ssh en OERF FOSS Tech Hosting Conventions <span class="field field--name-title field--type-string field--label-hidden">OERF FOSS Tech Hosting Conventions</span> <div class="field field-node--field-blog-tags field-name-field-blog-tags field-type-entity-reference field-label-above"> <h3 class="field__label">Blog tags</h3> <div class="field__items"> <div class="field__item field__item--overview"> <span class="field__item-wrapper"><a href="/taxonomy/term/76" hreflang="en">overview</a></span> </div> <div class="field__item field__item--docker"> <span class="field__item-wrapper"><a href="/taxonomy/term/16" hreflang="en">docker</a></span> </div> <div class="field__item field__item--docker-compose"> <span class="field__item-wrapper"><a href="/taxonomy/term/49" hreflang="en">docker-compose</a></span> </div> <div class="field__item field__item--mariadb"> <span class="field__item-wrapper"><a href="/taxonomy/term/48" hreflang="en">mariadb</a></span> </div> <div class="field__item field__item--nginx"> <span class="field__item-wrapper"><a href="/taxonomy/term/30" hreflang="en">nginx</a></span> </div> <div class="field__item field__item--ubuntu-linux"> <span class="field__item-wrapper"><a href="/taxonomy/term/12" hreflang="en">ubuntu linux</a></span> </div> <div class="field__item field__item--ssh"> <span class="field__item-wrapper"><a href="/taxonomy/term/77" hreflang="en">ssh</a></span> </div> <div class="field__item field__item--restic"> <span class="field__item-wrapper"><a href="/taxonomy/term/78" hreflang="en">restic</a></span> </div> <div class="field__item field__item--lets-encrypt"> <span class="field__item-wrapper"><a href="/taxonomy/term/17" hreflang="en">let&#039;s encrypt</a></span> </div> <div class="field__item field__item--git"> <span class="field__item-wrapper"><a href="/taxonomy/term/79" hreflang="en">git</a></span> </div> <div class="field__item field__item--gitlab"> <span class="field__item-wrapper"><a href="/taxonomy/term/80" hreflang="en">gitlab</a></span> </div> <div class="field__item field__item--foss"> <span class="field__item-wrapper"><a href="/taxonomy/term/10" hreflang="en">foss</a></span> </div> </div> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><a title="View user profile." href="/user/1" class="username">dave</a></span> <span class="field field--name-created field--type-created field--label-hidden">Mon 30/08/2021 - 11:44</span> <div class="field field-node--field-image field-name-field-image field-type-image field-label-hidden has-multiple"> <figure class="field-type-image__figure image-count-1"> <div class="field-type-image__item"> <a href="" aria-controls="colorbox" aria-label="{&quot;alt&quot;:&quot;A snapshot of an SSH session on, located in San Francisco, CA, USA, and its performance stats as viewed from Christchurch, New Zealand. &quot;}" role="button" title="A snapshot of an SSH session on, located in San Francisco, CA, USA, and its performance stats as viewed from Christchurch, New Zealand. " data-colorbox-gallery="gallery-field_image-YhI9kzW9JIo" class="colorbox" data-cbox-img-attrs="{&quot;alt&quot;:&quot;A snapshot of an SSH session on, located in San Francisco, CA, USA, and its performance stats as viewed from Christchurch, New Zealand. &quot;}"><img src="/sites/default/files/styles/medium/public/2021-08/" width="220" height="105" alt="A snapshot of an SSH session on, located in San Francisco, CA, USA, and its performance stats as viewed from Christchurch, New Zealand. " loading="lazy" class="image-style-medium" /> </a> </div> </figure> <figure class="field-type-image__figure image-count-2"> <div class="field-type-image__item"> <a href="" aria-controls="colorbox" aria-label="{&quot;alt&quot;:&quot;Editing the docker-compose.yml file for this site using the Vim editor on via SSH.&quot;}" role="button" title="Editing the docker-compose.yml file for this site using the Vim editor on via SSH." data-colorbox-gallery="gallery-field_image-YhI9kzW9JIo" class="colorbox" data-cbox-img-attrs="{&quot;alt&quot;:&quot;Editing the docker-compose.yml file for this site using the Vim editor on via SSH.&quot;}"><img src="/sites/default/files/styles/medium/public/2021-08/" width="220" height="176" alt="Editing the docker-compose.yml file for this site using the Vim editor on via SSH." loading="lazy" class="image-style-medium" /> </a> </div> </figure> <figure class="field-type-image__figure image-count-3"> <div class="field-type-image__item"> <a href="" aria-controls="colorbox" aria-label="{&quot;alt&quot;:&quot;A snapshot of OERu FOSS software projects in our Gitlab instance. All are visible to anyone and we invite contributions.&quot;}" role="button" title="A snapshot of OERu FOSS software projects in our Gitlab instance. All are visible to anyone and we invite contributions." data-colorbox-gallery="gallery-field_image-YhI9kzW9JIo" class="colorbox" data-cbox-img-attrs="{&quot;alt&quot;:&quot;A snapshot of OERu FOSS software projects in our Gitlab instance. All are visible to anyone and we invite contributions.&quot;}"><img src="/sites/default/files/styles/medium/public/2021-08/Screenshot%202021-08-30%20at%2016-21-09%20OERu.png?itok=3FmBKhhs" width="202" height="220" alt="A snapshot of OERu FOSS software projects in our Gitlab instance. All are visible to anyone and we invite contributions." loading="lazy" class="image-style-medium" /> </a> </div> </figure> </div> <div class="clearfix text-formatted field field-node--body field-name-body field-type-text-with-summary field-label-hidden"> <div class="field__items"> <div class="field__item"><p>At the <a href="">OER Foundation</a> we host <a href="/node/34">an array</a> of Free and Open Source Software (FOSS) services. To keep things manageable, we have established a set of conventions to which we adhere, and I'm describing them here in case it's helpful to others who can either learn from, or improve on, our experience.</p> <p>To begin with, we use <a href="">Ubuntu Linux</a> for all of our hosts. We deploy the current Long Term Support (LTS) version of Ubuntu (at the time of this writing, it's 20.04) on commodity Linux hosting services, like Digital Ocean and Hetzner.</p> <h2><a id="user-content-host-access" href="#host-access" name="host-access" class="heading-permalink" aria-hidden="true" title="Permalink"></a>Host access</h2> <p>We access all our hosts on the command line, via secure, end-to-end encrypted connections, using <a href="">OpenSSH</a>. We don't use a server management tool (neither an open source one, like ISPConfig or Webmin, nor proprietary ones like Plex or CPanel). They would just slow us down. We prefer the efficiency and power afforded us by SSH. At any given time, I'm logged into a half a dozen remote systems, issuing updates, deploying code, diagnosing issues, checking resource usage, shoring up disk space, or tweaking Docker configurations.</p> <h2><a id="user-content-software-on-the-host" href="#software-on-the-host" name="software-on-the-host" class="heading-permalink" aria-hidden="true" title="Permalink"></a>Software on the host</h2> <p>On the host, we run the following:</p> <ol><li>We run <a href="">etckeeper</a> on each server to track changes in configuration. In general, we have these changes pushed to a central server to provide a reference in the event of a disaster (e.g. the server is compromised and needs to be 'nuked from orbit'...).</li> <li>The <a href="">Nginx</a> web server - it's our reverse proxy of choice. All of our <a href="/node/11">Let's Encrypt</a> certificates terminate at the host server, greatly simplifying the deployment of the individual services running on it.</li> <li>The <a href="">Postfix</a> SMTP server - it's our outgoing mailserver of choice, and we <a href="/node/28">set it up as a smarthost</a>, so that the server can send status and administrative messages to us via our <a href="">MailCow</a> email infrastructure using authenticating secure SMTP.</li> <li>The <a href="">Docker</a> containerisation framework using the <a href="">Docker Compose</a> system to coordinate collections of containers that work together to provide specific services. Docker allows us to run a bunch of effectively independent Linux systems, each with potentially different sets of complex software dependencies, efficiently and reliably on a single host.</li> <li>For each service, with an individual domain or subdomain name, we get a <a href="">Let's Encrypt</a> <a href=",_2.0,_and_3.0">SSL certificate</a> using the letsencrypt scripting toolchain. It is free of cost, and <a href="/node/11">easy to build into our workflow</a>, so it's a 'no-brainer' as far as we're concerned, ensuring all of our sites protect the data of their users with full encrypted links!</li> <li>For applications we deploy that depend on the MySQL database, we run a single instance of the fully MySQL-compatible <a href="">MariaDB</a> on our host, and the Docker containers connect to it via the internal network. We do it this way to easy the process of backing up the various MariaDB databases, which would be much more fiddly if we were running a bunch of individual MariaDB or MySQL instances in Docker containers. We use MariaDB because we prefer its development model, design decisions, and the fact that it's not being run by the Oracle Corporation, which owns the MySQL project.</li> <li>We use <a href="">Restic</a> to perform remote encrypted incremental file backups for the filesystems on each server. We send them to a development server we have which has oodles of disk space (<a href="">BTRFS</a> <a href="">RAID1</a> if you're curious) for safekeeping.</li> </ol><p>When each new Ubuntu LTS release comes out, we tend to create an install image for our commodity hosting provider (most recently, Digital Ocean), which has all these things pre-installed.</p> <h2><a id="user-content-docker-deployments" href="#docker-deployments" name="docker-deployments" class="heading-permalink" aria-hidden="true" title="Permalink"></a>Docker deployments</h2> <p>For the various services we deploy using Docker - more specifically, using the very handy Docker Compose scripting toolchain, we have a bunch of conventional practices.</p> <ol><li>We put all our Docker Composer recipes in a common directory: <code>/home/docker</code> - each service goes in a directory using the domain name of that service. For example, this Tech blog, is in the directory <code>/home/docker/</code> on our server Each service directory has a <code>docker-compose.yml</code> file which defines the collection of Docker containers making up each service. It also specifies the local directors in which data we want to make persistent, even surviving the removal of relevant Docker containers. In the case of this site, the containers include an Nginx webserver container which submits requests delivered to it by our hosts's Nginx reverse proxy to a PHP scripting engine container which, in turn, consults the Drupal 8 source code making up the site, and the MariaDB on the host which stores the data. There is also a PHP container which automatically runs the behind-the-scenes automated 'cron' tasks that every Drupal site requires.</li> <li>We store that per-service persistent data in a similarly named directory under <code>/home/data</code>, so this site's data is stored in <code>/home/data/</code>. That data includes, in the case of this site, an Nginx directory, with a generic Drupal website configuration, and a directory to contain all the Drupal 8 core source code and that for theme, module, and library dependencies. In a few cases, where we're using tools with specialised Docker deployment practices, like Mailcow, BigBlueButton, and Discourse, the persistent data for the site is stored under the <code>/home/docker</code> directory to avoid unnecessarily complicating our use of those tools. So our conventions are just that - not hard and fast, if there's a good reason to compromise them.</li> </ol><h2><a id="user-content-keeping-track" href="#keeping-track" name="keeping-track" class="heading-permalink" aria-hidden="true" title="Permalink"></a>Keeping track</h2> <p>For all of our service configurations, and, in particular our Docker deployments, we use <a href="">Git</a> to provide source code versioning and management. We also use it to deploy code that we have developed ourselves. Where possible, we use (and contribute back to!) upstream git repositories supplied by the communities surrounding many of the FOSS services we offer. We see that as doing our part to be good, contributing FOSS community members.</p> <p>All of our git repositories are held on our own, self-hosted <a href="">Gitlab</a> instance: <a href=""></a> - anyone is welcome to peruse the repositories, and we invite anyone interested in contributing to <a href="/contact">request a an account</a> (give us an idea of what you're interested in doing and how you'd like to participate!).</p></div> </div> </div> <section class="field field-node--field-blog-comments field-name-field-blog-comments field-type-comment field-label-above comment-wrapper"> <a name="comments"></a> <div class="comment-form-wrapper"> <h2 class="comment-form__title">Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=39&amp;2=field_blog_comments&amp;3=comment" token="mc3_yQFNlAQZsoRapw9jke6XUslZiwMrWV52Y56Nyas"></drupal-render-placeholder> </div> </section> Sun, 29 Aug 2021 23:44:43 +0000 dave 39 at