I finally did it. I had to. I had pushed this off long enough, as I am not good at it. Namely upgrading the server for these pages you’re reading now, as well as for Oberon RTS. Since I had moved my WordPress installation to the simple set-up of just using static files in 2019, I had only updated the then current and installed operating system (Linux), so I was a few major versions behind the latest one.
The web server is hosted by Linode. Instead of upgrading the current server, I just “rented” a new one, so I could set up everything with the old one still running. As soon as all appears to be stable, I’ll retire the old one, and will not be charged anymore for it. The contents you see now is served by the new instance.
I am trying to keep everything as simple as possible. Public key based login only (no passwords), no root login, a firewall frontend (ufw), the web server itself (nginx), rsync for uploading the contents files from my local Mac, and the certbot utility for getting and renewing the certificates for https. That’s about it.
The nginx configuration files, copied over from the old server, needed some tweaking, but I about understand their contents. And since the web server only needs to dish out static files, it’s all simple enough.
I had some downtime, as at some point I needed to change the DNS entries to point to the new IP address, and the propagation of the new definitions takes some time. Fastmail, apart from being a first class e-mail service, allow to easily and safely manage your DNS entries. I use them for all my domains. Especially e-mail DNS definitions are tricky, and they do it for you. Highly recommended.
Adapting the local bash scripts to generate and upload the contents files on my Mac, and updating the /etc/hosts files, rounded off this task about which I had been procrastinating a long time. Hopefully all is well and functioning now.
What is annoying is all the access and login attempts from everywhere. The server itself and the web server are pounded endlessly, by probing all kinds of ways to get in. On the old server I had set up a system to catch and ban these attempts, but I think for now I just leave them to be handled by the SSH daemon and web server.
Since there’s nothing to steal on my server, and I have all the contents here locally on my Mac, I guess I’d simply set up a new instance and start afresh should Anything Bad™ happen. In the same vein, I wonder if I even want to pay for regular backups right on the server. I have now scp-ied all relevant config files to my Mac, which I could upload together with the website contents file to a fresh instance.