This website setup

This post is more for my own good if I have to setup my website once again. Maybe someone find it useful.

Tools

Hugo

/media/hugo-logo.jpg

I use Hugo [1] to generate my website. Hugo is a fantastic tool for generate static web pages in an flexible way.

All pages is written in reStructured Text [2] which is the markup syntax I strongly prefer.

Docker

/media/docker-logo.png

The web server [4] and traefik [5] server is running in docker [3] containers. Then you can easily create, restart the services in a predefined environment.

nginx

/media/nginx-logo.png

nginx [4] is the web server I have chosen. I prefer nginx over Apache for no real reason.

Traefik

/media/traefik-logo.png

Traefik [5] is used to route incoming traffic to my web server containers. The traefik container also manage the SSL certificate with Lets encrypt [6].

The setup

The server

Everything is running on a virtual server that I hire on Digital Ocean [8]. I have used Digital Ocean since 2015 and it hasn't been any problems whatsoever.

DNS configuration

I have registered my domain at Loopia [7]. In order to point the domain to my server, I have to create a few DNS records:

Record Type TTL Prio Data
A 300 0 46.101.69.237
@ A 300 0 46.101.69.237
@ NS 3600 0 ns1.loopia.se
@ NS 3600 0 ns2.loopia.se
@ AAAA 300 0 2a03:b0c0:3:d0::1845:c001
www A 300 0 46.101.69.237

Please note that 46.101.69.237 and 2a03:b0c0:3:d0::1845:c001 is my IPv4 and IPv6 addresses.

Nginx configuration

I do not install nginx on my server but using a docker container that hosts the service. A label-file is needed to tell traefik how it should route.

The label file I use:

traefik.http.middlewares.website0.redirectregex.regex=^https://marcusfolkesson.se/(.*)
traefik.http.middlewares.website0.redirectregex.replacement=https://www.marcusfolkesson.se/$1

traefik.http.middlewares.website1.redirectregex.regex=^https://www.marcusfolkesson.se/$
traefik.http.middlewares.website1.redirectregex.replacement=https://www.marcusfolkesson.se/blog/

traefik.http.middlewares.website2.redirectregex.regex=^https://.*mfoconsulting.se/$
traefik.http.middlewares.website2.redirectregex.replacement=https://www.marcusfolkesson.se/blog/

traefik.enable=true
traefik.http.routers.website.rule=Host(`www.marcusfolkesson.se`, `marcusfolkesson.se`, `www.mfoconsulting.se`, `mfoconsulting.se`)
traefik.http.routers.website.tls.certresolver=myresolver
traefik.http.routers.website.middlewares=website0@docker,website1@docker,website2@docker

Great, now start the container:

docker run -d \
    --restart=always \
    -v /home/marcus/website:/usr/share/nginx/html \
    --label-file=labels \
    --name marcusfolkesson.se \
    --network=web \
    nginx

Traefik configuration

Traefik can to a lot of things, but what I use traefik for is only to route incoming request to a certain service (nginx in this case) that can handle them.

/media/traefik-router.webp

As with nginx, traefik is also running in a docker container.

The configuration file (traefik.tml) that I feed the container with:

defaultEntryPoints = ["https", "http"]

[log]
  Level = "DEBUG"

[traefikLog]
  filePath = "/logs/traefik.log"
  format   = "json"

[accessLog]
  filePath = "/logs/access.log"
  format = "json"

[entryPoints]
  [entryPoints.http]
  address = ":80"

  [entryPoints.http.http.redirections.entryPoint]
    to = "websecure"
    scheme = "https"


  [entryPoints.websecure]
  address = ":443"

[providers.docker]
  exposedbydefault = false
  network = "web"

[certificatesresolvers.myresolver.acme.httpChallenge]
  entryPoint = "http"

[certificatesresolvers.myresolver.acme]
  email = "marcus.folkesson@gmail.com"
  storage = "/acme.json"

Then it's only to start the container:

docker run -d \
    -v /var/run/docker.sock:/var/run/docker.sock:ro \
    -v $PWD/acme.json:/acme.json \
    -v $PWD/traefik.toml:/traefik.toml \
    -v $PWD/logs:/logs \
    -p 80:80 \
    -p 443:443 \
    --network web \
    --name traefik_router2 \
    traefik:v2.2.1 -c /traefik.toml

Conclusion

I do not find server administration satisfying at all, but running services inside containers makes it a smooth experience, which I appreciate. Traefik is a hero. There is no mess with SSL certificates and let it handle multiple domains is only another container away.