Lundi 3 décembre 2018

Jekyll (générateur site statique)

Installation ruby + jekyll + thème minima

sudo apt install build-essential ruby-full
sudo gem install bundler minima jekyll-feed

Création d’un site nommé “blog”

cd ~
jekyll new blog
cd blog
bundle exec jekyll serve

Construction du site

jekyll build # si hors dossier , préciser le chemin --source "/home/$USER/blog"

Attente et construction sur chaque ajout/modfication/suppression fichier dans le dossier post

jekyll build --watch 

Le site généré est dans le dossier

Configuration nginx

fichier /etc/nginx/conf.d/static.ouestline.conf

server {
    listen 80;
    listen [::]:80;

    ## redirect http to https ##
    return  301 https://$server_name$request_uri;

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    root /var/www/blog/ ;

    ssl_certificate /etc/ssl/private/;
    ssl_certificate_key /etc/ssl/private/;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:50m;

    # As suggested by Mozilla : and
    # (this doesn't work on jessie though ...?)
    # ssl_ecdh_curve secp521r1:secp384r1:prime256v1;

    # As suggested by
    ssl_ecdh_curve secp384r1;

    ssl_prefer_server_ciphers on;

    # Ciphers with modern compatibility
    # Uncomment the following to use modern ciphers, but remove compatibility with some old clients (android < 5.0, Internet Explorer < 10, ...)
    ssl_protocols TLSv1.2 TLSv1.3;

    # Uncomment the following directive after DH generation
    # > openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048
    #ssl_dhparam /etc/ssl/private/dh2048.pem;

    # Follows the Web Security Directives from the Mozilla Dev Lab and the Mozilla Obervatory + Partners
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; 
    add_header Content-Security-Policy "upgrade-insecure-requests";
    add_header Content-Security-Policy-Report-Only "default-src https: data: 'unsafe-inline' 'unsafe-eval'";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    add_header X-Frame-Options "SAMEORIGIN";

    index index.html;
	location / {

Créer un lien

sudo ln -s /home/dbsuser/blog/_site /var/www/blog

Recharger le serveur nginx

sudo systemctl reload nginx