Digital Ocean hosting: Do I need a system admin?


#1

I have been running my discourse forum on Digital Ocean for a few months. Works beautifully at $10 a month. I know DO is an unmanaged VPS, so I am wondering what maintenance task is required?

If maintenance tasks are required, what happen if I leave the server alone? This is a fairly small forum, just wondering if i need a system admin. If i do, it might make more sense to go with DiscourseHosting.

Thanks


(Felix Freiberger) #2

Setting up unattended upgrades and occasionally (every few months) running

cd /var/discourse
./launcher rebuild app

(in addition to regular web-based upgrades) should be enough for quite some time. When the disk gets full, run

sudo apt-get autoremove
sudo apt-get clean
cd /var/discourse
./launcher cleanup

to free up some space. When the support for your version of Ubuntu runs out, it’s probably easiest to take a backup and restore on a new droplet (using the same app.yml file).

In short: Some maintenance is required (and neglecting that will pose security risks), but it’s neither hard nor a lot to do. And if you run into problems, we’d be happy to help :slight_smile:


(Jeff Atwood) #3

I believe @pfaffman has some magic scripts that automate even this part (the cleanup of old Ubuntu and Launcher stuff, at least).


#4

I am also running a small community on Digitalocean. It has been running like a top (knock on wood) for almost a year now, and I have done nothing but perform Discourse upgrades via the web interface.

Never really thought about Ubuntu upgrades, etc. Maybe I should, but I am no sys admin…


#5

For Ubuntu & docker, I do these commands (one by one) :

apt-get update && apt-get upgrade
apt-get dist-upgrade
sudo apt-get upgrade docker-engine

After that a little cleanup

apt-get autoremove && apt-get autoclean

And to finish this, a simple

reboot

And it will be fresh and clean

You can configure automatic updates, but I don’t know if it’s the best option :

dpkg-reconfigure -plow unattended-upgrades

#6

Thx for the info @Steven. How risky is all that? I would have no clue how to revive the server if anything went sideways.


(Felix Freiberger) #7

I’ve never had any problems with this.

But if you want to be in the safe side (which is always a good idea), begin by taking and downloading a backup, and store a copy of app.yml. If anything goes sideways and you cannot fix it, it takes less than 60 minutes to reimage and restore your droplet :slight_smile:


(Andrew Waugh) #8

Consider building yourself a free Sandbox.

This gives you:

  • A way to practice installing, restoring, and modifying Discourse.
  • A non production environment to test changes on.
  • If you run it with mail enabled you can get user feedback about new features.

If you use a different provider for your VPS, but the same OS, with the same updates, and your discourse installation has the same plugins, permissions, groups, settings (Except for site name, notification email), and update level, then if something stops working on your live site, but still works on your sandbox, then you’ve already narrowed down the list of possible causes by a large factor.


(Jay Pfaffman) #9

Probably nothing. I have reason to believe that at least 50 people for whom I have done installs have never logged in to their server.

Well, you do want to do the OS upgrades, but you can set it up so that you don’t have to think about them.

I don’t (currently) automate doing a ./launcher cleanup, but you can automate a bit more of the Ubuntu stuff with

dpkg-reconfigure -phigh unattended-upgrades
echo 'Unattended-Upgrade::Remove-Unused-Dependencies "true";' >> /etc/apt/apt.conf.d/50unattended-upgrades
echo 'Unattended-Upgrade::Automatic-Reboot "true";' >> /etc/apt/apt.conf.d/50unattended-upgrades
echo 'Unattended-Upgrade::Automatic-Reboot-Time "09:00";' >> /etc/apt/apt.conf.d/50unattended-upgrades

Best I can tell, the difference between -phigh and -plow is that the former doesn’t ask you any questions.

If you’re someone who’s not likely to log in to your server, you really need to reboot it without your having to log in if security updates require a reboot. The time is in UDT, 9:00 is 5AM EST and 2AM PST (and I guess it might be an hour different from that now). A reboot takes just a minute or two. The 40 or so people for whom I left the reboot time at 2:00, haven’t complained.

If you want an occasional sysadmin to intervene in some emergency or do a check-up, or want someone to pay attention to upgrades and such I am available as are others if you post in #marketplace.


(Lutz Biermann) #10

I must respectfully disagree. Without making a drama, if you do not make security updates for weeks or months, you will get hacked. It’s that simple. There are occasional kernel exploits that do not even require open services. In order to protect the data, such as the e-mail address of the users, a maintained system is essential.

Depending on the country in which you live, you can be held responsible for any damage caused. For example, if spam is sent via the hacked server, or a DDOS attack is executed, it becomes expensive.

I know I am rather alone with this opinion. But a server with large bandwidth is like a internet weapon. You have to know what you are doing or you let others do it.


(Jay Pfaffman) #11

Agreed. I gave instructions for having security patches automatically applied and automatic reboots.


(Felix Freiberger) #12

To add some more confidence to that solution: I’ve been running multiple servers with this exact setup for quite some time, without any problems.

One side effect of the way that unattended-upgrades works is that this will not update Docker – I’ve added "Docker:ubuntu-xenial" to Unattended-Upgrade::Allowed-Origins to fix this (and also uncommented "${distro_id}:${distro_codename}-updates" to get non-security updates). Automatic updates for Docker will cause about one minute of downtime when they are installed (at an unpredictable time), so this may not be suitable for everyone :slight_smile:


(Jay Pfaffman) #13

Hmm. So you don’t think that docker will upgrade even if it’s a security patch?

I’m mildly concerned that a docker upgrade could break something. Docker still seems to be rather fast moving.


(Felix Freiberger) #14

I don’t think so, because the origin shouldn’t match – this is because Docker doesn’t come out of Ubuntu’s repository and uses a different origin.

I’m no expert here, though, so feel free to correct me. I can confirm that non-security-updates will not be installed automatically even if "${distro_id}:${distro_codename}-updates" has been uncommented.

(unattended-upgrades -d is your friend if you want to play around with this.)


(Jay Pfaffman) #15

Sounds right to me. I’ll update my script and see about amending the install docs.


(Tumi) #16

Hello, pls tell me what is the real minimum requirent for install discourse ?
I wanna start comunity for 300 users per day. Im not sure , discourse will be good on my server with 1gb ram ? 1 core, and 10 gb ? Do i need ssd disk or not really ?


(Jay Pfaffman) #17

You really want at least 20gb and you really want ssd.


(Bhanu Sharma) #19

Find something a bit more powerful if You want less pains in life managing a forum server!
I’d suggest a bare minimum of 2Cores and at least 2 GB RAM when You set up the forum for 300 Users you also have to bother about the images and stuffs they post so for the foreseeable time and estimation of their behaviour I’d suggest something like a 40GB SSD on Which You can actually set up vswap in case You’re blowing up your system RAM.


(Tumi) #20

Oh thanks for info but wait , im not sure im understand You .
I must set any partition or somethink or just i need to take only server with 40gb ssd and clean os ? I can set this partition after instalation discourse or before ? Btw Ubuntu will be the better than centos / debian ?


(Richard - DiscourseHosting.com) #21

I think you should just get managed hosting so you can focus on building your community while someone else manages the technical stuff for you.