Category: System admin

  • Considerations

    As a peek behind the curtain, this blog and some other web-projects are hosted on an SBC. As I never expect this WordPress or any of my projects to receive any notable traffic, it remains my assessment that this is fine.

    There is however the question of backups, and hardware health. I do not monitor the machine continuously, and at some point the numbers of read/writes may start to affect the reliability of the hardware containing the server.

    As is usually the case, later iterations of the same implementation will be more elegant and efficient. So if I were to set up the same server again, I am sure it would be done to a higher degree of proficiency. But there would doubtless be settings and implementations I either forget how I set up, or some files I did not back up sufficiently.

    That leads me to what steps I’d like to learn more about:
    – regular backups of databases, and off-device storage.
    – how to make better notes and personal documentation for setting up again.

  • Setting up SSL and reverse proxy

    I have set up a SSL certificate using certbot for the mortuus.no domain. It had been nagging at me for a while that my projects had the “not secure” notice for a while, and after having bounced off the task at least once before, it finally clicked.

    The first part of the task was getting the right certbot plugin that worked with domeneshop.no. I could possibly have set it up manually, but I took the challenge of doing it “the right way”. It involved reading the documentation several times, and a fair bit of consulting random chat-bots consolidating advice from the net, but in the end it worked. Now we’ll see if it renews properly when it eventually lapses.

    The second part of the evening involved setting up another cert for foundry.mortuus.no, another personal project for a locally hosted Foundry VTT instance. This was formerly an http page served on :30000, but with https this wouldn’t work (what with https being :443 port and all that).

    I set up the subdomain in my DNS settings, got another cert, and began the ordeal of figuring out how the apache rewrite rules work, as well as where the Foundry options tries to serve its instance.

    Sadly I could not intuit the settings on my own, but after trying a variety of settings, and grappling with my mental map of where the connections were trying to go, I asked the right questions to a chatbot to find examples for what I was aiming for. These described my exact issue, and by adapting them, I could make an apache config file that worked.

    I finally have a secure(ish) home lab environment, with neat addresses.

    I don’t feel particularly competent in many of the subjects I touched upon in this stint, that I merely followed tutorials and examples with only a partial understanding of exactly what options I had, but It’s a start. I must remind myself that nobody goes from inexperienced to expert without practice or a measure of imitation. It was just a step on that path leaving me better prepared for next time.