– Your account has insufficient funds to extend the service. All your work in 10 years will be destroyed within 2 business days.
Everyone is familiar with the situation when the charges for the hosting occur at the wrong time: the money ran out on the card or it has expired, the notification letter fell into spam, you have a cat moving at that moment. As a result, services are blocked, everything breaks, and you urgently need to run to pay. And also a crisis, you need to try not to die from the coronavirus and you have to choose between buckwheat and paying for servers for personal projects.
In the article, we will tell you how to get rid of regular payments for hosting content, domain names, SSL certificates. And how to make the most autonomous server that will survive the zombie apocalypse.
To create a project that can survive any crises, you need to optimize all entities and get rid of monthly and annual payments as much as possible. Although the domain name is small, it’s an expense item, we’ll try to optimize it.
When choosing a domain name, it is important to consider that the policies of different domain zones are different. Some domains can be renewed for a period of 10 years and forget, and others need to be renewed every year. In addition to the renewal date, there may be other restrictions on the period that the domain will operate without interference. For example, a recent ICANN initiative sometimes requires you to manually confirm the validity of the email addresses provided on whois. Choosing a domain that you can pay once and forget for a long time, you need to consider all the features of the rules of the domain zone. Let’s try to figure out which domain is best suited for eternal projects.
The privacy of personal data in the zone .RU
There is a misconception that all domain zones (TLDs – top level domain) belong to one organization like ICANN, but this is not so. ICANN only establishes general rules and coordinates the work of organizations that manage their domain zones.
Each domain zone has its own organization that sets the rules for it. For example, a zone .ru previously managed by RosNIIROS (Russian Research Institute for the Development of Public Networks), and now a separate organization has been created for this National Internet Domain Coordination Center.
This organization sets the rules for registration and resolution of disputes within the domain zone.
It is important to consider that according to the regulations of the RU domain zone. I.RF, your personal data may be disclosed by the registrar upon a lawyer’s request.
According to clause 11.2.4 and 11.2.3 of the rules of the domain zone of the RU and the Russian Federation, information about the domain owner can be issued by lawyer or court request to the registrar.
The registrar has the right to provide information about the exact full name (name) and location (residence) of the administrator solely upon written request for the purpose of filing a lawsuit.
This means that anyone who turns to a lawyer who is a member of any Russian college of lawyers and has a lawyer’s certificate can find out the full details of your domain name.
Anyone can disclose the registration data of the individual to whom the .RU or .РФ domain is registered, including his home address, phone number, full name, passport number, etc.
Here is the response to a lawyer’s request using the example of a registrar reg.ru:
[Кликабельно] Response to a lawyer’s request with full details of the domain owner
At some point, someone may not like your project, or vice versa, your beautiful domain will be liked, and they will want to talk with you personally to discuss issues. It’s rather unpleasant to see people coming to discuss your site on their doorstep. This should be borne in mind when registering a .RU or .РФ domain, if your goal is to register and forget.
How to buy a domain for 10 years?
The maximum domain renewal period is determined by the domain zone regulations. For the .RU zone, this is 1 year, for the .COM and .NET zone it’s 10 years . However, not all registrars offer an extension of 10 years. It is important to note that some registrars offer domain renewal services for a longer period than the rules of the domain zone allow. This is a marketing ploy, in fact, they simply charge you for paying for several renewals and then secretly renew the domain without notice. The real term for which the domain is renewed is indicated in whois in the line Expiry date.
The real domain expiration date is specified only in whois
It is important to be able to distinguish the real domain expiration date from what the registrar shows in his panel, because the prices and terms of the renewal can change, and then the registrar can review the renewal obligations. Also, when transferring a domain to another registrar, only the real renewal period will be taken into account.
So we decided to renew the domain for the longest possible time, remember that .COM and .NET can be extended for 10 years. To do this, you need to choose a registrar who truly renews the domain for this period. There are not so few of them, most large foreign registrars can do this, for example: uniregistry.com, domain.com and others. Service Cloudflare It doesn’t allow you to register domains with them, but it allows you to transfer a domain to yourself with an extension of 10 years.
Not all registrars can renew a domain for 10 years
Can I buy a domain forever?
To date, I do not know of a single domain zone offering such an extension option. Free domains like .tk, .ml, .ga, .cf, .gq require regular confirmation by email and can be deactivated at any time. According to rumors, if your site on a free domain becomes quite popular, the registrar can select it under a far-fetched pretext and hang a blank with advertising there. In addition, they can be easily blocked for any complaint, so I do not recommend choosing them as an option for a long time.
Even domains renewed for 10 years may require confirmation by email. Sometimes ICANN initiates a contact verification process and requires the registrar to send a letter to the clients with a link. If, within a certain period of time, you do not click on the link and confirm the data, the domain may be temporarily blocked. Therefore, it is important to view the mail to which the domain is registered so that it is not suddenly selected.
Perpetual SSL Certificate
Every year, browsers and operating systems are increasingly strict about the unencrypted HTTP protocol. Google Chrome in new versions promises to show a warning that you are visiting an unsafe site using the protocol if the site does not have HTTPS support. Search sites lower in sites without HTTPS. Therefore, it is obvious that without an SSL certificate it will be difficult.
How not to suffer from the constant expiration of SSL certificates and the purchase of new ones? Of course use Lets Encrypt! This is a popular free service for automatically issuing SSL certificates. It allows you to forget about releasing SSL certificates forever and entrust this to automation. For him, there are many implementations and clients, just like the setup instructions. For a bundle with the nginx web server, the most popular client certbot. Most likely lets encrypt with us for a long time, and in the next 10 years, its protocol and conditions are unlikely to change much.
The usage description of lets encrypt is beyond the scope of this article, so we will only cover important points. When issuing a certificate, you are invited to optionally specify an email. Notifications will be sent to this address if the certificate for some reason could not reissue itself. The ACME protocol that lets encrypt runs on is sometimes changed and requires a client update. Notifications that you are using an outdated client will also come to this mail.
Deprecated protocol reminder letter from Lets Encrypt
During the existence of Lets Encrypt, its protocol has been amended several times, and it can be expected in the future that this will continue. So it’s important to keep track of his reminders so that the certificate does not suddenly break.
SSL certificate without domain
It is impossible to issue an SSL certificate without a domain, but what if you are deploying a server for internal API or tests, and you don’t want to buy a domain just for the sake of a certificate. And it’s not necessary, because you already have a domain bound to your server! Service SSLip.io provides pre-generated domains for all existing IP addresses in the world.
Just convert the IP address of your server into a special subdomain entry.
Here’s what it looks like:
If the server IP address: 220.127.116.11
Domain will be: 123-45-67-89.sslip.io
Check if this is true:
$ host 123-45-67-89.sslip.io 123-45-67-89.sslip.io has address 18.104.22.168
So you can instantly issue a certificate for a new server without having to configure any domains and DNS. SSLip.io can be used in scripts in conjunction with automatic detection of the server’s external IP address, and generate a fully configured server right at the first boot.
For those who are annoyed by the monthly and annual hosting payments, we have come up with a perpetual server rate. It is enough to pay for the server once and never again remember about it, the server will work until the end of the century or until a new virus destroys us all.
This is especially useful for developers who use the server to host hobby projects, tests, and development. No need to worry that the server will shut down for non-payment or at the right time there will be no money on the card, which is especially true during times of crisis.
CPU: 2 cores, processor frequency up to 3.2 GHz. Used processors family Intel Scalable.
RAM: 2 GB DDR4
Disk: 40 GB NVMe
Traffic: 32 TB / month
Channel width: 500 Mbps
OS: Linux or Windows license cost is already included in the tariff
Is the server eternal?
Yes, as long as our data centers exist and the Internet works, the service will be provided. The tariff will never be changed to a paid one. The reason for disconnecting the service are: violation of the rules of use, in particular the distribution of prohibited content, malicious activity, fraudulent actions or a court order.
Are there any hidden charges?
No, the service costs exactly 11,340 rubles. There is no separate installation fee. The price includes 1 IPv4 address. You can reinstall the OS on the server from the control panel for free, without limiting the number of times.
What happens if the traffic ends?
The quota for the total volume of traffic is 32TB per month; incoming + outgoing is taken into account. Exactly this number is obtained when the channel 100Mbit / s is fully loaded for a month. If the quota is exceeded, 200 rubles will be deducted from the account. for 1TB. If at this moment there is no money in the account, then the server will be suspended.
Automatic Security Updates
If a zombie apocalypse comes, you are likely to be too busy to read regular reports on security and new vulnerabilities. In the struggle for survival in the bunker, you can easily not notice that the software on your server has become vulnerable.
If you do not patch vulnerabilities in time, you will be quickly hacked and a cryptocurrency miner will be launched on it or added to the DDoS botnet. In this case, there is a high probability that you will be blocked for malicious activity or resource overruns.
To combat such a situation, there are automatic security updates. In Ubuntu, this is called Unattended upgrades, but there are analogues in other distributions.
Consider setting up on Ubuntu:
# Устанавливаем пакет apt-get install unattended-upgrades # Запускаем интерактивное меню для настройки dpkg-reconfigure unattended-upgrades
Activating Automatic Security Updates
By default, the system will check for security updates once a day, and if updates are available, then automatically install them. To do this, the server can be automatically restarted, so it is important to configure the necessary services to automatically start at startup. It should be remembered that unattended-upgrades installs only critical security updates, the versions of installed programs and distribution will not be changed.
All the tips described in the article still require you to carefully monitor your mailbox in order to respond to urgent notifications. Unfortunately, it is impossible to get rid of this yet, so falling into a coma for a long period is still risky.
But this will help you optimize your expenses and not depend on monthly payments. Of course, large projects cannot be left in autopilot mode for a long time, they always require attention and completion. Described in the article is more suitable for hosting hobby projects, development, smart home applications, monitoring, personal VPN server, Telegram bots, etc.
Please share in the comments what methods you have found to optimize your expenses.