Last post I mentioned how easy it was to setup SSL with AWS Certificate Manager.
But what about all your other servers? Are we going to cough up $16 per year for a single-domain SSL certificate from Gandi?
Let’s talk about Let’s Encrypt. I downloaded their Linux version and got down to business.
Here is a running tally of my steps.
- Google “nginx letsencrypt” and find this DigitalOcean guide.
- Stop my nginx server to free up port 80, which is used in the letsencrypt process.
- run $ ./letsencrypt-auto certonly –standalone
- Enter my domain name.
- Make 15 seconds worth of changes to my server blocks in nginx.
- Redirect port 80 -> 443
- Setup a block for port 443 SSL, all in the guide
- $ sudo service nginx start
It took 5 minutes to fully setup.
I love it when life is stupid easy.
Recently I decided my dev DigitalOcean instance needed a boost. Normally 512mb is sufficient for production but I want to develop remotely.
I opted for a temporary resize to 1gb of RAM.
I also learned that my attempts to bind /dev/urandom and /dev/tty in /etc/fstab were failing miserably. I had to use DigitalOcean’s VNC connection and manually try to figure things out.
Remember how often I hit Ctrl-W and closed the tab still raises my blood pressure.
I ended up using /etc/rc.local to run
$ sudo mount --bind /dev/urandom /jailthing/urandom
$ sudo mount --bind /dev/tty /jailthing/tty
And it worked like a charm!
No more VNC to setup my convoluted login scheme anymore!
I’m forcing myself to build websites to back my domain names. If you didn’t know this about me, I love buying domain names. Sadly, I’ve been lax about making use of them.
Beautiful names like http://ware.haus and http://one.haus are wasted.
Well actually one.haus is set up with No-Ip to give my personal machines subdomains, but that service has proven less than useful to me.
To get back into the web space, I chose to play with MEAN.
I head on over to the tutorial page and get cracking. My target server is a 512mb Digital Ocean droplet with Ubuntu 14.04.
Everything goes smoothly for the most part. I did hit a few snags:
This command initializes your application. It creates a directory of your choosing with a skeleton app.
If for any reason this fails (root owns ~/.npm, oops), the directory is still created. Simply running mean init again errors out due to the directory already existing. I had to rm -rf that shit and it’s annoying.
The tool offers to set up an admin user but requires a password of either letters, numbers or dashes with max length 15. What the hell.
The process is killed if the process requires more memory than is available. No error message beyond “Killed” is emitted. This step will fail on a 512mb instance.
The accepted workaround is to either create or expand the swapfile used by the system.
I’ll make another post about my actual development experiences, stay tuned!