How to turn any dynamic website into a static site | 24.01.2018 | Artem Daniliants | LumoSpark
2 likes•252 views
This document provides steps for turning a dynamic website powered by a content management system (CMS) into a static site hosted on a Linux server using Nginx as a reverse proxy. It discusses setting up the server with security measures like fail2ban and automatic security updates. Nginx is configured for SSL/TLS using Let's Encrypt and to proxy requests to the dynamic CMS site, with caching enabled. The process results in a static site that is faster and more secure than directly exposing the dynamic CMS site.
![Setup caching (part 1)
nano -w /etc/nginx/nginx.conf
http {
[...]
proxy_cache_path /tmp levels=1:2 keys_zone=fatcache:8m
max_size=1000m inactive=600m;
proxy_cache_key "$scheme$host$request_uri";
[...]
}](https://image.slidesharecdn.com/hybridstaticsites-webinar-180125103241/85/How-to-turn-any-dynamic-website-into-a-static-site-24-01-2018-Artem-Daniliants-LumoSpark-33-320.jpg)
How to turn any dynamic website into a static site | 24.01.2018 | Artem Daniliants | LumoSpark
- 1. How to turn any dynamic (CMS powered) website into a static site Artem Daniliants • LumoSpark
- 2. Traditional website architecture Web Server DNS server Database Scripting interpreter Example: Amazon Route 53/CloudFlare Example: Nginx, Apache Example: PHP, Python, Perl Example: MariaDB, PostgreSQL
- 3. What happens when you navigate to a URL?
- 4. Static site Dynamic site
- 5. WTF is a server? :)
- 6. Dedicated vs VPS vs Shared hosting?
- 8. RAM
- 9. Hard drive
- 10. RAID
- 11. CPU
- 12. 32bit vs 64bit
- 13. Traffic
- 15. Server location
- 16. Operating system
- 17. Let’s get a cheap server (from Scaleway)
- 18. Terminal cast displaying whole process https://asciinema.org/a/cugTNawObYXONGpqmdN8gn12t
- 19. First minutes on the server
- 20. Change your password passwd root
- 21. Install fail2ban apt-get update && apt-get install fail2ban
- 22. Allow only public key authentication nano -w /etc/ssh/sshd_config # INFO: Find following lines in config and change them as follows PasswordAuthentication no UsePAM no PermitRootLogin no
- 23. Create new user & setup sudo useradd -m username chsh -s /bin/bash username apt-get install sudo visudo # INFO: Add following line username ALL=(ALL) ALL # Add public key to newly created user mkdir /home/username/.ssh nano -w /home/username/.ssh/authorized_keys chmod 600 /home/username/.ssh/authorized_keys chown -R username /home/username/.ssh
- 24. Enable Automatic Security Updates apt-get install unattended-upgrades dpkg-reconfigure --priority=low unattended-upgrades # Follow instructions on the screen
- 25. Install Logwatch apt-get install logwatch nano -w /etc/cron.daily/00logwatch # INFO: Replace “/usr/sbin/logwatch --output mail” with line below /usr/sbin/logwatch --output mail --mailto [email protected] --detail high
- 26. Enough prep work :)
- 27. Using reverse proxy Dynamic site (cms.domain.com) Reverse proxy (www.domain.com) Visitor
- 28. Install Nginx apt-get install nginx
- 29. Setup domain nano -w /etc/nginx/sites-enabled/default # INFO: Find server_name and change it server_name somedomain.com;
- 30. Install SSL (Let’s encrypt) sudo apt-get install software-properties-common python-software-properties add-apt-repository ppa:certbot/certbot apt-get update apt-get install python-certbot-nginx # Below is one command in multiple lines (paste as one) sudo certbot --authenticator standalone --installer nginx -d somedomain.name.com --pre-hook "service nginx stop" --post-hook "service nginx start"
- 31. Setup reverse proxy nano -w /etc/nginx/sites-enabled/default location / { proxy_pass_header Authorization; proxy_pass http://dynamic-site.com; proxy_set_header Host dynamic-site.com; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_buffering on; client_max_body_size 0; proxy_read_timeout 36000s; proxy_redirect off; proxy_ssl_server_name on; }
- 32. Testing root@scw-e42236:~# curl -I https://testing.domain.com/test.php HTTP/1.1 200 OK Server: nginx/1.10.3 (Ubuntu) Date: Wed, 24 Jan 2018 08:04:53 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Vary: Accept-Encoding X-Proxy-Cache: MISS
- 33. Setup caching (part 1) nano -w /etc/nginx/nginx.conf http { [...] proxy_cache_path /tmp levels=1:2 keys_zone=fatcache:8m max_size=1000m inactive=600m; proxy_cache_key "$scheme$host$request_uri"; [...] }
- 34. Setup caching (part 2) nano -w /etc/nginx/sites-enabled/default proxy_ignore_headers "Set-Cookie"; proxy_hide_header "Set-Cookie"; proxy_cache fatcache; add_header X-Proxy-Cache $upstream_cache_status; proxy_cache_valid 200 302 60m; proxy_cache_valid 404 1m;
- 35. With cache root@scw-e42236:~# curl -I https://testing.domain.com/test.php HTTP/1.1 200 OK Server: nginx/1.10.3 (Ubuntu) Date: Wed, 24 Jan 2018 08:04:55 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Vary: Accept-Encoding X-Proxy-Cache: HIT
- 36. You’re done
- 37. Things that could be improved
- 38. Programmatically purging Nginx cache
- 39. Setting up Pagespeed module
- 40. Using Docker
- 41. Deploying to Zeit.co / Hyper.sh
- 42. Restrict so dynamic site is not accessible publicly