Information Technology Grimoire

Version .0.0.1

IT Notes from various projects because I forget, and hopefully they help you too.

Jekyll Installation

Hosting

Route53

Add A record pointing to your server

Name: grimoire.digitalcrunch
Type: A
Value: 162.243.46.68
TTL: 300
Policy: Simple

Route53

Apache VirtualHost

Add Virtualhost for this location and touch files/mkdirs

(1:2254)# cat /etc/apache2/sites-available/grimoire.somesite.com.conf
<VirtualHost *:4000>
  ServerAdmin admin@somesite.com
  ServerName grimoire.somesite.com
  #ServerAlias grimoire.somesite.com

  DirectoryIndex index.html
  DocumentRoot /var/www/html/grimoire.somesite.com

  <Directory /var/www/html/grimoire.somesite.com>
    Order allow,deny
    Allow from all
    Require all granted
  </Directory>

  ErrorLog /var/www/logs/grimoire.somesite.com.error.log
  CustomLog /var/www/logs/grimoire.somesite.com.access.log combined
</VirtualHost>

Enable Ports (Apache)

(1:2255)# cat /etc/apache2/ports.conf
Listen 0.0.0.0:80
Listen 0.0.0.0:4000

<IfModule ssl_module>
        Listen 0.0.0.0:443
</IfModule>

<IfModule mod_gnutls.c>
        Listen 0.0.0.0:443
</IfModule>

Restart Apache and Verify

(1:2257)# whoami
root

(1:2258)# apache2ctl -t
Syntax OK

(1:2265)# systemctl restart apache2

(1:2259)# apache2ctl -S | grep grim
*:4000                 grimoire.somesite.com (/etc/apache2/sites-enabled/digitalcurnch.com.conf:72)

(1:2260)# netstat -plunt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      23030/apache2
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1092/sshd
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      23030/apache2
tcp        0      0 0.0.0.0:4000            0.0.0.0:*               LISTEN      23030/apache2

HSTS headers

Until you get ssl running…

(1:2262)# cat /etc/apache2/apache2.conf

<IfModule mod_headers.c>
    <Directory />
        # These headers will be set for all domains
        Header always set X-XSS-Protection "1; mode=block"
        Header always set x-Frame-Options "SAMEORIGIN"
        Header always set X-Content-Type-Options "nosniff"
        Header always set Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *;"
        Header always set Referrer-Policy "strict-origin"

        # This will exclude grimoire.somesite.com for HSTS header
        SetEnvIf Host "grimoire\.digitalcrunch\.com" exclude_hsts
        Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=!exclude_hsts
    </Directory>
</IfModule>

Basic Apache Security

This is not working for some reason:

htdigest /var/www/.htdigest RESTRICTED james

 <Directory "/var/www/html/grimoire.somesite.com">
  #Deny from all
  #Allow from
  Require ip 162.243.46.68
  Require ip 76.100.155.109
  Require ip 45.31.215.9
  Require ip 47.186.73.182
  AuthType Digest
  AuthName "RESTRICTED"
  Require valid-user
  AuthUserfile /var/www/.htdigest
 </Directory>

My other (working) configs:

 <Location /server-status>
  SetHandler server-status
  Order Deny,Allow
  Deny from all
  Allow from 127.0.0.1 162.243.46.68
  AuthType Digest
  AuthName "RESTRICTED"
  Require valid-user
  AuthUserfile /var/www/.htdigest
 </Location>

Firewalls

Cloud Firewall

Add port 4000 from the specific IP

Networking > Firewalls > Create a policy, Add rules > apply policy to a droplet

https://cloud.digitalocean.com/networking/firewalls/

Host Based Firewall

You could have host base firewalls and/or. Your preference. Just make sure firewalls don’t block you.

ufw status numbered
ufw allow proto tcp from any to any port 4000

https://jekyllrb.com/docs/

Ubuntu

sudo apt-get install ruby-full build-essential zlib1g-dev

Windows

See the docs for jekyll to isntall ruby, gems, etc

Gem Configuration

Configure Ruby Gem Installs

echo '# Install Ruby Gems to ~/gems' >> ~/.bashrc
echo 'export GEM_HOME="$HOME/gems"' >> ~/.bashrc
echo 'export PATH="$HOME/gems/bin:$PATH"' >> ~/.bashrc
source ~/.bashrc
cat ~/.bashrc

Install Jekyll

gem install jekyll bundler

Gems worth investigating

## Other
https://github.com/pmarsceill/jekyll-seo-gem
https://github.com/jekyll/jekyll-seo-tag
https://github.com/jekyll/jekyll-admin
https://github.com/jekyll/jekyll-import
https://import.jekyllrb.com/docs/wordpress/

New Site

Create a site

jekyll new techgrimoire
cd techgrimoire2/
bundle exec jekyll serve
jekyll serve

Modify _config.yaml

title: IT Grimoire
email: jame_s@somesite.com
description: >- # this means to ignore newlines until "baseurl:"
  Information Technology Grimoire
baseurl: "" # the subpath of your site, e.g. /blog
url: "" # the base hostname & protocol for your site, e.g. http://example.com
#twitter_username: jekyllrb
#github_username:  jekyll

color_scheme: dark

theme: just-the-docs

plugins:
  - jekyll-feed

nav_sort: case_insensitive

host: 0.0.0.0
port: 4000

mermaid:
  # Pick an available version from https://cdn.jsdelivr.net/npm/mermaid/
  version: "9.1.3"

# fix with correct UA
ga_tracking: UA-12345-12
ga_tracking_anonymize_ip: true 

# requires https
enable_copy_code_button: true

Structure and Design

Pages

(Just make a page.markdown and it will render)

---
# Title, summary, and page position.
linktitle: Troubleshooting
summary: Troubleshooting Documentation
weight: 1
icon: book
icon_pack: fas

# Page metadata.
title: Troubleshooting
date: 
type: book # Do not modify.
---

Posts

dir1/dir2/_posts/YEAR-MM-DD-some-title.markdown in the _posts directory

---
# Title, summary, and page position.
linktitle: "Welcome to Jekyll!"
summary: "Welcome to Jekyll!" Documentation
weight: 1
icon: book
icon_pack: fas

# Page metadata.
title: "Welcome to Jekyll!"
date: 
type: book # Do not modify.
---

Other params must be on the same line or it wraps it in p tags.

CSS

  • Find the $HOME/gems/gems/just-the-docs/layout/default.html page
  • add the standard css include lines like normal html
  • create the css file like normal
<link rel="stylesheet" href="/assets/css/custom.css">

Javascript/Includes

<script src="/assets/js/list-compare.js"></script>

Server/Serving

If Apache/Nginx isn’t your thing, there are other ways. Here is the emergency way just to view the content.

Production

You have to “build” the static pages when you are ready to serve them.

jekyll build

This creates static files in _site/ folder.

Copy the _site/ info to your production server

Local (jekyll)

If instead you just want to see a local copy as you edit:

cd /yourproject
jekyll serve

Local (python)

Here is a way you can easily serve a local copy without ruby, gems, apache etc. You will have the static code, so extract all of that and then:

cd _site
python3 -m http.server 4000

Access the info on http://localhost:4000 or whatever the _config.yaml is set for.

Public IP

I do not think jekyll is a production server but if you need it on your LAN, edit the _config.yml:

# deployment
host: 0.0.0.0
port: 5000

Jekyll Gotcha

  • sometimes you have to restart jekyll to get good rendering
jekyll serve

This works better if you are using gems though:

bundle exec jekyll serve