A Very Tiny Blog
For awhile now, I’ve wanted a WordPress blog site I could take with me. I wanted to be able to put it in my pocket. Recently, I managed to do just that.
Being a lover of the unusual, I wanted the little blog machine, which would fit in my pocket, to use unconventional software in as many parts of its operation as possible, except for the WordPress software (of course, since it’s the world’s most popular platform).
My idea was that I could take the little site with me wherever I went (for instance, during a vacation on a houseboat) – and be able to write things (I like to write). For hardware, I used the Raspberry Pi2 (credit card sized board). For software, I used the following list of things:
- FreeBSD operating system
- Hostapd wifi access point software
- Hiawatha webserver software
- Unbound DNS “server” software
- Sqlite3 database software
- PHP software (no other way to run WP)
- WordPress from WordPress.org
- Pf firewall
The idea was that there would be no internet access at all. It could/would be operated from a little houseboat in the middle of nowhere, and so the little pocket blog machine had to be a Wifi access point. I wanted it to be a “local, private” access point for the dedicated purpose of running a blog site with no (outside) internet reach. It’s a private access point, in that (so far as I am able to ensure) it will be accessed only by me (and those to whom I give the login credentials).
The detractors of such an idea have put forth their opinions on the web, here and there. Most wrote that the Pi was not powerful enough. Others wrote that the MySQL database would hoard most of the memory and CPU power of the Pi, and the access speed would be intolerable.
It’s true that MySQL can grab a lot of memory, and perhaps the Pi would not be a good match for that DB. Unfortunately, WordPress is built to use MySQL, and nothing else. Some people have written extension software to allow the use of the small flat file Sqlite database, and that is what I’ve used in my little blog machine.
Whether or not there are security risks with the use of that database in concert with PHP and WordPress, I do not know (or care). Whether there are other security issues, I don’t know. As I said, this will be a private access point. The idea is that the unwanted hoards are barred entirely from the access point, and they don’t get to see the little blog’s internal machinery. I can only hope I’ve configured the WiFi AP with the most secure settings (relative to the current state of things). While I am not recommending this approach, and haven’t spent any time at all thinking about security beyond the AP itself, the hope is that it will be “good enough.” Oh – we’ll run a little Pf firewall just for grins. But that will be about it for security. It may not be sufficient, so I’ll address any issues that pop up in the future, in the future.
This is not to say that I won’t take the security advice given (for each of the apps listed above) seriously. But, the security issues are not the emphasis for this minute. I’ve used the blog for a short while already.
I usually see DNS as the top of the app list for such a project. I mean, you can’t use all of the other software if you can’t resolve the name of the site. So, I’m using the Unbound local caching resolver in about the same way as others might use BIND as a DNS “server”. You might ask, what is there to resolve? Good question. My little houseboat “intranet” Wifi will have its own little top level domain.
Here’s a snippet from the Unbound config:
# port to answer queries from port: 53 # my little top level domain list local-data: "www.mightyschooner-ap-virtual.sea A 172.16.1.42" local-data: "mightyschooner-ap-virtual.sea A 172.16.1.42" local-data: "files.mightyschooner-ap-virtual.sea A 172.16.1.42" local-data: "wordpress.mightyschooner-ap-virtual.sea A 172.16.1.42"
Didn’t know about the “sea” TLD, did you? Well, it’s all mine, I say. Some might ask why I bother, since it’s a (relatively) simple site. They’d just use the bare addresses. I really need the DNS resolution, because I’ve configured the Hiawatha webserver to treat the blog domain as a “virtual host”. This is convenient, because it allows me to have multiple blogs (or other apps), with different names, and not have a confusing mess.
It works nicely. I can type http://www.mightyschooner-ap-virtual.sea/wp-admin into the address bar on my little tablet computer (connected to the Pi via the AP Wifi) – and be greeted with a relatively complete, workable wordpress dashboard. I’ve set up a nice theme, and have started adding pages.
The Hiawatha web server is a breeze to work with. Conveniently, it can use its FastCGI option to work with PHP-FPM as a back-end for wordpress. Then PHP itself has access to the Sqlite database via a PHP extension module. Once again, I’m not vouching for the security of these things. But, boy are they convenient to make a very simple system that doesn’t tax the little Pi in my pocket. The little Pi is actually fairly responsive. Excepting for large graphics, the response I get from the little blog in my pocket is comparable to 50 percent of what I get from the online version of WordPress at wordpress.com. Not at all “intolerable”.
Note: WordPress is under the guardianship of the WordPress Foundation, and WordPress.com is a service provider owned by Automattic, Inc. Neither has any association with this author, even though this blog is hosted there!