This repository contains the code for my website, jort.dev.
I was inspired by the design of jschr.io.
The setup instructions assume a fresh Arch Linux installation.
Download nginx:
sudo pacman -Syu nginx-mainlineEnable the service:
sudo systemctl enable --now nginxA webpage is now live at localhost.
It is serving the HTML from the /usr/share/nginx/html folder.
Nginx runs as the http user.
Enable your user and the nginx user to edit the files within this folder:
sudo chown -R "$USER":http /usr/share/nginx/htmlClone this repository within the /usr/share/nginx/html folder:
git clone git@github.com:jort-dev/jort-dev.git /usr/share/nginx/htmlMake a backup of the default Nginx configuration:
cp /etc/nginx/nginx.conf /etc/nginx/nginx_conf_backupUpdate the Nginx configuration at /etc/nginx/nginx.conf to match the one from this repository: conf/nginx.conf.
Check the updated config file for errors:
sudo nginx -tRestart the Nginx service:
sudo systemctl restart nginxA domain ending with .dev requires HTTPS in the browser.
Install Certbot:
sudo pacman -S certbot certbot-nginxInstall certificates for all the server_name variables in the server blocks in the Nginx config:
sudo certbot --nginxEnable automatic certificate renewal:
SLEEPTIME=$(awk 'BEGIN{srand(); print int(rand()*(3600+1))}'); echo "0 0,12 * * * root sleep $SLEEPTIME && certbot renew -q" | sudo tee -a /etc/crontab > /dev/nullCheck the updated config file for errors:
sudo nginx -tRestart the Nginx service:
sudo systemctl restart nginxThis section describes various parts of how to set up the server the site is hosted on.
- Identify the disks with
lsblk. - With
ntfs-3ginstalled, label the disks. - Edit the
/etc/fstabfile as seen here. Useautoas type. - Test the fstab configuration by running
sudo mount -a. The disks should now be mounted at the defined paths.
Follow the instructions on the Arch Wiki and here.
As mount point, I created the directory /mount, in which I created a folder old_hdd, to which I mounted the HDD.
On the HDD is a folder for plex: plex
I followed the permission instructions for the plex folder and all its parent folders:
/media/media/old_hdd/media/old_hdd/plex
The server is constantly under attack, see:
journalctl -u sshd | grep FailedTo protect against attacks, we are going to use fail2ban.
Below explaination is also found on the wiki.
To automatically ban IP addresses with suspicious behaviour:
sudo pacman -S fail2ban
sudo mkdir /etc/fail2ban
sudo vim /etc/fail2ban/jail.localEnter the following configuration in the jail.local file:
[DEFAULT]
bantime = 1d
[sshd]
enabled = true
Start the banning service:
sudo systemctl enable --now fail2banThe better solution against attacks is to only allow public and private key connections instead of passwords.
- project overview like https://flathub.org/
- Can SSH in server locally and remotely
- dhcpcd is running (systemctl list-unit-files)
- Can't ping google.com or install packages etc
- Can ping 8.8.8.8
- /etc/resolv.conf is empty or only contains comments
- Hostnames are correctly configures in /etc/hosts and /etc/hostname (they are the same)
Because 8.8.8.8 is pingable, internet drivers are working. When pinging google.com etc, a DNS server is used to determine the IP behind google.com. Google.com cannot be accessed, so there must be something wrong with the DNS servers.
ChatGTP solution:
Add nameserver 8.8.8.8 to /etc/resolv.conf, and then run sudo systemctl restart systemd-resolved.
Old Solution:
openresolv automatically copies an IP from /etc/dhcpcd.conf to /etc/resolv.conf.
/etc/resolv.conf was empty, so this did not happen.
For me, openresolv was somehow uninstalled, probably during a system update.
To fix: manually populate openresolv.
In /etc/dhcpcd.conf, the static domain_name_server=192.168.1.1
So in /etc/openresolv. I added: nameserver 192.168.1.1
This gets reset when dhcpcd is restarted, so I installed the openresolv package, which populates the file automatically.
This happens when Nginx is updated. To fix, do a force pull:
git fetch --all
git reset --hard origin/master