Abstract

Yo, help me write a good intro yo.

Something like, “I wanted to have a convenient phone app to point at my private financial tracking. Here I document the steps I took to set this up.”

Step 0: read about plain text accounting

If you’d like to read an excellent write-up up a motivation for these tools, I highly recommend the one at Beancount - Motivation - Google Docs

Step 1: get hledger-web working

I wanted a newer hledger-web than apt provides, but ran into some issues trying to install Haskell packages on the VPS, so I used Vagrant to build the binaries, than copied hledger, hledger-web and hledger-ui to the VPS.

For hledger-web to work properly when accessed from a url, try,

hledger-web --serve --base-url=example.com

Step 2: get reverse proxy working with nginx

You’ll edit a file /etc/nginx/sites-available/default, with

location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        #try_files $uri $uri/ =404;
        proxy_pass http://127.0.0.1:5000;

Then sudo nginx -s reload should connect example.com to hledger-web.

Step 3: setup https with nginx

Use letsencrypt to setup your certs.

Edit that same nginx default file, comment out the listen 80 lines, uncomment out the 443 lines, so that you now have

listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/letsencrypt/live/<your-domain>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<your-domain>/privkey.pem;

Step 4: add password protection to nginx

Follow a tutorial on setting up a password with nginx, and edit the location block for the 443 server to your nginx default file.

location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        #try_files $uri $uri/ =404;
        proxy_pass http://127.0.0.1:5000;
        auth_basic "Username and Password Required";
        auth_basic_user_file /etc/nginx/.htpasswd;
}