the code for my blog, itsjuneti.me. hope y'all enjoy it, and please tell me if you find any vulnerabilities instead of exploiting them :)
here's how I set it up! for my reference and for yours, i guess
- install postgres and nginx
- enable their services
- create admin user:
useradd server_admin;
mkdir -p /home/server_admin/server_files/assets
chown -R server_admin:server_admin /home/server_admin- Connect to postgresql with
sudo -u postgres psqland execute something like:
CREATE DATABASE server_database;
CREATE USER server_admin WITH ENCRYPTED PASSWORD 'password';
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO server_admin;
ALTER DATABASE server_database OWNER TO server_admin;you may need to also change the auth method for 127.0.0.1/32 in pg_hba.conf (exec SHOW hba_file in sql) to password instead of ident to get it to work
- Append the following to /etc/sudoers:
# Allow server_admin to restart the server
server_admin ALL=NOPASSWD: /usr/bin/systemctl stop itsjunetime.service
server_admin ALL=NOPASSWD: /usr/bin/systemctl start itsjunetime.service
server_admin ALL=NOPASSWD: /usr/bin/systemctl daemon-reload
server_admin ALL=NOPASSWD: /usr/sbin/nginx -s reload
- Copy your tls crt and keys to wherever you want on the system
- Add to http block in /etc/nginx/nginx.conf:
server {
listen 443 ssl;
server_name .itsjuneti.me;
ssl_certificate /path/to/server.crt
ssl_certificate_key /path/to/server_crt.key
location /assets {
root /home/server_admin/server_files/assets;
}
location ~ ^/admin(/.*)$ {
root /home/server_admin/server_files;
try_files $1 /index.html =404;
}
location ~ ^/.*\.(js|wasm)$ {
root /home/server_admin/server_files;
try_files $uri /index.html =404;
}
location / {
proxy_pass http:https://127.0.0.1:8080;
}
}- Write the following to
/etc/systemd/system/itsjunetime.service:
[Unit]
Description=itsjuneti.me blog
After=network.target
StartLimitIntervalSec=0
[Service]
Type=simple
Restart=always
User=server_admin
ExecStart=/home/server_admin/server_files/backend
WorkingDirectory=/home/server_admin/server_files/
[Install]
WantedBy=multi-user.target
- Write something like the following to
/home/server_admin/server_files/.env:
DATABASE_URL="postgres:https://server_admin:[email protected]/server_database"
BASE_PASSWORD="password"
BASE_USERNAME="june"
BACKEND_PORT=8080
ASSET_DIR="/home/server_admin/server_files/assets"