Plans for my web server

João — Wed, 27 Feb 2019 00:36:21 +0000

I currently own a small VPS server hosted at OVH. It serves as a home to a few experiments with Linux, some files that I needed to share and a clown fiesta of security issues and running web services that I setup months ago and eventually forgot.

Although I'm still learning how to work with Linux and how to secure a server, I've learned from my mistakes and developed a new and improved plan.

The old plan

Two years ago, I was amazed by sysadmins and how they managed to setup their servers. Inspired by them and hoping I could enforce some security, I wrote down some key points:

Only ports 80 (HTTP), 443 (HTTPS) and 22 (SSH) are open
Every service has a specific Linux account
Every service listens on localhost
nginx exposes those services via reverse proxies
nginx routes traffic to services using sub domains
Let's Encrypt certificates for every sub domain

Everything looked great and I was excited, but as time went by, this plan quickly stabbed me in the back.

Old plan flaws

Permissions became a pain in the butt

A few things didn't work because the working directory of a service wasn't created with the right account and sudo needed to be used every time I wanted to publish a temporary file; needless to say, there are some files and directories with permissions set to 777.
Services' working directory weren't centralized

Shared files lived on /var/www/static, a Node.js app ran on ~/dev/nodejs/app, ...
nginx's config file had lots of repeated blocks

Since every service/sub domain had two blocks - HTTPS reverse proxy and HTTP to redirect to HTTPS - a lot of blocks were identical due to the logic being the same for all the services.
Certificates for every sub domain

At the time, Let's Encrypt didn't support wildcard certificates; thereby, the certificate had to be updated every time I wanted to deploy a new service. It wasn't that bad, just something that can now be avoided.
Unused/broken services

Services stopped being used, things broke, memory leaks happened and I didn't even notice. This definitely needs to be improved.

The master plan

Use Docker to isolate, control and centralize services; this also allows me to test new shiny ~~JS frameworks~~ services without polluting the whole system with unwanted packages
Figure how to generate a nginx config file from a simplified config file
Upgrade to Let's Encrypt's wildcard certificates
Move infrequently accessed files to some external cold storage solution
Create a nice personal page with details about me
Host a MySQL/MariaDB database with semi-automated account creation and deletion
Develop a web app to manage shared files

What do you think about this new plan? Would you do something in a different way? Suggestions are appreciated!

How do you deal with naming when you're bilingual?

João — Mon, 20 Nov 2017 23:26:29 +0000

For those who are bilingual, how do you name your variables and functions? What about comments? Do you only use your mother tongue? Do you mix the languages?

For example: You're Portuguese and use English for all of your projects, but now you have a project that needs to be in Portuguese (only the frontend); what's your plan?

DEV Community: João

Plans for my web server

The old plan

Old plan flaws

The master plan

How do you deal with naming when you're bilingual?