt;span class=&quot;anchor-icon&quot;&gt;#&lt;&#x2F;span&gt;&lt;&#x2F;a
&gt;
&lt;&#x2F;h4&gt;
&lt;p&gt;Become root and edit crontab&lt;&#x2F;p&gt;
&lt;pre data-lang=&quot;bash&quot; style=&quot;background-color:#2b303b;color:#c0c5ce;&quot; class=&quot;language-bash &quot;&gt;&lt;code class=&quot;language-bash&quot; data-lang=&quot;bash&quot;&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;$&lt;&#x2F;span&gt;&lt;span&gt; su
&lt;&#x2F;span&gt;&lt;span style=&quot;color:#bf616a;&quot;&gt;crontab -e
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;Add the following job and exit:&lt;&#x2F;p&gt;
&lt;pre style=&quot;background-color:#2b303b;color:#c0c5ce;&quot;&gt;&lt;code&gt;&lt;span&gt;0 *&#x2F;12 * * * certbot -n --nginx renew
&lt;&#x2F;span&gt;&lt;&#x2F;code&gt;&lt;&#x2F;pre&gt;
&lt;p&gt;It will attempt to renew SSL certificates every 12 hours. If a the
certificate is due for renewal, &lt;code&gt;certbot&lt;&#x2F;code&gt; will go through the ACME
challenge, get the new certificates and automatically deploy them for
you.&lt;&#x2F;p&gt;
&lt;p&gt;Now our GNU&#x2F;Linux server is configured and ready to serve our website at
&lt;code&gt;http:&#x2F;&#x2F;&amp;lt;your-website&amp;gt;&lt;&#x2F;code&gt;!&lt;&#x2F;p&gt;
</content>
</entry>
</feed>

View file

@ -0,0 +1,328 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width" />
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png" />
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png" />
<link rel="manifest" href="/site.webmanifest" />
<link rel="me" href="https://gts.batsense.net.net/@librepages" />
<link rel="stylesheet" href="https://librepages.org/main.css" />
<link
rel="stylesheet"
media="screen and (max-width: 1300px)"
href="https://librepages.org/mobile.css"
/>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="stylesheet" href="https://librepages.org/main.css" />
<link
rel="stylesheet"
media="screen and (max-width: 1300px)"
href="https://librepages.org/mobile.css"
/>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>self-hosting | LibrePages: JAMstack platform with focus on privacy and speed</title>
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="description" content="self-hosting" />
<meta property="og:title" content="self-hosting | LibrePages: JAMstack platform with focus on privacy and speed" />
<meta property="og:type" content="article" />
<meta property="og:url" content="https:&#x2F;&#x2F;librepages.org" />
<meta property="og:description" content="self-hosting" />
<meta
property="og:site_name"
content="self-hosting | LibrePages: JAMstack platform with focus on privacy and speed"
/>
<link
rel="apple-touch-icon"
sizes="57x57"
href="https://librepages.org/apple-icon-57x57.png?h=aa7556c6917e2715fc5cd91b0f71abf54c25fb3f4596b83938485bd339b3ee5c"
/>
<link
rel="apple-touch-icon"
sizes="60x60"
href="https://librepages.org/apple-icon-60x60.png?h=3c65021633e27b12573a4d95ee104960edeeb8448d016cc4a3a8c009956f455b"
/>
<link
rel="apple-touch-icon"
sizes="72x72"
href="https://librepages.org/apple-icon-72x72.png?h=7e6ea650d40b0c229eb8991d4bdaaeaf3a4fdc37b4c91c7e0f6705f4ccbd4823"
/>
<link
rel="apple-touch-icon"
sizes="76x76"
href="https://librepages.org/apple-icon-76x76.png?h=14cc3b66876cc79fe49f4bdf43cfa342dd12249fb32ebb4bf5895cac9fd2eaba"
/>
<link
rel="apple-touch-icon"
sizes="114x114"
href="https://librepages.org/apple-icon-114x114.png?h=a7e320f87a86aa0e037e78635c5f5042e02bf3adaf5c7a3163a108b004f1874e"
/>
<link
rel="apple-touch-icon"
sizes="120x120"
href="https://librepages.org/apple-icon-120x120.png?h=0555c76525ad4b8e974217be648c2691643b0ae09c1447bee571bdf51d324e5a"
/>
<link
rel="apple-touch-icon"
sizes="144x144"
href="https://librepages.org/apple-icon-144x144.png?h=3c6dcd632f3eca17cf7cc6153e9b372183518168754e2d8adb6bc549cfc89694"
/>
<link
rel="apple-touch-icon"
sizes="152x152"
href="https://librepages.org/apple-icon-152x152.png?h=0de6ee6daa86c4800faa71c0ba940a749b025c83f1150b19f7817bac9558344e"
/>
<link
rel="apple-touch-icon"
sizes="180x180"
href="https://librepages.org/apple-icon-180x180.png?h=4015bdb0896669f24d0be4e93fc9625c771a746060906dd94ed07ed2b3a88ede"
/>
<link
rel="icon"
type="image/png"
sizes="192x192"
href="https://librepages.org/android-icon-192x192.png?h=4065738be7277800667ab5dab97c610d8b76f7c9d7835266ecf440a1336b179a"
/>
<link
rel="icon"
type="image/png"
sizes="32x32"
href="https://librepages.org/favicon-32x32.png?h=19f5fc89580c10a37da127a18cb6d18427f8604617fe3c1d163a5528c4832094"
/>
<link
rel="icon"
type="image/png"
sizes="96x96"
href="https://librepages.org/favicon-96x96.png?h=f1dbc55e44179d839832093c008b0bedea79c3b21b1af68adb6d70c3e21227f5"
/>
<link
rel="icon"
type="image/png"
sizes="16x16"
href="https://librepages.org/favicon-16x16.png?h=a7056d65f8aa73fbaf9e97dcd2e685ac67489a76c0b8e715936970b118d74700"
/>
<link
rel="manifest"
href="https://librepages.org/manifest.json?h=27eca3e8297eb7ff340deb3849b210185a459b3845456aa4d0036f6d966b3518"
/>
<meta name="msapplication-TileColor" content="#ffffff" />
<meta
name="msapplication-TileImage"
content="https://librepages.org/ms-icon-144x144.png?h=3c6dcd632f3eca17cf7cc6153e9b372183518168754e2d8adb6bc549cfc89694"
/>
<meta name="theme-color" content="#ffffff" />
</head>
<!-- Matomo -->
<script>
var _paq = (window._paq = window._paq || []);
/* tracker methods like "setCustomDimension" should be called before "trackPageView" */
_paq.push(["setCookieDomain", "*.librepages.org"]);
_paq.push(["trackPageView"]);
_paq.push(["enableLinkTracking"]);
(function () {
var u = "//matomo.librepages.org/";
_paq.push(["setTrackerUrl", u + "matomo.php"]);
_paq.push(["setSiteId", "3"]);
var d = document,
g = d.createElement("script"),
s = d.getElementsByTagName("script")[0];
g.async = true;
g.src = u + "matomo.js";
s.parentNode.insertBefore(g, s);
})();
</script>
<noscript
><p>
<img
src="//matomo.librepages.org/matomo.php?idsite=3&amp;rec=1"
style="border: 0"
alt=""
/></p
></noscript>
<!-- End Matomo Code -->
</head>
<body class="base">
<header><nav class="nav__container">
<input type="checkbox" class="nav__toggle" id="nav__toggle" />
<div class="nav__header">
<a class="nav__logo-container" href="/">
<p class="nav__home-btn">LibrePages</p>
</a>
<label class="nav__hamburger-menu" for="nav__toggle">
<span class="nav__hamburger-inner"></span>
</label>
</div>
<div class="nav__spacer--small"></div>
<div class="nav__link-group">
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="&#x2F;about&#x2F;">About</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="&#x2F;blog&#x2F;">Blog</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;matrix.to&#x2F;#&#x2F;#librepages:matrix.batsense.net">Chat</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;docs.librepages.org">Docs</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;gts.batsense.net&#x2F;@librepages">Fediverse</a>
</div>
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;git.batsense.net&#x2F;LibrePages">Source Code</a>
</div>
</div>
<div class="nav__spacer"></div>
<div class="nav__link-group--small">
<div class="nav__link-container">
<a class="nav__link" rel="noreferrer" href="https:&#x2F;&#x2F;demo.librepages.org&#x2F;">Demo</a>
</div>
</div>
</nav>
</header>
<!-- See ../sass/main.scss. Required for pushing footer to the very
bottom of the page -->
<div class="main__content-container">
<main>
<div class="blog__container">
<div class="tag__title-container">
<h1 class="tag__title">#self-hosting</h1>
<a class="tag__rss-link--single" href="https:&#x2F;&#x2F;librepages.org&#x2F;tags&#x2F;self-hosting&#x2F;atom.xml" target="_blank" rel="noopener" title="RSS">
<img
src="https://librepages.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
class="tag__rss-icon--single"
alt="RSS icon"
/>
</a></div>
<ul class="blog__list">
<li class="blog__post-item">
<a href="https://librepages.org/blog/2022-09-10-how-to-publish-website-without-librepages/" class="blog__post-link">
<h2 class="blog__post-title">How to deploy a website WITHOUT LibrePages</h2>
<p class="blog__post-meta">
10
September
,
2022 &middot; <b>9 min read</b>
</p>
<p class="blog__post-description">Automation services like LibrePages exist to make lives easier but how do you do the same manually, on self-hosted hardware, or in the cloud? </p>
</a>
<div class="blog__post-tag-container">
<a class="blog__post-tag" href="/tags/bare-metal">#bare-metal</a>
<a class="blog__post-tag" href="/tags/nginx">#nginx</a>
<a class="blog__post-tag" href="/tags/JAMStack">#JAMStack</a>
<a class="blog__post-tag" href="/tags/git">#git</a>
<a class="blog__post-tag" href="/tags/self-hosting">#self-hosting</a>
</div>
</li>
</ul>
</div>
<link rel="alternate" type="application/rss+xml" title="RSS" href="https://librepages.org/rss.xml">
</main>
<footer>
<div class="footer__container">
<!-- <div class="footer__column"> --->
<p class="footer__column license__conatiner">
All text <a
class="license__link"
rel="noreferrer"
href="http://creativecommons.org/licenses/by-sa/4.0/"
target="_blank"
>&nbsp;CC-BY-SA&nbsp;</a
>
&amp; code
<a
class="license__link"
rel="noreferrer"
href="https://www.gnu.org/licenses/agpl-3.0.en.html"
target="_blank"
>&nbsp;AGPL&nbsp;</a
>
</p>
<!-- </div> -->
<div class="footer__column--center">
<a href="/blog/atom.xml" target="_blank" rel="noopener" title="RSS">
<img
src="https://librepages.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
class="footer__icon"
alt="Email icon"
/>
</a>
</div>
<div class="footer__column">
<a href="/about" title="About">About</a>
<a href="/coc" title="Code of Conduct">CoC</a>
<span class="footer__column-divider--mobile-only">|</span>
<a href="/legalese" title="Legalese">Legalese</a>
<a href="/privacy-policy" title="Privacy Policy">Privacy</a>
<span class="footer__column-divider--mobile-only">|</span>
<a
href="https://git.batsense.net/LibrePages"
rel="noreferrer"
target="_blank"
title="Status"
>Source Code</a
>
<!--
<a href="/tos" title="Terms of Service">ToS</a>
-->
</div>
</div>
</footer>
</div>
</body>
</html>