Prerequisites#
- A hardened VPS
- A domain with dns service. (Forward example.com to your vps ip)
- Jekyll
> sudo apt-get install ruby-full build-essential zlib1g-dev
> echo '# Install Ruby Gems to ~/gems' >> ~/.bashrc
> echo 'export GEM_HOME="$HOME/gems"' >> ~/.bashrc
> echo 'export PATH="$HOME/gems/bin:$PATH"' >> ~/.bashrc
> source ~/.bashrc
> sudo gem install jekyll bundler
> cd jekyll-directory
> sudo bundle install
> jekyll build
- A nice theme. This is, and I recommend: minimal-mistakes
- A folder structure like this:
.
├── jekyll-folder
├── docker-compose.yml
├── .env
- A docker-compose.yml about like this:
version: "3.8"
services:
web:
image: nginx
container_name: nginx
volumes:
- ./templates:/etc/nginx/templates
- ./www/_site:/usr/share/nginx/html/askblaker
- ./www_nginx.conf:/etc/nginx/conf.d/www_nginx.conf
environment:
- NGINX_HOST=${HOSTNAME}
- NGINX_PORT=80
labels:
- traefik.enable=true
- traefik.http.routers.nginx.rule=Host(`${HOSTNAME}`)
- traefik.http.routers.nginx.service=nginx-service
- traefik.http.routers.nginx.entrypoints=websecure
- traefik.http.routers.nginx.tls.certresolver=basic
- traefik.http.routers.nginx.tls=true
- traefik.http.routers.nginx.tls.domains[0].main=${HOSTNAME}
- traefik.http.routers.nginx.tls.domains[0].sans=*.${HOSTNAME}
- traefik.http.services.nginx-service.loadbalancer.server.port=80
traefik:
image: "traefik:v2.2"
container_name: traefik
command:
- --log.level=DEBUG
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --certificatesresolvers.basic.acme.email=${LE_EMAIL}
- --certificatesresolvers.basic.acme.storage=/letsencrypt/acme.json
- --certificatesresolvers.basic.acme.dnschallenge.provider=digitalocean
- --api
environment:
- DO_AUTH_TOKEN=${DO_AUTH_TOKEN}
ports:
- "80:80"
- "443:443"
labels:
traefik.enable: true
# Global redirection: http to https
traefik.http.routers.http-catchall.rule: HostRegexp(`{host:(www\.)?.+}`)
traefik.http.routers.http-catchall.entrypoints: web
traefik.http.routers.http-catchall.middlewares: wwwtohttps
# Global redirection: https (www.) to https
traefik.http.routers.wwwsecure-catchall.rule: HostRegexp(`{host:(www\.).+}`)
traefik.http.routers.wwwsecure-catchall.entrypoints: websecure
traefik.http.routers.wwwsecure-catchall.tls: true
traefik.http.routers.wwwsecure-catchall.middlewares: wwwtohttps
# middleware: http(s)://(www.) to https://
traefik.http.middlewares.wwwtohttps.redirectregex.regex: ^https?://(?:www\.)?(.+)
traefik.http.middlewares.wwwtohttps.redirectregex.replacement: https://$${1}
traefik.http.middlewares.wwwtohttps.redirectregex.permanent: true
volumes:
- cert-vol:/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock:ro
volumes:
cert-vol:
- And a .env file:
HOSTNAME=example.com
LE_EMAIL=yourname@example.com
DO_AUTH_TOKEN=your_digitalocean_api_token_goes_here
- If you dont have it yet, install docker and docker-compose
> sudo apt update
> sudo apt install apt-transport-https ca-certificates curl software-properties-common
> curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
> sudo add-apt-repository \"deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable\"
> sudo apt update
> apt-cache policy docker-ce
> sudo apt install docker-ce
> sudo usermod -aG docker ${USER}
> su - ${USER}
> sudo curl -L \"https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)\" -o /usr/local/bin/docker-compose
> sudo chmod +x /usr/local/bin/docker-compose