With my static websites I have been with the hosting provider DomainFactory since May 2003, for nearly 15 years. I also had the CMS Joomla running there. And for years I wanted to change my websites to HTTPS and to use the free Let’s Encrypt certificates. But, whenever I stopped by DomainFactory Let’s Encrypt wasn’t offered (see this long German thread). Would they rather sell there own certificates? The cheapest offer “Alpha SSL” for a domain or sub-domain costs 1,99 Euro per month. I’d be OK for my appearance as a freelancer. That’s just under 24 euros a year. I can invest it. But, I have four websites. And then you need certificates for every subdomain. And Let’s Encrypt offers free certificates at the same time.
The last deciding factor was another website, which I am responsible for, running at ALL-INKL. The hosting provider All-INKL supports Let’s Encrypt. Two clicks in the KASServer administration and HTTPS and redirecting from HTTP works. Two clicks, no trouble and you get three domains with 50 GB webspace for 5 Euro per month. Without any cancellation notice period and the first three months free of charge. Should I move my DomainFactory websites there? I couldn’t do anything wrong …
Only 300 lines of shell script for the initial installation of a CentOS image (with ssh, internal firewall, TZ, swap space, Apache, TLS certificates, MariaDB and Perl-CGI) and the configuration of my four websites.
The way of working in operations is different with Infrastructur as Code (IaC). All previous manual server administration is now encoded in scripts. The creation of a server is therefore reproducible. I create a droplet from the currently used snapshot to get the next development environment. The server is online in 30 seconds with its own IP4 address. I enter the IP in /etc/hosts and can test and develop with this instance.
When a development stage is completed, I build an automated image with packer. This takes twenty minutes because the static files of the four websites are uploaded to DigitalOcean. Then I create a droplet from the new image. New server is online after seconds and I’m testing next productive server by adjusting the IPs in /etc/hosts. When I’m finished, I simply switch the floating IP, which is registered in the DNS for my websites, to the new server. Cool, huh?
The screenshot shows a section of the billing. First of all the server prod1, which I no longer needed and saved as a snapshot cheaply. Then the currently productive server prod6 and finally the costs of one cent for building the image with Packer.
Working with IaC, a test or development environment can be created within one minute. And if my server is hacked one bad day, I can switch back to a new and clean created server within a minute. The old way of working was so bad. I had to configure and administere manually and all the steps were more or less well recorded. Something was always missing and how boring was it to do the steps one by one on the next server. Still worse, remembering a year later what I had done back then …
And the list of advantages is far from over. Not yet mentioned are the external firewall and the two-factor authentication when logging in to DigitalOcean. And Packer can use Chef or Puppet and can build images for Amazon EC2, Microsoft Azure or VirtualBox too.
My four websites finally have Let’s Encrypt certificates and I can build a server image from my git repository at the push of a button. The server runs, at the current dollar exchange rate, for only four euros a month in Frankfurt. Next I want to port my Rails web applications. I still have to write something to test the functions automatically when changing servers. And I need a backup for changing data, such as the database tables from the MariaDB or the renewal of certificates. Thanks to GDPR I don’t need backup of the log files.