jblog
toc

jblog has moved.

2020-09-05, post № 233

internal, #blog movement, #freedom, #politics

Having read Free as in Freedom [1] and being appalled at the digitalization-driven annihilation of once fought for values paired with de-facto government-mandated acceptance of this new brutal reality, I concluded to no longer be morally capable of supporting the web in its current form and thus began work on my own blogging software in April of 2020.
Now, beginning of September 2020, this project has reached a presentable state; having transferred all 232 jblog posts, reformatting and annotating them as well as improving minor syntactically or grammaticallly uneven sections, I can announce my blog’s movement:

https://www.jfrech.com/blog

If you choose to visit my blog, I can assure you that no trackers, cookies or malicious scripts will be employed against you. I will not try to collect a lot of data about your visit and the few inherently technically required data points in form of non-aggregated system logs will not be shared with third parties.

This 233rd post is the last to be published on https://jonathanfrech.wordpress.com, which will be shut down on the 31st of December 2020.
If you are interested in my blog, you can use my RSS feed to get a full list of my blog posts, updated as new are written. RSS is not like other subscription models — there is no server which knows your details and eagerly sends traffic your way to coerce you to a click. RSS requires you, the user, to request a feed and only then will transmit said feed.

Note that this blog’s content is subject to a clearly defined set of licenses specifying the terms and conditions with which it can be used.

Setting Up a HTTPS Backend Using Go and Let’s Encrypt

2020-08-08, post № 232

Go, programming, #backend, #SSL, #systems administration, #VPS, #web

I recently needed to set up a dynamic web backend to both serve dynamically generated files as well as HTTP POST forms. Thus, I thought long and hard to find a solution that is both modern and versatile yet hassle-free to set up — since my systems administration skills are rather sparse. The solution I found is to write a Go webserver; implicitly concurrent and enabling a high level of control.

Of course, nowadays you cannot run a (esp. dynamic) website without HTTPS; every browser worth its salt will display potential visitors a message framing you as a ruthless criminal. Fortunately, Let’s Encrypt gifts you the required bits: an SSL certificate!
Since I need a URL for the upcoming snippet and am personally thinking of switching my own homepage from a webserver to a self-hosted VPS setup, I chose to use www.jfrech.com as an example domain herein.

% # ... installing certbot (for example via `apt update && apt install certbot`) ...
% certbot certonly --standalone --preferred-challenges http -d www.jfrech.com
% # ... cli certbot interaction ...

% # ... installing Go ... (for example via `apt install golang`) ...

% # ... periodically renewing certificates ...

Once certbot has issued a certificate (the URL has to have a DNS entry linked to the current VPS and port 80 has to be unoccupied), incorporating it into the server is made straight forward by http.ListenAndServeTLS:

func handle(w http.ResponseWriter, r *http.Request) {
    fmt.Fprintln(w, `<!doctype html><html><body><p>ip <code>` + template.HTMLEscapeString(r.RemoteAddr) + `</code> requesting <code>` + template.HTMLEscapeString(r.URL.Path) + `</code></p></body></html>`)
}
func main() {
    http.HandleFunc("/", handle)
    log.Fatal(http.ListenAndServeTLS(":443", "/etc/letsencrypt/live/www.jfrech.com/fullchain.pem", "/etc/letsencrypt/live/www.jfrech.com/privkey.pem", nil))
}

Since now the server only listens on port 443, one can add a HTTP-to-HTTPS redirection on port 80:

func handleHTTP(w http.ResponseWriter, r *http.Request) {
    target := "https://" + r.Host + r.URL.Path
    if len(r.URL.RawQuery) > 0 {
        target += "?" + r.URL.RawQuery
    }
    http.Redirect(w, r, target, http.StatusTemporaryRedirect)
}
func main() {
    http.HandleFunc("/", handle)
    go http.ListenAndServe(":80", http.HandlerFunc(handleHTTP))
    log.Fatal(http.ListenAndServeTLS(":443", "/etc/letsencrypt/live/www.jfrech.com/fullchain.pem", "/etc/letsencrypt/live/www.jfrech.com/privkey.pem", nil))
}

One advantage of writing one’s one web server is full control of how the website behaves. One implication, which can be seen as a downside, is that you have to do everything; even the most basic of logging. However, writing your own log files enables you to confidently follow the logging policy you employ.
From a security standpoint, you can exactly control which files are served and which result in a 404 response; avoiding accidently exposing the whole server’s directory structure for the world to see.

Moth

2020-07-11, post № 231

art, ASCII, haiku, poetry, #insect, #night dwelling

       ___       
 __   /  / ___   
/# \  \  \/  /   
\__ \_/   |  \__ 
  _/|__  /  ____\
   _/  \___/ _/  
         _/      

Whoosh — a gust of air.
Although miniscule; it is.
A moth flapped its wings.

Extra assets: moth_development.txt
Jonathan Frech's blog; built 2021/04/16 20:21:20 CEST