Moved to a simpler SSG

author: Mitja Felicijan <m@mitjafelicijan.com> 2023-07-08 23:25:41 +0200
committer: Mitja Felicijan <m@mitjafelicijan.com> 2023-07-08 23:25:41 +0200
commit: cd6644ea4ddc78597934ab0ef5ba50e3c3daa927 (patch)
tree: 03de331a8db6386dfd6fa75155bfbcea6b4feaf3 /content/posts/2023-07-01-bringing-all-of-my-projects-together-under-one-umbrella.md
parent: 84ed124529ffeee1590295b8de3a8faf51848680 (diff)
download: mitjafelicijan.com-cd6644ea4ddc78597934ab0ef5ba50e3c3daa927.tar.gz
1 files changed, 0 insertions, 280 deletions
diff --git a/content/posts/2023-07-01-bringing-all-of-my-projects-together-under-one-umbrella.md b/content/posts/2023-07-01-bringing-all-of-my-projects-together-under-one-umbrella.md
deleted file mode 100644
index 4031df0..0000000
--- a/content/posts/2023-07-01-bringing-all-of-my-projects-together-under-one-umbrella.md
+++ /dev/null
@@ -1,280 +0,0 @@
---
-title: "Bringing all of my projects together under one umbrella"
-url: bringing-all-of-my-projects-together-under-one-umbrella.html
-date: 2023-07-01T18:49:07+02:00
-draft: false
---
-## What is the issue anyway?
-Over the years, I have accumulated a bunch of virtual servers on my
-[DigitalOcean](https://www.digitalocean.com/) account for small experimental
-projects I dabble in. And this has resulted in quite a bill. I mean, I wouldn't
-care if these projects were actually being used. But there were just being there
-unused and wasting resources. Which makes this an unnecessary burden for me.
-Most of them are just small HTML pages that have an endpoint or two to read data
-from or to, and for that reason I wrote servers left and right. To be honest,
-all of those things could have been done with [CGI
-scripts](https://en.wikipedia.org/wiki/Common_Gateway_Interface) and that would
-have been more than enough.
-Recently, I decided to stop language hopping and focus on a simpler stack which
-includes C, Go and Lua. And I can accomplish all the things I am interested in.
-## Finding a web server replacement
-Usually I had [Nginx](https://nginx.org/en/) in front of these small web servers
-and I had to manage SSL certificates and all that jazz. I am bored with these
-things. I don't want to manage any of this bullshit anymore.
-So the logical move forward was to find a solid alternative for this. I have
-ended up on [Caddy server](https://caddyserver.com/). I've used it in the past
-but kind of forgotten about it. What I really like about it is an ease of use
-and a bunch of out of the box functionalities that come with it.
-These are the _pitch_ points from their website:
- **Secure by Default**: Caddy is the only web server that uses HTTPS by
-  default. A hardened TLS stack with modern protocols preserves privacy and
-  exposes MITM attacks.
- **Config API**: As its primary mode of configuration, Caddy's REST API makes
-  it easy to automate and integrate with your apps.
- **No Dependencies**: Because Caddy is written in Go, its binaries are entirely
-  self-contained and run on every platform, including containers without libc.
- **Modular Stack**: Take back control over your compute edge. Caddy can be
-  extended with everything you need using plugins.
-I had just a few requirements:
- Automatic SSL
- Static file server
- Basic authentication
- CGI script support
-And the vanilla version does all of it, but CGI scripts. But that can easily be
-fixed with their modular approach. You can do this on their website and build a
-custom version of the server, or do it with Docker.
-This is a `Dockerfile` I used to build a custom server.
-```Dockerfile
-FROM caddy:builder AS builder
-RUN xcaddy build \
-  --with github.com/aksdb/caddy-cgi
-FROM caddy:latest
-RUN apk add --no-cache nano
-COPY --from=builder /usr/bin/caddy /usr/bin/caddy
-```
-## Getting rid of all the unnecessary virtual machines
-The next step was to get a handle on the number of virtual servers I have all
-over the place.
-I decided to move all the projects and services into two main VMs:
- personal server (still Nginx)
-  - git server
-  - static file server
-  - personal blog
- projects server (Caddy server)
-  - personal experiments
-  - other projects
-I will focus on projects' server in this post since it's more interesting.
-## Testing CGI scripts
-The first thing I tested was how CGI scripts work under Caddy. This is
-particularly import to me because almost all of my experiments and mini projects
-need this to work.
-To configure Caddy server, you must provide the server with a configuration
-file. By default, it's called `Caaddyfile`.
-```caddyfile
-{
-  order cgi before respond
-}
-examples.mitjafelicijan.com {
-  cgi /bash-test /opt/projects/examples/bash-test.sh
-  cgi /tcl-test /opt/projects/examples/tcl-test.tcl
-  cgi /lua-test /opt/projects/examples/lua-test.lua
-  cgi /python-test /opt/projects/examples/python-test.py
-  root * /opt/projects/examples
-  file_server
-}
-```
- The order is very important. Make sure that `order cgi before respond` is at
-  the top of the configuration file.
- Also, when you run with Caddy v2, make sure you provide `adapter` argument
-  like this `/usr/bin/caddy run --watch --environ --config /etc/caddy/Caddyfile
-  --adapter caddyfile`. Otherwise, Caddy will try to use a different format for
-  config file.
-I did a small batch of tests with [Bash](https://www.gnu.org/software/bash/),
-[Tcl](https://www.tcl-lang.org/), [Lua](https://www.lua.org/) and
-[Python](https://www.python.org/). Here is a cheat sheet if you need it.
-Let's get Bash out of the way first.
-```bash
-#!/usr/bin/bash
-printf "Content-type: text/plain\n\n"
-printf "Hello from Bash\n\n"
-printf "PATH_INFO     [%s]\n" $PATH_INFO
-printf "QUERY_STRING  [%s]\n" $QUERY_STRING
-printf "\n"
-for i in {0..9..1}; do
-  printf "> %s\n" $i
-done
-exit 0
-```
-This one is for Tcl script.
-```tcl
-#!/usr/bin/tclsh
-puts "Content-type: text/plain\n"
-puts "Hello from Tcl\n"
-puts "PATH_INFO     \[$env(PATH_INFO)\]"
-puts "QUERY_STRING  \[$env(QUERY_STRING)\]"
-puts ""
-for {set i 0} {$i < 10} {incr i} {
-  puts "> $i"
-}
-```
-And for all you Python enjoyers.
-```python
-#!/usr/bin/python3
-import os
-print("Content-type: text/plain\n")
-print("Hello from Python\n")
-print("PATH_INFO     [{}]".format(os.environ['PATH_INFO']))
-print("QUERY_STRING  [{}]".format(os.environ['QUERY_STRING']))
-print("")
-for i in range(10):
-  print("> {}".format(i))
-```
-And for the final example, Lua.
-```lua
-#!/usr/bin/lua
-print("Content-type: text/plain\n")
-print("Hello from Lua\n")
-print(string.format("PATH_INFO     [%s]", os.getenv("PATH_INFO")))
-print(string.format("QUERY_STRING  [%s]", os.getenv("QUERY_STRING")))
-print()
-for i = 0, 9 do
-  print(string.format("> %d", i))
-end
-```
-## Basic authentication
-One thing was also to have an option for some sort of authentication, and
-something like [Basic access
-authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) would
-be more than enough.
-Thankfully, Caddy supports this out of the box already. Below is an updated
-example.
-```Caddyfile
-{
-    order cgi before respond
-}
-examples.mitjafelicijan.com {
-  cgi /bash-test /opt/projects/examples/bash-test.sh
-  cgi /tcl-test /opt/projects/examples/tcl-test.tcl
-  cgi /lua-test /opt/projects/examples/lua-test.lua
-  cgi /python-test /opt/projects/examples/python-test.py
-  root * /opt/projects/examples
-  file_server
-  basicauth * {
-    bob $2a$14$/wCgaf9oMnmQa20txB76u.nI1AldGMBT/1J7fXCfgOiRShwz/JOkK
-  }
-}
-```
-`basicauth *` matches everything under this domain/sub-domain and protects it
-with Basic Authentication.
- `bob` is the username
- `hash` is the password
-To generate these passwords, execute `caddy hash-password` and this will prompt
-you to insert a password twice and spit out a hashed password that you can put
-in your configuration file.
-Restart the server and you are ready to go.
-## Making Caddy a service with systemd
-After the tests were successful, I copied `caddy` to `/usr/bin/caddy` and copied
-`Caddyfile` to `/etc/caddy/Caddyfile`.
-Now off to the systemd. Each systemd service requires you to create a service
-file.
- I created a `/etc/systemd/system/caddy.service` and put the following content
-  in the file.
-```systemd
-[Unit]
-Description=Caddy
-Documentation=https://caddyserver.com/docs/
-After=network.target network-online.target
-Requires=network-online.target
-[Service]
-Type=notify
-User=root
-Group=root
-ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile --adapter caddyfile
-ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force --adapter caddyfile
-TimeoutStopSec=5s
-LimitNOFILE=1048576
-LimitNPROC=512
-PrivateTmp=true
-ProtectSystem=full
-AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
-[Install]
-WantedBy=multi-user.target
-```
- You might need to reload systemd with `systemctl daemon-reload`.
- Then I enabled the service with `systemctl enable caddy.service`.
- And then I started the service with `systemctl start caddy.service`.
-This was about all that I needed to do to get it running. Now I can easily add
-new subdomains and domains to the main configuration file and be done with
-it. No manual Let's Encrypt shenanigans needed.
author	Mitja Felicijan <m@mitjafelicijan.com>	2023-07-08 23:25:41 +0200
committer	Mitja Felicijan <m@mitjafelicijan.com>	2023-07-08 23:25:41 +0200
commit	cd6644ea4ddc78597934ab0ef5ba50e3c3daa927 (patch)
tree	03de331a8db6386dfd6fa75155bfbcea6b4feaf3 /content/posts/2023-07-01-bringing-all-of-my-projects-together-under-one-umbrella.md
parent	84ed124529ffeee1590295b8de3a8faf51848680 (diff)
download	mitjafelicijan.com-cd6644ea4ddc78597934ab0ef5ba50e3c3daa927.tar.gz

diff --git a/content/posts/2023-07-01-bringing-all-of-my-projects-together-under-one-umbrella.md b/content/posts/2023-07-01-bringing-all-of-my-projects-together-under-one-umbrella.md deleted file mode 100644 index 4031df0..0000000 --- a/content/posts/2023-07-01-bringing-all-of-my-projects-together-under-one-umbrella.md +++ /dev/null
@@ -1,280 +0,0 @@
1	---
2	title: "Bringing all of my projects together under one umbrella"
3	url: bringing-all-of-my-projects-together-under-one-umbrella.html
4	date: 2023-07-01T18:49:07+02:00
5	draft: false
6	---
7
8	## What is the issue anyway?
9
10	Over the years, I have accumulated a bunch of virtual servers on my
11	[DigitalOcean](https://www.digitalocean.com/) account for small experimental
12	projects I dabble in. And this has resulted in quite a bill. I mean, I wouldn't
13	care if these projects were actually being used. But there were just being there
14	unused and wasting resources. Which makes this an unnecessary burden for me.
15
16	Most of them are just small HTML pages that have an endpoint or two to read data
17	from or to, and for that reason I wrote servers left and right. To be honest,
18	all of those things could have been done with [CGI
19	scripts](https://en.wikipedia.org/wiki/Common_Gateway_Interface) and that would
20	have been more than enough.
21
22	Recently, I decided to stop language hopping and focus on a simpler stack which
23	includes C, Go and Lua. And I can accomplish all the things I am interested in.
24
25	## Finding a web server replacement
26
27	Usually I had [Nginx](https://nginx.org/en/) in front of these small web servers
28	and I had to manage SSL certificates and all that jazz. I am bored with these
29	things. I don't want to manage any of this bullshit anymore.
30
31	So the logical move forward was to find a solid alternative for this. I have
32	ended up on [Caddy server](https://caddyserver.com/). I've used it in the past
33	but kind of forgotten about it. What I really like about it is an ease of use
34	and a bunch of out of the box functionalities that come with it.
35
36	These are the _pitch_ points from their website:
37
38	- Secure by Default: Caddy is the only web server that uses HTTPS by
39	default. A hardened TLS stack with modern protocols preserves privacy and
40	exposes MITM attacks.
41	- Config API: As its primary mode of configuration, Caddy's REST API makes
42	it easy to automate and integrate with your apps.
43	- No Dependencies: Because Caddy is written in Go, its binaries are entirely
44	self-contained and run on every platform, including containers without libc.
45	- Modular Stack: Take back control over your compute edge. Caddy can be
46	extended with everything you need using plugins.
47
48	I had just a few requirements:
49
50	- Automatic SSL
51	- Static file server
52	- Basic authentication
53	- CGI script support
54
55	And the vanilla version does all of it, but CGI scripts. But that can easily be
56	fixed with their modular approach. You can do this on their website and build a
57	custom version of the server, or do it with Docker.
58
59	This is a `Dockerfile` I used to build a custom server.
60
61	```Dockerfile
62	FROM caddy:builder AS builder
63
64	RUN xcaddy build \
65	--with github.com/aksdb/caddy-cgi
66
67	FROM caddy:latest
68	RUN apk add --no-cache nano
69
70	COPY --from=builder /usr/bin/caddy /usr/bin/caddy
71	```
72
73	## Getting rid of all the unnecessary virtual machines
74
75	The next step was to get a handle on the number of virtual servers I have all
76	over the place.
77
78	I decided to move all the projects and services into two main VMs:
79
80	- personal server (still Nginx)
81	- git server
82	- static file server
83	- personal blog
84	- projects server (Caddy server)
85	- personal experiments
86	- other projects
87
88	I will focus on projects' server in this post since it's more interesting.
89
90	## Testing CGI scripts
91
92	The first thing I tested was how CGI scripts work under Caddy. This is
93	particularly import to me because almost all of my experiments and mini projects
94	need this to work.
95
96	To configure Caddy server, you must provide the server with a configuration
97	file. By default, it's called `Caaddyfile`.
98
99	```caddyfile
100	{
101	order cgi before respond
102	}
103
104	examples.mitjafelicijan.com {
105	cgi /bash-test /opt/projects/examples/bash-test.sh
106	cgi /tcl-test /opt/projects/examples/tcl-test.tcl
107	cgi /lua-test /opt/projects/examples/lua-test.lua
108	cgi /python-test /opt/projects/examples/python-test.py
109
110	root * /opt/projects/examples
111	file_server
112	}
113	```
114
115	- The order is very important. Make sure that `order cgi before respond` is at
116	the top of the configuration file.
117	- Also, when you run with Caddy v2, make sure you provide `adapter` argument
118	like this `/usr/bin/caddy run --watch --environ --config /etc/caddy/Caddyfile
119	--adapter caddyfile`. Otherwise, Caddy will try to use a different format for
120	config file.
121
122	I did a small batch of tests with [Bash](https://www.gnu.org/software/bash/),
123	[Tcl](https://www.tcl-lang.org/), [Lua](https://www.lua.org/) and
124	[Python](https://www.python.org/). Here is a cheat sheet if you need it.
125
126	Let's get Bash out of the way first.
127
128	```bash
129	#!/usr/bin/bash
130
131	printf "Content-type: text/plain\n\n"
132
133	printf "Hello from Bash\n\n"
134	printf "PATH_INFO [%s]\n" $PATH_INFO
135	printf "QUERY_STRING [%s]\n" $QUERY_STRING
136	printf "\n"
137
138	for i in {0..9..1}; do
139	printf "> %s\n" $i
140	done
141
142	exit 0
143	```
144
145	This one is for Tcl script.
146
147	```tcl
148	#!/usr/bin/tclsh
149
150	puts "Content-type: text/plain\n"
151
152	puts "Hello from Tcl\n"
153	puts "PATH_INFO \[$env(PATH_INFO)\]"
154	puts "QUERY_STRING \[$env(QUERY_STRING)\]"
155	puts ""
156
157	for {set i 0} {$i < 10} {incr i} {
158	puts "> $i"
159	}
160	```
161
162	And for all you Python enjoyers.
163
164	```python
165	#!/usr/bin/python3
166
167	import os
168
169	print("Content-type: text/plain\n")
170
171	print("Hello from Python\n")
172	print("PATH_INFO [{}]".format(os.environ['PATH_INFO']))
173	print("QUERY_STRING [{}]".format(os.environ['QUERY_STRING']))
174	print("")
175
176	for i in range(10):
177	print("> {}".format(i))
178	```
179
180	And for the final example, Lua.
181
182	```lua
183	#!/usr/bin/lua
184
185	print("Content-type: text/plain\n")
186
187	print("Hello from Lua\n")
188	print(string.format("PATH_INFO [%s]", os.getenv("PATH_INFO")))
189	print(string.format("QUERY_STRING [%s]", os.getenv("QUERY_STRING")))
190	print()
191
192	for i = 0, 9 do
193	print(string.format("> %d", i))
194	end
195	```
196
197	## Basic authentication
198
199	One thing was also to have an option for some sort of authentication, and
200	something like [Basic access
201	authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) would
202	be more than enough.
203
204	Thankfully, Caddy supports this out of the box already. Below is an updated
205	example.
206
207	```Caddyfile
208	{
209	order cgi before respond
210	}
211
212	examples.mitjafelicijan.com {
213	cgi /bash-test /opt/projects/examples/bash-test.sh
214	cgi /tcl-test /opt/projects/examples/tcl-test.tcl
215	cgi /lua-test /opt/projects/examples/lua-test.lua
216	cgi /python-test /opt/projects/examples/python-test.py
217
218	root * /opt/projects/examples
219	file_server
220
221	basicauth * {
222	bob $2a$14$/wCgaf9oMnmQa20txB76u.nI1AldGMBT/1J7fXCfgOiRShwz/JOkK
223	}
224	}
225	```
226
227	`basicauth *` matches everything under this domain/sub-domain and protects it
228	with Basic Authentication.
229
230	- `bob` is the username
231	- `hash` is the password
232
233	To generate these passwords, execute `caddy hash-password` and this will prompt
234	you to insert a password twice and spit out a hashed password that you can put
235	in your configuration file.
236
237	Restart the server and you are ready to go.
238
239	## Making Caddy a service with systemd
240
241	After the tests were successful, I copied `caddy` to `/usr/bin/caddy` and copied
242	`Caddyfile` to `/etc/caddy/Caddyfile`.
243
244	Now off to the systemd. Each systemd service requires you to create a service
245	file.
246
247	- I created a `/etc/systemd/system/caddy.service` and put the following content
248	in the file.
249
250	```systemd
251	[Unit]
252	Description=Caddy
253	Documentation=https://caddyserver.com/docs/
254	After=network.target network-online.target
255	Requires=network-online.target
256
257	[Service]
258	Type=notify
259	User=root
260	Group=root
261	ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile --adapter caddyfile
262	ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force --adapter caddyfile
263	TimeoutStopSec=5s
264	LimitNOFILE=1048576
265	LimitNPROC=512
266	PrivateTmp=true
267	ProtectSystem=full
268	AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
269
270	[Install]
271	WantedBy=multi-user.target
272	```
273
274	- You might need to reload systemd with `systemctl daemon-reload`.
275	- Then I enabled the service with `systemctl enable caddy.service`.
276	- And then I started the service with `systemctl start caddy.service`.
277
278	This was about all that I needed to do to get it running. Now I can easily add
279	new subdomains and domains to the main configuration file and be done with
280	it. No manual Let's Encrypt shenanigans needed.