November 1, 2023 - Networking

BACKGROUND

The website you are browsing right now is self-hosted (meaning that I manage the back-end) on a virtual machine! Linode is providing me with IAAS (infrastructure-as-a-service) which allows me to set up a LAMP server to host everything. LAMP is short for Linux-Apache-MySQL-PHP, the operating system and services that make up the server.

TROUBLESHOOTING

I’m going to jump right in and start off by sharing the issues I ran into throughout this build. Issues ranged from server outages, DNS issues, SMTP for the contact forms and even the SSL (firewall restrictions – duh!). I learned quite a bit through this process and a big takeaway is to be more thorough in my documentation moving forward.

VPS Provider

The first task of this project was to find a VPS (virtual private server) provider. Originally, I went with Vultr for the simple reason that they were cheaper than Linode – this was a mistake. I was able to get everything up and running but the server would lose connection to the database at random points in time, or if I tried to make too many changes at once. I attempted the following:

  1. Increased the RAM on both the VPS and configuration files.
  2. Spun up a new VM with a fresh server install.

Neither of these solutions worked, and there were clues leading me to believe that the VPS provider was the issue. And so, I switched over to Linode, spun up a new VM… and viola, problem solved!

DNS Server – Setting up custom domain

I use namecheap as my domain registrar and the process was simple enough to point my domain to Lindoe’s nameservers.

  • Domain List -> Manage -> Nameservers -> Custom DNS -> <input DNS servers>

The next step was to configure all of the DNS settings on the Linode side.

  • Domains -> Create Domain

  1. A/AAAA Record: An A record maps the domain name to an IP address. In my case this would be bdevop.com and the IP address assigned to my virtual machine: 172.234.25.184
  2. NS Record: This is the nameserver record, used to specify which DNS server contains my site’s records. In my case this is going to be ns1.linode.come -> ns5.linode.com
  3. SOA Record: This record specifies who is responsible for the domain, of course that’s me.

These are the only records needed to set up a website with a custom domain! However, we should also include SPF and DMARC records to reject spoofed mail (preventing our site from being blacklisted), but I’ll be going over this in just a bit.

The issue I ran into lies with the domain that I was originally going to use: delfortrie.dev. Specially the ‘.dev’ was an issue – and all of my research points to this fact. Apparently, if a .dev domain isn’t certified with an SSL/TLS certificate then you won’t be able to access it. I didn’t know this at the time, and my first thought was that this was a DNS issue. So, I pulled out my command line tools:

  • ping
  • nslookup

I found that I was able to ping the server, and that the NS records were up to date, pointing to linode’s NS and not namecheap’s. I decided to point a .com domain to the linode server and create a new set of DNS records to see if this would solve the problem. This worked!

I will note that this is the shortened version of my troubleshooting here. I also used tools like phpMyAdmin after locking myself out of my own website!

SMTP – Custom email & contact form

Because I’m self-hosting this website, setting up a custom email is a bit more involved than it would be with a hosting provider. The consensus among professionals in the industry is that you should not be self-hosting an email server. Therefore, I settled on iCloud+ to provide the simple mail transfer protocol (SMTP) server, who provided me with the required MX, SPF and DKIM records for my custom domain. This all worked flawlessly and the new ‘brendan@bdevop.com’ email was up and running!

The next step was to set up the client side of the equation for my contact forms, and so I used a simple plugin called ‘WP Mail SMTP’. I followed the documentation provided by both WP Mail SMTP and Apple in order to connect as a client to Apple’s SMTP mail server. Unfortunately, my site was unable to do so… and I attempted the following:

  1. Checked the WP Mail log files
  2. SSH into my server and opened up port 587 & port 465.
  3. Confirmed that all of the records were correct.
  4. Went through documentation a 2nd/3rd time and researched solutions.

From the log files I was able to see that the client was unable to connect to the SMTP host, and therefore I opened up the ports on my server, believing it was a client issue. After more research I concluded that the iCloud SMTP server (the host) was blocking my client from connecting for one reason or another, and so I decided to give another SMTP server a try. I went with Brevo, which actually allowed me to connect my iCloud+ account and continue using Apple’s service. Essentially it looks like this:

  • SMTP Client (BDevop.com) -> Brevo SMTP Host -> iCloud SMTP Host

Brevo required me to update my DNS zone as well, but once that was setup they provided me with an API key and my contact forms were working like a charm!

SSL Certificate

Setting up an SSL certificate was surprisingly easy. I went with a product from Let’s Encrypt known as certbot. I followed their documentation, installed certbot on my web server, and within seconds I was provided a certificate! The only downside to this approach is that the certificate needs to be renewed every 90 days, and so I’ll be looking at automation tools to solve this in the future – perhaps Ansible.

As soon as I was provided with a certificate, my website started to hang! I wasn’t sure what the problem was here, and embarrassingly spent far longer troubleshooting this than necessary. The solution was simple – I needed to allow port 443 on my server!

CONCLUSION

While there is plenty more I could talk about with this project (such as setting up the LAMP server itself), it’s my opinion that covering some of the core issues I tackled provides more context. Running into various issues and attempting to solve them is where we are able to learn and grow as IT professionals. At the end of the day, this was a fantastic project that provided a ton of value – like a platform to document future work!

0 Comment

Leave a Reply