New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Tips for hosting a web server
Till now I have used only premade solutions for local development such as XAMPP or free web hosting solutions, but now I want to put down the foundation for my website on one of my VPS.
As such I'd like to ask for some basic tips on setting up a simple nginx server (on debian/ubuntu environment):
- Should I use /var/ or /srv/ or /home/user/ for the www folder?
- Install on host or in a docker container?
- If in docker, bind www and conf paths to host or to a named volume? How do I handle access permissions?
- Single daemon/container with vHosts or reverse proxy container/dameon + slaves?
Thank you in advance.
Comments
Why not use VestaCP ?
Zero difference, except for
/home/$user
which you should avoid, unless you are really setting this up for multiple users to have their own homepages.I use both. I prefer docker in general, although for really low end machines with no swap, I go the host route.
One volume container A, one nginx container B , one ssh container C.
A:
VOLUMES ["$WEBROOT", "$SITES-ENABLED", "$WHTEVERELSE"]
B:
--volumes-from A
C:
--volumes-from A
Setup the users/permissions on C and expose the SSH port on host (
-p 2201:22
).Make sure C and B use the same base image (for the user ids to match)
Done.
I do what I described above on a per tenant basis. No problem to do it 1 set for multiple tenants as long as you do it securely. But why bother with that and not launch MOAR containers?
Edit: I put another reverse proxy in-front to route the traffic to the respective nginx container.
You're welcome.
I'm not familiar with administration control panels, it looks nice but does it take over the system? Like, can I manually edit some settings such as paths in .conf files without screwing up the CP? Also does it have restrictions to allow only localhost access it (ex. through ssh tunnel)? I don't like to have an another unnecessary attack surface so that would repel me from using any CP.
Do you know if there is any script or command that automatically shuts down the container C after its SSH connection closed or after X hours?
Well one reason might be the many configuration files to manage
Thanks!
Why would you want to do that? And how will it spawn to receive a connection at an arbitrary future time? It's too much complexity for no benefit.
Because working on Wi-Fi, sometimes I lose connection to the host or simply forget when in a hurry that I have an open ssh connection.
My thought is to run container C only when I need to make changes and keep it shutdown otherwise.
Hi Robotex,
For local development i am recommended ISPConfig control panel or VestaCP above XAMPP.
Create a VM with Docker or VirtualBox and install ISPConfig or VestaCP.
Regards,
=/ can't even put web folders on here without Cloudflare blocking my post.
Lol I was describing how to DISABLE root ssh and blam.
Just wanted to give a shout-out, however you decide to setup your box, be sure to check out @Raymii 's excellent Cipherli.st guide on securing nginx, apache, ssh, etc!
Well I just gave VestaCP a try in a docker container and I must say that despite the nice informative panel, it does too much more than what I really need since it supposes I will install a DNS, mail, cron etc all stuff that I don't need.
It's not for local development, I suppose I didn't explain it well in the first post but it's for a personal website.
I can feel you, I had to separate www and /var/ for that same reason.
That's the first thing I do everytime I deploy a new VPS
Thanks! Will keep it for reference once I get to the step of setting up certificates
By the way, I think I will play more with docker and see if I can set something up using the composer, maybe starting with something like this
Use default/general one, less pain and troubleshooting when upgrade from repo or sources.
You can choose what VestaCP installs. https://vestacp.com/#install