So, you've got yourself a webserver. Congratulations! You've taken the first step toward taking ownership of any public webservices you'd like to use. Now... What do you *do* with it?
Well, if you're me, you overenginner it (sort of). I'm at least, *trying* not to overengineer things as much. But there are definitely avenues for improvement on my current deployment. This site runs on a raspberry pi. Specifically, a raspberry pi 4b+ with 8 gigs of ram running FreeBSD 13.2. I've done the basics to harden the system (restricted SSH to keys only, on a port and ip that's on a management vlan - inaccessible from the 'net... and some other things I won't mention here ;P). The nginx webserver runs inside a FreeBSD jail on this bare-metal system. It is also networked to a public-facing vlan, separate from the management vlan (and my private stuff). This is accomplished with some networking trickery which I'll go into in depth in the future. For now, essentially: we create a vlan device, a bridge, and several 'epair' devices (one for each jail) then config the jail + host to give the jail its own 'network' thru this epair.
Okay, so we've described the system. How do I get files on/off the server? How do I manage it? That, my dear data, is achieved via ssh. An unprivileged account on the pi has some public keys in the `~/.ssh/authorized_keys` file. That lets me in, and with `sshftp` I can easily drop files onto the server, then with a quick `cp -a /path/to/files /path/to/jail/webroot` I can update the server. Dope. That's awfully manual though... How can we automate this process?
Well, we can do a couple things here...
Naturally, we choose 2. (There are of course more options, but I won't list them here. Because I haven't thought of them. Not cus they don't exist.) The idea goes like this: since we only need to push static files to update the webserver, I'll just keep the static files in a git repo. Then I can devise a method whereupon updates pushed to the repo are propagated to the webserver automatically via scripts, instead of doing all that manual nonsense each time.