favicon here hometagsblogmicrobio cvtech cvgpg keys

Self hosting is fun but...

#life #technology

uncomfyhalomacro | 2024-06-02 | reading time: ~7min

Hi!§

Hello there!

I have decided to start self-hosting my website! My current plans after this is to start donating to Codeberg, starting July. The reason why I decided to self-host is page load. My website, despite being a static website, is slow to load because of Codeberg Pages. Codeberg Pages is fine actually, but at some points in time it does a bit weird. This is probably because the data centers are in Germany or somewhere in Europe while I am in the Philippines.

The self-hosting provider I use for here is Linode. But I plan to change after a month. I think I am looking at Contabo next. More reasons why below.

About Linode§

Linode. Hmm. I can't give much opinions about it. This is my first time trying out self-hosting after all.

The pricing is in my opinion, could be better? Not sure. Now that I found out about Contabo, I plan to ditch this instance and move over.

Documentation is actually there in Linode but most of it is either outdated or possibly wrong? I have a lot of things I read from the docs that did not work well for me so I read official sources instead aka the documentation of the software I am going to use. They could have done it better I guess and they lack docs for openSUSE too 😢.

I plan to have two compute instances in Contabo because I plan to use the other instance for a database, and also self-hosting Woodpecker CI. Possibly I will add other services as well such as

  • NextCloud
  • VaultWarden (Bitwarden basically) or I just use password-store.
  • Collabora Office

I might share one of these services to my family or friends I guess.

The reason being, for experience and it's also very fun.

What I learned so far§

Experimenting Forgejo§

It would be a waste to not use the remaining compute resources so I decided to give Forgejo a Go. 😉

Forgejo is available now in openSUSE. Although, I am quite confused by the systemd service but now I understand the implications for why it was decided not to use the home directory of whatever invokes the forgejo binary. This was discussed in the https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort.

Anyhow, I had a lot of hiccups configuring Forgejo but I just decided to just use whatever that systemd script has and just edit the file to point to a custom config by running

EDITOR=kak systemctl edit --full forgejo.service

specifically, I edited the line containing ExecStart=.

EDITOR=kak is so annoying. openSUSE does have a way to set this by adding that to /etc/profile.local. Local configs or those that are suffixed with *.local is unique to openSUSE. Users are encouraged to edit the local configs rather than the defaults. This is how I got so confused at first when trying it out the first time. Also, this explains why I also edit the apache config at a different file instead of the httpd.conf file. Specifically, by editing /etc/sysconfig/apache2 🥴.

Anyway, the site is up at https://forgejo.uncomfyhalomacro.pl. Feel free to take a look around. However, registrations are closed so if you want to make an account, you are not able to unless we are friends. ⚠️ If you are my friend, do keep in mind that this is experimental and still possible that I will kill this instance. Once I get the hang of it, I will start putting my projects to the self-hosted vm.

Another issue I have is setting the [mailer] configuration. Because it seems to be not working to be honest and I am not sure why. I filed a ticket to my mail provider if MTA is part of their service because I might be mistaken.

Nginx§

To manage redirects and subdomain URLs, I tried my hand at Nginx. I read it as ngeenx and not like 'engine X' or like how I read Lynx.

First Impressions§

The language looks like KDL. I actually do not know what Nginx use but whatever. The syntax confuses me a lot to be honest and I really don't like how it looks when configuring. Some of you might find the language simple. But what really confused me a lot is doing redirects. I guess I didn't read enough documentation 🥴.

Certbot Integration Impressions§

Certbot integration is nice. The pressing issue is when certbot rewrites files for Nginx. This causes a lot of confusion to me because the rewritten configs to point to the SSL certificates are faulty and can cause misredirects. I have to manually edit the files to be honest.

Apache§

I am not sure why but after the onslaught of trying Nginx, I decided to use Apache.

First Impressions§

I got pampered by openSUSE because it contains templates at /etc/apache2/vhosts.d. At first, I was so confused because when I read the default config at /etc/apache2/httpd.conf, the documentation from Linode and other sources conflict because openSUSE's default config has a lot of comments to discourage the use of it. Instead, I have to edit /etc/sysconfig/apache2 and add a new file /etc/apache2/httpd.conf.local. This file is added to /etc/sysconfig/apache2, specifically, APACHE_CONF_INCLUDE_FILES. Here is a snippet of the updated sysconfig.

# Here you can name files, separated by spaces, that should be Include'd from 
# httpd.conf. 
#
# This allows you to add e.g. VirtualHost statements without touching 
# /etc/apache2/httpd.conf itself, which makes upgrading easier. 
#
APACHE_CONF_INCLUDE_FILES="/etc/apache2/httpd.conf.local"

Better syntax, plugins, and tooling§

I am not saying that I did not have difficulty using Apache. But as I roamed around the Internet, I just found out that it uses utility tools that helps installs plugins. As of writing, I have added the filter and deflate module. The latter was already added by default but the filter module was not. This was to enhance page loads (yeah I know it's a static site 🤣) but a small speed up helps 🤪.

It's also easy to just add additional subdomains as well in /etc/apache2/vhosts.d. You just have to configure if what you want is a reverse proxy and a redirect or serve directly the directory specifically those in /srv/www/vhosts.

Certbot Integration Impressions§

I am just going to say that the integration with certbot is amazing. Even as to correctly configure my configs. Running certbot --apache -d mydomain.com -d other.mydomain.com is a breeze. It will add a new file corresponding to the config name with -le-ssl.conf suffix. I just add a small modification but so far only to the one that contains www.mydomain.com.

DNS§

In regards to DNS, I have some issues configuring it. I manage to learn more about A/AAAA and CNAME records. So far, it's all good and working.

I am just surprised that I don't know how long it will really propagate. One hiccup I made before was a mistypo of configuring spam reputation for a mail provider I use for my custom domain. And yes, it did propagate the domain and because of that, I have or had an ephemeral URL domain autoconfig.mydomain.com which points to my atuin instance. It's gone now.

Closing Thoughts§

Self-hosting is a fun idea. Although, I might be looking at other hosting solutions like Contabo. I heard they have a good price over ratio but I also heard mixed reviews from different communities e.g. they lower the quality of network bandwidth (?) but I can't seem to see what's the issue yet so I might have to experience that myself.

Articles from blogs I follow around the net

Body::poll_progress

This describes a proposal for a cancelation problem with hyper’s request and response bodies. hyper is an HTTP library for the Rust language. Background: what is the Body trait? The Body trait used by hyper is meant to represent a potentially streaming (…

via seanmonstarApril 22, 2025

CVE-2025-32433 - State Machine Err-ly RCE in Erlang/OTP SSH Server

CVE-2025-32433 is a remote code execution vulnerability in the SSH server implementation within Erlang’s OTP libraries (affecting versions legendary CVSS score of 10.0 and became known as a vulnerability for which AI-assisted exploit development process wa…

via GreyNoise LabsApril 22, 2025

AI-powered search summaries led to less clicks to websites

Google claims that links beside AI summaries get more clicks. This goes against intuition. Ahrefs did some analysis on this recently. Who is right?

via Rob O'Leary | BlogApril 21, 2025

Resistance from the tech sector

As of late, most of us have been reading the news with a sense of anxious trepidation. At least, those of us who read from a position of relative comfort and privilege. Many more read the news with fear. Some of us are already no longer in a position to re…

via Drew DeVault's blogApril 20, 2025

Retrospective: Five Years Blogging About Cryptography as a Gay Furry Online

The history of this blog might very well be a cautionary tail (sic) about scope creep. The Original Vision For Dhole Moments Originally, I just wanted a place to write about things too long for Twitter (back when I was an avid Twitter poster). I also figur…

via Dhole MomentsApril 17, 2025

Status update, April 2025

Hi! Last week wlroots 0.19.0-rc1 has been released! It includes the new color management protocol, however it doesn’t include HDR10 support because the renderer and backend bits haven’t yet been merged. Also worth noting is full explicit synchronization su…

via emersionApril 16, 2025

The IndieWeb & that blog roll

The IndieWeb's something I've known about for a while, but never really engaged with. I mean this is very much part of The Indie Web, the very thing, you're reading it right now. But in terms of the camel cased movement, not so much. To me they seemed a bi…

via Mike KreuzerApril 16, 2025

Tidbyt without the company

Remember the Tidbyt? It’s a super low-resolution, internet-connected, wood-paneled display that I wrote a review of it back in 2022. It’s been on my shelf for years now, showing the time, weather, warning me when the UV is going to be high. In 2023 I used …

via macwright.comApril 12, 2025

One does not simply write a SSH config parser (in Rust)

Do you know the feeling when you start a project and you think it will be easy, but then you realize that it is not? This is the story of the implementation of ssh2-config, a Rust library to parse SSH config files. Why did I write this? Because basically…

via Christian Visintin BlogMarch 30, 2025

LLDB's TypeSystems: An Unfinished Interface

Well, it's "done". TypeSystemRust has a (semi) working prototype for LLDB 19.x. It doesn't support expressions or MSVC targets (i.e. PDB debug info), and there are a whole host of catastrophic crashes, but it more or less proves what it needs to: Rust's de…

via Cracking the ShellMarch 28, 2025

Backup Yubikey Strategy

After a local security meetup where I presented about Webauthn, I had a really interesting chat with a member about a possible Yubikey management strategy. Normally when you purchase a yubikey it's recommended that you buy two of them - one primary and one…

via Firstyear's blog-a-logFebruary 28, 2025

Ludic's Guide To Getting Software Engineering Jobs

The steps in this guide have generated A$1,179,000 in salary (updated 13th April, 2025), measured as the sum of the highest annual salaries friends and readers have reached after following along, where they were willing to attribute their success actions i…

via LudicityFebruary 28, 2025

The Adrian Dittmann Story

the evidence, from A to Z, and righting the wrongs

via maia blogJanuary 05, 2025

Awesome Fish functions

Some awesome fish functions that I have accumalated over the years.

via Ishan WritesJanuary 03, 2025

Physics Simulations in Bevy

Bevy is the most popular and powerful game engine in Rust. Because of its flexibility, it can be used not only for games but also for (scientific) physics simulations. In this blog post, I will share my experience using Bevy for physics simulations from sc…

via mo8it.comJuly 19, 2024

Defending myself against defensive writing

I write this blog because I enjoy writing. Some people enjoy reading what I write, which makes me feel really great! Recently, I took down a post and stopped writing for a few months because I didn't love the reaction I was getting on social media sites li…

via pcloadletterMay 27, 2024

The Elegiac Hindsight of Intelligent Machines

This essay was edited out of a chapter of my book, The Intelligence Illusion: a practical guide to the business risks of Generative AI, with minor alterations. “See the choice of dreams”, and then worry about it Very well. This book – this side, Dream …

via Out of the Software Crisis (Newsletter)October 13, 2023

Regex engine internals as a library

Over the last several years, I’ve rewritten Rust’s regex crate to enable better internal composition, and to make it easier to add optimizations while maintaining correctness. In the course of this rewrite I created a new crate, regex-automata, which expos…

via Andrew Gallant's Blog on Andrew Gallant's BlogJuly 05, 2023

Generated by openring-rs

favicon here hometagsblogmicrobio cvtech cvgpg keys