Going SSL

With all of the issues around web security, there’s a pretty easy solution using EFF’s certbot and LetsEncrypt.org.  I use an Nginx proxy in front of everything, so all of the encryption terminates there.  So using certbot with webroot was pretty easy and then it was just a matter of adjusting the Nginx config.

In each site that I migrated to SSL, here’s an example of what the final config looks like.  This works for both Joomla! and WordPress sites behind Nginx.  Nginx listens on http/80 and redirects to https/443.

server {
 listen       80;
 server_name  site_name.come www.site_name.com;
 return 301 https://$host$request_uri;
 }

server {
 listen       443 ssl;
 server_name  site_name.com www.site_name.com;
 ssl_certificate    /etc/letsencrypt/live/kuykendall.life/fullchain.pem;
 ssl_certificate_key  /etc/letsencrypt/live/kuykendall.life/privkey.pem;
 ssl on;

location / {
 proxy_set_header Host $host;
 proxy_set_header X-Forwarded-Host $host;
 proxy_set_header X-Forwarded-Proto $scheme;

proxy_pass http://172.17.0.1:8082;
 proxy_redirect http:// https://;
 }

How this site operates

Here’s how this site is currently setup

– Single Linux server running in Google Compute US-East.
– The Google Compute instance started as an “n1-standard-1”.  I’ve added additional memory but have stuck with a single CPU.
– The only things installed in addition to the base OS are Git and Docker
– Dockerfiles and scripts to manage all of the containers are stored in a private git repo
– Backups consist of a snapshot in GCP and tarballs of data copied to Google Drive or downloaded locally.

This setup works pretty well and makes the whole thing pretty portable.  I had originally built all of this is US-Central but later decided to move it to US-East.  It was a pretty simple task of creating a new instance, installing git and docker, pulling the docker repo, copying the data into place, then creating the containers.

Continue reading

A lot of changes in the last year

Wow, how time flies…  Yet again…

It’s been about a year since anything worthwhile has been added here.  But a lot has changed.  The 2 SOTA activations happened as part of a trip to TN.  Since that trip, we’ve moved to the greater Knoxville TN area, sold our house in Summerville SC, bought just over 15 acres in TN, and are working at building a house.

Over the course of the year, I’ve kept this site up-to-date with patches and it’s been migrated around a little from a private server at my home to being hosted in Azure and then finally in Google Compute.  I’ll do a whole article on the back-end as it’s a rather fun solution.

Winter is almost here and the leaves are falling.  Time to get up onto a mountain and do a SOTA activation.