Hello Marc and Lloyd, Lloyd thanks for Joining in the conversation. Hope we can both get something running on Zotonic, or in your case Nitrogen. Marc thanks for the additional update. You seem to have answered some of my questions which were around the server spec and the Zotonic configuration
My interest in Zotonic (Erlang) runs alongside my existing interest in Elixir and Phoenix. Certainly like to go with Zotonic 1.0 when its available. Both types of deployment interest me - container v manual installation. They both have advantages / disadvantages. It would be good to see both types documented too. But to start off I would like to use your proven Git deployment process if thats possible. The least path of resistance for now and build up experience from there. That also goes with your recommendation that a single server will suffice for most cases. Do you have a server setup you could share? I am looking at deploying zotonic to a server with the capacity to support a number of individual sites using digital Oceon or https://gigalixir.com/ See https://gigalixir.readthedocs.io/en/latest/main.html#tiers for info Gigalixir is an Erlang / elixir friendly provider but not sure how economical it will be for hosting Zotonic or elixir apps for that matter. As for the Zotonic configuration. Does it make sense to use setup 2 on one machine initially? Do you still recommend varnish too for the proxy or just go with Haproxy / Nginx? Happy to document Gigalixir setup and share on Github with Lloyd (with everybody). At the end of the day I would like to have a setup doc for Zotonic using one server that could be used to also to build a secure production container. Using this as an example of a manual server build - https://www.digitalocean.com/community/tutorials/how-to-automate-elixir-phoenix-deployment-with-distillery-and-edeliver-on-ubuntu-16-04 Although Giglixir has a lot of that built in. So in summary target is to install proxy + Zotonic + N sites on single Gigalixir VPS or container. Eddie L UK On Tuesday, January 15, 2019 at 8:40:05 AM UTC, Marc Worrell wrote: > > Hi Lloyd (and rest of list), > > For Zotonic I have seen two setups: > > 1. Only Zotonic (Erlang) (single machine) > > With this setup external port 80 is redirected (using iptables prerouting > rules) to 127.0.0.1:8000. > And port 443 to 8433. Erlang is directly handling all (SSL) traffic. > Same is done with the SMTP port 25, which is usually mapped to 2525. > > 2. Using a proxy (one or more machines) > > In this haproxy or nginx are used to terminate the SSL connections and > proxy requests to Zotonic/Erlang. > The Zotonic node is either running locally or on some other host in local > network. > In this setup it is also common to have a mail server running to forward > incoming email to the Zotonic/Erlang node. > > > Setup 1 (direct) is the easiest for small single-server operations. > Setup 2 (proxy) is when you want to have multiple machines and a local > network. > > > We have setup 1 running on a €50/month VPS, handling monthly traffic of > 1.5+ TB (~2M monthly visitors). > Another company is running setup 1 on dedicated hardware with more than 1M > hourly requests. > (That server is mostly idle…) > > So for most (98%?) sites the simple setup is actually very realistic. > You just need to be sure that you have a good backup scheme, as it is a > single machine. > I know of some people that are working on a “lukewarm” failover setup. > > With the single VPS server solution we didn’t have any significant down > time in the last years and > usually have 100% monthly uptime (according to pingdom). > > So, for me, the single server solution works best. > Especially with a VPS where the hosting company moves the VPS in case of > any hardware problems. > > Cheers, > > Marc > > > On 14 Jan 2019, at 19:47, ll...@writersglen.com <javascript:> wrote: > > Hi Marc, > > > Many thanks for your prompt response. > > > This addresses one part of the puzzle. I can't speak for Eddie, but as a > total DevOps noob, a big-picture perspective would give me greater comfort > as I move into my own deployments. > > > I'm guessing that there are different issues if we're considering > on-premises vs. cloud deployment, so considering the two hosting > scenarios... > > > What are the specific security, scaling, or other issues we need to attend > to? And how do we implement them? For instance, if on-premises: Do we need > a dmz to protect our LAN or is port-forwarding sufficient? Should we put a > proxy server such as nginx or HAProxy in front of our app? How can we most > effectively harden our servers and applications against exploits? > > > I understand much of this goes beyond the realm of Zotonic, Erlang, and > Nitrogen. But when I step out into the web for answers I'm totally > overwhelmed with confusing and oft contradictory info. > > > I'd love to create a living-document tutorial and checklist for, at least, > the simplest deployments, but wouldn't know where to start. > > > Thanks again, > > > Lloyd > > > > > > > -----Original Message----- > From: "'Marc Worrell' via Zotonic developers" < > zotonic-d...@googlegroups.com <javascript:>> > Sent: Monday, January 14, 2019 11:53am > To: "'Marc Worrell' via Zotonic developers" <zotonic-d...@googlegroups.com > <javascript:>> > Cc: "erlang-q...@erlang.org <javascript:>" <erlang-q...@erlang.org > <javascript:>> > Subject: Re: [Zotonic-Dev] zotonic CI deployment best practice for 2019 > > Hi Eddie and Lloyd, > “It depends” is indeed the correct answer... > Most Zotonic installations fall in two categories: > 1. Deployment via a Docker container, which is updated before deployment > 2. Deployment via git (manual or automatic) > Some follow (1), I follow (2). > Nice thing of (2) is that it allows for hot code upgrades and quick > turnaround of small patches. > When we are i a development cycle for new features we might have 10 to 20 > deployments per day. > This goes very smooth, we even deploy minor updates to Zotonic and > dependencies using hot code upgrades. > Zotonic itself can watch changes in the file system and dynamically load > new files. > Most of the updates we deploy have only minor changes. > Think of changes to templates, css, or translations. > And minor Erlang changes (ie. not completely new apps or other > dependencies). > That is why we can have updates-via-git without service interruption. > The orgs that deploy via Docker (option 1) - have typically less frequent > updates and perform periodic major updates. > As the whole container is updated this also restarts the Zotonic server. > Of course it is also possible to deploy using the OTP release mechanism. > This is something that will be possible with the 1.0 (really soon now) of > Zotonic, as that version is OTP compliant. > I personally never had the need to use OTP releases as the version control > via git is good enough for us. > (Especially with rebar3 managing versions of dependencies.) > Cheers, Marc > > > On 14 Jan 2019, at 17:40, ll...@writersglen.com <javascript:> wrote: > > Hi Eddie, > > > I'm in a similar situation--- planning soon to release a Nitrogen web > application but feeling profound apprehension since I don't have a clear > understanding of risks and how to minimize them. > > > No doubt the flip answer is, "It depends..." Are we talking cloud hosting > or on-premises? What are projected traffic patterns? Etc. Etc. > > > But "It depends..." doesn't help folks like us who lack experience or > organizational support. > > > One can find considerable information on the web covering firewalls, proxy > servers, load balancers, site hardening, etc. But, like you, I've found > little in the Erlang corpus that provides sufficiently clear patterns and > guidelines to assuage my Erlang release/production apprehensions. > > > It may well be a book-length topic or more, but even a thoughtful, > thorough tutorial, or even a checklist, would be helpful. > > > Please do let me know what you come up with. > > > All the best, > > > Lloyd > > > > > -----Original Message----- > From: laye...@gmail.com <javascript:> > Sent: Monday, January 14, 2019 9:28am > To: "Zotonic developers" <zotonic-d...@googlegroups.com <javascript:>> > Subject: [Zotonic-Dev] zotonic CI deployment best practice for 2019 > > Hi, > I have followed zotonic for the last couple of years and am now interested > in setting up a production server for zotonic. > I have just spent some time searching zotonic users and zotonic developers > for an up to date guide on how you would go about developing and deploying > zotonic to a production environment. > most of the links I found range from between 2010 - 2012. > I have looked through the zotonic documentation as well. > I have also installed locally using the zotonic full docker container and > the manual install. > I am looking for a guide for Git / continuous integration / continuous > deployment guide and any best practice tips. > Is something like this available? > Many thanks > Eddie L > (Uk based) > -- > > --- > You received this message because you are subscribed to the Google Groups > "Zotonic developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to zotonic-developers+unsubscr...@googlegroups.com <javascript:>. > For more options, visit https://groups.google.com/d/optout. > -- > > --- > You received this message because you are subscribed to the Google Groups > "Zotonic developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to zotonic-developers+unsubscr...@googlegroups.com <javascript:>. > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "Zotonic developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to zotonic-developers+unsubscr...@googlegroups.com <javascript:>. > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "Zotonic developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to zotonic-developers+unsubscr...@googlegroups.com <javascript:>. > For more options, visit https://groups.google.com/d/optout. > > > -- --- You received this message because you are subscribed to the Google Groups "Zotonic developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to zotonic-developers+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
