For many years, I’ve owned the DNS entry for jakehamby.com, but I had been neglecting to do anything interesting with the domain. About 6 years ago, I paid to host a WordPress blog on a shared hosting provider, then I stopped paying for that and had the URL redirected to Medium, so I could have a blog at the URL.
About 3 weeks ago, I decided that I wanted to self-host my own WordPress blog, on my Raspberry Pi 400, over my gigabit fiber Internet connection, because it uses so little electricity and WordPress and Apache require so little CPU. I also wanted it to support HTTPS and IPv6 access, as well as Google Analytics, Twitter cards, and spam filtering. Here’s how I set it all up.
I bought the Pi 400 last year after becoming obsessed with RISC OS after watching YouTube videos about it, like Dan Wood’s 2021 review, and the series on getting started with RISC OS Direct. I decided to give it a try on my Raspberry Pi 3. I’d previously spent only a few minutes total with RISC OS before deciding there wasn’t anything useful I could do with it.
After watching the YouTube videos I mentioned, and learning as much as I could about both using and developing for RISC OS, it got me very excited about the OS as something unique and different and worth blogging about. I’ll have to do that in later posts, though, because this one is about running my site on Linux. I just wanted to explain why I bought the Pi 400.
After getting the Pi 400, it was powerful enough to try different Linux distros, and I settled on 64-bit Ubuntu desktop as the most powerful. I’m using Ubuntu 20.04 LTS on my x86 PC, so the Pi version is very familiar. The only major weaknesses I noticed with the Pi 400 as a Linux desktop were that YouTube videos don’t play properly (there’s a browser extension that’s supposed to force YouTube to serve H.264 video, which is hardware-accelerated, but YouTube insists on serving me VC9 or AV1, which it can’t handle), and when I starting using VS Code to write code for my Amiga emulator project, there was a noticeable mouse and keyboard lag, especially with Chrome running, although uBlock Origin helped.
I decided to switch to my faster Intel Linux PC to use as my main Linux desktop, which meant that the Pi 400 was available, and used so little power that even in the event of a power outage, my UPS would keep serving content for at least an hour, and I’d be able to use the Pi 400 as a desktop to access the Internet. AT&T Fiber has so far continued working when my building has had outages.
I started with the “Install and configure WordPress” tutorial on the Ubuntu site, which recommends downloading the latest version of WordPress manually, instead of using the Ubuntu package, so that it can auto-update properly. After following all the steps, I had Apache and WordPress up and running. Now for the DNS and IPv6.
To save time, I’ll include the text version of the DNS records that I set up through the GoDaddy domain manager GUI. The Google site verification entry is to prove to Google that I own the domain so I can use the search console and analytics. The empty MX record allows me to receive email (more on that in a bit).
; Domain: jakehamby.com ; Exported (y-m-d hh:mm:ss): 2022-01-15 18:07:31 $ORIGIN jakehamby.com. ; SOA Record @ 3600 IN SOA ns17.domaincontrol.com. dns.jomax.net. ( 2021122118 28800 7200 604800 3600 ) ; A Record @ 86400 IN A 104.182.63.69 ; TXT Record @ 86400 IN TXT "google-site-verification=F_xhJiObC7B8t7Ur0Vmi8eyKJdOGotDuUtBCaPjAwVQ" ; AAAA Record @ 86400 IN AAAA 2600:1700:46b0:abc0:dea6:32ff:feea:9f59 ; CNAME Record ftp 86400 IN CNAME @ www 86400 IN CNAME @ ; NS Record @ 3600 IN NS ns17.domaincontrol.com. @ 3600 IN NS ns18.domaincontrol.com. ; MX Record @ 86400 IN MX 0 @
I apologize for not setting the correct syntax highlighting for the code blocks. Either I don’t know how to change the language (I’m trying to type it into the purple box at the top), or I should use a different plugin for code blocks. Any suggestions welcome.
The IPv4 and IPv6 addresses point to the router for my Internet connection, which AT&T supplied with my subscription. It has quite a few advanced features, including a packet filter where I can make rules to drop source addresses if I see particular abuse coming from an IP address. I was also able to forward its log message to the Pi by setting its IP address in the Syslog tab of the Diagnostics tab, and then installing rsyslog to perform syslog instead of systemd. I had to uncomment the lines in /etc/rsyslog.conf to enable TCP and UDP syslog reception on port 514. Here’s a setup guide to rsyslog on Ubuntu 20.04 with more information.
The IPv4 and IPv6 addresses in the DNS records were copied from the external IP addresses of the router, and I figured out how to get port forwarding working on both to connect to the Pi 400. Now it’s time to set up SSL, with Let’s Encrypt. The setup instructions for Apache and Ubuntu 20.04 weren’t too difficult for me to follow.
Now it’s time to test that everything worked. I found some “test if your site works with IPv6” pages and fiddled with the DNS and port forwarding settings until I was satisfied that I could see my site from the outside world on both IPv4 and IPv6, with HTTP URLs automatically redirecting to the encrypted HTTPS versions.
By this point, I was very pleased with myself that everything was working and I could finally serve up some content. I spent a few hours looking at different themes and finally settled on the Twenty Twenty-One theme, which happens to be the default for the current version of WordPress. My only complaint with it is that I need to modify the paragraph width to be wider by default. If you have any style suggestions or tips on how to make them, please let me know in the comments below, or by email or Twitter.
Besides Google Search Console, I set up Bing Webmaster Tools, and made sure that both of them knew about WordPress’s automatically generated sitemap.xml page.
The last two details that I wanted to cover were WordPress plugins and Internet email with Postfix. Setting up incoming SMTP email was straightforward enough, using the Ubuntu tutorial for setting up Postfix. But for the life of me, I couldn’t figure out what my outbound email was failing. Eventually I discovered that AT&T, and apparently most other ISPs, blocks outbound port 25 for everyone. The spam email problem from botnets is just that bad.
Fortunately, I’m able to set smtp.gmail.com port 587 as the relayhost, giving me an /etc/postfix/main.cf that looks like:
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on # fresh installs. compatibility_level = 2 smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = jakehamby.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydestination = jakehamby.com, raspi-ubuntu, localhost.localdomain, localhost relayhost = smtp.gmail.com:587 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 524288000 recipient_delimiter = + inet_interfaces = all default_transport = smtp relay_transport = smtp inet_protocols = all myorigin = /etc/mailname # Let's encrypt our email (SMTP with STARTTLS). # https://www.ssls.com/knowledgebase/installing-and-configuring-an-ssl-certificate-on-postfix-dovecot-mail-server/ smtpd_tls_cert_file=/etc/letsencrypt/live/jakehamby.com/fullchain.pem smtpd_tls_key_file=/etc/letsencrypt/live/jakehamby.com/privkey.pem smtpd_use_tls=yes # Use my Google account credentials to send via SMTP relay. smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd smtp_sasl_security_options = smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtp_use_tls = yes
The file /etc/postfix/sasl/passwd contains an entry with the username and application-specific password (I’m using 2FA on my Gmail account, as everyone should, so I can create revocable passwords for each app that needs one), and it’s owned by root, mode 600 (along with the hashed passwd.db file).
With all that configured, both inbound and outbound email are working, and now I can receive spam directly into /var/mail/jhamby! I’m especially happy that I can use this email account with mutt and to email patches inline as ASCII to mailing lists that prefer that format. Gmail’s editor is almost useless for this because of the word wrapping.
Finally, here’s the list of WordPress plugins that I’m using:
- Akismet comment spam blocking – I’m using the free personal license since I don’t have ads on my blog. It works great.
- CodeMirror blocks – let me know if you have a better suggestion, or what I need to do to change the syntax highlighting language
- JM Twitter cards – necessary if you want Twitter to show cards
- Google Site Kit – search console, analytics, performance, etc.
- WP Super Cache – fast caching engine to speed up page loads
My next posts will cover my thoughts on the different non-x86 computers (hardware and OS) that I’ve become interested in over the years, in alphabetical order, including:
- Acorn Archimedes and BBC Micro (RISC OS and BBC BASIC)
- DEC Alpha (and OpenVMS)
- Commodore Amiga (AmigaOS and Amiga emulation)
- PowerMac and PowerPC (and QEMU’s KVM-PR hypervisor)
- DEC VAX (and NetBSD on VAX)
- IBM Z (and z/OS)
Let me know in the comments what you’d like learn more about.
Leave a Reply