diff --git a/README.md b/README.md index 14a817c..f5693dc 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,6 @@ This is my personal tech blog, where I share notes, tutorials, and guides about Linux, virtualization, networking, and other topics. The content is written in Markdown and published using [Hugo](https://gohugo.io/) with the [Stack theme](https://stack.jimmycai.com/config/). -The blog is publicly available at: [blog.mguz.xyz](https://blog.mguz.xyz) +The blog is publicly available at: [blog.mguz.dev](https://blog.mguz.dev) It is hosted on [Cloudflare Pages](https://pages.cloudflare.com/), providing fast and reliable global delivery. - diff --git a/content/page/about/index.md b/content/page/about/index.md index 3575f13..ad38771 100644 --- a/content/page/about/index.md +++ b/content/page/about/index.md @@ -17,16 +17,19 @@ lastmod: 2025-05-06T14:30:00Z Hey! I’m **Martin**. This blog is where I share my adventures with Linux, code, and 3D printing—stuff I find fun and worth documenting. ### **What You’ll Find Here** + - 🐧 **Linux**: Configs, distro hops, and terminal tricks. - 💻 **Code Snippets**: Mostly Rust, Python, and Bash—things I use daily. - 🖨️ **3D Printing**: CAD designs, troubleshooting, and mods. - 🔧 **Random Projects**: Whatever else I’m hacking on. ### **Who Am I?** + I'm a Computer Engineering student who believes the best way to understand systems is to take them apart. While I don't yet have formal IT experience, ### **Elsewhere** + - [GitHub](https://github.com/brockar/) (Where the code lives) -- [CV / Resume](https://mguz.xyz/) (Because formalities) +- [CV / Resume](https://mguz.dev/) (Because formalities) *This blog is built with [Hugo](https://gohugo.io/) and the [Stack theme](https://stack.jimmycai.com/).* diff --git a/content/post/export-server/index.md b/content/post/export-server/index.md index 15c26dc..ada691e 100644 --- a/content/post/export-server/index.md +++ b/content/post/export-server/index.md @@ -17,8 +17,8 @@ image = "banner.webp" [[links]] title = "Configure Your Server" -website = "https://blog.mguz.xyz/p/my-linux-server-config/#server-essentials" -image = "https://blog.mguz.xyz/img/avatar_hu_129dd3cd717ddc67.png" +website = "https://blog.mguz.dev/p/my-linux-server-config/#server-essentials" +image = "https://blog.mguz.dev/img/avatar_hu_129dd3cd717ddc67.png" [[links]] title = "traefik configuration" @@ -47,13 +47,14 @@ For the public services, we'll use [Traefik](https://traefik.io/traefik/) as a r By the end, you'll know how to keep your server safe from unwanted exposure while still being able to access everything you need from anywhere. -

Expose Server Diagram

--- + ## Tailscale + Tailscale is a secure VPN service that allows you to connect your devices over the internet as if they were on the same local network, without needing to expose them publicly. > *Important* @@ -63,53 +64,67 @@ Tailscale is a secure VPN service that allows you to connect your devices over t > Also you can invite up to 2 other users to your network, so you can share your server with your friends or family. ### Create your account + 1. Go to the [Tailscale website](https://tailscale.com/). 2. Click on "Get started - It's Free!" and follow the prompts to create an account. ### Install Tailscale + [Install Tailscale on your server](https://tailscale.com/download) by following the instructions for your operating system. For example, on Debian you can run: + ```bash curl -fsSL https://tailscale.com/install.sh | sh ``` + ### Start Tailscale + After installing Tailscale, you can start it with the following command: ```bash sudo tailscale up ``` + This will prompt you to authenticate your device with your Tailscale account. Follow the instructions in the terminal to complete the authentication process. ### Access Your Server + Once Tailscale is running on your server, you need to install the Tailscale app on your other devices (laptop, phone, etc.) and log in with the same account you used on your server. After logging in, you will see your server listed in the Tailscale app with its Tailscale IP address (usually in the format `100.x.x.x`). You can use this IP address to connect to your server securely without exposing it to the public internet. You can find this IP address by running: + ```bash tailscale status ``` + This will show you a list of devices connected to your Tailscale network, along with their Tailscale IP addresses. You can also access your server using the system hostname, for example: + ```bash ssh user@debian # or whatever your hostname is on your server ``` -Now you can disable the public SSH port on your server to prevent unauthorized access. +Now you can disable the public SSH port on your server to prevent unauthorized access. --- ## Traefik + Traefik is a modern reverse proxy and load balancer that makes deploying microservices easy. It automatically discovers services and configures itself dynamically, making it a great choice for managing your server's web traffic. In this setup, we'll configure Traefik with several security features: + - **Automatic SSL certificates** via Let's Encrypt and Cloudflare DNS - **Geographic blocking** to restrict access by country - **CrowdSec integration** for protection against malicious traffic - **Automatic service discovery** through Docker labels ### Prerequisites + Before setting up Traefik, ensure you have: + - A domain name managed by Cloudflare - Docker and Docker Compose installed on your server - Your domain's A record pointing to your server's public IP address @@ -118,21 +133,25 @@ Before setting up Traefik, ensure you have: > We use Cloudflare because Traefik can automatically manage DNS challenges for SSL certificate generation, and it provides excellent DDoS protection and CDN services. ### Installing Traefik + I use Docker to run Traefik. You can find my complete configuration in my [GitHub repository](https://github.com/brockar/traefik). Clone the repository and navigate to the directory: + ```bash git clone git@github.com:brockar/traefik.git cd traefik ``` Copy the example environment file and edit it with your values: + ```bash cp .env.example .env nano .env # or use your preferred editor ``` #### Getting your Cloudflare API Token + To allow Traefik to manage your DNS records for SSL certificates, you need a Cloudflare API token: 1. Go to your [Cloudflare dashboard](https://dash.cloudflare.com/) @@ -146,10 +165,13 @@ To allow Traefik to manage your DNS records for SSL certificates, you need a Clo 9. Copy the token and paste it into the `CLOUDFLARE_API_TOKEN` field in your `.env` file #### Configure Traefik Files + You need to manually edit several configuration files to customize Traefik for your setup. ##### Update Certificate Resolver + Edit `config/traefik.yml` to set your email address: + ```yaml certificatesResolvers: cloudflare: @@ -158,6 +180,7 @@ certificatesResolvers: ``` ##### Configure Security Middlewares + Edit `config/dynamic.yml` to set up geoblock and CrowdSec: ```yaml @@ -183,6 +206,7 @@ crowdsec: > **Finding your country code**: Visit [ISO 3166-1 alpha-2 codes](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) to find your country's two-letter code. ### Setup Docker Networks and CrowdSec API Key + Before starting Traefik, we need to create the necessary Docker networks and set up CrowdSec: ```bash @@ -207,34 +231,43 @@ docker exec crowdsec cscli bouncers add crowdsecBouncer Copy the generated API key and replace `##REPLACE_API_KEY##` in your `config/dynamic.yml` file. Also, get your server's public IP address: + ```bash curl ifconfig.co ``` + Use this IP to replace `YOUR.VPS.IP` in your configuration files. ### Start Traefik + Now you can start Traefik: + ```bash cd ../traefik docker compose up -d ``` Check if Traefik is running correctly: + ```bash docker logs traefik ``` ### Configure Your Services + There are two ways to configure services with Traefik: #### Docker Labels (Recommended) + Add labels directly to your service's `compose.yml` file. This method keeps configuration close to the service and automatically updates when you *restart the container*. #### Static Configuration Files + Create separate configuration files in the `config/` directory. This method allows you to update routing without restarting containers. -### Example Service Configuration +### Example Service Configuration + Here's a complete example of exposing a service using Docker labels: ```yaml @@ -269,12 +302,13 @@ networks: external: true ``` - ## Alternatives + You can use any VPN solution for private access to your server, not just Tailscale. For example, [WireGuard](https://www.wireguard.com/) is a popular alternative that you can self-host and configure to fit your needs. However, with WireGuard and similar self-hosted VPNs, you'll need to manually open ports on your firewall and router, and ongoing management can be more complex compared to Tailscale's streamlined setup. On the Traefik side, you don't have to use Cloudflare. You can use any other DNS provider that supports ACME challenges, like [DuckDNS](https://www.duckdns.org/) or [Google Domains](https://domains.google/). GeoBlock isn't mandatory, you can remove it if you don't need it or use it only on specific services. -You can also use other reverse proxies like [Nginx Proxy](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) or [Caddy](https://caddyserver.com/), but I prefer Traefik because it has many features out of the box and is easy to configure with Docker. \ No newline at end of file +You can also use other reverse proxies like [Nginx Proxy](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) or [Caddy](https://caddyserver.com/), but I prefer Traefik because it has many features out of the box and is easy to configure with Docker. + diff --git a/hugo.yaml b/hugo.yaml index a95debf..ddfa694 100644 --- a/hugo.yaml +++ b/hugo.yaml @@ -1,4 +1,4 @@ -baseurl: https://blog.mguz.xyz +baseurl: https://blog.mguz.dev languageCode: en-us theme: hugo-theme-stack title: brockar's blog @@ -123,7 +123,7 @@ menu: # - identifier: cv # name: cv - # url: https://martinguz.xyz/ + # url: https://mguz.dev/ # params: # icon: user