You buy this from a "domain registrar" company, for an annual
fee around $20. They associate your domain
with your ID, and designate a DNS for your domain.
Choose a domain registrar that:
Will keep your ID private, for free.
Supports 2FA on your domain administration account.
Ways to own a domain (or sub-domain) without having your name on it: Njalla (domain for $15/year) FreeDNS (sub-domain for free)
DNS: maps from domain to host's IP address.
Usually you can use the DNS of your domain registar, or the DNS
of your hosting service.
Use the DNS of your hosting service, so that the DNS records get
updated automatically if they move your site to a new IP address.
How to dump your whole DNS configuration (all the records)
into a file for backup purposes ?
# gets some useful info, but not all records:
nslookup -q=any DOMAINNAME
# gets some useful info, but not all records:
dig @DNSSERVERNAME ANY -q DOMAINNAME
# about the same:
dig +nocmd DOMAINNAME any +multiline +answer
DNSChecker's "DNS Lookup"
also does not give all records; maybe my hosting service is
filtering out a bunch of them. For example, it doesn't show my DMARC record, but
DNSChecker's "DMARC Validation"
does show an evaluation of that record ! Doesn't show DKIM record.
Script "DNSDump.sh" that does a little better
(from here):
#!/bin/bash
# Usage:
# DNSDump.sh DOMAINNAME
# DNSDump.sh -x DOMAINNAME
# DNSDump.sh DOMAINNAME -s NAMESERVER
set -e; set -u
COMMON_SUBDOMAINS="www mail mx a.mx smtp pop imap blog en ftp ssh login"
EXTENDED=""
while :; do case "$1" in
--) shift; break ;;
-x) EXTENDED=y; shift ;;
-s) NS="$2"; shift 2 ;;
*) break ;;
esac; done
DOM="$1"; shift
TYPE="${1:-any}"
test "${NS:-}" || NS=$(dig +short SOA "$DOM" | awk '{print $1}')
test "$NS" && NS="@$NS"
if test "$EXTENDED"; then
dig +nocmd $NS "$DOM" +noall +answer "$TYPE"
wild_ips=$(dig +short "$NS" "*.$DOM" "$TYPE" | tr '\n' '|')
wild_ips="${wild_ips%|}"
for sub in $COMMON_SUBDOMAINS; do
dig +nocmd $NS "$sub.$DOM" +noall +answer "$TYPE"
done | cat #grep -vE "${wild_ips}"
dig +nocmd $NS "*.$DOM" +noall +answer "$TYPE"
else
dig +nocmd $NS "$DOM" +noall +answer "$TYPE"
fi
I see comments online saying that "get all records" is called a "zone transfer", and
this is not allowed without authorization (an "external zone transfer") because it provides lots of info for attackers.
Host: machine at the IP address.
Web server: Apache, NGINX, etc.
Don't have the same company be your domain registrar and your site host.
If the site host disables your account for some reason, you want to be able
to point your domain to some other host and get the site back online quickly.
Do not use a free email account provided by your domain registrar or your site host.
If they disable your account for some reason, you don't want to lose both email and web site.
Free shared hosting service: probably limited services, probably no ad money,
may have quirks, might not be able to use your own domain name, may go out of business.
A server machine in your home LAN: bad choice, you have to open an incoming port through
your router into your LAN, monitor security, patch software, etc.
A desktop machine in your home LAN: worst choice, now you're letting incoming traffic
into a machine with your important personal data on it.
Cloud VPS: a virtual Linux machine running in some data center: most flexible, and lets
you get hands-on with all the details of web server, database server, etc (if you wish).
Digital Ocean. Linode.
Moving big static files (images etc) to Cloud Storage:
This reduces traffic and disk space requirements on your site hosting service.
But this adds another point of failure. If the cloud storage service goes down,
your images are inaccessible. Your web pages still work.
Requires an email address and phone number. 10 GB free.
KEY LIMIT: cap of 2500 free "downloads" (images displayed, for example) per day. And the
only way to eliminate the limit is to add a payment card and get charged for every download
above the limit, each day. There is no flat monthly fee or lifetime plan; it's pay-per-download.
Record your "Master Application Key" value from My Settings / App Keys.
Create an application key there too; you will get an "id" value and a "key" value.
Max of 100 buckets, each bucket name must be 6 to 50 chars long, can't rename a bucket.
IMO the only reason to create multiple buckets is if you want different permissions for them.
pip install --upgrade b2
b2 version
b2 help
b2 authorize_account APPIDVALUE
# then when prompted:
Backblaze application key: APPKEYVALUE
# that created file .b2_account_info in your home directory
# you're supposed to get a response giving URL, but I didn't get one
strings .b2_account_info | grep http
# looks like my URL is https://f000.backblazeb2.com/
b2 create_bucket myweb0 allPublic
# bucket has to be empty before you can delete it
# easiest to delete from CLI
b2 delete-bucket BarcelonaPics
b2 list_buckets
# if uploading lots of files, easier to do through web site
# BUCKET SRC DEST
b2 upload_file myweb0 AndaluciaPics/xxx.jpg AndaluciaPics/xxx.jpg
b2 upload_file myweb0 AndaluciaPics/thumbs/xxx.jpg AndaluciaPics/thumbs/xxx.jpg
# access via: https://f000.backblazeb2.com/file/myweb0/AndaluciaPics/xxx.jpg
"b2 help" puts output on stderr, not stdout ? Can't do "b2 help | more" ?
The CLI utility uploads only one file at a time, and maybe each upload
can fail and have to be retried ? Instead, use the web site, go to Browse Files,
and in a bucket click Upload. Then you can select N files and upload them in one batch.
If the upload fails, just click Close (X) on the error dialog. You will go back to the
file-listing dialog (which has no scrollbar or buttons !). Just leave it alone,
let it sit there, it will try again on the failed files.
Limited to 2500 file-uploads per day, including retries, and you may well hit that limit when first
creating your bucket(s).
Caching content in multiple servers worldwide via a CDN (Content Delivery Network):
You could have a CDN (Content Delivery Network) cache your large data (images, audio, video).
This reduces traffic and disk space requirements on your site hosting service or cloud storage service.
But this adds another point of failure. If the CDN goes down,
your images etc are inaccessible. Your web pages still work, because
they're addressed via your main domain, not the CDN domain or cloud domain.
Had to give email, phone, postal address,
name of domain of my web site. Verified the email. Later got an email telling me
an URL to use, of form like "https://r6t7t9y90e03.hostrycdn.com/..."
Then change image links from "https://MYDOMAIN/..." to "https://r6t7t9y90e03.hostrycdn.com/...".
Later decided not to use it. Partly because of additional point of failure, but mainly
because I feared it would run up the daily download count on my cloud storage and hit the cap there.
If you use all three (site host, cloud storage, and CDN):
Pages and small files reside on your site host.
Big static files (images etc) reside on the cloud storage.
Then:
Img links in pages use the CDN's domain.
CDN is set up to look for images etc on the cloud storage domain.
Enable HTTPS access to your site, so your users will have secure connections (no malicious injection by ISP).
Apparently, a free TLS certificate generally won't have your person/organization name in it, and just assures
that the connection is secure. But a paid TLS certificate generally WILL have your person/organization name in it,
and also serves to assure user that they are connecting to correct person/organization.
Change your port 80 vhost so it doesn't serve your site and only has a .htaccess
redirect to port 443, which serves your actual site ?
For best file caching you should have either an ETag directive or If-Modified-Since / If-None-Match
directives, but not both ? And ETag doesn't work if your site is being served from multiple servers. AskApache's "Speed Tips: Turn Off ETags"
To see certificate chain from client to your site, on Linux client:
echo | openssl s_client -connect www.YOURDOMAINNAME:443 -showcerts | more
Use an editor that will syntax-check your HTML and CSS and Javascript. I use VSCode.
Check for broken links (an endless chore).
If you use VSCode editor, I have written an extension
(HTML link checker)
that does this from within the editor, where it's easy to fix the code. Can be used to check links
in HTML, XML, and RSS files.
Where possible, use HTTPS links instead of HTTP links in your pages,
so your users will have secure connections (no malicious injection by ISP).
Use moarTLS browser extension to check your pages for HTTP links.
But don't assume that when it says an HTTPS version is available, you can just change the link to HTTPS.
Some sites accept HTTPS but give an error or empty page, some give only the home page, some redirect back to the HTTP page.
If you use VSCode editor, I have written an extension
(HTML link checker)
that does similar checking (and more) from within the editor,
where it's easy to fix the code.
By default, in Hugo your page content is written in Markdown. HTML is allowed
(Hugo's "Supported Content Formats"),
but Markdown seems to be the standard (and for more tools than just Hugo;
JAMstack), and I want
my site to work better on mobile. So I need to convert my existing HTML
files to Markdown. pandoc
Available in Mint's Software Manager, but it's an old version, install from home.
Source files (*.md) go in archetypes/ directory (config variable "archetypeDir") ?
But also content/ directory (config variable "contentDir")
and data/ directory (config variable "dataDir") ?
Seems content/ is for your page files.
"In Hugo, the simplest way to create a page is to create a directory containing an index.md file.
If you need to create a new section for your website, then instead of an index.md file,
simply create _index.md. Section pages in Hugo are mostly called list and other pages are called single."
from Syna
Default Hugo target directory for your built website is public/ (config variable "publishDir").
Simplest to use a single config.toml file in the root directory,
if you're not going to do multiple languages or development/staging/production things.
But the theme you choose may come with a lot of features, including multiple languages ?
By default, the static/ directory in the site project is used for all static files (e.g. stylesheets, JavaScript, images).
The static files are served on the site root path ... Hugo's "Static Files"
My directory structure:
archetypes
content
sailing
gettingstarted
gettingboat
usingboat
places
magnolia
blog
computers
reasoning
legal
places
europe
romaniatrip2016blog
romaniatrip2019blog
spain
andalucia
blog
barcelona
blog
cartalk
disasterprep
presidents
data
layouts
static
pics1
pics2
pics3
themes
hugo-theme-w3css-basic
I want: blog, image gallery, deeplinks, syntax highlighting, mobile.
I'd like something that doesn't use lots of dependencies.
I think my first choice is
Hugo Themes / W3.CSS Basic,
maybe second choice would be
Hugo Themes / Swift.
# to get ALL themes:
git clone --recursive https://github.com/spf13/hugoThemes ./themes
# to get ONE theme:
mkdir themes
cd themes
git clone https://github.com/jaden/twentyfourteen
Create pages:
What is a section ?
hugo new SECTIONNAME/FILENAME.FORMAT
# will create file content/SECTIONNAME/FILENAME.FORMAT
# but then no html file is produced in public ???
# Generate site's pages:
rm -fr public
hugo
Test your site locally:
sudo iptables -I INPUT -p tcp --dport 1313 -j ACCEPT
hugo server
browse to http://localhost:1313
I installed hugo_0.58.2_Linux-64bit.deb. "Extended" version adds Sass/SCSS support;
I think this means it can run on a VPS such as DigitalOcean or AWS.
Installer put it in /usr/local/bin/hugo. Do "hugo version" to verify.
# make site "myweb1" in home directory
cd ~
git clone https://github.com/it-gro/hugo-theme-w3css-basic temp1
cd temp1
mv exampleSite ../myweb1
mkdir ../myweb1/themes
mkdir ../myweb1/themes/hugo-theme-w3css-basic
mv * ../myweb1/themes/hugo-theme-w3css-basic
cd ..
rm -fr temp1
cd myweb1
# edit config.toml:
# change values of baseURL and title
# change I want:
uglyURLs = true
# addition I want:
disablePathToLower = true
cd content
# create index.md file containing any text
cd ..
rm -fr public
hugo
# see that public was created and contains files
ls public
hugo server
# browse to http://localhost:1313
# Site home page appeared ! But I don't see contents of my index.md file.
# close browser tab
ctrl-C to kill server
# Edit config.toml to disable jumbotrons, clients, testimonials,
# photocards, params.marquee, params.features, cookieconsent, params.seeMore
# Comment out setting of disqusShortname to disable it.
# Set disableRSS to true.
rm -fr public
hugo
hugo server
# browse to http://localhost:1313
# Now should see contents of my index.md file.
# Use "preview w3.css color themes" pull-down menu to try different color schemes.
# I like "2017 island-paradise" and "Light blue #87ceeb"
# In config.toml, comment out line for "2018-ceylon-yellow.css"
# and un-comment line for "light-blue.css".
# Maybe you could make your own color-scheme by going to
# themes/hugo-theme-w3css-basic/static/vendor/w3css/4
# and copying and modifying one of the files.
# Docs say "You may create your own monochromatic color theme using
# https://www.w3schools.com/w3css/w3css_color_generator.asp
# and then put the css file under /static/css/w3-theme-custom.css".
# Once you're happy with the color-scheme, you can remove the pull-down
# by changing themeColorSelectorEnable to false.
# add image gallery
https://github.com/liwenyip/hugo-easy-gallery/
content/pages/showcase/gallery-01.md
# STUCK !!! Can't get any *.md file I add under content/ to produce
# a corresponding *.html file under public/.
# make site "myweb3" in home directory
cd ~
hugo new site ./myweb3
cd myweb3
cd themes
git clone https://github.com/onweru/hugo-swift-theme.git
cd ..
hugo new Reason/Reasoning.md
# edit content/Reason/Reasoning.md
rm -fr public
hugo
# got errors "found no layout file for "HTML" for "page": You should create a template file ..."
# edited config.toml to add line 'theme = "hugo-swift-theme"'
rm -fr public
hugo
# got error "Transformation failed: TOCSS: failed to transform "scss/main.scss"
# (text/x-scss): this feature is not available in your current Hugo version"
# Apparently this theme is using SCSS, only available in Hugo extended.
# So, I downloaded the "extended" deb file and installed over top of existing Hugo.
# Maybe could have done "snap refresh hugo --channel=extended" instead ?
rm -fr public
hugo
hugo server
# browse to http://localhost:1313
# Site works, I see home page and my added Reasoning.md file
# copied menu.yml file from themes/hugo-swift-theme/exampleSite/data/ to top data/
# added more files in content/Reasoning folder, and they all show up as
# tiles/cards/posts on the home page, not what I want.
hugo new Presidents/Presidents.md
# also shows up as a tile on home page, not what I want.
# I can't find how this is happening.
# make site "myweb4" in home directory
cd ~
hugo new site ./myweb4
cd myweb4
cd themes
git clone https://github.com/gcushen/hugo-academic.git
cd ..
git init
git submodule update --init --recursive
rm -fr public
hugo
# errors, lots of stuff missing
# tried copying everything up from exampleSite to main
# directory, got different errors
# edited config.toml to add line 'theme = "hugo-academic"'
# edit config/_default/params.toml to set "color_theme" as desired
# https://sourcethemes.com/academic/docs/get-started/
# make site "myweb5" in home directory
cd ~
hugo new site ./myweb5 && cd myweb5
git init
git submodule add https://github.com/PippoRJ/hugo-refresh.git themes/hugo-refresh
rm config.toml
curl -O https://raw.githubusercontent.com/PippoRJ/hugo-refresh/master/exampleSite/config.yaml
rm -fr public
hugo server -D
# edit config.yaml file
# site works, but again I don't see where index.html is being generated,
# don't see how to change it to a page of icons as I want.
I started from a handcrafted HTML web site, with inline Javascript on some pages,
and Google ads.
Hugo processes images to make the site; I think I want to disable that.
My evaluation of Hugo:
I've tried 4 different themes. None of them document the content structure you're supposed to use
and what they do with it, the required filenames. None of them define the limits they impose, the assumptions they make.
With W3.CSS Basic, I couldn't get any of my pages to appear. Put *.md files all over various levels of content/, nothing.
With Swift, all my *.md files end up as "cards" on the home page. Not documented, didn't expect that,
I guess no way to change it.
With Academic, got error after error while building. Couldn't get to a sane site.
With ReFresh, don't see how to modify home page to what I want, it's hard-coded somewhere ? Similar problem in other themes.
And it looks like I would have to structure pages totally differently for some themes ? Syna, for example,
defines "fragments". Some use "widgets". In some of them, every one of my pages has to be in a separate directory,
and named _index.md ? So once I start using a theme, I'm stuck with it, no easy way to move to another theme or
port my site to some other framework.
Since each theme is different and seems to involve a fair amount of custom code, I'm
not sure how much the general Hugo community can help with big problems. With small
"what is the syntax for this element ?" questions, they probably could help. But
for "why don't any of my pages appear ?", you'll have to ask the community (if any) specific
to that particular theme. And some of the themes I tried seem to have an unresponsive
developer and no community; not sure.
I've read tons of documents, looked through lots of the code, and I'm totally defeated. This is crazy.
Realized I tried something that was way too complex for my needs. Would be nice to have canned things
such as photo gallery, blog, nice UI. But not at this cost.
MobileTest.me
Had to comment out setting of X-Frame-Options to 'deny' in my site's .htaccess file.
Got it working in Chromium, but not in Firefox.
It doesn't replicate a weird button-sizing issue someone saw with my site on an iPhone.
In Chrome or Chromium browsers:
Go to web page, then F12 for Developer's Tools. Click Toggle Device Toolbar button
(looks like two overlapping rectangles) or Ctrl-Shift-M to turn Device Mode on or off (icon is blue when on).
Select device with the Viewport Controls (pull-down menu that starts as "Responsive").
Refresh web page. Every time you change device type, refresh page again.
5 March 2018, I bought a lifetime-hosting subscription from Arch Hosting for $25.
Terms are 2 GB storage and 500 GB/month bandwidth. No monthly or annual hosting charge, for life. If you want
to buy a domain through them, first year is free, subsequent years cost somewhat above market rate (so they can make a profit).
If you want a free-first-year domain from them, there is a list of about 8 TLD's it can be in.
My TLD, ".me", is not one of them.
I already had a domain registered with GoDaddy, so I selected "I will use my existing domain and update my nameservers".
Ended up with three sets of username/password for Arch: one for the account, one for the control panel, and one for FTP.
Had to wipe out files on my old host before switching domain to point to new host, because only access
I had to old host was via FTP. That means my site will be down for several hours during
the changeover. Maybe I could have done FTP to old site later by using IP address instead of domain name,
but I didn't think of that.
Switched domain's IP and nameserver IPs in GoDaddy to point to Arch's servers,
and suddenly GoDaddy says "we can't show you anything
about DNS because now you're on someone else's DNS". Maybe that wouldn't have happened if I'd changed only the
domain's IP and left the nameserver IPs unchanged (which I think would have worked, but
not been optimal). Now my DNS info is accessed
through Zone Editor in Arch's cPanel. Domain still is registered at GoDaddy.
Took about an hour for the updated DNS info to percolate through the system; GoDaddy had a TTL of 1 hour on it.
In Arch file manager, site files must reside under /public_html folder.
If you want to FTP directly into there,
when creating FTP account, specify home directory "public_html".
Couldn't figure out how to get the SFTP to work, used FTP instead, it worked fine. I'm using a client (WinSCP)
that they don't support, so none of their supplied config files help me. Maybe I need SSH enabled on my site
in order to use SFTP. And maybe I need an encryption key, too. [Eventually asked Support, they said yes need SSH,
no key, they'll enable SSH on my account. Login details a bit different, but now SFTP works.]
About 24 hours later, got email that Arch's "AutoSSL" had generated an SSL certificate for me (from Let's Encrypt)
and installed it, all automatically with no request by me. Went to browser, and both HTTP and HTTPS work.
When I go to HTTP site,
HTTPS Everywhere add-on does not automatically send me to HTTPS site. Turns out HTTPS Everywhere works
off a set of rules, it doesn't automatically switch over for every random site.
Info in browser says the certificate expires in 3 months ? Answer from Support:
"The SSL certificate expires in 3 months, but the system automatically renews it before that.
As long as your site points to our hosting, the certificate will always renew before the expiration date."
Received an automated "you're close to your disk space limit" email. Looks like the limit
is 1.95 GB, not 2.0, and I've used 1.62 GB. Also a limit of 100K files, and I have about 9K.
Ran moarTLS on HTTP version of my site, and it correctly detects that an HTTPS version is available.
Change to HTTPS version, and moarTLS says all internal links are secure.
Added some Apache "Rewrite" directives to ".htaccess" file, and now any access to my site using HTTP
gets changed to HTTPS automatically.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.billdietrich.me/$1 [R,L]
I wonder if I should delete some superfluous CNAME records in my DNS entry. I haven't enabled any
additional features: email, etc. But my site is accessible through both "www.mydomain.tld" and "mail.mydomain.tld", and
probably other sub-domains too. Wikipedia's "List of DNS record types"
There's no "AAAA" record in my DNS entry, so I think my site is not accessible via IPv6.
ipv6 test
and
chair6
confirm that.
By end of 2nd day, I've interacted with Support on about 6 questions, with good results each time. Very satisfied.
And my site is completely up and running, no issues remaining. Of course, my site is pretty simple, no server-side code,
not using their email or Wordpress or database or other features.
Looks like I can upgrade to 10 GB storage and 1 TB/month bandwidth for $20. This would change
my lifetime account from "Startup" to "Business".
After a week, everything still fine.
Traffic to my site has consumed about 4 GB of bandwidth. So I won't
be anywhere near hitting the 500 GB/month limit.
After 2+ weeks, received email invoice saying "Pay $0.00". Followed by another
email saying "Thank you for your payment of $0.00".
A month after that email invoice, received another pair of emails, same thing.
I guess it will happen every month.
11 days later, got ANOTHER email invoice/paid pair.
6/16: Noticed that HSTS is not enabled on my site. Support says add
Header set Strict-Transport-Security "max-age=31536000" includeSubDomains env=HTTPS
to the .htaccess file. Did that and it worked. Later changed to
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS
7/1: No DNSSEC on my domain; I tested it with
VeriSign's "DNSSEC Analyzer".
But my domain was registered through GoDaddy; not sure if that matters, I think
Arch's DNS servers are serving it now. Arch Hosting Wiki's "DNSSEC"
says DNSSEC is optional, sounds a little scary, may cause problems.
8/29: Found that Arch offers 2FA (software TOTP) on the CPanel login, so I enabled that.
They're hoping to offer 2FA on the main account login in the future.
8/29: Arch doesn't support onion (Tor) access to your web site, and doesn't plan to do so, opposes it.
9/20: Added
Header set X-Frame-Options "deny"
Header set X-XSS-Protection "1; mode=block"
to .htaccess file.
10/1: Added
Header set X-Content-Type-Options "nosniff"
Header set Content-Security-Policy "object-src 'self';"
Header set Content-Security-Policy "script-src 'unsafe-inline';"
Header set Content-Security-Policy "style-src 'self' 'unsafe-inline';"
Header set Content-Security-Policy "frame-ancestors 'none';"
to .htaccess file.
12/28: Added
Header set Referrer-Policy "no-referrer-when-downgrade"
Header set Feature-Policy "payment 'none'; notifications 'none'; microphone 'none'; camera 'none'"
Header set Expect-CT "enforce; max-age=600"
to .htaccess file.
12/30: Added a /.well-known/security.txt file containing:
Contact: mailto:admin@billdietrich.me
3/4/2019: Realized directives were blocking Google add/search/analysis features,
changed .htaccess file to have:
6/1/2019: Realized my site had a DNS MX record, and a default email account in the hosting account.
Support says they are harmless and can't be removed.
8/2019: CPanel greatly raised charges, so Arch moved users (who consented) to DirectAdmin.
They said nothing would change with FTP, but in fact SSH and SFTP went away, only plain FTP is available now.
10/2019: Set MX records to point to Migadu servers.
10/2019: Found you get a limited number of Support credits when you sign up, and mine have
run out, apparently no Support for me any more !
11/2019: Now TOTP is supported again on main Arch account login, but TOTP on DirectAdmin
fails for me, says time-discrepancy error.
There is a "restricted community" /u/ArchHosting on reddit. I don't know how
that differs from a "restricted sub-reddit", which would start with /r/.
Ways to make your content appear on the web section