This space is dedicated to hosting your own static websites on the Edge. There are many ways to do that and we made up our mind to use Caddy 2 as it is quick and easy to set up. In addition, Caddy is famous for its high throughput, performance and low system resource consumption, so it plays really nice on The Edge.
Static websites vary in purpose. Some are used for blogs, technical documentation, resumes, landing pages, etc.
Below you will find a guide that will walk you step by step with your first static website hosted on the Edge.
rsync package installed on the Server on The Edge to make content uploading testing for the website easier, e.g. pacman -S rsync or apt install rsync.| Name | Source | Description |
|---|---|---|
| <CONTAINER_NAME> | User input | The name of the Linux container where the app will be run. |
| <IP_ADDRESS__CONTAINER> | Generated | The IPv4 address of the contaier run by the server on the Edge. |
| <IP_ADDRESS__SERVER_ON_THE_EDGE_VPN> | Generated | The IPv4 address of the Server on the Edge in the VPN. |
| <ROOT_PWD__CONTAINER> | User input | The password of the root user in the container. |
| <IP_ADDRESS_INET_GW> | Linux VPS Admin Panel | |
| <WEBSITE_DOMAIN> | User input | The host for the A record created with your domain registrar, e.g. blog.myowndomain.net or www.myowndomain.com. |
Run the following commands on your server on the Edge.
incus launch images:debian/bookworm/cloud <CONTAINER_NAME>
incus exec <CONTAINER_NAME> bash
You may need to change the default MTU for HTTPS connections to function. Run
ip link set dev eth0 mtu 1000if you findapt updateorapt upgradestuck for long time. This setting is non persistent and it is lost when the container reboots.
apt update && apt upgrade && apt install fish
If you are not already within the container, run the following command on your server on the Edge to log in as
root.
incus exec <CONTAINER_NAME> fish
passwd
Set a password for the root user and make a (mental) note of it. It will be denoted with a variable <ROOT_PWD__CONTAINER>.
From here on the root user will use fish as default shell.
chsh -s /usr/bin/fish
Let's create the blog_cm user and set a system password for it. cm stands for "content manager".
useradd -m -s /usr/bin/fish blog_cm
passwd blog_cm
The ability to establish SSH connections from the server on the Edge to the container is key for the upcoming Ansible automation. There is an Ansible connection driver for Linux containers with limited capabilities. The default Ansible connection driver through SSH is much more robust and powerful.
You can perform this step now or in future, when you make up your mind to give the automated solutions for system and application maintanence a try.
In order to complete this stage you need to perform the following commands in the container run by the server on the Edge.
apt update && apt install openssh-server rsync
vi /etc/ssh/sshd_config
Add the following line to the file.
PermitRootLogin yes
systemctl enable ssh
systemctl start ssh
systemctl restart ssh
Run the following commands on your server on the Edge, i.e. outside of the container.
Run ssh-keygen only if you haven't generated SSH private and public keys on the server on the Edge. Otherwise use the already existing pair.
ssh-keygen
incus ls | grep <CONTAINER_NAME>
Make a note of the IPV4 value <IP_ADDRESS__CONTAINER>.
ssh-copy-id root@<IP_ADDRESS__CONTAINER>
Pass the password for the root user in the container as prompted.
From here on SSH connection as the
rootuser will be possible from the server on the Edge to the container. Containers are not visible and accessible to any other network devices.
ssh-copy-id blog_cm@<IP_ADDRESS__CONTAINER>
Pass the password for the blog_cm user in the container as prompted.
From here on SSH connection as the
blog_cmuser will be possible from the server on the Edge to the container, so that the content of the website document root folder could be modified remotely, e.g. throughrsync. Containers are not visible and accessible to any other network devices.
Run the following commands on your server on the Edge.
incus exec <CONTAINER_NAME> fish
Let's harden the setup of the ssh server running in the container by disabling the password for logging in with root.
vi /etc/ssh/sshd_config
Delete the line PermitRootLogin yes.
Append the line PermitRootLogin prohibit-password.
systemctl restart ssh
You should have a fully functional Linux container named
<CONTAINER_NAME>that has also a non-administrative userblog_cm. In addition, the server on the Edge listens for SSH connections with therootuser. You know all login credentials.
If you are not already within the container, run the following command on your server on the Edge to log in as
root.
incus exec <CONTAINER_NAME> fish
apt update && apt install caddy curl
systemctl enable caddy
systemctl start caddy
systemctl status caddy
The
caddy.serviceshould have been started successfully.
Generate self signed TLS certificate and private key.
mkdir -p /opt/blog/tls
chown caddy:caddy -R /opt/blog
sudo -u caddy openssl req -x509 -nodes -newkey rsa:4096 -days 365 \
-keyout /opt/blog/tls/key.pem \
-out /opt/blog/tls/cert.pem
Let's create a document root directory for the static website.
mkdir -p /var/www/blog
chown -R blog_cm:blog_cm /var/www/blog
It's time to add some content to our static website. Create /var/www/blog/index.html and make sure the file contains the following.
sudo -u blog_cm vi /var/www/blog/index.html
<html>
<body>Hello World</body>
</html>
Modify /etc/caddy/Caddyfile, e.g. vi /etc/caddy/Caddyfile, and make sure it only contains the snippet below.
:443 {
tls /opt/blog/tls/cert.pem /opt/blog/tls/key.pem
encode gzip
root * /var/www/blog/
file_server
}
systemctl restart caddy
Now the website should be accessible within the container.
curl -k https://localhostwill return the content of/var/www/blog/index.htmlas the HTTP response body.
In a terminal on on the server on the Edge run the following command to forward incoming HTTPS connections on port 11443 of the server to port 443 on the container.
incus config device add <CONTAINER_NAME> \
https-11443-443 proxy listen=tcp:0.0.0.0:11443 \
connect=tcp:127.0.0.1:443
The website should be accessible from the Server on the Edge and any other device in the same network.
curl -k https://localhost:11443
Every now and then you will need to publish a new version of the static website. It would be inconvenient to log in with the container and manually do the needed changes.
Hence we have installed rsync in the container hosting the website and on the Server on The Edge. rsync can be used to push changes to the website. Changes are picked up automatically by Caddy.
From the server on the edge run the following commands as a non-root user.
cd ~ && mkdir blog
vi blog/index.html
Add the following content to the file and save it.
<html>
<body>
Hello Again. That's version 2. It's managed remotely.
</body>
</html>
rsync \
blog/index.html \
blog_cm@<IP_ADDRESS__CONTAINER>:/var/www/blog/index.html
Make sure that you have created an A domain record for <BUILDBOT_DOMAIN> with your domain registrar and you have waited for this record to become active.
If you use a domain name and that's not picked up by the domain name servers yet, Caddy will not be able to serve HTTPS requests because of Let's Encrypt (An SSL certificate authority) failing to verify the validity (ownership over) of the domain.
ssh mycelium@<IP_ADDRESS__INET_GW>
sudo su -
Add the following to /etc/caddy/Caddyfile.
<WEBSITE_DOMAIN> {
reverse_proxy https://<IP_ADDRESS__SERVER_ON_THE_EDGE_VPN>:11443 {
transport http {
tls_insecure_skip_verify
}
}
}
systemctl reload caddy
If everything is configured well, you should be able to access the website through its domain name by using a web browser by typing
https://<BUILDBOT_DOMAIN>in the address bar.
You may be interested in using a static website generator, such as Hugo. Feel free to generate a website and move its content to /var/www/blog.