Like most versatile engineers, we host websites of side projects in EC2 or DigitalOcean. It might be Boostrap, php, python, nodejs, or anything charming.
We definitely want to have a quick setup, and keep routine maintenance minimum. Here are some pratical tips. Check it out!
Update Per Audience Feedback:
If you want to save some pennies or just for a quick demo, you don’t necessarily need to rent a VM. You can run websites directly in your laptop, linux or mac. (Pity for windows users.) Then export your laptop to the internet.
I assume you’re familiar with git clone by ssh. Probably like lots of developers, you will use your own private key. I highly diagree with that. Too dangerous! Your ssh private key can unlock lots of precious treasures, far more than this git repo. Right?
How to improve? Create a readonly git deploy key in github/bitbucket repo setting. To do that, we need create a new ssh key pair. So it’s new and isolated. And git deploy key has a nice limitation: we can’t use the same deploy key for multiple repos. It adds extra security.
For simplicity or reasonable security compromise, some people may still use their private key. I admit, it makes sense to some extent. Then protect your ssh key with passphrase. It’s easy and simple.
For simplicity, here we use root to checkout code and setup website. To improve the security, try with an ordinary OS user.
# Update ssh key to below vim /root/git_deploy_key # ssh private key can't be widely open chmod 400 /root/git_deploy_key
vim /root/.ssh/config
host github.com
HostName github.com
StrictHostKeyChecking no
User git
IdentityFile /root/git_deploy_key
# Run with correct parameters. cd /var/www/ git clone git@github.com:XXX/denny_www.git
crontab -e # Change file path */10 * * * * cd /var/www/denny_www; git pull
For static websites of plain html, we can don’t need to run it in our own server. It can be done by Github Pages.[1] See more discussion here.[2]
Well, Github Pages only solves 80% of the problem. If you’re in China, the accessibility of Github is not gurantee. Or you want to use your own domain, instead of XXX.github.io. Use apache2 or nginx to serve the requests.
# Install apache
apt-get install -y apache2
# Define vhost
vim /etc/apache2/sites-enabled/my-static.conf
<VirtualHost *:80>
ServerAdmin webmaster@dummy.test.com
DocumentRoot /var/www/denny_www
<Directory '/var/www/denny_www'>
Options All
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/apache2/my-error.log
CustomLog /var/log/apache2/my.log common
</VirtualHost>
# Reload apache
service apache2 reload
curl http://127.0.0.1
Let’s say your dynamic website listens on port 8082. And you want to open by http://www.mytest.com or http://mytest.com.
a2enmod proxy a2enmod proxy_http # Restart apache to load modules service apache2 restart
vim /etc/apache2/sites-enabled/dynamic.conf
<VirtualHost *:80> ServerName www.mytest.com ServerAlias mytest.com ServerAdmin webmaster@smallco.example.com ErrorLog /var/log/apache2/dynamic_error_log TransferLog /var/log/apache2/dynamic_access_log DocumentRoot /var/www ProxyPass / http://127.0.0.1:8082/ ProxyPassReverse / http://127.0.0.1:8082/ </VirtualHost>
ufw allow 80/tcp # Some URI might has port number attached ufw allow 8082/tcp
curl -I http://www.mytest.com
Sometime you may only want certain people to visit your websites. With apache htpasswd[3], we can create username-password pair easily. People will need to input the credential first in web browser, before the actual pages load.
apt-get install -y apache2-utils # create password file for a new user /etc/apache2/.htpasswd $username
From:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory "/var/www/html">
</Directory>
</VirtualHost>
To:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory "/var/www/html">
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
</VirtualHost>
Keep checking URL like every 5 minutes. If url doesn’t return HTTP 200 OK or tcp ports down, we get alerts.
From my years’ experience, I highly recommend uptimerobot[4]. It’s a very reliable and light-weight SaaS monitoring service. And It’s totally free. You can even integrate the alert notification with slack via a slack email robot.
More Reading: Effectively Technical Writing In GitHub.
[1] https://pages.github.com
[2] http://www.mattboldt.com/using-git-for-websites/
[3] www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-apache-on-ubuntu-14-04
[4] https://uptimerobot.com
Blog URL: https://www.dennyzhang.com/deploy_by_git
This site uses Akismet to reduce spam. Learn how your comment data is processed.
I would set up a general user account and dir for this rather than using /root good article otherwise
Rob, I definitely agree with you. We should avoid root as much as possible.
Let me update the article, per your feedback.