šŸ“Ÿ appendix: setting up a self-hosted server
or, the ā€œtear your hair outā€ part.

tl;dr

  • initialization: DigitalOcean, LEMP, add domain, email (optionally), add user
  • setup: MySQL update, nginx, swapfile
  • sv/runit: for non-node.js setups
  • WordPress: for you poor saps still maintaining your familyā€™s random blogsā€¦


  • ā€œDearest server, I am Chrome, the 64th of that name, child of WebKit, grandchild of KHTML, a disciple of Gecko, follower of the great Mozilla/5.0, running on Windows NT 10ā€


iā€™m lovinā€™ the DigitalOcean service. a lot of these tutorials are based on their service and using Ubuntu 18.04.Ā 

initialization

once you create an account at DigitalOcean youā€™ll want to go through these steps to get started:

  1. create server
  1. create project
  1. create ā†’ droplets
  1. one-click apps ā†’ LEMP
  1. LEMP (Linux + nginx + MySQL + PHP)
  1. add backup! Itā€™s just once-a-week though so if you need something more than that, look into something more custom.
  1. add IPv6
  1. add SSH key
  1. add monitoring
  1. optionally, create firewall via the UI. if you need to fine tune this part you can read about using ufw on the command line in this article.
  1. add domain(s)
  1. A and AAAA records for @, *, www
  1. mail, A ā†’ mail.example.com and MX ā†’ example.com
  1. email (optional)
  1. setting up postfix
  1. preventing spoofing
  1. recommended: TXT @ v=spf1 a mx include:_spf.google.com -all
  1. rename your droplet to have a FQDN (e.g. example.com) ā€” this will set up a PTR record for email to help verify your mail server.
  1. secure email:
# first, need to shutdown nginx
sudo systemctl stop nginx
sudo certbot certonly --standalone -d mail.example.com

# then in /etc/postfix/main.cf update:
# pay attention to `smtp_use_tls=yes` because it's usually `smtpd_use_tls=yes`
# with a 'd' which doesn't work :-/
smtpd_tls_cert_file=/etc/ssl/certs/fullchain.pem (change to suit your system)
smtpd_tls_key_file=/etc/ssl/private/privkey.pem (change to suit your system)