Monday, March 24, 2025

It's been too damn long ... I should start blogging more.

Plenty has happened since I last thought it was a good idea to blog about things.
My family and I have moved to from South Africa to England.
I nearly died last year, it first started with a burst appendix.
I was hospitalised for about a week, then sent home where I continued to have night-sweats.
After about a month I went back into hospital, where I was found to have abcesses on my liver.
This wasn't dealt with particularly well, and I subsequently developed sepsis and was put into ICU.
I was in hospital for over a month and lost 20kg, eventually discharged and now well again sadly regained all the weight,
but as a side-effect of the blood thinners that I was on have continued to abstain from alcohol for about five months now.

So why do I think it's a good idea to blog about things ... right now it's so that I can record for myself my minor accomplishments and things that I've learned.
In the last week or so, I've earned a lot more about networking infrastructure than I had ever expected to.
The learning experience was driven by the simple sounding task of self hosting a website and an instance of openvpn.
There are so many fiddly bits that all need to be configured just right or else it doesn't work.
  • create an A record on dns for the host name point it to the public IP address my router
  • Find my public ip address using this command :)
    curl wtfismyip.com
  • create a static ip address on my router for my laptop using the mac address
  • create a virtual host on the router for ports 80 and 443 from the public IP to my static IP
  • set my home wifi network on my laptop as private, not public ... firewall blocks incoming traffic on public network
With this setup it all works well and is good enough for testing, my home public ip address will change over time so the A record needs to be updated or get a dyndns type hostname.
The rest of the stack is working nicely:
  • docker-compose
  • alpine/git : to fetch the website contents from a github private repo using a PAT
  • nginx : http only to serve the --webroot challenge from certbot for initial certificate generation
  • nginx : with https to serve the website content
  • certbot/certbot : to generate TLS certs from letsencrypt.org
    The script for this container generates the initial certificate to a shared volume and then loops every 12 hours to check for renewals.
    When a cert is renewed a marker file is created which will be picked up by a background process in the nginx (ssl) container to restart the nginx workers.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)