fmaury/seirdy.one
1
0
Fork 0
mirror of https://git.sr.ht/~seirdy/seirdy.one synced 2024-09-19 20:02:10 +00:00
Code Issues Projects Releases Wiki Activity

Describe services used to power the site

Browse source
This commit is contained in:
Rohan Kumar 2022-09-09 22:26:49 -07:00
parent 015d8bcf25
commit ef2f8b05e2
No known key found for this signature in database
GPG key ID: 1E892DB2A5F84479
2 changed files with 14 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
content/about/uses.md
View file

@ -228,7 +228,7 @@ All my server daemons are statically-linked binaries, which makes sandboxing eas
Nginx
: Specifically, [nginx-quic.](https://quic.nginx.org/) with the [headers_more](https://github.com/openresty/headers-more-nginx-module) and [ngx_brotli](https://github.com/google/ngx_brotli) modules. Statically linked against zlib-ng, BoringSSL, and musl libc; patched for dynamic TLS records, basic OCSP support, and HPACK compression.
: Specifically, [nginx-quic](https://quic.nginx.org/) with the [headers_more](https://github.com/openresty/headers-more-nginx-module) and [ngx_brotli](https://github.com/google/ngx_brotli) modules. Statically linked against zlib-ng, BoringSSL, and musl libc; patched for dynamic TLS records, basic OCSP support, and static HPACK compression.
[certbot-ocsp-fetcher](https://github.com/tomwassenberg/certbot-ocsp-fetcher)
: Shell script to manage the OCSP cache for Nginx, since Nginx's own implementation is lacking (and completely non-existent if you build with BoringSSL)

13
content/meta/_index.md
View file

@ -5,6 +5,19 @@ outputs:
- html
description: "About this site. How it's built, why it's built that way, privacy, accessibility, mirrors, etc."
---
How I run this site
-------------------
With the exception of search-result pages, this site's public-facing content is statically-generated using [the Hugo static-site generator](https://gohugo.io/). I list all the server-side software on [my "uses" page]({{<relref "/about/uses.md#server-side-stuff">}}). All programs on my server that did not come pre-installed with Fedora Cloud Edition are statically-linked binaries built by me, running in heavily sandboxed environments. Most services run with their own root directories (i.e. they run in chroots).
Hugo pulls Webmentions from my Webmention endpoint during builds, so I can have statically-generated comments. Although I did use a pre-made theme a long time ago, I've since gradually re-written the site; my theme is now original. See [my site design standards]({{<relref "/meta/site-design.md">}}) for my design goals.
### Services this site relies on
This site is hosted on a virtual private server I rent from Digital Ocean, with 1&nbsp;virtual CPU and 1&nbsp;GB of memory. I don't necessarily endorse Digital Ocean; for now, I'm only using it for the free credits. I use name servers from [deSEC](https://desec.io/), and do recommend it to others who want managed DNSSEC.
This site encrypts HTTPS traffic with an OCSP-stapled TLS certificate signed by Let's Encrypt. It regularly pulls package updates from Fedora's official repository mirrors.
Other versions of this site
---------------------------