August 6, 2021

A new blog/website for 2021

Hello all! It's been a while since I've written anything, but I'm here to announce a new personal website, built with the latest and greatest in technology, and ready to power another decade of research and engineering in computer science! If you're not interested in technology, this first article on the new site probably won't be all that interesting, but I promise to post non-tech related things in the future. If you are interested in technology, read on, as I describe the the new technology powering my website of the future.

For those of you who don't like tech, you're probably in the wrong place. But I promise there will be some lifestyle stuff, or at least some outrageous commentary on school, work, food, or some other random topics. Stick with me, and it probably won't end up the same way as the last blog.

The Technology Stack

Building a blog from scratch has become of the easiest things to do for an aspiring web developer. It can represent a really interesting deep dive into the technologies that power the web, and how the web works. For those of us who aren't web developers (such as myself), it provides some hands on experience with all of those things that our friends are always talking about. Those crazy things like "javascript" and "load balancers" and "react". I'm proud to say, that during the coding of this website, I wrote none of that. In fact, I didn't even use my own front-end. I just downloaded a CMS called Ghost, and I was well on my way to getting everything running. While this seems pretty simple, I'm not that passionate about web technologies. In my free time, I love thinking about systems and site reliability engineering. I love thinking about devops. I love thinking about AI. And so, I set out to build this site from scratch.

Step 1: A domain name

Every website has to have a domain name, and luckily enough, I also have one. Recently, my brother picked up http://achan.cc, so I figured I would have some parallel fun. To register a domain, we can use any Domain Name Registrar. These registrars communicate with the ICANN, and provide an explicit record of who owns what. The registrar records a set of " DNS Name Servers," servers which store a record of mappings from domain names (such as dchan.cc) to IP addresses ( 192.168.1.11) which are a global "address" of a server on the internet. To buy my domain name, I got a great deal from namecheap, $50 for 10 years of the domain name. Maybe it's too long. Maybe the world will end before my 10 years is up. Hopefully I'll make it that far.

DNS is how we can connect our web servers to you, the user (Image Credit)

Step 2: Setting up Cloudflare

Now that we have a domain name, the next step in the journey is to figure out how we're going to connect our domain name to our server. On all of the sites that I manage, I use a provider called Cloudflare. Cloudflare is a great free service which has a number of amazing tools, but I use them primarily for two things: DNS and Content Distribution. As I mentioned before, DNS is how we can inform the internet about where our site lives. Content Distribution, on the other hand, allows my website to be faster (than it should), by placing copies of the website in many different places around the world. Thus, if you live in India, you don't have to talk to my (one, lonely) server in California, instead, you can pick up a copy of the static materials of my website from a closer server, saving valuable milliseconds of your time.

To configure Cloudflare, we just have to change our registered nameservers to point to servers that cloudflare manages, and away we go! While we're configuring our name servers, we also enable DNSSEC, which protects users (like you) from malicious people (like the grinch) who serve fake DNS data, which might force you to visit a server masquerading as the one you're actually trying to visit. With DNSSEC, you can rest (mostly) assured that when you visit https://dchan.cc you're going to get the IP of a server that is associated with me.

Step 3: Spinning up an origin server

Ok, we have Cloudflare and we have a domain name. But right now, we have no content! Time to get the content set up. I could redirect all of the requests for content to my house, and my home server, however most ISPs have restrictions about what kind of data you can serve on a home internet connection. In addition, ISPs often use "dynamic addressing", which means that the IP of my house is always changing, and every time it changed, I'd have to update the DNS records to point to the new location (This is possible, with a service called DDNS, but it is notoriously unstable). So, I decided to rent out some "cloud computing", and place my origin server in the "cloud". Practically, what this means is that I pay my cloud service provider (linode) some money every month, and they give me a virtual machine with a static (not changing) IP address, which I can use to host this blog.

Just like the previous blog iridescent.io, to manage the content on this blog, I use a CMS (Content Management System) called Ghost. Ghost is a free and open-source blog platform, built on nodejs. I installed Ghost on my server (which also required an installation of mysql (a database), and nginx (a reverse-proxy)), and now, visiting the IP of my cloud server, I can see my blog! I forked a great theme, Crisp, from Kathy Quian, and now, the blog looks great. It's just, ah, missing a bit of content really. The install process is super easy, and there are tons of great tutorials (see this one: https://ghost.org/docs/install/linode/ for what I used).

Step 4: Configuring the DNS, and SSL

Great, I have a server. Time to tell cloudflare where to send all of our traffic. We create an "A" record which maps dchan.cc -> 192.23.21.10 (not my real IP) , and suddenly (or about 30 minutes later), we can actually visit our website! But there's a problem:

The above warning is an example of a warning that the user (you) get when your browser and the website aren't communicating with an encrypted connection. If the data between you and the server isn't properly encrypted, anyone listening to your browsers communication can read that communication. While you (probably) shouldn't be entering a password or any secret details on my website (Though if you want to send your bank username and password, I wouldn't mind), it's best to be secure. To do this, we'll enable Full (strict) encryption in Cloudflare.

With this encryption, your traffic will be encrypted all the way through to my origin server, even while passing through the cloudflare servers. You can check that this worked by looking at the lock in your browser:

Your bank account details are safe with me.

Step 5: Writing a blog post

Finally, we have a secure website and server setup that I can use to tell you about the muppets. Now it's time to write a blog post about the process. But what level do you write it at? What do you talk about? I'm sure if you made it this far you can see my decisions, but there's a lot of additional depth to this that I didn't really talk about. This isn't a tutorial or a how-to, but it's more of a roadmap of the things that I did to get this new system up and running. In the future I might dive a bit deeper into each of these components of the tech stack, or maybe talk about how I configured a Kubernetes load balancing system with autoscaling which means that this blog can serve hundreds of thousands of simultaneous users, but that's a story for another time.

じゃあね - David