libresh / applications Goto Github PK
View Code? Open in Web Editor NEWApplications we offer
Applications we offer
My mailserver is coming along nicely - incoming email is now working, although there still is some problem with relaying outgoing email. I have to move it from gh:michielbdejong/mail to here.
Not very urgent maybe, but right now, to update DNS I have to log in to namecheap and to gandi. Running the authoritative DNS server on our own servers (one each, for instance?) would allow to automate things more in the long run. It would also be nice to make sure we implement things like ipv6, dnssec, and dane.
/data/server-wide/IMG/
and /data/per-user/DOMAIN/IMG/
.Yep!
What do you think of moving these 3 apps to IndieHosters repo?
https://github.com/IndiePaaS
I prefer to have each app on a separate repo, then it is really easy to keep track of everything. It's really modular this way.
We could have then one repo, like this one, that have them all as git submodules.
If you like these 3 images and are ready to merge them into IndieHosters app, and ready to offer them to your clients as well, then, I'll start to rewrite the other apps to fit this "standard" nad move them little by little to this repo.
For me this is the best plan.
What do you think?
Moved from michielbdejong/snickers-applications#13
After reading all:
http://www.slideshare.net/bobtfish/docker-confjune2014
http://nerds.airbnb.com/smartstack-service-discovery-cloud/
http://clockworkcubed.com/2014/05/consul-and-synapse-service-discovery-and-elastic-load-balancing/
http://jasonwilder.com/blog/2014/02/04/service-discovery-in-the-cloud/
http://jasonwilder.com/blog/2014/07/15/docker-service-discovery/
http://www.consul.io/intro/vs/smartstack.html
http://igor.moomers.org/smartstack-vs-consul/
I feel this is the path:
https://coreos.com/blog/docker-dynamic-ambassador-powered-by-etcd/
Ouh, I'm getting excited :)
So the idea would be to have a manifest file for each of app we support.
I will write a BDD scenario:
Given a user (john) wants to access his wordpress the first time
And the user has already an account with indiehosters
When he goes to his app store page
And he clicks on wordpress
Then he is redirected to john.indiegue.st/wordpress
And our user sees a waiting page
Then our backend catches this http request
And our backend understands that there is no wordpress for this user
And our backend read the manifest file for wordpress
And our backend satisfies MySQl dependencie
(Given a user (john) wants to access his mysql the first time...)
And our backend satisfies all dependencies
And our backend send the http request to the service ambassador
And the service ambassador responds
The idea is that I don't want poor failover made by hand. Technology is mature for kickass failover. I want to have a rocking service. When one of the VM is down, I don't want the service down for the user :) So yes, one MySQL per user, but a replicated master-master one! And every services consuming MySQL are able to do it so, even if one MySQL instance is down :)
I'm still hoping that we don't have to write this manifest file, and could handle it at the Fleet or Docker level.
And about some services that are shared among users (mail, jabber..), I strongly believe we should use the same scemas as for users. We should dog food it ;) It's not a special case, it's just that the user is Michiel instead of John ;)
And I don't think we will run backup of services of each others (cross hosters). I will personaly have 3 VMs, and they'll backup each other. It's either that, or we share a common cluster (3 VMs also, but we can grow them to more).
@pierreozoux we're now both running our personal website on Docker, but we're each using a different setup to do so. Let's talk about how we can converge our setups, so that they become compatible with each other and we can develop it twice as fast! :)
so /data/michielbdejong.com/
instead of /data/michiel/
moved from michielbdejong/snickers-applications#4
I think it's quite clear we want to offer certain base functionality:
And then there are miscellaneous apps that have some specific functionality, which are each sort of isolated and light-weight to add, like maybe:
but at another level, there is a number of important meta-software projects out there that we may just want to offer hosting for, without them being necessarily a miscellaneous app. Each of them covers basically file sharing + a lot of miscellaneous apps, and each user would need only one of those, because they replace each other. i think at the moment the most important ones in terms of momentum are (my knowledge may be incomplete here?):
i'm sure there will be others over the years. would it make sense to just try to offer hosting for each of these? i guess each have their pros and cons, and it's good if people can try them out, compare them, and use the best one for daily use on their domain name, hosted by their indiehoster.
Moved from michielbdejong/snickers-applications#5
To install the wordpress wp cli, the setup procedure of the WordPress Dockerfile should run the following as root:
curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
mv wp-cli.phar /usr/local/bin/wp
chmod +x /usr/local/bin/wp
wp --allow-root --info
DB_HOST=172.17.0.5 DB_PORT=3306 DB_NAME=wordpress DB_USER=admin DB_PASS=foo wp --allow-root plugin install wordpress-https
DB_HOST=172.17.0.5 DB_PORT=3306 DB_NAME=wordpress DB_USER=admin DB_PASS=foo wp --allow-root plugin activate wordpress-https
Work-around, on a server that is not live, while using the current wordpress image after you run systemctl start [email protected]
on your server, do the following:
systemctl stop haproxy-confd
edit /data/runtime/haproxy/haproxy.cfg, changing the line:
redirect scheme https code 301
to:
use_backend domain.com
If you want to add a wordpress domain to a live server, you will have to do something smarter. :)
Moved from michielbdejong/snickers-applications#7
@pierreozoux - which dockerfile are you running for wordpress on your server? can you add it to this repo?
for integration in CoreOS and also on other operating systems, a good to make sure containers are restarted when they die
I think a better name would be michiel-app-store
or michiel-implementation
. I'll have my own also, and then from October, we'll work on merging both. (it will be easier to do this AFK)
right now, the server-wide services assume that the user's data volume is on the same server. They also assume that all per-user containers are running on the same server. It would be nice to allow for bigger server farms, where one server acts as a load balancer, one as a file server, one as an application server, etcetera.
moved from michielbdejong/snickers-applications#14
We can leave the IndiePaas images where they are https://registry.hub.docker.com/search?q=indiepaas and then add in a mysql server and a /snapshot.sh script where desired/necessary. This is maybe easier than the git submodule approach we tried last week.
@pierreozoux do you agree with this approach?
i just learned a bit about how ynh does this: http://community.remotestorage.io/t/sandstorm-io-personal-cloud-platform/212/5
@pierreozoux you brought this up already, that it's a shitty experience to not have SSO / one single password reset option. maybe we could at least use LDAP as much as possible? we could actually reuse a lot of the packaging work from ynh, there (maybe just Dockerize each ynh app? or even run a ynh server inside Docker or even just without Docker?)
so not specific to the mailserver
This application has a simple manifest file (author: Tim Berners-Lee
;) ) and tared data folder.
I think that our implementation, should be system-wide
. For this particular case, I imagine an nginx conf for every /data/user/static-file
.
In this folder (like every FOSIA package) there might be a CNAME file, and a corresponding SSL certificate. The nginx conf must take the appropriate decisions regarding these files. (It means either using it, or in case not present, using the default name scheme: user-name.indiehosters.net/service
with our certificate)
The folder /data/server-wide/static-html/
link to every per-user
folder.
There is also a /data/server-wide/static-html/site-available
link to /data/server-wide/static-html/site-available-{timestamp}/
.
Then, there is a process watching /data/*/static-html/CNAME,*.cert
directory for changes. In case of change, it must:
nginx.conf
template of each relevant site. /data/server-wide/static-html/site-available-{timestamp}/
/data/server-wide/static-html/site-available
For now, all the automatic part, I'll do by hand. But what do you think in a general manner about this?
(this implementation is compatible with multi servers if you reconfigure the main HAproxy)
Comments?
Yesterday I moved everything from Chicago (my CoreOS virtual server at rackspace) to Luxemburg (an ubuntu virtual server at Gandi). Bouncer now supports multiple domains, and the run scripts changed a bit - still have to update them here.
I think this is concerning from a security point of view to use this piece of software for the most important part - namely serving ssl certificates. Especially when there is something Industry proven that is doing great job.
Right now, we're using the docker run --restart
flag for restart after failure (and the default docker -d -r
flag for restart after reboot), but it could have advantages [?-like what?] to switch to systemd or upstart.
Apart from the https plugin, I think we should add:
<div>
<a href="https://twitter.com/username" rel="me">@username on Twitter</a>
<a href="https://github.com/username" rel="me">@username on GitHub</a>
<div>
I am testing this right now, to see if it is enough to enable login with IndieAuth.
looking at https://github.com/idno/idno/blob/master/docs/install/instructions.rst#use-environment-variables I think what they mean is config.ini is needed for the things that don't change, but we can get rid of the lines that paste env vars into that file
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.