Across the ditch

I’m a huge AWS fan, but I have some reservations about using it for this site:

  • It’s an NZ site: I don’t expect there to be an NZ region for quite some time

  • It’s fine to use the bells and whistles like AWS Cert Manager and ELB. At some point you have to be able to distinguish technology from magic.

  • Also, my free Lightsail evaluation ran out.

So I signed up for a VPS at RimuHost, for the price of a dozen beers a month. Rimu’s VPS machines come with Apache and Postfix installed and running. That was a little surprising after using vanilla Ubuntu images in AWS. The most time consuming challenge was to get Let’s Encrypt working, which turned out to be very simple:

#!/bin/bash
echo "Ensure there's a backport"
echo "deb http://ftp.debian.org/debian stretch-backports main" > /etc/apt/sources.list.d/stretch-backports.list
apt-get update > /dev/null

echo "Ensuring that there's an HTTP server"
apt-get install nginx-full -y
apt-get install python-certbot-nginx -t stretch-backports -y

If I wasn’t sat on the couch avoiding housework, I’d have set up a Docker VM to test this. Then worked out the command line to automatically request the appropriate domains. Instead, I ran it interactively and then committed the changes back to Git. The install process created a cronjob that requests cert updates. The paths in the generated config files are fixed, so I’m reasonably confident that will work when it’s time to renew the cert.

Longer term I’d like to rebuild the whole thing in a container with the tooling that feels right. For now I feel this is a win because I’m:

  • running Debian again

  • supporting a local ISP

  • running a secure site in my own country (it’s 5 hops from my house).