The initial iteration of this website is quite simple from a tech perspective. It is all static HTML with a dash of JavaScript for fun, but I'm not using any static site generator.

I have crafted these pages with no tools except VIM, grep, and a bit of sed for updates. I don't plan on keeping it that way, but I do find this the best way to create websites like this is to just split your screen between a web browser and an editor. By being basic in this way it allows you to get creative, as if you are painting on a canvas. When I build sites in this way, SSHing into my server, and just throwing VIM up, I feel a bit like Bob Ross. What I mean by that is it is a very relaxing activity, very chill.

Now I do not plan on keeping it this way forever, obviously its a bit of a pain to keep the HTML up to date throughout all the files without some kind of templating engine, so at the very least I need that. I think it is easy to assume I'm the sort of person who would use a static site generator, to spit out HTML files that can be served to you, ma' minimalism. But no.

The plan is to turn this into a Dynamic website. i.e rather than spit static html at you, you will call my server, the server will execute some code, determine some variables, pass it to a templating engine, and generate the HTML on the fly and send it back down the tube to you.

Inefficient you say? Cry harder nerd. I'm hosting this on a VPS I use for random projects, I'm already paying for the resources anyway, at the kind of traffic this website is getting it doesn't matter. That isn't to say static site generators aren't cool and a good way to make personal websites, in fact, I may use one for another more professional orientated websitein the future. But, I want to have some fun, I want to rice this website out, I want big rims and furry dice hanging from the mirror.

Having a dynamic website will allow me to do anything. Forum, chat, guest book, world map of visitors, user accounts, commenting, page me, crafting, a MUD. Everything is possible.

I could have a hybrid, where its static then javascript where I need it. But, you don't get that same creative and Bob Ross style workflow that you get with dynamic websites. With JS you need to consider loading states, error states, and you need to really test the crap out of your DOM manipulations. When you work with a dynamic website these are all taken care of by the HTTP standard and by the stateless nature of web severs. Error? Just return a 500. Loading? Its not even a thing, you don't need to think about a loading spinner because the browser just handles it. This isn't an attack on SPAs or JS, but I want to just hack shit for fun and feel a sense of bob ross flow whilst Im doing it which you can't get outside of the dynamic site paradigm.

Securing the site

If anyone goes down the route of using a VPS to host a personal website, I recommend you go down the same route I did. Lock down all the ports on your server, deny all traffic. Get a free cloudflare account. Add your DNS to cloudflare, set up a tunnel ( reverse proxy ) between your VPS and cloudflare. No chance of getting haxed. If you are feeling lazy you can open 80 and just set up an A record to point to your server but proxied through cloudflare. Whilst this is slightly inferior to the initial solution as you need an open port on your server, your IP will be hidden from any website visitor, and not so likely that it will be discovered. Cloudflare also give you a bunch of cool tools, like forwarding emails sent to whatever alias on your domain to some other email. I suppose you can also just whitelist cloudflare IPs on port 80.

Now don't let this be a blocker to you, if you want to expose your server directly to the internet fine. Either way, most importantly, I would suggest having your server set up in a way such that if it was hacked you wouldn't lose any sleep over it, you would just shrug your shoulders in an aloof manner like those anime characters who always have their hands in their pockets. Don't have a GitHub SSH Key on your server that has a bunch of private repos for work for example. If you get a crypto-ransomware and someone trys to blackmail you to unecrypt your files, you would laugh in his face and just delete your server instance and bring up a new one, quickly restoring a backup (or not so quickly, its a personal website after all I think the world can handle a week of downtime).

Click thing to boogie...