GENERALLY NERDY RAMBLINGS

Going live securely

Previously I’d made the initial conversion of my wife’s fabric artist web site from ancient PHP to Hugo. It was time to unveil that.

But first, some last minute details. The old web site had relied on the venerable Apache HTTPD. It was also time to convert over to something more modern and secure out of the box. I selected the Caddy HTTP/2 web server with automatic HTTPS.

I downloaded and built the Apache-licensed - go-lang based - web server; building from source because, while this was a personal web site this was not my personal web site and my wife’s could be considered a small-scale commercial site that would require the licensed commercial binary. Building a Linux binary for the EC2-based deployment platform, even on MacOS, required only a bit of web searching and some Makefile tweaking.

Next up, configuring the Caddyfile to be able to serve both this site and my wife’s, acquiring and maintaining HTTPS certificates for each via Let’s Encrypt, the free, automated, and open Certificate Authority.

Last,

  • some adjustments to the git post-receive hook to invoke hugo to re-build the web site as changes arrive,
  • some adjustments - setcap cap_net_bind_service=+ep ... - to enable the caddy executable to use ports 80 and 443 as a normal user, and
  • a little tweaking to the Google domain name set up so old web site book marks would get re-directed properly.