When moving stuff to a new box.
Checklist
- port forwards
- gpg and ssh
- merecat
- cgit
- env
Merecat
Packaged for Debian. Uses Let’s Encrypt for certificates.
Once you have restored /etc/letsencrypt from the old hearth, check with sudo certbot renew --dry-run. The certificate is for *.alephnull.site.
Merecat serves {blog,git}.alephnull.site.
## /etc/merecat.conf -*-conf-unix-*-
username = www-data
## Chrooting is a security measure which means isolating the webserver's
## access to files only available from a the given directory. To access
## files outside the chroot the administrator can either copy or bind
## mount files and directories into the chroot.
chroot = false
## Alt. charset=iso-8859-1
charset = UTF-8
## Webserver document root, or chroot
directory = /var/www
## Virtual hosting
## /var/www/cgi-bin/ <-- Shared CGI
## /var/www/ftp.example.com <-- ftp.example.com
virtual-host = true
## /var/www/git.example.com <-- git.example.com
# Enabled for cgit
cgi "/cgi-bin/*|**.cgi" {
enabled = true
}
## Server specific settings, overrides certain global settings
## Notice the HTTP redirect from the default server to HTTPS.
server default {
hostname=0.0.0.0
port = 80
# Lets not do this. I will serve non-https sites too.
# redirect "/" {
# code = 301
# location = "https://$host$request_uri$args"
# }
}
server secure {
hostname=0.0.0.0
port = 443
ssl {
certfile = /etc/letsencrypt/live/blog.alephnull.site/fullchain.pem
keyfile = /etc/letsencrypt/live/blog.alephnull.site/privkey.pem
dhfile = certs/dhparam.pem
}
}
Cgit
Packaged for Debian. Uses CGI to talk to Merecat. Assuming that /var/www/git.alephnull.site is the Merecat vhosts directory, make links to the cgit assets
ln -s /usr/share/cgit /var/www/git.alephnull.site
ln -s /usr/lib/cgit/cgit.cgi /var/www/git.alephnull.site/index.cgi
ln -s /usr/lib/cgit/filters /var/www/git.alephnull.site/
Repos
They live on the Sabrent array at /data/repos.