Website Notes

TODO:

To create a favicon, use this site.

For Table of Contents, just use the Kramdown one. Jekyll uses Kramdown automatically.

Table of Contents

* Table of Contents
{:toc}

The line above will be used as a template for the entries.

Updating your server

sudo apt-get update && sudo apt-get dist-upgrade
sudo reboot

Subtitles

In the document:

<p class="subtitle">8th May</p>

Multiple themes with Sass

To create different CSS files that use different colours for themes but keep the rest of the style, you can use Sass Modules. Or at least you would if you were using Dart Sass.

Since I am not, I need to use import instead.

You need to set sass_dir in your _config.yml:

sass:
    sass_dir: ./_scss

You then include your main style sheet from each theme, defining the variables beforehand, eg:

$primary-color: #CC6200;

@import "library";

(If you’re using Jekyll, you’ll need two sets of --- on the top two lines.)

Then _library.scss in the folder you specified in your _config.yml would contain something like this:

$title-background-color: #21201B !default;
$background-color: #454545 !default;

body {
  margin: 0;
  line-height: 1.5;

  font-family: "Helvetica", "Arial", sans-serif;
  color: $background-color;
  background-color: $background-color;
}

(If you’re using Jekyll, you don’t need the ---s because this file isn’t processed directly by Jekyll, just by Sass.)

Websites with Linode

To setup the server:

  1. Getting Started
  2. How to Secure your Server
  3. A Tutorial for Using Fail2ban to Secure Your Server
  4. How to Configure a Firewall with UFW
  5. How to Install a LAMP Stack on Ubuntu 18.04

To add a website:

Reverse Proxying with Apache

In order to provide a server with HTTPS:

  <Location /data >
    ProxyPass http://localhost:8080
    ProxyPassReverse http://localhost:8080
  </Location>

(More info on this step here.)

Creating a user for SFTP uploads

Ubuntu seems to have SFTP support by default - it seems that this is through the sftp-server tool that is started by OpenSSH by default.

Creating the user

sudo useradd -m -d /home/ftp_test_peconn/ -s /usr/sbin/nologin  ftp_test_peconn
sudo groupadd test_peconn_html
sudo chgrp -R test_peconn_html /var/www/html/test.peconn.com/public_html
sudo chmod -R g+rw /var/www/html/test.peconn.com/public_html
sudo usermod -a -G test_peconn_html ftp_test_peconn

We create a new user with a home directory (for the ssh key) and with nologin set as their login shell. We also create a group that will have access to the folder we want our stuff to end up.

Creating them a public key

On your local computer, run ssh-keygen -t rsa, making sure not to clobber your own SSH key in the process.

sudo mkdir -p /home/ftp_test_peconn/.ssh
sudo vim /home/ftp_test_peconn/.ssh/authorized_keys

And copy the public key into that file.

sudo chown -R ftp_test_peconn:ftp_test_peconn /home/ftp_test_peconn/.ssh
sudo chmod 700 /home/ftp_test_peconn/.ssh/
sudo chmod 600 /home/ftp_test_peconn/.ssh/authorized_keys

To check that you can log in from your computer:

lftp sftp://ftp_test_peconn:DUMMY@peconn.com -e 'set sftp:connect-program "ssh -a -x -i ftp/id_rsa"'

You can also try the following (but you’ll need to change the user’s shell to something other than /bin/false):

ssh -i ftp/id_rsa ftp_test_peconn@peconn.com

If something goes wrong, check your SSH logs at /var/log/auth.log. If you get an error like:

User ftp_test_peconn not allowed because account is locked

You need to enable PAM on your SSH config:

sudo vim /etc/ssh/sshd_config
# change UsePAM to yes
sudo systemctl restart ssh.service

Doing Chroot

Modify /etc/ssh/sshd_config again, this time adding:

Match User ftp_test_peconn
  ChrootDirectory /home/ftp_test_peconn
  ForceCommand internal-sftp
  AllowTcpForwarding no
  X11Forwarding no

And set up the permissions:

sudo chown root:root /home/ftp_test_peconn
sudo chmod 755 /home/ftp_test_peconn
sudo vim /etc/ssh/sshd_config
sudo mkdir /home/ftp_test_peconn/www
sudo chown ftp_test_peconn:test_peconn_html /home/ftp_test_peconn/www

Wiring up the website

sudo rm -rf /var/www/html/test.peconn.com/public_html
sudo ln -s /home/ftp_test_peconn/www /var/www/html/test.peconn.com/public_html

To get FTP working from GitLab CI

  1. Go to your project > Settings > CI / CD.

  2. Add a new variable containing your private key, you’ll need to base64 encode it as mentioned here. There may be a % at the end of the output (probably added by your terminal), if so, ignore it.

     cat deploy_key | base64 -w0

  3. Get your web server’s public key (and encode that too). Ignore the lines starting with # - these are output to stderr as debug info.

     ssh-keyscan peconn.com | base64 -w0
  4. Make your CI script load the private key, load the public key and use lftp. For example:
before_script:
  - eval `ssh-agent -s` 
  - ssh-add <(echo "$SSH_PRIVATE_KEY" | base64 --decode)
  - mkdir -p ~/.ssh && touch ~/.ssh/known_hosts
  - echo "$SSH_KNOWN_HOSTS" | base64 --decode > ~/.ssh/known_hosts
  - chmod 644 ~/.ssh/known_hosts
  - apt-get update -q && apt-get install -y -q lftp
  # The rest of your set up...

build_site:
  script:
    # Generate your project
    - mkdir out 
    - echo "hello" > out/greeting.txt
    # Upload it
    - lftp sftp://ftp_test_peconn:DUMMY@peconn.com -e 'cd www && lcd out && mirror -R --verbose --no-perms; quit'

You’ve got to provide a dummy password to satisfy LFTP, but it will use the one from the SSH agent (more here).