New Site Archi

Key points

  • Fedora Linux (Server Edition)
  • Software Raid 1 with 2 SSD
  • Static site managed and generated using Publii software. The software send the generated files by SFTP in a dedicated folder on the server.
  • The static files of the site are then exposed with a HTTP server "miniserve" started in a Podman container.
  • Nginx Proxy Manager is used to redirect the requests to the right application and to manage the SSL certificates (provided by Let's Encrypt).
  • miniserve and Nginx Proxy Manager are deployed in dedicated Podman pods.
  • Podman pods/containers are started with an account without sudo permissions. Moreover podman is rootless by design.
  • The pods are automatically restarted in case of a server restart
  • The containers are automatically restared unless manually stopped

Architecture

How to install nano

sudo dnf install nano

How to set nano as the default text editor in the terminal for every users

sudo nano /etc/profile.d/nano_as_default_editor.sh
export EDITOR=nano

How to activate the Wake On Lan

sudo dnf install ethtool
sudo nano /etc/systemd/network/50-wired.link
[Match]
MACAddress=xx:xx:xx:xx:xx:xx

[Link]
NamePolicy=kernel database onboard slot path
MACAddressPolicy=persistent
WakeOnLan=magic

To disable sleep when closing the laptop lid

sudo dnf install nano
sudo mkdir /etc/systemd/logind.conf.d
cd /etc/systemd/logind.conf.d
sudo nano action_done_when_someone_close_the_laptop_lid.conf

# HandleLidSwitch possbile values:
# ignore, poweroff, reboot, halt, suspend, hibernate, hybrid-sleep, lock or kexec
# Run 'systemctl restart systemd-logind' after the modif
# Use 'systemd-analyze cat-config systemd/logind.conf' to display the full config

[Login]
HandleLidSwitch=ignore
 

Script to create and start the application pods and containers

touch /PATH_TO_THE_SCRIPT/start_pods.sh
chmod +x /PATH_TO_THE_SCRIPT/start_pods.sh
nano /PATH_TO_THE_SCRIPT/start_pods.sh
 
#!/bin/bash

########################
# NGINX PROXY MANAGER
########################
podman \
    pod \
    create \
    --name pod-nginx-proxy-manager \
    -p 8000:80 \
    -p 8100:81 \
    -p 4430:443
podman \
    pod \
    start \
    pod-nginx-proxy-manager
podman \
    container \
    run \
    -d \
    --pod pod-nginx-proxy-manager\
    --name container-nginx-proxy-manager \
    --restart unless-stopped \
    --volume /PATH_TO_THE_APP_DATA_DIRECTORY/pod-nginx-proxy-manager/data:/data:rw,z \
    --volume /PATH_TO_THE_APP_DATA_DIRECTORY/pod-nginx-proxy-manager/letsencrypt:/etc/letsencrypt:rw,z \
    --cpus 1 \
    --memory 256m \
    docker.io/jc21/nginx-proxy-manager:latest

#################
# AR PHILIPOT SITE
#################
podman \
    pod \
    create \
    --name pod-ar-philipot-site \
    -p 8080:8080
podman \
    pod \
    start \
    pod-ar-philipot-site
podman \
    container \
    run \
    -d \
    --pod pod-ar-philipot-site\
    --name container-ar-philipot-site \
    --restart unless-stopped \
    --volume /PATH_TO_THE_APP_DATA_DIRECTORY/pod-ar-philipot-site:/www:ro,z \
    --cpus 1 \
    --memory 256m \
    docker.io/svenstaro/miniserve:latest \
        --hide-version-footer \
        --no-symlinks \
        --spa \
        --index \
        index.html \
        /www
 

To enable the systemd service to be started by the Linux web account in non-interactive mode

(without manual operation with session started with login => example started by crontab)
loginctl enable-linger LINUX_APP_ACCOUNT
 

To automatically start podman pods after a machine reboot

Simple solution without the creation of a service etc.
crontab -e

@reboot sleep 180 && /PATH_TO_THE_SCRIPT/start_pods.sh > /PATH_TO_THE_A_LOG_DIR/start_pods.log 2>&1
 
or if we do not want to keep any trace of the execution:
@reboot sleep 180 && /PATH_TO_THE_SCRIPT/start_pods.sh > /dev/null 2>&1