Virtual Server Setup

//
environmentlinuxvServerblog

This post is a work in progress

To get more organized and productive, I thought it would be cool to setup the following tools and features on the web.

  • Personal Domain for myself
  • Personalized Calendar
  • Personalized task management software
  • Data Accessibility from everywhere

This can be done by hosting a Linux vServer and installing open source software applications to enable above features. In Germany, Strato is one of many hosting service provider and my colleague has been using that for a while now. That was naturally an easy choice for me.

I subscribed to their following offers:

  • Linux V10-8 (12.de) which costs about 5 euros per month for a 12 months subscription.
  • Additional 1.5 euros/month for custom domains. Which will be https://saadsaifse.com

Setting up Strato

Soon after subscribing, a customer number (Kundennummer) is received, which is used to login to their portal to manage your server. The initial server data comes with Ubuntu Linux pre-installed. In my case, it was Ubuntu 18.04 LTS 64bit. I got 4 virtual CPU cores, 8GB of RAM, and 100GB storage space. The password for root username is provided to access the server via ssh or something similar.

After ssh

At this point, we have our account with Strato ready, a virtual server is given to us and we can access it. We can ssh into the server by using the server's hostname and root account. By this time, we can setup the server as per our likings.

The first step is to create a new user account under my name.

  • Check for all users on Linux using cat /etc/passwd command.
  • Create a new user by running sudo useradd username.
  • Set the password of the new account by executing sudo passwd username and entering the password twice.
  • Now ssh into your newly created user account. If it complains about the home directory not created. You can manually create the home directory by using sudo mkdir /home/username and assign permissions chown username:username /home/username.
  • By default, the default terminal of the new user is /bin/sh but we can easily change that to bash by using usermod --shell /bin/bash username from the root account.

Hosting Gatsby Blog

  • Install node.js, npm by running sudo snap install node --classic --channel=12 where channel is the major version of node
  • Install git by running sudo apt-get install git
  • Clone your blog repository and install all dependencies npm i
  • Install gatsby cli npm i -g gatsby-cli
  • Installing NGINX web server sudo apt-get install nginx
  • At this point, the NGINX's default server is running at port 80. If you navigate to your browser with domain name or host computer's IP address, you should see the NGINX home page
  • Configure NGINX web server with a virtual server that points to my blog's files
  • Edit the NGINX config file by running sudo vim /etc/nginx/nginx.conf and add a new virtual server entry inside the http{} block
        server {
                root /home/saad/code/myblog/public;
                listen 80;
                server_name saadsaifse.com www.saadsaifse.com;
                location / {
                }
        }
  • In above snippet, my blog's dist or public folder is pointed by the root variable and server_name is specified with respect to my domain name
  • Reload the configuration by running sudo nginx -s reload
  • Navigate to www.saadsaifse.com to see the blog go live

Securing Using TLS and HTTPS

To secure the that we just hosted with HTTPS, we need a more secure TLS encryption certificate/key. Normally these certificates are issued by commercial Certification Authorities (CA) which are not free. Fortunately, there is an open source and free CA, Let's Encrypt, that can issue Domain Validation certificates and for individuals, this kind of validation is all we need for personal sites and blogs like this one.

That means to have HTTPS for our blog, we need to perform the following main steps:

  • Get a certificate from Let's Encrypt
  • Configure our web server (NGINX) with the certificate and key
  • Redirect all HTTP traffic to HTTPS (which is basically a part of configuring the web server)
  • Renew the certificates before they expire

Now what if I tell you that there already exists a really handy tool (a bot) that automates all of the above steps. You even do not have to configure the config file of the web server. Sweet!

The tool is call certbot and it makes securing the web sites a breeze. It even has all the commands and procedure listed on their site based on the web server and OS you are using. In my case, since I am on Ubuntu 18.04 LTS with NGINX installed, I followed the procedure mentioned here and BAM, the site is configured with TLS and HTTPS enabled. All props to the certbot tool for automating this whole repetitive process.

Next steps will include having a CI/CD pipeline to deploy directly on each push to my Github repository. Stay tuned!