This site now sports HTTPS

I finally decided it’s the high time to serve the content using HTTPS, otherwise who knows what will be injected in the page as it crosses various nefarious networks.

To that end, I decided to move the hosting away from Bluehost and to Hetzner. There were two main reasons to do the switch:

  1. Bluehost is based in the US, and I don’t (or want to) have connections with US
  2. Bluehost doesn’t offer Let’s Encrypt SSL certificates for the basic hosting – Hetzner does.

Setting the account with Hetzner was easy, but not too terribly easy – I had to switch to Safari to finish the payments, as Firefox was blocking how Hetzner does payment redirections. Also, their UI (konsoleH) is just terrible ergonomically, but practical.

Enabling SSL was just one click after I did the DNS redirections, et voila!

The woes of authorized_sftpkeys

Hetzner has a method of allowing uploads using SFTP. The documentation is scattered across several places, so I’m keeping it here as a reference.

# Only RSA keys are allowed
ssh-keygen -e -f ~/.ssh/id_rsa.pub | grep -v "Comment:" >~/.ssh/authorized_sftpkeys
cd
# you can get the username and hosting server info from
# - https://konsoleh.your-server.de/logindata.php
# - https://konsoleh.your-server.de - the Details sidebar entry
sftp <ftpusername>@<your-hosting-server> <<__EOF
mkdir .ssh
chmod 700 .ssh
put .ssh/authorized_sftpkeys .ssh/authorized_sftpkeys
chmod 600 .ssh/authorized_sftpkeys
__EOF

Syncing up the blog

Now, it’s not possible to use rsync with Hetzner, only sftp. However, sftp is not a great program when one needs to sync up directories. Luckily, there is sftpclone, that I discovered through this community entry.

I just had to update my default.nix file that provides me the shell. sftpclone is not part of Nixpkgs, so I wrote my own expression:

sftpclone = with pkgs.python3Packages; buildPythonPackage rec {
  pname = "sftpclone";
  version = "20191126";

  propagatedBuildInputs = [ paramiko ];

  src = sources.sftpclone;

  doCheck = false;

  # we have paramiko 2.7.1
  # some projects are just a mess
  patchPhase = ''
    sed -i 's/1\.1\.2/${version}/' setup.cfg
    sed -i 's/1\.2\.2/${version}/' setup.py
    sed -i 's/paramiko==2.4.1/paramiko==${paramiko.version}/' setup.py
    sed -i 's/paramiko==2.6.0/paramiko==${paramiko.version}/' requirements.txt
  '';
};

sources.sftpclone is coming from niv, a version manager for Nix.

From that point, syncing up the new content is just:

sftpclone public/ <ftpusername>@<your-hosting-server>:~/public_html/