Setting Up the WriteFreely Web Server

November 26, 2025

The WriteFreely server was relatively easy to set up and only took 2 hours until it was fully functional. I decided on WriteFreely because I wanted something very simple, lightweight, and that also supported markdown for posting write-ups for Hack the Box content.

This will be a relatively simple step-by-step guide on how I setup the server, I don't really have a set goal for level of detail, but I would like to write it in a way that I could have followed with little computer knowledge when I started.

Contents: – Software Installed – Database Setup – Nginx Setup – no-ip Dynamic DNS Setup – WriteFreely Setup – Getting Certificates with Certbot – Customization

Virtual Private Server Hosting

I decided on a Virtual Private Server (VPS) to keep all of the risk with a cloud provider, rather than have it hosted at home and should the worst happen an attacker have access to my home network through that web server. The server is also only using 1 vCPU and 1 GB of RAM, so it is about €4 a month. I chose DigitalOcean since I already had an account there and spun up the VPS with Debian installed. I generated some new ssh keys to use for access and went to work installing software.

Its important to make sure you correctly set a firewall on the VPS to make sure you're not unintentionally exposing any listening ports. Be sure to do that before you start installing anything in case they start listening on first installation. I kept SSH, ICMP, and HTTP open initially, then later added HTTPS, and removed ICMP once I was able to run the certbot and confirm functionality.

Software Installed

I installed a few things that I knew I would need after reading WriteFreely's setup guide:

+ nginx – a lightweight webserver and reverse proxy

+ no-ip DUC (Dynamic Update Client) – I didn't want to pay more for a dedicated public IP address on the VPS, so installing no-ip DUC allows the DNS record associated with the blog to automatically update. The software can be found here through no-ip's dynamic DNS system.

+ mariadb – You can use a database or not, I chose to. While the setup guide states MySQL, mariadb is a fork of MySQL and works for the web server.

+ writefreely – The application itself that will serve the page and manage the content.

Database Setup

Setting up the database was straightforward, I was fortunate enough to find this helpful guide that a blogger named Val wrote that I'll reference a few times throughout this, although her choice of software is slightly different but the end result is similar. I will list the commands that are listed on her blog just in case the link is not reachable in the future.

sudo apt install mariadb-server

sudo systemctl enable --now mariadb

I followed the instructions regarding starting the database, then the most important thing is doing the mariadb-secure-installation that walks you through some configuration options to make the database more secure such as removing remote root access, the anonymous user, and setting a root password.

sudo mariadb-secure-installation

As Val's guide notes, I made the writefreely user, created the database, and assigned privileges to the database for the user.

sudo mariadb -u root -p

CREATE USER 'writefreely'@'localhost' IDENTIFIED BY '[MariaDB password]';

CREATE DATABASE writefreely CHARACTER SET latin1 COLLATE latin1_swedish_ci;

GRANT ALL PRIVILEGES on writefreely.* to 'writefreely'@'localhost';

FLUSH PRIVILEGES;

exit

Nginx Setup

I decided on a reverse proxy in case I wanted to host additional web servers on this machine, if you decide against that you can skip this.

WriteFreely provides a configuration for the nginx reverse proxy here, the sections in bold are the only thing that need to be altered to match your environment. The proxy will listen on the normal ports then forward the traffic to the specific webservers based on the Host header in this case.

I recommend sticking with the default local listening port of 8080 to simplify configuration.

no-ip Dynamic DNS Setup

no-ip offers free Dynamic DNS (DDNS) for specific domains through their website, with the only caveat being that you must login to confirm every 30 days. I already had my domain through here, but Val's guide lists Porkbun as a provider that she used. She also uses the Cloudflare Tunnel, which I don't have experience with, but if you're hosting this at home that might be an excellent option to reduce your attack surface.

The DDNS is important to me because I do not want to pay for a reserved public IP, and manually updating the DNS record would be a pain.

To get this setup, I first created the DNS A records for the website (blog.jjnetops.net, www.blog.jjnetops.net) and tied those to the public IP of the VPS. While on the no-ip website I generated the DDNS keys that will be used for the system (username/password). I then followed no-ip's instructions for installing the software:

wget --content-disposition https://www.noip.com/download/linux/latest
tar xf noip-duc_3.3.0.tar.gz
cd /home/$USER/noip-duc_3.3.0/binaries && sudo apt install ./noip-duc_3.3.0_amd64.deb

This installs the program, but I want this to run constantly as a daemon, for whatever reason they have the instructions for setting up a service in a separate place here where it points you to a service file that is already made in the noip-duc_3.3.0/debian/ directory.

I copied this file to the system services directory:

sudo cp debian/service /etc/systemd/system/noip-duc.service

And as the instructions notate, you need to place your username, password, and hostname into a file at the following path: /etc/default/noip-duc

The file will look like this but filled in with the information you received when generating the DDNS keys:

NOIP_USERNAME=myusername
NOIP_PASSWORD=mypassword
NOIP_HOSTNAMES=example.ddns.net,exampledomain.com,noiptest.redirectme.net

Still following the instructions, I reloaded the daemons, then enabled and started the noip-duc service.

sudo systemctl daemon-reload
sudo systemctl enable noip-duc
sudo systemctl start noip-duc

We can check the status to make sure it updated the IP:

sudo systemctl status noip-duc

That should sort out your DDNS and keep the records up-to-date.

WriteFreely Setup

Finally, I installed the WriteFreely software, configured it, tested it on HTTP, and ran certbot to get certificates to allow TLS connections.

The WriteFreely software was downloaded from their GitHub, and installed. The VPS was using an AMD64 chip so that was the tarball I downloaded, yours may be different. These commands are very similar to Val's guide, but slightly different in that she has an ARM CPU and the VPS I'm using has an AMD64 CPU.

wget https://github.com/writefreely/writefreely/releases/download/v0.16.0/writefreely_0.16.0_linux_amd64.tar.gz
tar -xvzf writefreely_0.16.0_linux_amd64.tar.gz
rm writefreely_0.16.0_linux_amd64.tar.gz

I then applied permissions, moved the folder, and made the program executable.

sudo chmod 755 -R /var/www/html/
sudo mv writefreely/ /var/www/html/
cd /var/www/html/writefreely/
chmod +x writefreely

Once installed, I ran the writefreely program that is within the folder I just moved, and followed the instructions provided by writefreely's setup guide.

/var/www/html/writefreely/writefreely config start

Running this took me into an interactive configuration screen, I chose “Reverse proxy”, “8080” which is the local port it is listening on, and provided the database information.

Then I ran writefreely keys generate so it can generate encryption keys.

Finally, I started the application and make sure its working as expected and was serving writefreely over HTTP.

Getting Certificates with Certbot

Certbot provides a very easy way to get signed certificates to enable TLS on your website. The certificates are free and provided by Let's Encrypt.

First I downloaded certbot and the python3 plugin for nginx. The plugin will make the necessary configuration changes within nginx without having me having to do anything.

sudo apt install certbot python3-certbot-nginx

I did run into a small problem here, because I only had a record for blog.jjnetops.net and not www.blog.jjnetops.net. Once I created a record for the www one, it worked immediately.

sudo certbot --nginx

Next I checked and made sure I could reach the page from HTTPS and that it was redirecting HTTP to HTTPS for secure connections, which was all handled by the certbot python3 plugin.

Important to note, at this point I changed the firewall configuration on the VPS to only allow SSH, HTTP, and HTTPS.

Customization

There are a lot of options for customizing the blog, personally I started with using this free theme Painkiller Bullet made by Jesse Watson.

Fin

After that I was all done! It took me longer to write this than it did to setup the server! I'm hopeful I can continue to use this to catalog my journey through learning computers.

See you next time.