Skip to content

Server Configuration

Reference for our server setup patterns

VPS Configuration

Base Setup

# Initial hardening
./server-setup.sh --type=vps --security=high

# With specific features
./server-setup.sh --type=vps --features="ssl,monitoring"

Standard Stack

  • Nginx
  • PHP-FPM
  • MariaDB
  • Redis
  • Let's Encrypt

Security Baseline

  • UFW firewall
  • Fail2ban
  • SSH key only
  • Automatic updates

Shared Hosting

DirectAdmin Setup

# Site creation
./da-create.sh --domain={{domain}} --template=wp

# With extras
./da-create.sh --domain={{domain}} --features="ssl,cdn"

Configuration

  • PHP settings
  • Database allocation
  • Domain setup
  • SSL certificates

Monitoring

Standard Checks

# monitor-config.yml
checks:
  - type: http
    url: https://{{domain}}
    interval: 60
  - type: ssl
    domain: {{domain}}
    warning: 14  # days

Alert Configuration

alerts:
  - type: slack
    channel: #monitoring
  - type: email
    address: admin@domain.com

Backup Systems

Configuration

# backup-config.yml
locations:
  - type: local
    path: /var/backups/
  - type: remote
    host: backup.host
    path: /backups/

schedule:
  - daily: 3am
  - weekly: sunday 2am

Rotation Policy

  • Daily: 7 days
  • Weekly: 4 weeks
  • Monthly: 3 months

Common Commands

Server Management

# Check status
./server-status.sh --all

# Restart services
./server-control.sh --restart=nginx,php

SSL Management

# New certificate
./ssl-setup.sh --domain={{domain}}

# Renewal
./ssl-renew.sh --all

Database Management

# Create database
./db-setup.sh --name={{dbname}} --type=wordpress

# Backup
./db-backup.sh --all

Note: Replace {{variables}} with actual values.

Documentation System Server Deployment

Target OS: Rocky Linux 8 64-bit Purpose: Deploy MkDocs documentation system with auto-deployment Server: Production documentation hosting Date: June 7, 2025

🖥️ Development Server Access

External Development URL

  • URL: http://satoshihost.ddns.net/
  • Purpose: External access to development files when HP3 laptop is running
  • Server: Apache2 on HP3 (Linux Mint)
  • Document Root: /var/www/html/

Available Endpoints

  • Home: http://satoshihost.ddns.net/ - Development server dashboard
  • Live Docs: http://satoshihost.ddns.net/docs/ - Built MkDocs site (mirrors https://satoshihost.dev)
  • Project Files: http://satoshihost.ddns.net/warp/ - Browse all Warp project source
  • ClickForCharity: http://satoshihost.ddns.net/warp/projects/clickforcharity.net/
  • ROFLFaucet: http://satoshihost.ddns.net/warp/projects/rofl/roflfaucet/

Configuration

# Symlinks created for easy access
sudo ln -sf /home/andy/Documents/websites/Warp /var/www/html/warp
sudo ln -sf /home/andy/Documents/websites/Warp/projects/warp-docs/site /var/www/html/docs

🎯 Deployment Overview

System Components

┌─────────────────────────────────────────────────────────────┐
│                    Rocky Linux 8 Server                    │
├─────────────────────────────────────────────────────────────┤
│  ┌─────────────┐  ┌─────────────┐  ┌─────────────────────┐  │
│  │   Nginx     │  │   Python    │  │      Git Hooks      │  │
│  │  (Web)      │  │  (MkDocs)   │  │   (Auto-deploy)     │  │
│  └─────────────┘  └─────────────┘  └─────────────────────┘  │
│                                                             │
│  ┌─────────────────────────────────────────────────────────┐  │
│  │              Git Repository                             │  │
│  │         (warp-docs.git - bare)                          │  │
│  └─────────────────────────────────────────────────────────┘  │
│                                                             │
│  ┌─────────────────────────────────────────────────────────┐  │
│  │          Built Documentation Site                       │  │
│  │        (/var/www/docs.domain.com)                       │  │
│  └─────────────────────────────────────────────────────────┘  │
└─────────────────────────────────────────────────────────────┘

📦 Installation Steps

Phase 1: Base System Setup

# 1. Update system
sudo dnf update -y
sudo dnf groupinstall "Development Tools" -y

# 2. Install required packages
sudo dnf install -y \
    python3 \
    python3-pip \
    python3-venv \
    git \
    nginx \
    certbot \
    python3-certbot-nginx \
    firewalld \
    fail2ban

# 3. Enable services
sudo systemctl enable nginx
sudo systemctl enable firewalld
sudo systemctl enable fail2ban
sudo systemctl start firewalld
sudo systemctl start fail2ban

Phase 2: User & Directory Setup

# 1. Create docs user
sudo useradd -m -s /bin/bash docs
sudo usermod -aG wheel docs

# 2. Create directory structure
sudo mkdir -p /var/www/docs.yourdomain.com
sudo mkdir -p /var/git/warp-docs.git
sudo mkdir -p /var/docs/builds
sudo mkdir -p /var/log/docs-deploy

# 3. Set permissions
sudo chown -R docs:docs /var/www/docs.yourdomain.com
sudo chown -R docs:docs /var/git/warp-docs.git
sudo chown -R docs:docs /var/docs
sudo chown -R docs:docs /var/log/docs-deploy

Phase 3: Python Environment

# Switch to docs user
sudo su - docs

# 1. Create Python virtual environment
python3 -m venv /home/docs/mkdocs-env
source /home/docs/mkdocs-env/bin/activate

# 2. Install MkDocs and plugins
pip install --upgrade pip
pip install mkdocs
pip install mkdocs-material
pip install mkdocs-git-revision-date-plugin
pip install mkdocs-awesome-pages-plugin

# 3. Create activation script
cat > /home/docs/activate-mkdocs.sh << 'EOF'
#!/bin/bash
source /home/docs/mkdocs-env/bin/activate
EOF
chmod +x /home/docs/activate-mkdocs.sh

Phase 4: Git Repository Setup

# 1. Initialize bare repository
cd /var/git/warp-docs.git
git init --bare

# 2. Create post-receive hook
cat > hooks/post-receive << 'EOF'
#!/bin/bash

# Configuration
REPO_DIR="/var/git/warp-docs.git"
WORK_DIR="/var/docs/builds/warp-docs"
WEB_DIR="/var/www/docs.yourdomain.com"
LOG_FILE="/var/log/docs-deploy/deploy.log"
DATE=$(date '+%Y-%m-%d %H:%M:%S')

echo "[$DATE] Starting deployment..." >> $LOG_FILE

# Activate Python environment
source /home/docs/mkdocs-env/bin/activate

# Check out the latest code
if [ -d "$WORK_DIR" ]; then
    rm -rf "$WORK_DIR"
fi
mkdir -p "$WORK_DIR"
cd "$WORK_DIR"
git clone "$REPO_DIR" .

echo "[$DATE] Code checked out successfully" >> $LOG_FILE

# Build documentation
if [ -f "mkdocs.yml" ]; then
    echo "[$DATE] Building MkDocs site..." >> $LOG_FILE
    mkdocs build --site-dir "$WEB_DIR" --clean

    if [ $? -eq 0 ]; then
        echo "[$DATE] MkDocs build successful!" >> $LOG_FILE

        # Set proper permissions
        chown -R docs:nginx "$WEB_DIR"
        chmod -R 755 "$WEB_DIR"

        echo "[$DATE] Deployment completed successfully!" >> $LOG_FILE
    else
        echo "[$DATE] ERROR: MkDocs build failed!" >> $LOG_FILE
        exit 1
    fi
else
    echo "[$DATE] ERROR: mkdocs.yml not found!" >> $LOG_FILE
    exit 1
fi

echo "[$DATE] Deployment finished" >> $LOG_FILE
EOF

# Make hook executable
chmod +x hooks/post-receive

Phase 5: Nginx Configuration

# Exit docs user back to root
exit

# 1. Create Nginx config
sudo cat > /etc/nginx/conf.d/docs.conf << 'EOF'
server {
    listen 80;
    server_name docs.yourdomain.com;

    root /var/www/docs.yourdomain.com;
    index index.html;

    # Security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;
    add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;

    # Main location
    location / {
        try_files $uri $uri/ =404;
    }

    # Static assets
    location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
    }

    # Logs
    access_log /var/log/nginx/docs.access.log;
    error_log /var/log/nginx/docs.error.log;
}
EOF

# 2. Test and reload Nginx
sudo nginx -t
sudo systemctl reload nginx

Phase 6: Firewall Configuration

# 1. Configure firewall
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload

# 2. Check firewall status
sudo firewall-cmd --list-all

# 1. Get SSL certificate (replace with your domain)
sudo certbot --nginx -d docs.yourdomain.com

# 2. Set up auto-renewal
echo "0 12 * * * /usr/bin/certbot renew --quiet" | sudo crontab -

🔄 Deployment Workflow

From Local Machine

# 1. Add server as git remote
cd /home/andy/Documents/websites/Warp/projects/warp-docs
git remote add production docs@server-ip:/var/git/warp-docs.git

# 2. Deploy documentation
git push production main

# The post-receive hook will automatically:
# - Check out the latest code
# - Build the MkDocs site
# - Deploy to web directory
# - Set proper permissions
# - Log the deployment

Deployment Log Monitoring

# Watch deployment logs
sudo tail -f /var/log/docs-deploy/deploy.log

# Check deployment status
sudo systemctl status nginx
curl -I http://docs.yourdomain.com

🛡️ Security Considerations

Fail2Ban Configuration

# 1. Configure SSH protection
sudo cat > /etc/fail2ban/jail.local << 'EOF'
[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 3

[sshd]
enabled = true
port = ssh
logpath = /var/log/secure
maxretry = 3

[nginx-http-auth]
enabled = true
port = http,https
logpath = /var/log/nginx/error.log
EOF

# 2. Restart fail2ban
sudo systemctl restart fail2ban

SSH Hardening

# 1. Create backup of SSH config
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup

# 2. Harden SSH (edit /etc/ssh/sshd_config)
# - Change default port (optional)
# - Disable root login
# - Enable key-based auth only
# - Set up your SSH key

# 3. Restart SSH
sudo systemctl restart sshd

📊 Monitoring & Maintenance

Log Monitoring

# Documentation deployment logs
tail -f /var/log/docs-deploy/deploy.log

# Nginx logs
tail -f /var/log/nginx/docs.access.log
tail -f /var/log/nginx/docs.error.log

# System logs
journalctl -f -u nginx
journalctl -f -u fail2ban

Maintenance Tasks

# 1. Update system regularly
sudo dnf update -y

# 2. Update Python packages
sudo su - docs
source /home/docs/mkdocs-env/bin/activate
pip list --outdated
pip install --upgrade mkdocs mkdocs-material

# 3. Clean old deployment builds
find /var/docs/builds -type d -mtime +30 -exec rm -rf {} +

# 4. Rotate logs
sudo logrotate /etc/logrotate.conf

🚨 Troubleshooting

Common Issues

# 1. Check if MkDocs is working
sudo su - docs
source /home/docs/mkdocs-env/bin/activate
cd /var/docs/builds/warp-docs
mkdocs serve --dev-addr=0.0.0.0:8000

# 2. Check Nginx status
sudo systemctl status nginx
sudo nginx -t

# 3. Check permissions
ls -la /var/www/docs.yourdomain.com
ls -la /var/git/warp-docs.git

# 4. Manual deployment test
sudo su - docs
cd /var/git/warp-docs.git
./hooks/post-receive

Recovery Procedures

# 1. Rollback to previous version
cd /var/docs/builds/warp-docs
git log --oneline -10
git checkout <previous-commit>
mkdocs build --site-dir /var/www/docs.yourdomain.com --clean

# 2. Restore from backup
# (Set up regular backups of /var/git and /var/www)

Post-Installation Checklist

  • [x] Rocky Linux 8 installed and updated
  • [x] All required packages installed
  • [x] Users and directories created with proper permissions
  • [x] Python environment set up with MkDocs
  • [x] Git bare repository initialized
  • [x] Post-receive hook configured and executable
  • [x] Nginx configured and running
  • [x] Firewall rules applied
  • [x] SSL certificate installed (Let's Encrypt - auto-renewing)
  • [x] Fail2ban configured
  • [x] SSH hardened with key-based authentication
  • [x] Git remote added on local machine
  • [x] First deployment tested and working
  • [x] Documentation accessible via web (IP address)
  • [x] Monitoring and logging verified
  • [ ] Domain DNS configuration resolved

Estimated setup time: 1-2 hours

Result: Fully automated documentation deployment system where git push production main instantly updates the live documentation site!

🎉 DEPLOYMENT STATUS - COMPLETED

Server: 89.116.173.103
Domain: satoshihost.dev Status: ✅ OPERATIONAL
Deployed: June 7, 2025

Current Configuration

  • OS: Rocky Linux 8 64-bit
  • Web Server: Nginx 1.14.1
  • Python: 3.6.8 with virtual environment
  • MkDocs: Material theme with plugins
  • Git: Automated deployment via post-receive hooks
  • Security: Firewalld + Fail2ban configured

Deployment Details

# Server IP: 89.116.173.103
# Git remote configured as:
git remote add production docs@89.116.173.103:/var/git/warp-docs.git

# Deploy command:
git push production master

Active Services

  • ✅ Nginx running on port 80
  • ✅ Firewalld with HTTP/HTTPS/SSH rules
  • ✅ Fail2ban protection active
  • ✅ Automated git deployment working
  • ✅ MkDocs building successfully (0.85s)

Known Issues & Solutions

1. DNS Subdomain Conflict

Problem: Previous DNS subdomain conflicts (resolved)

Historical Issue: docs.directsponsor.org had DNS conflicts - Multiple A records pointing to different servers - Random HTTPS redirects

Current Solution: Migrated to satoshihost.dev - Clean DNS configuration - Professional branding for development services - No subdomain conflicts

Solutions:

Option A: Fix DNS for docs subdomain (Recommended) 1. Current Setup: satoshihost.dev89.116.173.103 2. DNS Configuration: Clean A record setup 3. No Conflicts: Single domain ownership 4. Professional Branding: Development-focused domain 5. SSL Ready: Let's Encrypt compatible

Option B: Use different subdomain - Current Solution: satoshihost.dev (implemented) - Benefits: Professional branding, no conflicts, development focus

DNS Fix Progress: 🎉 FULLY RESOLVED - June 7, 2025 22:08 GMT - ✅ Deleted subdomain from DirectAdmin subdomain management - ✅ Removed DirectAdmin hosting/placeholder page - ✅ Authoritative nameserver now shows single A record - ✅ Testing shows 60%+ requests go to correct server (improving) - 🔄 DNS cache clearing (TTL 3600s = ~1 hour for full propagation)

Current Status: - Main site working: http://directsponsor.org ✅ - Docs working via IP: http://89.116.173.103 ✅ - Docs subdomain: RESOLVED - http://docs.directsponsor.org ✅

  1. Permission Warnings: chown commands in deployment show "Operation not permitted"
  2. Site builds and deploys successfully despite warnings
  3. Nginx serves content properly
  4. Non-critical issue

Recent Deployments

  • Latest: June 7, 2025 21:51 GMT - Fixed git-revision-date plugin issue
  • Build Time: 0.85 seconds
  • Deployment: Automated via git push

🔒 SSL Certificate Setup (Optional)

To resolve HTTPS issues and provide secure access:

Option 1: Let's Encrypt SSL Certificate

# SSH to your server
ssh docs@89.116.173.103

# Install certbot and nginx plugin
sudo dnf install -y certbot python3-certbot-nginx

# Get SSL certificate
sudo certbot --nginx -d satoshihost.dev

# Follow prompts:
# - Enter email address
# - Agree to terms
# - Choose whether to share email
# - Select redirect option (recommended: Yes)

# Set up auto-renewal
echo "0 12 * * * /usr/bin/certbot renew --quiet" | sudo crontab -

Option 2: Clear Browser HSTS Cache

If you prefer HTTP-only access:

  1. Chrome/Chromium: Go to chrome://net-internals/#hsts
  2. Delete domain: Enter satoshihost.dev and click Delete
  3. Or use different browser: Firefox, Safari, etc.
  4. Or use incognito/private mode

Current Access Methods

  • HTTP: http://satoshihost.dev ✅ (professional development docs)
  • Direct IP: http://89.116.173.103 ✅ (always works)
  • HTTPS: ✅ COMPLETED https://satoshihost.dev (Let's Encrypt SSL)

Created: June 7, 2025
Completed: June 7, 2025
Server: 89.116.173.103 (Rocky Linux 8)