New Site Archi
Key points
- Fedora Linux (Server Edition)
- Software Raid 1 with 2 SSD
- Static site managed and generated using Publii software. The software send the generated files by SFTP in a dedicated folder on the server.
- The static files of the site are then exposed with a HTTP server "miniserve" started in a Podman container.
- Nginx Proxy Manager is used to redirect the requests to the right application and to manage the SSL certificates (provided by Let's Encrypt).
- miniserve and Nginx Proxy Manager are deployed in dedicated Podman pods.
- Podman pods/containers are started with an account without sudo permissions. Moreover podman is rootless by design.
- The pods are automatically restarted in case of a server restart
- The containers are automatically restared unless manually stopped
Architecture
How to install nano
sudo dnf install nano
How to set nano as the default text editor in the terminal for every users
sudo nano /etc/profile.d/nano_as_default_editor.sh export EDITOR=nano
How to activate the Wake On Lan
sudo dnf install ethtoolsudo nano /etc/systemd/network/50-wired.link
[Match]
MACAddress=xx:xx:xx:xx:xx:xx
[Link]
NamePolicy=kernel database onboard slot path
MACAddressPolicy=persistent
WakeOnLan=magic
To disable sleep when closing the laptop lid
sudo dnf install nanosudo mkdir /etc/systemd/logind.conf.dcd /etc/systemd/logind.conf.dsudo nano action_done_when_someone_close_the_laptop_lid.conf # HandleLidSwitch possbile values:
# ignore, poweroff, reboot, halt, suspend, hibernate, hybrid-sleep, lock or kexec
# Run 'systemctl restart systemd-logind' after the modif
# Use 'systemd-analyze cat-config systemd/logind.conf' to display the full config
[Login]
HandleLidSwitch=ignore
Script to create and start the application pods and containers
touch /PATH_TO_THE_SCRIPT/start_pods.shchmod +x /PATH_TO_THE_SCRIPT/start_pods.shnano /PATH_TO_THE_SCRIPT/start_pods.sh#!/bin/bash
########################
# NGINX PROXY MANAGER
########################
podman \
pod \
create \
--name pod-nginx-proxy-manager \
-p 8000:80 \
-p 8100:81 \
-p 4430:443
podman \
pod \
start \
pod-nginx-proxy-manager
podman \
container \
run \
-d \
--pod pod-nginx-proxy-manager\
--name container-nginx-proxy-manager \
--restart unless-stopped \
--volume /PATH_TO_THE_APP_DATA_DIRECTORY/pod-nginx-proxy-manager/data:/data:rw,z \
--volume /PATH_TO_THE_APP_DATA_DIRECTORY/pod-nginx-proxy-manager/letsencrypt:/etc/letsencrypt:rw,z \
--cpus 1 \
--memory 256m \
docker.io/jc21/nginx-proxy-manager:latest
#################
# AR PHILIPOT SITE
#################
podman \
pod \
create \
--name pod-ar-philipot-site \
-p 8080:8080
podman \
pod \
start \
pod-ar-philipot-site
podman \
container \
run \
-d \
--pod pod-ar-philipot-site\
--name container-ar-philipot-site \
--restart unless-stopped \
--volume /PATH_TO_THE_APP_DATA_DIRECTORY/pod-ar-philipot-site:/www:ro,z \
--cpus 1 \
--memory 256m \
docker.io/svenstaro/miniserve:latest \
--hide-version-footer \
--no-symlinks \
--spa \
--index \
index.html \
/www
########################
# NGINX PROXY MANAGER
########################
podman \
pod \
create \
--name pod-nginx-proxy-manager \
-p 8000:80 \
-p 8100:81 \
-p 4430:443
podman \
pod \
start \
pod-nginx-proxy-manager
podman \
container \
run \
-d \
--pod pod-nginx-proxy-manager\
--name container-nginx-proxy-manager \
--restart unless-stopped \
--volume /PATH_TO_THE_APP_DATA_DIRECTORY/pod-nginx-proxy-manager/data:/data:rw,z \
--volume /PATH_TO_THE_APP_DATA_DIRECTORY/pod-nginx-proxy-manager/letsencrypt:/etc/letsencrypt:rw,z \
--cpus 1 \
--memory 256m \
docker.io/jc21/nginx-proxy-manager:latest
#################
# AR PHILIPOT SITE
#################
podman \
pod \
create \
--name pod-ar-philipot-site \
-p 8080:8080
podman \
pod \
start \
pod-ar-philipot-site
podman \
container \
run \
-d \
--pod pod-ar-philipot-site\
--name container-ar-philipot-site \
--restart unless-stopped \
--volume /PATH_TO_THE_APP_DATA_DIRECTORY/pod-ar-philipot-site:/www:ro,z \
--cpus 1 \
--memory 256m \
docker.io/svenstaro/miniserve:latest \
--hide-version-footer \
--no-symlinks \
--spa \
--index \
index.html \
/www
To enable the systemd service to be started by the Linux web account in non-interactive mode
(without manual operation with session started with login => example started by crontab)
loginctl enable-linger LINUX_APP_ACCOUNTTo automatically start podman pods after a machine reboot
Simple solution without the creation of a service etc.crontab -e
@reboot sleep 180 && /PATH_TO_THE_SCRIPT/start_pods.sh > /PATH_TO_THE_A_LOG_DIR/start_pods.log 2>&1
or if we do not want to keep any trace of the execution:
@reboot sleep 180 && /PATH_TO_THE_SCRIPT/start_pods.sh > /dev/null 2>&1