I can, but that defeats the idea of having a disposable app server. This way the file data is isolated on the volume and I can replace the app server any time.
I can, but that defeats the idea of having a disposable app server. This way the file data is isolated on the volume and I can replace the app server any time.
If you need to do that, for sure. But you can also take snapshots or automated backups of the server so that if something happens, you can just spin up a droplet from that snapshot/backup. I guess it's up to what you think the site will need.
@MethoD said:
If you need to do that, for sure. But you can also take snapshots or automated backups of the server so that if something happens, you can just spin up a droplet from that snapshot/backup. I guess it's up to what you think the site will need.
I really like the idea that to upgrade my setup I could spin up a new droplet from a snapshot, do the upgrades, then move the volume over / redirect DNS and it's insta-done. Or to get beefier hardware, or deal with a system compromise, or whatever. I wouldn't say I need it, but at an extra $5/mo when I'm already shedding over $150/mo off the server bill, it feels like a really nice addon.
@AlexDeGruven said:
letsencrypt? I don't think you really need super-ultra-verified certs, and they make it stupid simple, even for multiple domains under the same httpd.
That's my plan. Figuring all that out is a Very Big Deal for me and I expect it to take a decent chunk of time that I don't typically have available.
Letsencrypt is pretty fantastic and really easy, especially if you're not doing any funky httpd configs so it can work automagically. I'm sure you're already aware of where you can reach out for help with any of these things.
Yep -- letsencrypt is pretty much all you'll ever need for certs. They're even adding wildcard certs this month. Just set it up to autoupdate in your cron (literally just a single command; you can search for it on DO tutorials) and you never have to worry about certs again.
@AlexDeGruven said:
especially if you're not doing any funky httpd configs so it can work automagically.
Guess what we're doing to the Nth degree?
We support redirects and edge cases for half a dozen legacy platforms we used to use. When I got to the "automatically write this to your httpd conf" part I was like "full stop, back up".
I mounted the DO volume as /storage in a nod to our old Opteron system where we needed a separate drive mounted to handle our "massive" site. (Nowadays we have 30% more stuff but take up < 30% of the minimum drive size.) What's funny is I didn't undo the /storage-based setup until our current server. So that was worth it.
This is still ongoing, because I hate doing ops work and have been traveling quite a bit.
Mr. @Tushon has volunteered to help in a week or two. I've written some docs and granted him access to a number of things in preparation.
We continue to have insecure connections in the meantime. Chrome has decided to complain loudly about this issue after a recent update. Not much I can do about that; it's a browser-level design choice, and I agree with little that Chrome does these days.
@Linc said:
Chrome has decided to complain loudly about this issue after a recent update. Not much I can do about that; it's a browser-level design choice, and I agree with little that Chrome does these days.
At least Firefox lets users add a permanent exception, but Chrome acts as if all certificate problems are equal and freaks out every time.
Tushon has done most of the setup for the platform.
I've done most of the setup for the application-level stuff (code deploy pipeline etc).
We'll probably have the integration of the two sorted out by Christmas.
I'd expect downtime over the holidays or during ICNY to finish it up.
Then... All The Things™ are unblocked.
Comments
I can, but that defeats the idea of having a disposable app server. This way the file data is isolated on the volume and I can replace the app server any time.
letsencrypt? I don't think you really need super-ultra-verified certs, and they make it stupid simple, even for multiple domains under the same httpd.
That was part of the original request(s), didn't note it in this thread after having said so in discord.
If you need to do that, for sure. But you can also take snapshots or automated backups of the server so that if something happens, you can just spin up a droplet from that snapshot/backup. I guess it's up to what you think the site will need.
I really like the idea that to upgrade my setup I could spin up a new droplet from a snapshot, do the upgrades, then move the volume over / redirect DNS and it's insta-done. Or to get beefier hardware, or deal with a system compromise, or whatever. I wouldn't say I need it, but at an extra $5/mo when I'm already shedding over $150/mo off the server bill, it feels like a really nice addon.
That's my plan. Figuring all that out is a Very Big Deal for me and I expect it to take a decent chunk of time that I don't typically have available.
Letsencrypt is pretty fantastic and really easy, especially if you're not doing any funky httpd configs so it can work automagically. I'm sure you're already aware of where you can reach out for help with any of these things.
Yep -- letsencrypt is pretty much all you'll ever need for certs. They're even adding wildcard certs this month. Just set it up to autoupdate in your cron (literally just a single command; you can search for it on DO tutorials) and you never have to worry about certs again.
Guess what we're doing to the Nth degree?
We support redirects and edge cases for half a dozen legacy platforms we used to use. When I got to the "automatically write this to your httpd conf" part I was like "full stop, back up".
Yeah, it's nice if it can do that, but when you have funky stuff, then you have to do it manually
I mounted the DO volume as
/storagein a nod to our old Opteron system where we needed a separate drive mounted to handle our "massive" site. (Nowadays we have 30% more stuff but take up < 30% of the minimum drive size.) What's funny is I didn't undo the/storage-based setup until our current server. So that was worth it.I'm not sure this has been noted, but I would guess that login is broken due to HTTPS issue until server cutover
Clear your cookies. Vanilla gets angry about both http + https cookies together.
This is still ongoing, because I hate doing ops work and have been traveling quite a bit.
Mr. @Tushon has volunteered to help in a week or two. I've written some docs and granted him access to a number of things in preparation.
We continue to have insecure connections in the meantime. Chrome has decided to complain loudly about this issue after a recent update. Not much I can do about that; it's a browser-level design choice, and I agree with little that Chrome does these days.
At least Firefox lets users add a permanent exception, but Chrome acts as if all certificate problems are equal and freaks out every time.
Me every time I have to log in to the server
Tushon has done most of the setup for the platform.
I've done most of the setup for the application-level stuff (code deploy pipeline etc).
We'll probably have the integration of the two sorted out by Christmas.
I'd expect downtime over the holidays or during ICNY to finish it up.
Then... All The Things™ are unblocked.
live footage of me working on the server
every time I hit the same problem I've hit every time I've built a new server for Icrontic in the last 15 years
Tentatively slated for next Sunday, Jan 20.
ohmyfuck i did it agaaaaaaaaaaaaaain
SPHINX SEARCH WORKS.
1/20? You should deploy and then come drink some Dogfish Head 120 Minute IPA with us.
Instructions unclear. Drank DF120, deployed server to Usenet.
Next attempt will be Feb 10. I ended up spending days wrestling with server configs and my time for the actual migration disappeared.
Moved back another week. Always extra-ironic when Vanilla work preempts working on my own Vanilla sites.
Fuckin' did it.
um, for those frequent NewBuddhist.com, the server NewBuddhist.com cannot be found.
Ironic works fine, thanks.
It's online, it's just taking a while for DNS to propagate because I neglected to dial down the TTLs ahead of time.
The IP address is 138.197.153.182 if you wanna stick it in your hosts file.