Digital Ocean hosting: Do I need a system admin?

I must respectfully disagree. Without making a drama, if you do not make security updates for weeks or months, you will get hacked. It’s that simple. There are occasional kernel exploits that do not even require open services. In order to protect the data, such as the e-mail address of the users, a maintained system is essential.

Depending on the country in which you live, you can be held responsible for any damage caused. For example, if spam is sent via the hacked server, or a DDOS attack is executed, it becomes expensive.

I know I am rather alone with this opinion. But a server with large bandwidth is like a internet weapon. You have to know what you are doing or you let others do it.

Agreed. I gave instructions for having security patches automatically applied and automatic reboots.

5 Likes

To add some more confidence to that solution: I’ve been running multiple servers with this exact setup for quite some time, without any problems.

One side effect of the way that unattended-upgrades works is that this will not update Docker – I’ve added "Docker:ubuntu-xenial" to Unattended-Upgrade::Allowed-Origins to fix this (and also uncommented "${distro_id}:${distro_codename}-updates" to get non-security updates). Automatic updates for Docker will cause about one minute of downtime when they are installed (at an unpredictable time), so this may not be suitable for everyone :slight_smile:

4 Likes

Hmm. So you don’t think that docker will upgrade even if it’s a security patch?

I’m mildly concerned that a docker upgrade could break something. Docker still seems to be rather fast moving.

I don’t think so, because the origin shouldn’t match – this is because Docker doesn’t come out of Ubuntu’s repository and uses a different origin.

I’m no expert here, though, so feel free to correct me. I can confirm that non-security-updates will not be installed automatically even if "${distro_id}:${distro_codename}-updates" has been uncommented.

(unattended-upgrades -d is your friend if you want to play around with this.)

3 Likes

Sounds right to me. I’ll update my script and see about amending the install docs.

5 Likes

Hello, pls tell me what is the real minimum requirent for install discourse ?
I wanna start comunity for 300 users per day. Im not sure , discourse will be good on my server with 1gb ram ? 1 core, and 10 gb ? Do i need ssd disk or not really ?

You really want at least 20gb and you really want ssd.

3 Likes

Find something a bit more powerful if You want less pains in life managing a forum server!
I’d suggest a bare minimum of 2Cores and at least 2 GB RAM when You set up the forum for 300 Users you also have to bother about the images and stuffs they post so for the foreseeable time and estimation of their behaviour I’d suggest something like a 40GB SSD on Which You can actually set up vswap in case You’re blowing up your system RAM.

1 Like

Oh thanks for info but wait , im not sure im understand You .
I must set any partition or somethink or just i need to take only server with 40gb ssd and clean os ? I can set this partition after instalation discourse or before ? Btw Ubuntu will be the better than centos / debian ?

I think you should just get managed hosting so you can focus on building your community while someone else manages the technical stuff for you.

1 Like

Everything Depends upon Your needs but if You want full control over Your forum, You can Go with Digital clean and Get their $20/month Droplet and start building upon that. Digital ocean supports one click installs for discourse on latest ubuntu LTS so You definitely won’t have much pain Going Live.

1 Like

Im not sure , i just wanna build a comunnity and learn manage a server in the same time :wink:

I can’t quite tell if you mean that you do want to build a community and learn to be a manage a server a the same time or if you don’t. (It’s not clear to me what you’re “not sure” about.)

If you mean that you don’t want to build a community and learn to manage a server at the same same time then you could go with discoursehosting.com for $20/month. If you do want to learn to manage a server while you build your community you can go with a standard discourse/INSTALL-cloud.md at master · discourse/discourse · GitHub, or get me to install it as described here: $99 Discourse Install – Literate Computing, LLC. You’d be on your own, but you could hire me to get you out of trouble if you get stuck.

1 Like

can u told more about this instruction ? what is this ?

ok , but now tell me:

  • should i check any docker new versions ? How to do it regullar or automatic ? I want to be secured ? And , how to update a docker ? There is any possible troubles ?
  • Same q about discourse but i think in this case its only way to " 2 clicks " on the dashboard , right ?

Most Probably if You’re using the Ubuntu 16.04 or Higher, Your system can automagically update docker when an update is available if You choose to automate all updates (not just security) or else choose to do

Sudo apt update
sudo apt upgrade

every once in a while. That should suffice the needs for all Your sysadmin duties if You’re only running the forum and The internet Gods are gracious enough not to DDoS Your server.

Use Good security practices for ubuntu, Don’t ask me how, You need to figure out what suits Your system the best. There are thousands of such tutorials online so use Google and a bit of Your own skills.

There are a lot of troubles possible but what are you there for if You can’t troubleshoot them. Nevermind, You can post here if there is something wrong with discourse or else Google a bit for possible solutions to Your problem. In all the cases, I’d suggest You schedule daily backups and upload them to 3rd party like AWS S3 to save Your day in case something Goes bad.

Wrong!

You have to Go to /admin/upgrade and perform update to

a. All the Plugins that require Update
b. Discourse Core

You can choose to spare a sunday every 2 weeks to do all the update and housekeeping things and You’d be good to go unless something decides to break terribly … in which case, Have a Good time fixing it.

Ps: Backups are Important. DO BACKUP YOUR DATA!!!

4 Likes

Ok man , nice answer. I just go study this knowledge. Thank You

Yes backups is important. Did an AWS S3 is for free in their free trial ? What are You use for backups ?

what you mean ?

This has a good overview of the more occasional maintenance tasks beyond the one-click upgrades in the dashboard:

Basically some minor server updates every couple months, and perhaps more major server updates once or twice a year.

In my experience so far, this is probably overstating it:

Unless you have a ton of plugins / customization, it’s more like an hour every couple months for server stuff, after you’ve got an initial setup with everything working as expected. (We haven’t yet run into major issues beyond that…knock on wood!)

Only other thing I recall is running out of disk space at one point and having to run this (maybe should be added to the guide linked above!):

https://meta.discourse.org/t/low-on-disk-space-cleaning-up-old-docker-containers/15792/2?u=bts

1 Like

I Download the backups every week and have s3 uploads configured for daily … So I have 2 places to check in case something goes terribly wrong.

I meant the tasks that You have to do even though You don’t want to do them.

Yes, it is overstated because there’s a lot changing in both, the discourse codebase and the linux environment every month or so that updating twice a month as a hobby won’t cost much. I know internet has a lot of servers still running ancient servers but then, the fellow has asked he wants some security … So why not patch the system for security every now & then?