Self hosted on a VM


(Daniel Hollands) #1

For a few years now I’ve kept a cheap account with TSOHost for basic PHP hosting. I’ve thrown sites like http://fightclubmonkey.co.uk/ and http://danielhollands.co.uk/ on there and mostly forgotten about them.

This was fine back then, but right now TSO are in a weird position where they’re both too simple, and yet also too complex, for my needs. What I mean by this is the sites above (with minor modificastions) would be easily thrown on GitHub Pages, while at the same time I want to start playing with things like Ghost blog (which I already have) and October CMS, which is beyond what TSO can offer.

With all of this in mind, I’m thinking it might be time I went back to setting up my own odds-and-sods server for hosting all the things which don’t warrant their own server - which is why I’m here.

The last time I set-up a server myself, it was with https://www.hetzner.de/gb/hosting/ - hosting WordPress sites, and it got hacked. This was a few years ago, and my ops skills have improved since then, but I’m still mostly clueless as to where I should even start.

I would welcome any and all feedback. Thanks.


(Etewiah) #2

I jumped on the digital ocean bandwagon and am fairly happy with it. I will often spin up a server there just to try something out and only get billed for the few hours it was running. Remember though, you still get billed if you turn off your server. When I’m done experimenting, I save an image of the server and actually delete the server.


(Daniel Hollands) #3

Oh sure, I do the same thing.

But this is less a question about if I should use DO (or any VM), but rather the method and technology I should use in provisioning the server.

For example, I’m guessing I’m going to need nginx, php, ruby (maybe python) and a bunch of other config which I don’t have the experience in setting up in a secure way, or the knowledge of how to go about adding new sites/apps to it once it’s set-up.


(Andy Wootton) #4

I made a Page called ‘Cloud Services’ on my WP blog to summarise, last time we had this conversation. https://andywootton.wordpress.com/cloud-services/

I also misunderstood what question you were asking @LimeBlast. Remember when we decided we didn’t need an updateable Wiki because this stuff isn’t geographical? One good thing about geography is that it acts as a constraint on community size.

Second order confusion: is the question really mostly about running any server?


(Etewiah) #5

Ah okay. I have had to go through the pain of server admin more often than I’d like to. It seems unavoidable for more interesting stuff. I think I’ve made a lot of mistakes along the way and probably still do :frowning:

Often there are existing images you can for typical stacks like Ruby on Rails. Even then though I often find I have to make manual changes.

I kind of got the hang of capistrano for Rails deployments which helps a bit but even then there is still a lot of reading posts and trial and error involved - at least for me.

So sorry, the short answer is I don’t know how to avoid the pain of trial and error with setting up servers.


(Greg Robson) #6

https://forge.laravel.com/features

Taylor Otwell recently added templates for deploying new sites on a VM, so it will configure sites for Plain Text, WordPress, Laravel (obviously) and others. It’s a single click operation to add Let’s Encrypt to your site as well.

The current image supports up to PHP 7.1

I use it for Linode deployments and it’s great. Saved me hours, if not days.

Downside - $15/month.


(Richard Cunningham) #7

I lump all my stuff on a Digital Ocean VM (the smallest one), with nginx the webserver, going to PHP/node/static (depending on the site).

For me security the main things are:

Lock down SSH

  • Don’t allow direct access to root account
  • Don’t use “daniel” as you username or your twitter handle (use something less obvious e.g. initials)
  • Run Fail2ban
  • Use a strong password, that’s unique to that server (big sites regularly get hacked)
  • If you can, only use keys to login, which in which case the previous three points, probably somewhat irrelevant.

IPTables

  • Allow only just the ports you need (e.g. 22, 80, 443 on TCP)

Wordpress

To me this is massive hole in security, I’m sure there are guides out there in order to lock it down. Alternatively, use a static site generator and avoid the whole issue (which is what I do).

Patches

Of course run the vendor provided patches regularly. Also, remember that packages not part of the distro (npm, composer, compiled, wordpress etc.) need updating too.

Backups

Have multiple ways of bringing the server back online, if anything does get hacked. Most VM providers have some sort of snapshotting backup. Also, if you use some config management (e.g. ansible) and source pulled from git repo, hosted elsewhere you should have pretty quick way to rebuild the server in hurry.

If you have any problems with config, you can always send me an email.


(Marc Cooper) #8

I tend to use ansible to provision and deploy to Linode (because I’ve used them forever). A colleague is a huge Terraform fanboi: https://www.terraform.io/intro/use-cases.html I’ve just not bothered to learn it.

If you haven’t played with AWS Lambda, you really should.


(Daniel Hollands) #9

I’m at the point where I should really use something like ansible (or maybe jump right to Docker?), but it’s a case of trying to balance the ‘learning something new’ with the ‘just get it working’.

I’m also tempted to have a play with something like http://dokku.viewdocs.io/dokku/ (which I see have come along in leaps and bounds since I last saw it).

I could always just install something like cPanel :grimacing:

UPDATE: Our friends at Bytemark (@matthewbloch and @tdobson) offer an image named Symbiosis which appears to offer something similar to what I want.


(Steve Jalim) #10

Don’t forget to add AWS Lightsail to the inevitable choice-paralysis of picking a host


(Stuart Langridge) #11

I use symbiosis, and it’s great.


(Marc Cooper) #12

Please hand in your geek card on the way out, citizen.


(Jon) #13

At the risk of starting a flame war, I think Ansible and similar server build tools have been made redundant by Docker. Create your apps and services based on Docker to start with, and then you get environment repeatability and app security isolation on a single VPS.

I’ve discovered though that Dockerising an app after the fact is like writing unit tests after the fact. So, if you are writing an app and are considering Docker, do try to put it in a container from the start. You’ll thank yourself later on!


(Daniel Hollands) #14

I have a feeling that I’ll be playing with this if/when I get around to building Alexa skills, but (unless I’ve misunderstood it) I don’t think it offers what I want.


(Daniel Hollands) #15

So, the problem I have with Docker is that I simply don’t understand it. On several occasions, I’ve tried to follow tutorials on how to set it up and use it, but have always come away more confused than I went in.

I’m very keen on understanding it, as I think our company is trying to go in that direction with its servers, but thus far it has eluded me.

Can you point me in the direction of a tutorial or article or something which will explain it to an idiot like me?


(Jon) #16

I found the Docker docs very good, it’s how I started to learn it (and I am pretty new to it, but I think I have got the hang of it). Docker Compose is also pretty easy, and really nice to know.

If you are buying the beers, I’d be happy to do a brain dump and demo for you - it might be nice for me to try summarising (to myself as well) what I currently understand.


(Daniel Hollands) #17

That works for me, sure. One evening next week maybe? I’m free Thursday and Friday.


(Andy Wootton) #18

I went to a Docker demo in Wolves. I was fine until the guy started connecting them together into virtual networks and I decided one of us had lost the plot. ‘The network is the computer’, as Sun used to say… “All the way down” - Pratchett


(Jon) #19

Cool, Thursday next week is fine. Bring your lappy. Are you still in the same location, and thus can meet in the teeny bar down the road? I forget what it was called, but quite liked it last time I was there. 7pm?


(Daniel Hollands) #20

Works for me.

I don’t remember which bar this was. The one around the corner from me is The Bull, is that the one you mean?