Building this Site

In my first blog post I’m going to walk you through the process of building this blog.

It’s powered by the following:

Getting Started

I’m a huge fan of DigitalOcean, and use them to host a few projects including this site. If you don’t have a Digital Ocean account, use my referral code to get $10 🙃

I have attempted to highlight differences in your variables, users, etc in red, so watch out for those!

Setting up CentOS

I have consolidated my CentOS setup process into this blog post. It covers setting up users, firewalld, automatic updates, Nginx, Let’s Encrypt, etc. I’ll assume you have completed that blog post, or are comfortable making adjustments as needed.

Later in the guide you’ll need to access port 4000/tcp, so we’ll open that up now.

$ sudo firewall-cmd --permanent --add-port=4000/tcp
success
$ sudo firewall-cmd --permanent --list-all
public (default)
  interfaces: 
  sources: 
  services: http https ssh
  ports: 4000/tcp
  masquerade: no
  forward-ports: 
  icmp-blocks: 
  rich rules: 
$ sudo firewall-cmd --reload

About Jekyll

Jekyll is written in Ruby and can easily turn blog posts written in markdown into a simple, yet powerful website. It’s similar to Hugo or ghost. Jekyll is used to power GitHub Pages, which can be used in lieu of a bunch of things I set up manually as part of this blog post—and is also free 🤑

Most themes follow the same basic architecture. The two most important parts of a theme are the _config.yml file and _posts folder. The config file lets you change some basic information about the site including your name, links to social media, and things like the markdown parser or syntax highlighter.

Installing Jekyll

# some of these may be uneccessary, but can save you some headache later with gem installs
$ sudo yum install -y ruby ruby-devel rubygems build-essential git zlib-devel gcc
$ sudo gem install jekyll bundler

Setting up Jekyll

Find a Jekyll theme online and go to its GitHub page and follow the installation instructions. If none are provided, try adapting the directions in the theme I used. Deal with the inevitable dumpster fire involved with installing ruby gems 🔥

# Navigate to the directory you want your site to live in, I chose ~/site
$ mkdir ~/site && cd ~/site
# You could also 'fork' the parent repo and then clone
$ git clone https://github.com/joshgerdes/jekyll-uno.git
$ cd jekyll-uno
$ bundle install

Customizing your Jekyll install is mostly done within your _config.yml file. I adjusted title, description, url, baseurl and the social media links. You can see my config file on GitHub.

$ bundle exec jekyll serve --host=138.68.44.75

Visit 138.68.44.75:4000 in your browser just to make sure that everything is running properly, then exit Jekyll with Ctrl+C.

📸   Take a snapshot once your Jekyll theme is working

Reconfiguring nginx

We’ll need to make some minor edits to our existing nginx configuration to accomodate the Jekyll site.

$ sudo semanage permissive -a httpd_t
$ chmod 710 /home/leif

When you edit $ sudo emacs /etc/nginx/conf.d/ssl.conf, either copy mine (below) or edit the following directives manually:

root /home/leif/site/jekyll-uno/_site;
index index.html
autoindex off;
server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;


        server_name leifdreizler.com www.leifdreizler.com;

        ssl_certificate /etc/letsencrypt/live/leifdreizler.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/leifdreizler.com/privkey.pem;

        ssl_protocols TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
	ssl_session_tickets off;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header Strict-Transport-Security max-age=15768000;
	## verify chain of trust of OCSP response using Root CA and Intermediate certs
    	ssl_trusted_certificate /etc/letsencrypt/live/leifdreizler.com/fullchain.pem;

        location ~ /.well-known {
                allow all;
        }

        # The rest of your server block
	root /home/leif/site/jekyll-uno/_site;
	index index.html
	autoindex off;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
                # Uncomment to enable naxsi on this location
                # include /etc/nginx/naxsi.rules
        }
}

Check your nginx configuration for errors and restart:

$ sudo nginx -t
$ sudo systemctl restart nginx

Finishing Touches

Confirm that you can access and navigate throughout your site by visiting https://leifdreizler.com

# Remove the now unnecessary 4000/tcp port 
$ sudo firewall-cmd --permanent --remove-port=4000/tcp
success
$ sudo firewall-cmd --permanent --list-all
public (default)
  interfaces: 
  sources: 
  services: http https ssh
  ports: 
  masquerade: no
  forward-ports: 
  icmp-blocks: 
  rich rules: 
$ sudo firewall-cmd --reload

You’re all done! You now have a Jekyll blog with a custom theme served by NGINX running on CentOS 7 protected by a Let’s Encrypt SSL certificate 🙌

📸   Take a snapshot, and optionally delete intermediate snapshots

YOUR First Post

$ cd ~/site/jekyll-uno/_posts
# follow the YYYY-MM-DD-name-of-post.md naming convention
$ cp existingpost.md newpost.md
# Use your favorite text editor to adjust the contents, tags, etc.
$ emacs newpost.md
$ bundle exec jekyll build

When writing blog posts you may want to consider previewing them using an online markdown parser before posting them to your site. You can also use $ bundle exec jekyll build --watch to automatically post blog updates whenever you save the markdown file.