Welcome to the new server

Hello from a new server

The most recent years this site was run of a Digital Ocean Droplet. A Droplet is their fancy name for a virtual private server (VPS) on shared hardware, but not anymore.

Generally I’ve been quite happy on Digital Ocean and they’ve provided a stable service through years. There was how ever a few things which caused an opportunity to move away.

  • I was running on a 32bit OS, and needed to reinstall the Droplet to move to a current OS.
  • They products and features offered by Digital Ocean seems to be more Corporate than my needs.
  • While the price of 7.5 Euro a month for a server doesn’t seem that expensive, it’s been steady for years without any upgrades to CPU or memory.

Sourcing a few recommendations, welcome to the new server - again a VPS - hosted by Hetzner in Germany.

The move…

The move went pretty fast. While PHP, Node, MySQL and other packages installed over the years was scattered all over the old server, I choose a clean install of the OS and Hetzner and only moved the things needed to run the site over.

The server is hosted by NGINX and created using Hugo - a static site generator - so really the move was mostly virtual server configurations for NGINX. I regenerated the sites on the server, and that was mostly it.

The HTTPS setup with Let’s Encrypt was moved too. This required a copy of the /etc/letsencrypt directory. This was due to my use of HTTP Strict Transport Security (HSTS) in the site setup. Using HSTS once you’ve visited the site once, the next year, your browser will only visit the site using HTTS the next year.

The access…

I am a big fan of Tailscale and to access the new server, anyone (including me) will need to connect through tailscale. This has two advantages:

  • I don’t need a fixed IP from where ever I am - I need acceess to my Tailscale overlay network.
  • No SSH is exposed to the “public internet” and thus making it more secure.
    For good measure the security setup on the sshd is the same as if the server was on the public network.

A clean start

So far the server has been “reset” to only have the current version of the software I need. No more cruft left from previous versions, forgotten projects and other lint collected through many years.

It’ll probably come back eventually, but so far so good.

I’ve also enabled auto updates on the Linux server. While it may have a small risk, I’m sure keeping the software updated continiously is much more secure and risking a glitch or something breaks, than hoping I monitor software updates and updates whenever needed manually.