Because I decided to add multiple sub-domains to better administer libertatum.net (e.g. blog, www) this meant the single ssl certification I had was insufficent, and now that LetsEncrypt is live, time to https all the things!
So I have been tinkering with my single-point-of-‘net-presence; while it doesn’t look any different from here (which is sort of the point) I have been figuring out how to integrate mail (see my mail-in-a-box post) and this humble site into one easy to manage package. As it turns out, mail-in-a-box already runs nginx to provide a static web service. I am now hosting this on a legitimate host (DigitalOcean) and I have SSL certs!
I am an Android guy. Not because it is ‘better’ than the alternatives, but because it is more apt for messing around with than other alternatives currently available (though I am looking forward to getting to play with the Ubuntu Phone). I like Google and I understand the attractiveness of outsourcing email, but I want to control as much of my online presence as possible and do it as simply as possible (see my first post). I am getting a new phone soon (Sony Xperia Z3 Compact) to address battery issues with my current phone (Nexus 4) but since the phone works fine otherwise, I will be able to tinker with it. So I installed a nightly release of CyanogenMod 12 on the phone without any Google-cruft. My plan is to create my own personal cloud and access it with as open a device as possible. If not, why not?
Whatever form my mail server was going to take in the end, I wanted to make sure it would be as close to the Popeil Standard (Set it, and Forget it!) as possible. This is not my first rodeo when it comes to hosting my own mail, and I had decided on some mix of the following:
postfix, dovecot, cyrus
spamassasin or spamd
mySQL and LDAP for virtual users (I don’t want to create a bunch of actual users and have to deal with denying access &c.)
opendkim for authentication
webmail via roundcube
ownCloud for CalDav/WebDAV
So you can imagine how happy I was to discover Mail-in-a-Box. Yep, basically everything I want, all scripted and ready to run. Seriously, this is what I needed. I can use the git repo to start from and build out what I had in mind.
I wanted a simple web presence, mostly as an exercise but partly as a space to post thoughts and notes that I will find useful in the future, and perhaps others may find useful. In this vein this post will cover what I did to build this site, the rationalization behind my choices, and any other bits about the process that I think are interesting.
building the server
For the sake of rapidity, I prototyped the website on an Openstack instance in a cloud using a ‘tiny’ Ubuntu 14.04 (Trusty Tahr) image. I installed the following packages, required for getting the site up:
building the site
This was wickedly simple. On my local system (OS X) I built the local site repository using jekyll, which will also allow us to generate the content locally for review before committing.
On the web-server I will made a change to the nginx configuration, because I prefer to have my web content in /var/www/ and since I will be serving only html, my only site will be in /var/www/html. The config file is at /etc/nginx/sites-available/default. Configure as appropriate.
Set the ownership of /var/www/ to your user (not root!).
We will also need to install jekyll:
Next, build the repo and initialize. This will be kept under my working account on the server (not root!).
Build ~/repos/wrldswrst.ninja.git/hooks/post-receive. This will clone the wrldswrst.ninja repository to a temp directory in ~/ then use jekyll to build the source to /var/www/html
Then set the script to executable.
Back on your local machine, add a remote repo called ‘web’:
making it all pretty
I really like Solarized, so I looked and found mattvh’s theme. Perfect, just cloned from git over my local jekyll directory, and made my modifications.
Really, that was all it was. I think it took more time to document this process than it did to actually do it. However, there is much more I want to do, not the least of which is a secure (https) certificate. Otherwise, I now have a very simple work-flow for publishing content using the tools I like, with a very simple code-base to maintain, with the help of my own git repo. Next I will work on automating the build, so it will be easy to migrate later.