A howto guide on setting up a simple and secure blog server using haproxy to serve https, hugo to serve the website, cerbot to generate the tls certificate, and crowdsec for defense
This is my first post on my new site, I hope someone finds it helpful!
Awesome it is good to see the bearblog getting some love. Just to keep it short mostly. I was debating adding another article continuing this one using nginx for that part. I could add a section to this one though. Or would you use something other than nginx, I’m open to suggestions. I checked yours out, it’s a bit snappier than mine :) . What are you running?
I use CI to compile the page and add it to nginx, which I then build into a docker container. Once it’s finished, I deploy it to my server and it gets served by traefik.
That’s another thing I was curious about. Is there a reason why you didn’t use docker?
You mentioned in another comment, that you used snap, because it is used in the official certbot instructions. Did you intend this to be 100% faithful to official docs?
Nice. I might have to clone that setup for fun. What do you use for CI? I’ve got jenkins running but I’ve been wanting to play with gitlab CI/CD too.
I do a lot of my dev work in docker containers, simply so I’m in a clean environment. Doesn’t hurt in ease of backup either. No particular reason not to use docker, I also wanted to keep it kind of brief and simple. The guide I originally read that inspired me had a lot of things that were very outdated, and as I worked through getting it working on debian 12 I generally stuck with the source providers instructions when things weren’t already packaged for dpkg, or alternatives were more complex.
I am currently mulling around doing extensions on this guide and adding links at the bottom, or just extending this one a bit. Also just thinking about writing a guide for other stuff too. I’ve been helping people on discord and irc a bit recently and some of what I know might be useful to someone.
I don’t know everything by any means far from it, but I’ve been around since my first beOS and slackware installs a long time ago and I’ve picked up a lot. I worked developing and deploying pfsense images for a company years ago and have just had a lot of random experience in linux and bsds over the years.
I’d love to see more on something like Envoy as the reverse proxy. I tend to think of reverse proxies in “generations”:
Apache and Friends
Nginx and Buddies
HAProxy and Pals
Envoy and Associates
I’m rather familiar with 0-2 from my previous work. It’s really a pity, to me, that nginx is favored so heavily over HAProxy as in all perf and HA testing that I’ve done has resulted in nginx being left in the dust. The benchmarks that I’ve seen for Envoy show similar standings. I just haven’t spent the time yet to get familiar with it.
Awesome it is good to see the bearblog getting some love. Just to keep it short mostly. I was debating adding another article continuing this one using nginx for that part. I could add a section to this one though. Or would you use something other than nginx, I’m open to suggestions. I checked yours out, it’s a bit snappier than mine :) . What are you running?
I use CI to compile the page and add it to nginx, which I then build into a docker container. Once it’s finished, I deploy it to my server and it gets served by traefik.
That’s another thing I was curious about. Is there a reason why you didn’t use docker?
You mentioned in another comment, that you used snap, because it is used in the official certbot instructions. Did you intend this to be 100% faithful to official docs?
Nice. I might have to clone that setup for fun. What do you use for CI? I’ve got jenkins running but I’ve been wanting to play with gitlab CI/CD too.
I do a lot of my dev work in docker containers, simply so I’m in a clean environment. Doesn’t hurt in ease of backup either. No particular reason not to use docker, I also wanted to keep it kind of brief and simple. The guide I originally read that inspired me had a lot of things that were very outdated, and as I worked through getting it working on debian 12 I generally stuck with the source providers instructions when things weren’t already packaged for dpkg, or alternatives were more complex.
I am currently mulling around doing extensions on this guide and adding links at the bottom, or just extending this one a bit. Also just thinking about writing a guide for other stuff too. I’ve been helping people on discord and irc a bit recently and some of what I know might be useful to someone.
I don’t know everything by any means far from it, but I’ve been around since my first beOS and slackware installs a long time ago and I’ve picked up a lot. I worked developing and deploying pfsense images for a company years ago and have just had a lot of random experience in linux and bsds over the years.
For CI I currently use GitLab, but I want to move it to another git server (and therefore CI) in case they actually sell.
😱 I had no idea. I just went and read through that wow. I hope they don’t sell to someone scummy.
I’d love to see more on something like Envoy as the reverse proxy. I tend to think of reverse proxies in “generations”:
I’m rather familiar with 0-2 from my previous work. It’s really a pity, to me, that nginx is favored so heavily over HAProxy as in all perf and HA testing that I’ve done has resulted in nginx being left in the dust. The benchmarks that I’ve seen for Envoy show similar standings. I just haven’t spent the time yet to get familiar with it.