-
οΈ my adventures in #selfhosting: day 249 (mind of a #newbie edition) π§
οΈ my adventures in #selfhosting: day 249 (mind of a #newbie edition) π§
-
@elena thanks a lot for sharing your experiences! Enjoy your well-deserved break
@haploc I enjoy sharing my failures so hopefully fellow newbies do not repeat them... so at least they were useful for something
β -
@elena You may have a look to #portainer to manage your docker stacks. It ease the management dramatically.
@vincent yes yes I looked into it but I'm gonna stick to CLI for now. I really enjoy using it over a GUI
β -
@haploc I enjoy sharing my failures so hopefully fellow newbies do not repeat them... so at least they were useful for something
β@elena I think you're learning much more than a lot of "professional" sysadmins out there
-
@elena I think you're learning much more than a lot of "professional" sysadmins out there
@haploc I sure learn A TON but I'm not being humble when I say that my approach is basically a "spray and pray" and copying and pasting lines of code. I truly know nothing
β -
@haploc I sure learn A TON but I'm not being humble when I say that my approach is basically a "spray and pray" and copying and pasting lines of code. I truly know nothing
β@elena the willingness to learn by doing will get you further ahead, that's a very strong skill too
-
@elena the willingness to learn by doing will get you further ahead, that's a very strong skill too
@haploc thanks
οΈ -
οΈ my adventures in #selfhosting: day 249 (mind of a #newbie edition) π§
a blog post about what it's like for newbies to self-host... read till the end to find out what caused my OVH VPS fail (a facepalm moment for sure):
β: https://news.elenarossini.com/my-so-called-sudo-life/my-adventures-in-self-hosting-day-249-mind-of-a-newbie-edition/
I'll probably take a break from self-hosting and reading about #Docker (my Everest) for the rest of the weekend... so I can come back to it on Monday with my batteries fully rechargedβ
#MySoCalledSudoLifeIf you use Docker, system security is the most important and difficult thing to ensure.
https://www.trendmicro.com/it_it/what-is/container-security/docker.html
-
Sistema ha condiviso questa discussione
-
οΈ my adventures in #selfhosting: day 249 (mind of a #newbie edition) π§
a blog post about what it's like for newbies to self-host... read till the end to find out what caused my OVH VPS fail (a facepalm moment for sure):β: https://news.elenarossini.com/my-so-called-sudo-life/my-adventures-in-self-hosting-day-249-mind-of-a-newbie-edition/
I'll probably take a break from self-hosting and reading about #Docker (my Everest) for the rest of the weekend... so I can come back to it on Monday with my batteries fully rechargedβ
#MySoCalledSudoLife@elena Great progress! Yeah the docker desktop being front and center sounds like a familiar newbie pit trap
There are so many times when project sites or documentation make certain assumptions about what they think is "common knowledge", and then as newbies we stumble due to it. Like that ancient roman recipe for awesome concrete that listed "water" but turns out SEA water was required for it to work. Or like how "chicken eggs" are implied in all our food recipes calling for eggs. A lot of tech assumes we know the kinds of water and eggs to deal with
-
@elena Great progress! Yeah the docker desktop being front and center sounds like a familiar newbie pit trap There are so many times when project sites or documentation make certain assumptions about what they think is "common knowledge", and then as newbies we stumble due to it. Like that ancient roman recipe for awesome concrete that listed "water" but turns out SEA water was required for it to work. Or like how "chicken eggs" are implied in all our food recipes calling for eggs. A lot of tech assumes we know the kinds of water and eggs to deal with
@growfediverse thank you for the thoughtful comment. Indeed the things that tricked me were:
(a) the Docker site only showing images of Docker Desktop⦠and people online talking about using Docker with GUIs (like Portainer)
(b) the official announcement by Ghost that they would be sunsetting Ghost CLI in the next major release.
I conflated the two things and thought I would have to manage Ghost in Docker only through the GUI
β
οΈI hope this makes sense. It did to me!
Iβm super grateful for the posts I got from followers telling me I could use Docker simply via CLI. Like @antoine_ali
-
οΈ my adventures in #selfhosting: day 249 (mind of a #newbie edition) π§
a blog post about what it's like for newbies to self-host... read till the end to find out what caused my OVH VPS fail (a facepalm moment for sure):β: https://news.elenarossini.com/my-so-called-sudo-life/my-adventures-in-self-hosting-day-249-mind-of-a-newbie-edition/
I'll probably take a break from self-hosting and reading about #Docker (my Everest) for the rest of the weekend... so I can come back to it on Monday with my batteries fully rechargedβ
#MySoCalledSudoLife@elena Thanks for the write-up Ele and best of a luck with your containerization journey! While it might be a bit tricky sometimes, once you get more familiar with containers, you will like it (at least I do .)
To the OVH incident - I don't believe it was the keys. Having them present in the root dir shouldn't do harm, unless they would be accessible from outside. Which I don't think was the case if the only thing you did was install docker, make it internet accessible and secure the socket with certs.
Anyway, using SSH (either directly from docker client or via tunneling) might be preferable as you won't expose docker to internetz at all.
-
@elena Thanks for the write-up Ele and best of a luck with your containerization journey! While it might be a bit tricky sometimes, once you get more familiar with containers, you will like it (at least I do .)
To the OVH incident - I don't believe it was the keys. Having them present in the root dir shouldn't do harm, unless they would be accessible from outside. Which I don't think was the case if the only thing you did was install docker, make it internet accessible and secure the socket with certs.
Anyway, using SSH (either directly from docker client or via tunneling) might be preferable as you won't expose docker to internetz at all.
@def thank you TomΓ‘Ε‘!
My point was to say - and excuse my ignorance as a non-dev - that I had indeed created the certificates but put them in the wrong place, so they weren't protecting the Docker daemon (because they were in the root folder, outside the Docker installation). I thought I had missed a crucial second step of putting them in the right place.
I shall not repeat the same mistake and now I've changed the ssh port and created login via keys... I will turn off password authentication as soon as I'm back in Paris next weekend. I want to make sure I have the private SSH keys installed on all my computers in the .ssh folder (since I'm on a desktop computer now that stays here).
Learning new things every day... since changing the ssh port the number of banned users is now down to 0.
I will wait till September to try re-installing Docker. I won't be in a rush but will take all the precautions I can take... -
οΈ my adventures in #selfhosting: day 249 (mind of a #newbie edition) π§
a blog post about what it's like for newbies to self-host... read till the end to find out what caused my OVH VPS fail (a facepalm moment for sure):β: https://news.elenarossini.com/my-so-called-sudo-life/my-adventures-in-self-hosting-day-249-mind-of-a-newbie-edition/
I'll probably take a break from self-hosting and reading about #Docker (my Everest) for the rest of the weekend... so I can come back to it on Monday with my batteries fully rechargedβ
#MySoCalledSudoLife@elena good luck! As a long time linux user / software dev docker drives me batty! I shall probably make extra effort to unwrap ghost from its new docker shell when the time comes
-
@def thank you TomΓ‘Ε‘!
My point was to say - and excuse my ignorance as a non-dev - that I had indeed created the certificates but put them in the wrong place, so they weren't protecting the Docker daemon (because they were in the root folder, outside the Docker installation). I thought I had missed a crucial second step of putting them in the right place.
I shall not repeat the same mistake and now I've changed the ssh port and created login via keys... I will turn off password authentication as soon as I'm back in Paris next weekend. I want to make sure I have the private SSH keys installed on all my computers in the .ssh folder (since I'm on a desktop computer now that stays here).
Learning new things every day... since changing the ssh port the number of banned users is now down to 0.
I will wait till September to try re-installing Docker. I won't be in a rush but will take all the precautions I can take...@elena Ok, that might explain it, thanks for the reply.
SSH with keys and local Docker socket should be sufficient precaution
Again, good luck! -
@elena Ok, that might explain it, thanks for the reply.
SSH with keys and local Docker socket should be sufficient precaution
Again, good luck!@def thanks! I hope so
β -
@elena good luck! As a long time linux user / software dev docker drives me batty! I shall probably make extra effort to unwrap ghost from its new docker shell when the time comes
@castaway aw thank you for your comment, it makes me feel so much better as a newbie. I'm honestly terrified of Docker now because of all the holes it pokes in a VPS's security...
