roberta
- debian bullseye (11.0) x64
- Vultr VPS Cloud Compute: 1x CPU, 1gb RAM, 25gb disk, $5/mon
- IPv6 is autoconfigured to a static address using the enp1s0 MAC address, good for DNS
build process
- Deploy it, collect SSH hostkeys, login as root using your existing SSH key.
- Record IP addresses in DNS
Set timezone
timedatectl set-timezone Australia/Sydney
Set editor
echo "export EDITOR=vim" > /etc/profile.d/editor-vim.sh
Python
apt install python-is-python3
Disable HashKnownHosts
echo -e "Host *\n HashKnownHosts no" > /etc/ssh/ssh_config.d/99-global.conf
Install packages
apt install ack jq make elinks nmap whois screen
Configure screen
curl -o ~/.screenrc https://gist.githubusercontent.com/barneydesmond/d16c5201ed9d2280251dfca7c620bb86/raw/.screenrc
Set FQDN
hostnamectl set-hostname roberta.meidokon.net
updatedb and reboot
updatedb reboot
tweak firewall
The ISP firewall will have things locked down already, but defence in depth is good.
ufw is already installed and permits only SSH, we need HTTP too.
ufw allow http ufw allow https ufw prepend allow from 2404:e80:42e3:0::/64 to any app SSH ufw prepend allow from 87.121.72.135/32 to any app SSH # Existing rule is too broad ufw delete allow 22
install apps
Infra apps
apt install imagemagick apt install mariadb-server
Caddy for HTTP, following official docs:
apt install -y debian-keyring debian-archive-keyring apt-transport-https curl -1sLf https://dl.cloudsmith.io/public/caddy/stable/gpg.key > /etc/apt/trusted.gpg.d/caddy-stable.asc curl -1sLf https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt > /etc/apt/sources.list.d/caddy-stable.list apt update apt install caddy
This uses a systemwide config in /etc/caddy/Caddyfile, and acts as a generic HTTP server initially. It's serving up a Caddy landing page from /usr/share/caddy at http://roberta.meidokon.net/
create user account
useradd -b /bin/bash blog su - blog mkdir -p ~/public_html/blog.meidokon.net echo "<?php phpinfo(); ?>" > ~/public_html/blog.meidokon.net/index.php
get php working
Install PHP packages, Debian 11 is on PHP 7.4
apt install php7.4-common php7.4-fpm php7.4-curl php7.4-mysql php7.4-xml php-imagick php7.4-cli php7.4-mbstring php7.4-zip
- Create a PHP-FPM pool config
- cd /etc/php/7.4/fpm/pool.d
- cp www.conf blog.conf
Edit it up kinda like so:
[blog] user = blog group = blog listen = /run/php/php7.4-fpm-blog.sock listen.owner = caddy listen.group = caddy pm = dynamic pm.max_children = 5 pm.start_servers = 2 pm.min_spare_servers = 1 pm.max_spare_servers = 3
Restart php-fpm: systemctl restart php7.4-fpm.service
Setup a vhost in /etc/caddy/Caddyfile above the default vhost
roberta.meidokon.net { root * /home/blog/public_html/blog.meidokon.net file_server php_fastcgi unix//run/php/php7.4-fpm-blog.sock log { output file /var/log/caddy/blog.log } }Reload the config: systemctl reload caddy
Now try reaching the domain, it should work, and magically have TLS working.
Wordpress
Running a vanilla Wordpress 5.9 for https://blog.meidokon.net/
Wordpress has come a long way, I'm genuinely impressed. The editor is fantastic now, the new Content Blocks scheme makes it a contender to Squarespace in my eyes, but you can self-host instead of using their cloud. Full control over the potential for speed and caching is very, very nice.
Grab https://wordpress.org/latest.tar.gz and unpack it to ~furinkan/public_html/blog.meidokon.net
Setup mysql DB, this is all muscle memory now
CREATE USER 'blog'@'localhost' IDENTIFIED BY 'ASecurePassword'; CREATE DATABASE blog; GRANT ALL PRIVILEGES ON blog.* TO 'blog'@'localhost' WITH GRANT OPTION;
Hit the domain and it'll ask you for setup credentials.
Importing a wordpress site
Assuming you do the XML dump, that gets you most of the way there. Assuming the source site is still up, it'll download all the media from the old site and bring it over. That rocks!
What you still need to do:
- Download themes and activate
- Customise the active theme
- Colours etc
- Assign menus (retained) to location in theme
- Install the same plugins
- Activate them and enable auto-updates