Oh my days!

I heard christening a blog with a click-bait title works wonders? Starting this mostly for my own reference; so I can keep track of the various things I've worked on, document the processes, the dead-ends and the advancements. Might be useful to someone else too. Or not. Who cares, at worst it'll be nostalgic (hi).

Might as well document the set up of this set-up?

Pass on PaaS

First stop; hosting infrastructure. I was curious to give Heroku a shot. The sort of 'managed ecosystem' aspect of it seemed quite appealing given that I would be potentially pushing and deploying a dozen or more projects of varying requirements. So it would pretty handy to wide-berth the installation and management of Python, Node, Databases, Nginx, Linux etc. And, shazam, my first test deploy of a cellular automata project I've been working on went pretty smoothly.

However, ran into the first quandary pretty quickly; static hosting. Which Heroku isn't really made for. I found there was a trick as documented here which uses a single line of PHP to write a Location field into the HTTP response header thus effectively 'bootstrapping' a static site;

<?php header( 'Location: /index.html' ) ;  ?>  

Erm, yeah, ok that works. But scrambling Day 0 hacky workarounds on a piece of tech is a bit of a death knell if you ask me. I was starting to feel a bit confined already. Maybe I should've persisted, but I didn't.

So, I want to experiment with various tech new and old, I want a static page/site with a profile, and I'd like a blog; so I decided to roll my own via Digital Ocean. Plus, it would afford me the opportunity to tinker with Nginx which thus far I embarrassingly haven't had a chance to do. Also DO is ridiculously cheap.

Servers by Ikea

It's been so long since I've set up a personal server with fairly demanding requirements. But the lively, modular, development of web software in the last few years has made putting these things together easy like assembling furniture but without the self-loathing.

Transferred DNS management of alanmacleod.eu from my budget registrar to Digital Ocean, pointed it at my new droplet (cheapest package), ssh'd into the instance, installed Nginx and configured a new site in about 20 minutes?

Set up Ghost, and an Nginx reverse proxy to Ghost's nodejs server and - after a while of head-scratching - finally noticed and removed the static try_files directive in the location {} block which was essentially bypassing Ghost's server and just serving up whatever was in the root:

location / {

        # vvv   DOH!   vvv
        # try_files $uri $uri/ =404;

        # FOR SSL. Rev proxy to node @ localhost:2368 
                # be sure to set 'url' to https://* in ghost's config.js
                proxy_set_header        X-Real-IP $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_$
                proxy_set_header        Host    $http_host;
                proxy_set_header        X-Forwarded-Proto $scheme;
                proxy_pass    ;


Next step; SSL. Last time I tried this it was on IIS years ago and resulted in the kind of exquisite headache usually reserved for Cherry Lambrini. Am I remembering this right; you administer Microsoft servers by Remote Desktopping into them and then click on dialogue boxes, windows and stuff? Hahahah. This time, no mess. Got a free cert from LetsEncrypt, fantastic, sadly they don't allow wildcard domains so I need to create and manage per subdomain. But it's free, so, get a grip. Fairly long winded but painless process. In broad strokes; grabbed a certificate with certbot, created an Nginx "snippet" conf that points to the SSL key and cert file. Setup an automatic :80 redirect to https;

server {  
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name alanmacleod.eu www.alanmacleod.eu;
    return 301 https://$server_name$request_uri;

Include the snippet in the site configuration:

server {  
    # SSL configuration

    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;

    include snippets/ssl-alanmacleod.eu.conf;
    include snippets/ssl-params.conf;

Faff around with the firewall to allow SSL traffic through:

sudo ufw allow 'Nginx Full'  

Quick config test, restart Nginx, done:

That was easy 💅. Should probably set up auto-renewal for that certificate at some point. I will 100% get round to that.


In summary; the DO stuff seems to be working out. Although I can't help feeling a bit sad about Heroku, it's such a cool forward-looking platform aimed squarely at people like me; developers, I just want to use it. It's like all of this stuff I've documented above feels... old school? But sometimes, like when you're building an anvil, carbon-fibre won't do; you need, idk... Victorian pig-iron.

Seal officially broken on blogging. Next time: something interesting.

Author image
Alright? Software dev based in Berlin - spending summer in Chiang Mai, Thailand. Love Javascript front & back, 3D, AR, WebGIS, cool algorithms, music production, bodybuilding all at the same time 💪