Technology choices for this website
Welcome! Let’s talk about the nuts and bolts of the technology I chose to host this website. None of these are sponsored; these are the options I decided on to get a website up and running quickly.
Domain Name Registrar: Cloudflare
The first step in setting up a website is registering your domain name and configuring DNS. Domain name registration is the process of acquiring a readable address (like timtalks.tech) for your website. This readable address is a user-friendly replacement for the IP addresses that computers use to identify each other on the network.
Registry and Registrar: The global DNS system is hierarchically structured with registries managing top-level domains (TLDs) like .com, .org, etc. Registrars, accredited by ICANN (Internet Corporation for Assigned Names and Numbers), interact with these registries to register domain names on behalf of end-users.
Technical Background
DNS Resolution Process: When a user enters a domain name, a DNS query is initiated. This process, involving recursive and authoritative name servers, translates the domain name into an IP address that computers understand.
Zone Files and DNS Records: Registrars also allow users to manage DNS records, which are stored in zone files. These records (like A, MX, CNAME) are crucial for directing traffic to the correct server, handling email routing, and more.
Propagation and TTL: Changes to DNS records have a propagation delay due to the Time To Live (TTL) settings. This is the time DNS servers cache the information, affecting how quickly updates are seen globally.
Cloudflare
timtalks.tech is hosted on Cloudflare’s domain platform. With the demise of Google Domains, I’ve been in search of a new domain name provider, so I decided to try out Cloudflare’s offering. Cloudflare is famous for its excellent DDoS protection, and some of those tools are included with domain name registration, so I decided to give them a try.
Setup was extremely simple, though there was one non-obvious step: I had to set the SSL/TLS encryption mode to Full (instead of the default of Flexible) because I created my own certs using LetsEncrypt (see below). Without that, I was getting ERR_TOO_MANY_REDIRECTS when accessing the site.
Cloudflare does not let you use your own DNS servers unless you pay extra for their Business plans, but they offer their own free service instead, which is fine by me, especially because their default DNS servers offer DDoS protection, DNSSEC, and other fun stuff.
VPS Host: DigitalOcean
After setting up the domain name and DNS, the next significant step in website deployment is selecting a suitable hosting solution. For timtalks.tech, I chose a Virtual Private Server (VPS) through DigitalOcean with Ubuntu 22 LTS Linux.
What is a VPS?
A VPS is a virtualized server that provides you with a private slice of a physical server’s resources. It combines the affordability of shared hosting with the control and flexibility of a dedicated server.
Why Linux
I’ve been using Linux since 1993, when I downloaded Slackware over a 14.4kbps modem and copied images to ~20 x 3.5″ floppy disks. It took weeks. I don’t recommend this installation method! A VPS can be spun up in minutes with DigitalOcean.
Using a VPS on Linux means that you’ll need to be much more hands on with your server configuration vs. a host that uses a control panel or other tools. If you’re techy enough to be reading my site, I recommend jumping in and learning. There’s a steep learning curve, but there are lots of great tutorials out there to get going.
Secure your Server
I recommend the following steps to secure your server:
- Use super strong passwords for your SSH login. I recommend a password manager like 1Password and 16+ character random passwords with symbols.
- DigitalOcean’s initial setup guide is very good.
- Enable Unattended Upgrades. This ensures that security and other updates get installed automatically.
- Install fail2ban. This auto-bans IPs that are trying to brute force your SSH credentials.
sudo apt install fail2ban
sudo service fail2ban restart
- Install a rootkit scanner like rkhunter.
- Configure UFW firewall. Make sure to allow ports 22 (SSH), 80 (HTTP), and 443 (HTTPS) at a minimum.
- Not exactly security related, but if you want to be able to send email from your server, you can signup for a free account with Sendgrid and setup Sendgrid with Postfix.
- Securing your website with an SSL/TLS certificate is essential. Let’s Encrypt provides a free, automated, and open certificate authority (CA) that is widely used and respected. Here’s how to set up Let’s Encrypt on your Ubuntu server with DigitalOcean.
Website Hosting: LAMP + WordPress
After securing the VPS with DigitalOcean and selecting Ubuntu 22 LTS as the operating system, the next step is setting up the website hosting environment. For timtalks.tech, I’ve chosen the LAMP stack coupled with WordPress. Here’s a high-level overview of the installation and configuration process.
Installing the LAMP Stack
Linux: Ubuntu 22 TLS.
Apache: Install Apache web server using Ubuntu’s package manager:
sudo apt update
sudo apt install apache2
- Once installed, verify that Apache is running by accessing your server’s IP address in a web browser.
MySQL: Install MySQL to manage the database needs:
sudo apt install mysql-server
- Secure MySQL installation with
sudo mysql_secure_installation
.
PHP: Install PHP (along with common PHP modules) to process code and generate dynamic content:
sudo apt install php libapache2-mod-php php-mysql
Configuring Apache and Virtual Host: Set up a virtual host for your domain
- Create a new config file in
/etc/apache2/sites-available/
with your domain name. - Configure the
DocumentRoot
andServerName
directives to point to your domain and its root directory. - Enable the new virtual host with
sudo a2ensite your_domain.conf
. - Reload Apache to apply changes.
Installing WordPress: Follow the instructions here to install WordPress on DigitalOcean.
WordPress Config
I won’t go into super fine detail about the WordPress config because I expect it to change, but here are some of the plugins I use:
- Akismet Anti-spam: Essentially for blocking spam comments.
- Jetpack: Pretty much indispensable these days for WordPress sites.
- Spectra: I’m trying the free version of this out, and so far it’s not bad.
- UpdraftPlus: Free backup to Amazon S3 buckets. This plugin is awesome but can be a bit finicky to setup because you need an Amazon AWS account and have to setup buckets, which cost money. My bill from Amazon though is well under $1/month, including another website that hosts lots of images.
- W3 Total Cache: Probably don’t need this as a small website, but without it, WordPress will give some complaints. Really easy to setup.
Creative
I’m a techie, so I need a little help when it comes to the creative part… Here’s what I use.
- Adobe Creative Cloud: Primarily for this website I use Photoshop and Illustrator to create and edit bitmap and vector graphics.
- ChatGPT: While all of my content is original and edited by me, I do use ChatGPT to give starter outlines for blogs, act as my tutor for new technologies, and give inspiration.
- Dall-E: The website logo and other graphics are generated with Dall-E, though I am working to re-create the logo in Illustrator.