Let's take a moment and take a look at what initsix.dev is and how it is built.
initsix.dev is a tech blog and a knowledgebase site built with, but not limited to Ghost, Realms-wiki and Nginx running inside a docker-compose managed environment. It is meant to be a place for laying out ideas, personal project details, and also sharing and archiving knowledge. You can find out more about me here, but for now, let's get back to the site.
As you may already suspect this initsix.dev will mainly be a technical site, almost always having something to do with QA, automation, development and DevOps topics, with some hints of me trying to be funny. So to give you a taste of content that you can expect, here are the internal workings of this site.
The server it is running on is a DigitalOcean Debian Linux droplet with:
- 1 vCPU
- 3 GB ram
- 60 GB disk
All of the sites web content is being run with the help of docker-compose:
version: '3'
services:
nginx:
container_name: nginx
image: nginx:1.17
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/default:/etc/nginx/conf.d/default.conf
- /etc/letsencrypt:/etc/letsencrypt
logging:
driver: none
ghost:
container_name: ghost
image: ghost:3.0-alpine
restart: always
volumes:
- ./ghost/data:/var/lib/ghost/content
environment:
- url=https://initsix.dev
wiki:
container_name: wiki
image: realms/realms-wiki:latest
volumes:
- ./wiki/realms-data/wiki.db:/home/wiki/realms-wiki/wiki.db
- ./wiki/realms-wiki.json:/home/wiki/realms-wiki/realms-wiki.json
- ./wiki/wiki:/home/wiki/realms-wiki/wiki
environment:
- url=https://wiki.initsix.dev
SSL/TLS has been set up over letsencrypt.org via certbot and an Nginx reverse proxy is being used to handle SSL/TLS and route traffic.
default.conf
server {
server_name initsix.dev;
listen 443 ssl;
location / {
proxy_pass http://ghost:2368;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
ssl_certificate /etc/letsencrypt/live/initsix.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/initsix.dev/privkey.pem;
ssl on;
}
server {
server_name wiki.initsix.dev;
listen 443 ssl;
location / {
proxy_pass http://wiki:5000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
ssl_certificate /etc/letsencrypt/live/wiki.initsix.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.initsix.dev/privkey.pem;
ssl on;
}
And that's about it, stay tuned for more.
P.S. Security trough obscurity, I know, I know.