Posts in this series:
- Introduction (this one!)
- Part 1 - Set up DNS server
- Part 2 - Set up Web server
- Part 3 - Secure with DANE
So you wanna build a
snowman website on a Handshake domain.
Any website (even a regular one on an ICANN domain) needs 3 things to function
- A domain name - hope you have one ready
- A DNS server - this is what tells browsers where to fetch content from
- A web server - someplace where content is stored or served from
Let’s quickly go through what they are (feel free to skip if you’re familiar with DNS basics).
An authoritative DNS nameserver (We’ll call this a DNS server from here on) is like a redirector that stores all the subdomains (and their records) and pointers to where content is hosted. Registrars normally provide this service for free for domains you manage with them. In this series, we’ll set up our own (with PowerDNS).
A web server hosts the content that should be shown on the website. GitHub pages, Vercel, Netlify, etc. all do this, but again in this series, we’ll set up our own (with nginx).
How do these 3 things work together?
- Domain name points to DNS server
- DNS server has records that points to Web server
- Web server has files and content to serve
Get a cloud Virtual Machine
We’ll have all this running on a single (cloud) machine, but they can be split up if you wish.
Most low-traffic sites can do away with a small $5/mo cloud VM from Digital
Ocean (or any other cloud).
This series uses a
B1ls size on
Azure with 1
vCPU and 0.5 GiB of memory. Feel free to scale up if the website starts getting
While creating a VM, make sure to open 3 ports:
- 53 for DNS
- 80 and 443 for HTTP and HTTPS
Note: This series does not cover taking backups, setting up monitoring, etc. that you’d want to do with a typical production-level site. There’s nothing different about handshake websites and guides online work as-is for all those things.
This series uses these values as an example. Replace them with your own in all commands:
- IP address of machine:
For people who have a single and simple website and don’t plan to add more websites, there’s a handy software package that wraps DNS and Web server in a single app, and takes care of DANE. You may want to use that instead: https://github.com/pinheadmz/handout
This whole post is divided into 3 parts and in each one, there are alternatives mentioned if you prefer other software.
Before we start, credit where due (in no specific order):
- pinheadmz for this article (along with others) and handout
- Buffrr for Let’s DANE and Fingertip that make DANE easy to use
- A guide to hosting static websites using NGINX
To start, check out Part 1: Set up the DNS server.