Simplifying My WriteFreely configurations
I was using customized systemd unit files and timers to keep this blog up, this is against the spirit of standardization! So I moved to a much simpler configuration.
WriteFreely listens on :443, serves tls connections all by itself, to prevent others from accessing WF itself, I dropped all traffic to 443 except for CloudFlare. An alternative is a reverse tunnel, that uses cloudflared to connect to CF, and I don't have to leave any ports open. Configuration is simple.
hostname: qzhou.dev url: http://localhost:$PORT
And change in
config.ini to listen on a local port $PORT, whatever it is. Then
root is no longer needed, so the WriteFreley daemon can run
www-data as expected
[Unit] Description=WriteFreely Instance After=syslog.target network.target [Service] Type=simple User=www-data Group=www-data WorkingDirectory=/var/www/qzhou.dev ExecStart=/var/www/qzhou.dev/writefreely Restart=always [Install] WantedBy=multi-user.target
and reload systemd
sudo systemctl daemon-reload sudo cloudfalred service install sudo systemctl restart WriteFreely