• danA
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    7 months ago

    Just tried out that playbook to set up a staging server, and it works pretty well.

    I feel like it’s a bit too magical though. I like knowing how all the software I’m using is installed and configured, and introducing another layer of abstraction makes that harder. I have particular ways things like my web server (Nginx), database servers, Let’s Encrypt (certbot), etc are configured and want to keep things that way. I think I’ll just use the Ansible playbook for the staging server, and set up the real server using the Docker containers directly, based on documentation from the upstream projects (Synapse, etc)

    It looks like they have both Docker containers and Debian packages avaliable, so I’ll have to see if it’s worth using the Debian packages instead.

    • Zworf@beehaw.org
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      7 months ago

      That’s true. They actually stopped supporting Nginx recently which really bothered me too because I want to keep using self-signed certs (my server is only reachable internally and I do not want to expose it to the internet). And the new server they use (I forgot which) didn’t really have that option. So right now I’m locked out from updating until I fix that.

      And yes it is totally feasible to use upstream! Not a problem at all.

      I would recommend to use the dockers though, as the whole debian thing becomes a bit of a mess with different python requirements for some of the bridges. I tried that in a long forgotten past and there is a reason I’m trying to forget that 🤭

      Like you I know the ansible playbook has its limits (for example one other thing I run into is that I want to run several instances of the same bridge to bridge eg. 2 whatsapp accounts!) but I do think docker is the way to go. I’m interested to hear how you’re faring though as it’s a long time ago since I tried that.

      • danA
        link
        fedilink
        arrow-up
        1
        ·
        7 months ago

        I want to keep using self-signed certs (my server is only reachable internally and I do not want to expose it to the internet). And the new server they use (I forgot which) didn’t really have that option.

        If you have your own domain name, you can get Let’s Encrypt certificates for internal servers by using DNS challenges instead of HTTP challenges. I use subdomains like whatever.int.example.com for my internal systems.

        Of course, it’s possible that the Ansible playbook doesn’t support that…

        Thanks for the note about Python and the Debian packages. That’s a good point. I’ll definitely use the Docker containers.