For those who have even simpler needs (like side projects, or 1 dev projects), I found using simply docker and git to be plenty enough.
Basically, you can create a bare git repository on your server (`git init --bare`), and put a `hooks/post-receive` script within it that will clone sources in a temporary directory, build the docker image and rotate containers. That way, you can `git push` to build and deploy, and it's easy to migrate server.
The added bonus is that you now have a central git repos that can act as backup, so you don't need github or gitlab.
The main painpoint, which I find dokku interesting for (and I assume caprover too) is zero-downtime deployment. But well, if this is critical, you probably need something more extensive.
Yes, that's true, thanks for mentioning it. It comes from a time when I did not use docker so I wanted to get rid of build artifacts, but building within docker, this is not a problem anymore.
If you need to use your "old way" for something else, you can use 'git clean -fdx' which will remove all files and directories that git does not track.
I actually developed a system similar to this but used docker compose as an alternative to Procfiles and nginx+le to handle dynamic virtual hosting. It's actually a golang app that will automatically provision git repos with the necessary hooks and also allow you to exec into a container directly over SSH. I had the thought of using docker stack to achieve zero downtime but haven't had a chance to try that out. Happy to open source it if anyone is interested in using it.
The problem with nginx based setups is that one wrong container option (label, env var, etc ...) may cause a syntax error in the nginx configuration file and then nginx won't start, so all services will be down. Loved apache, loved nginx, but I can see traefik is the only http server on my tech blog for the last years...
Nginx is made to load a configuration: you don't have the auto-configuration that comes with service discovery. Service discovery is doable with a standard HTTP API through /var/run/docker.sock or /var/run/podman/podman.sock in more advanced systems.
As such, service discovering HTTP servers are more reliable because it's built with a service isolation from the ground up: if one service has some poor value then it won't work, but it won't block the other services.
Nginx is too far behind now, they might have some service discovery module, but even then the thing that happens when your configuration autogenerates (like with snapshot testing) is that you still have to read the configuration it generates. Traefik offers a great dashboard for this so it's even more pleasant than reading a configuration file that you didn't even write ;)
For sure, I bet that in a patch into something like CapRover (or your own solution), changing nginx to traefik would end up removing quite a lot of code ;)
I'm not really sure what you mean "acheiving ZDD", ZDD is complicated any time there's a data schema migration, not to mention that containers deployment traditionally is "delete a container: KILL a process" and "create another one like cattle". uWSGI for example, could gracefully renew every worker process on SIGHUP, but re-creating the uWGSI process in another container defeats that. Maybe you have some kind of blue green deployment, maybe even canary, in this case I wonder if basing a container platform on configuration files such as those for nginx would really make it to ZDD. Would love to read more about your setup
These are all extremely valid points! I guess I should've clarified how things work a bit (which I am currently in the process of documenting how it works and how to deploy it).
Ingress management is done with the very useful nginx-proxy[0] service that loads virtual host definitions directly from the docker daemon and sets virtual hosts based on env vars set on the container. Configuration changes are loaded using an nginx reload, so even if there was an error in the configuration (which I personally have never run into though is likely possible), it wouldn't take effect. LE is then handled using the nginx-proxy-letsencrypt-companion[1]. My goal was to abstract away reverse proxy+cert management and I think any solution (traefik, caddy, etc) would work here and I'm more than happy to change it. More or less just went with nginx since it was easy and I didn't have to do any configuration other than adding it to a docker-compose file.
I guess my goal wasn't to handle ZDD for stateful applications. As you mentioned, there's a plethora of issues that arise and make that type of application much more difficult to do ZDD. I tend to write a lot of stateless web apps for simple use cases and like to have an easy way to deploy them. In the primitive sense, creating a new container, waiting for it to be ready, and then swapping the upstream used for the reverse proxy with the new pointer would be ideal but isn't supported directly with docker-compose (as mentioned).
Happy to talk this through also, especially if you'd be interested in contributing!
Actually, the experience with broken config comes from using nginx-proxy (along with the le companion) in production for 18 months or something, that and other inconveniences pushed me to give Traefik a try and I was really delighted, no dealing a configuration template, and I can view the configuration from the web dashboard instead of having to ssh into nginx to get the config.
I completely agree with you about ZDD, 99.9% of uptime is plenty enough for 99.9% of the projects, and trashing the container to start a fresh process from a fresh system build does come with other advantages. Sure, any kind of blue/green deployment or canary would be really nice to see, but it wouldn't seem to create a lot of value for 99.9% of the projects, and for the rest well there's k8s that deals with clusto
Currently I'm just using a bunch of ansible roles with an ansible command line wrapper, so I'll do `bigsudo yourlabs.netdata @somehost` and it'll auto-install yourlabs.traefik if not already there, which will auto-install yourlabs.docker if not already there, and basically just leave me with `https://netdata.somehost.fqdn`
Thank you for the invitation to contribute ! As you probably guessed, I'm a bit like you in the sense that I cannot live without making my own system, and I have made different design decisions:
- Python for server side, I find it more fun than JS, nothing we can do about that
- Python for client side, because we maintain our crazy isophormic component library in python
- Not docker, but podman, which can run rootless and daemonless (thought we need the daemon that provides a docker compatible API to have Traefik service discovery)
- Not docker build, but something I'm cooking on my own ("shlax") that I find a lot better for my taste, and that uses buildah which can build rootless
- Not docker-compose, but shlax, which aims to support a broader range of use cases (such as backup/restore)
- The thing I'm building is first a really KISS Sentry alternative, then also a GitLab alternative, and I'm in the process of adding CI into it ... but I stopped doing that until I have finished my little Python lib ("shlax") that replaces docker/compose and ansible to have something to put in the CI test that's not tech that I'm trying to move away from, and so that it can build/test/deploy itself,
So, I suppose our goals and design decisions are a bit too different, but I can assure you that I'm always happy to see CapRover featured in social media, and I'm always happy to discuss rare passions like that, if you're looking for a crazy friend recoding his entire little world to just talk about these kind of things feel free to send me an email or give me a call ;)
Really what I want for my side projects is just to be able to push my projects to github, and if they have a manifest file, they should just automatically spin up on a subdomain with the same name as the repository. I don't see why it should be any more complex than that, and I'd be happy to pay a small sum every year to have that.
How exactly is the zdd you're talking about ? zdd for 100% of use case seems like quiet a rabbit hole, particularly when any kind of data migration needs to happen. I suppose my question is: at what point can we claim doing zdd ?
I have been using CapRover and love it. I donate to their OpenCollective[1].
For those noting "why don't you just use Linux / k8s / ...", that feels close to the original complaints re: Dropbox on Hacker News[2]. I've run clusters hundreds of nodes in size myself but CapRover gives me the pleasure of not having to sweat the small details. You can get this from other platforms but usually there's a dollar cost tied to each option. When I'm experimenting I don't want to have a dollar cost attached.
Deploys are trivial. The default nginx setup is most of what I'd want to do. LetsEncrypt is a single button click. Monitoring is included by default. If I need to scale up, everything I'm pushing is Docker containers. If I want to experiment, there's great fun in looking at the included "One click apps / databases" and just playing around.
CapRover is just a lovely freeing experience that will do what you need :)
I have experience with Dokku, Flynn (also look at this if you're looking at Dokku), CapRover, k8s, and a tiny bit of Nomad.
I think CapRover has the best experience out of the Dokku/Flynn/CapRover "group". Not a huge Dokku fan. Would use Flynn over Dokku again, but I'd rather use CapRover over both.
I would agree with that. I’ve used most of the various options for a DIY PaaS and also prefer CapRover.
CloudRon [1] is actually really great, but its pricing is prohibitive (and changes frequently) for side-projects, which is when I most want to use something like this rather than just deploying/managing the k8a myself.
Would you say CapRover is 'more complicated' or more suited to bigger projects than Dokku? I gave it a good hard look before deciding on Dokku, as my use case was so simple, but wondering whether it'll scale.
To chime in here, containers all the way. Started with buildpacks as that seemed like the ultimate zero-conf approach (like Heroku), but very slow, so switched to Containers. Works a charm.
How do you mean? I never touch the actual containers, I always just let Dokku take care of those, I just push the code with the Buildpack and Dokku handles the rest.
There is always a container in the end. But do you actually provide a Dockerfile along with your app code, or do you let buildpack create the container for you (ie. no Dockerfile in your source code)?
I have been using CapRover for about half a year now on my personal server running multiple projects.
It does what you'd expect and the configuration format is pretty easy to use, using any docker image directly works without any extra steps, just enter the image name and it'll do the rest. I'm pretty happy with it and will probably stay with it for the time being.
It's not the best for hosting many static pages, as you'll need a HTTP server for each site anyway.
But my main gripe is that there is only single factor authentication and you can't easily secure it more other than using a strong password and a hidden subdomain. (because of webhooks, acme, etc. I guess)
Single factor is more than fine in the case where you know the admin (yourself) is going to use a 30 char random password and use a password manager that won’t autofill it on phishing domains.
Hi sneak, I left a comment explaining my journey with CapRover in this HN thread. In there I explained one thing which concerned me was "netdata image in use is spyware #553" which you raised last year.
I haven't yet gone through the discussion but would you mind letting me know if you're satisfied with the outcome? You appeared to be fighting for increased privacy, so thank you.
Also you'll see that in my comment, I raised another issue RE: lack of two factor auth. I'm curious, why do you think single factor auth is fine? Simply because brute force for a 30 char password is not practical on todays hardware? Or is there something I'm missing?
Kasra here from CapRover.
Regarding "netdata image":
- sneak and I have fundamental differences in what we call spyware. The issue that was brought up in that thread is standard analytics events - nothing like stealing passwords or etc.
- Regardless, CapRover uses NetData 1.8 [1] . According to NetData's github page, they added analytics in NetData 1.12 [2] , so even if you're concern with analytics events, this issue won't apply to you anymore.
Regarding two factor auth:
CapRover blocks brute-force attacks by limiting number of wrong passwords per minute.
Thanks Kasra, yes it seemed 'spyware' was disputed and I didn't want to jump to any conclusions. But it's good to know it's a non issue.
RE: 2fa. Brute force protection is a step in the right direction, but passwords can leak in various ways, brute force isn't the only attack vector. I'll comment in the actual two factor auth discussion on the CapRover GitHub issue though.
The version of NetData included in CapRover is a version from before when NetData became spyware, so it’s fine. (Note that I haven’t audited it, that’s just what I’ve been told.) NetData is also optional; I use CapRover and do not opt to install it.
Brute forcing a 30 char (or even 20 char) password over the network is infeasible. Do the math. Regardless, as the CapRover developer pointed out in a sibling comment, it rate limits attempts, but in the case where you are using a long, random password, it would be fine even if it didn’t.
CapRover creates virtual hosts for each "app" which is then proxy_pass'ed to the container for said app.
You could try and mount the static site's container files to the local filesystem and serve from there I suppose, but there's currently no easy way to do so.
Slightly nitpicky, but is something a PaaS if you run it yourself? Anything as a Service isn't a service if you're running it yourself. It's just ... infrastructure.
Not nitpicky at all - this is an important distinction to highlight for pointy-haired decision makers.
This product is undoubtedly the P in PaaS, but there is no service behind it. If your company uses this as an alternative to a real Heroku/AWS/xyz PaaS, you must have engineers at hand for 24/7 ops, scaling servers and fixing bugs. In my opinion, this is quite risky for anything running in production and should not survive a cost-benefit analysis.
I completely disagree, the difference of price between dedicated servers and even EC2 instances is completely amazing.
This is what you get for less than $200/month with a dedicated server:
1× AMD EPYC 7281 CPU - 16C/32T - 2.1 GHz, 2 × 1 To NVMe, 96 Go DDR4 ECC, unmetered 750 Mbps
In one of my companies the AWS bill is just completely insane, we have like half that hardware, with a really small bandwidth, which is metered, for more than $800/month, which is fine while we're on free credits.
I love working for cloud companies, it's a lot of fun, but when it comes to my money then I never go for anything but a dedicated server.
When you got applications that don't require high availability while needing a very low cost per CPU, dedicated servers just make sense. We are running a cluster of a few high-CPU dedicated servers for our data-science team, and it just makes sense: we don't need 99.99%+ availability, and the servers we rent are cheaper than the equivalent AWS storage cost alone ... The op cost of managing these is exactly the same as managing equivalent EC2 instances. We don't need backups either.
On the other side, we got some low-CPU web services that require high availability, redundancy and reliable backups. For these I just use Heroku. It's extremely reliable and easy to operate, while only costing about $100/month (a few hobby dynos + a fully managed PgSQL DB). Sure it's probably 5x more expensive than a dedicated server with 10x the performance, but I don't have to worry about backups, availability and scalability. And these apps just don't need this 10x faster CPUs anyway.
Do you really mean that you never had a server with 60 days uptime ? This is really insignificant to achieve, even a reboot per month is nothing, 99.9% of uptime is enough for 99.9% of projects, and a monthly reboot does not even get you close to that service level.
I am not affiliated nor haven't tried CapRover (for special reason of: coding my own for my tastytastes), but I would bet any standard system administrator could get a 99.9% uptime after the second month of production without particular effort (unless they don't know underlying technologies ie. "what a container" "what http" "what is namespace" "what iptables" ...)
Yes, hardware as a service will always be much more expensive than hardware you own. But it may be less expensive than the team you will require to run that hardware at an acceptable service level. It very likely will be less expensive than the opportunity cost of running your own hardware.
As an example of the latter bit, if you are running your own hardware and need to add another host and you do not have a spare lying around, then you need to order one. It has to be shipped. Someone has to unpack it. Someone has to make sure that the data centre has sufficient power. Someone has to install it, its power and its network cables. Each of these steps takes time, but also each step is an opportunity for friction.
By contrast, with a service, you would just add a new host. Five minutes later you are up and running. That gives you an operational nimbleness that you wouldn't otherwise have had.
I love how there's this myth that servers and services just blow up every 10 minutes 24/7 and unless you have a legion of ops personnel you're going to get hours of downtime each year.
Servers, for the most part, just work. In DC climate-controlled environments, hardware failures is exceedingly rare. Apart from harddrives, most hardware will happily tick along for a decade, if not longer.
Sane production-grade OSes (read: not Ubuntu) will also happily run for literal years with zero human intervention. For obvious reasons, it's a bad idea to not patch your systems, but things will continue to "just work" pretty much forever unless you're running really shitty code.
For renting vs buying servers, there's upsides and downsides. Buying gear is far far cheaper if you plan to be around for more than a year, but renting dedicated servers gives you a lot more flexibility -- to provision a new server, you hit a button in their online panel, wait 15 minutes, then let your deployment strategy take care of the rest.
I find it almost mind-boggling that AWS and friends have convinced people that it's normal to spend ridiculous amounts of money for fairly "meh" service specs in what's essentially VMs.
The points you make are fine but I think the experience becomes more painful linearly with the number of servers you manage, since you're N times more likely to see something happen that takes down a server. It just happens more frequently. At some point that becomes often enough that you don't want to deal with it anymore.
I don't think you understand the sheer scale you need to be experiencing a failure more often than once a month. By my anecdotal experience you'd need at least 1k servers for that to happen... and if your company is big enough for $2MM capex for servers alone you can handle $100 remote hands and 30 minutes of engineer time.
Not to mention that at that scale you have plenty of redundancy and, if your ops team knows what they're doing, automagic failover / HA. Anything that happens can easily "wait till Monday", no need for 24/7 anything.
That example is not realistic. You rent dedicated servers from a provider that will always have extra hardware at hand, and handle all of those steps; you don't rent hardware yourself and run it in your basement :)
Or you rent managed servers or colo space from one of the many hosting providers that also offers cloud services, and pick and choose. That lets you migrate your base load to colo or managed servers over time, while you still have the nimbleness of being able to scale up and down dynamically if you want or need to.
And my experience from providing devops services to clients on a contract basis is that the clients who use cloud services tends to need more, not less, devops assistance.
Certainly hardly anyone should be physically managing their servers. The relevant comparison is between getting 1GB RAM in the form of a $50/month Heroku dyno and getting it with a $2/month VPS (actually with Hetzner that will get you 2GB, they don't go below 1GB).
Neither you nor the parent are wrong but I'd argue that you don't really see IaaS or PaaS used all that much for on-prem platforms these days. (And the definition of PaaS was always a bit fuzzy--something like an abstraction that is in between IaaS and SaaS.
You're probably more likely to see OpenStack called a private cloud or on-prem cloud than "IaaS" these days. And OpenShift is usually called a Container Platform rather than a PaaS.
The definitions have always been pretty clear to me, but all right then, thanks for the heads up, I guess CapRover people and I are also what we call "old school devops" these days.
"Container platform" seems pretty vague to me, PaaS means something I know right away.
I mean, k8s is a container platform too isn't it ? But you'll need to build what we called a PaaS on top of it yourself (or use something like Kelproject, OpenShift ...)
Yeah, the terminology isn't always super-clear. Yes, k8s is a container platform. OpenShift, depending upon how you use it, can span a range from being an integrated k8s distribution to something a lot more like what was commonly called a PaaS with developer tools, CI/CD pipeline, registry, etc.
PaaS isn't a verboten term or anything like that. But it turns some people off because it was most associated with services/products/projects that mostly focused on a simplified developer experience at the cost of flexibility.
Well, for me PaaS is a software built uppon bricks like an image registry (also present in IaaS), authentication registry (also present in IaaS), developers tools ie. to log into a system (also present in IaaS). But, with the IaaS you get an infrastructure of bare virtual systems, emulating a physical world, and with PaaS you get deployments of code. A PaaS works on a IaaS, but can also run on baremetal, it doesn't matter for the PaaS in general. With PaaS, you don't need to define bare system provisioning, PaaS does it for you, many IaaS teams ended up implementing their own PaaS one way or another, back in the days you are refering to I guess.
k8s for me is a framework, OpenShit, Rancher, KelProject would be "distributions" of k8s, just like Linux kernel and distributions including it.
As a person who writes technical requirements and implementation document, it strikes to me when I'm asked to document implementation of a "SaaS" that there will be paid accounts and billing.
Maybe CapRover will provide paid accounts on managed servers in which case they would be creating a SaaS with their PaaS solution.
But again I'm not talking from a "managerial" perspective of the definitions, rather from a technical one. I suppose at this stage CapRover is trying to attract technical users rather than managerial ones (unless they have something to sell for cash but I didn't see it on their site or just missed it)
”Service” to me is just ”delivery of something with a specific scope and a defined contract”, not so much about who delivers said ”service”.
Many IT depts would do themselves a massive favor to deliver actual services instead of “just infra and some stuff thrown on top” and call it service delivery.
Tools like in this link can help, but a big part is simply about automation and delegation/self provisioning.
You can't just decide that words mean different things to "you".
Platform as a Service or anything "as a Service" means someone else provides it as a service (ie subscription). The Platform part is all this is offering. So it is not a Platform as a Service.
The distinction you are drawing sounds to me like the difference between "managed" and "unmanaged."
My read on whether something is a service or not is, can I make a request of the thing in simple terms, and have the thing carry out all the messy details on my behalf?
CapRover has support for multi-server deployments using Docker Swarm. It also has a nice dashboard with built-in monitoring and such. There is a marketplace of sorts with single-click deployment for certain applications.
Dokku on the other hand has support for buildpack deployment as well as Procfile support for running multiple processes.
I prefer Dokku. The main reason is that I only need a single server for my apps and running Docker Swarm adds complexity.
Their copy writing is funny and honest, I like it!
When it comes to operations I often feel overwhelmed, even though I've done DevOps and automation work in the past.
Most of the things I'm working on professionally don't need the "scale" part, but the "robustness" and especially "ergonomics" parts. When I look at most infrastructure solutions, then I often get a combination of "this is too complex" and "I don't need this".
So I was drawn to solutions like Heroku at some point, but there you cannot even do the most basic thing: persistently writing to the filesystem. So you are forced to introduce system level complexity and coordination for such a fundamental feature.
Naturally I tend to prefer simple tools that enable things rather than constrain them.
Side note: I think when the "code has to run on some computer" problem is finally solved, then we likely see an explosion in productivity in our industry.
I've been using Dokku for a side-project, and it's a really nice tool! My only gripe with it is that it's not easy to deploy an existing docker image. You have to pull it, then transmit it over ssh with "docker save" and "docker load".[1]
Migrating the docker image building from the dokku server to a CI would be easier to do without this. On top of that, deploying an existing software into your machine would be easier.
dokku is also meant to build a custom image on deploy : rather than using heroku's buildpacks, you can put a Dockerfile at the root of your project and it will be used instead.
So basically, you could put a Dockerfile file container just FROM and MAINTAINER, referring the image you want to use in the FROM, and dokku will download and execute it on `git push` (provided it can access to the image repository).
This is good at first, but I deployed on a very small machine, that couldn't handle the live application + the Docker image being built, thus why I wanted to build the image in my CI pipelines.
+1 for this -- requiring the docker image to be built/managed on the machine it's being deployed on is the simpler architectural choice (easier to debug, etc), but it doesn't necessarily make sense for production.
I wonder if there's a ticket about this on dokku already
[EDIT] - Couldn't find anything... Some tickets about how the containers are built and changing the base image but not much about.
I wonder if you could jury rig something like kraken[0] and make sure wherever your building images is a peer or something... Of course the simpler solution might be to add a CI step that just pushes the image (via the working `docker save` method) to the deployment machine(s)? Maybe if you have a staging environment, let CI push there, then if that machine is peered (via something like kraken) with production, production will get the image (though it may never run the image).
i used dokku a couple years ago for a side project. It worked really well ( especially the newer versions ). It was super nice when the letsencrypt plugin came out, SSL support with trusted CA signed certs built right in!
I can recommend in getting in k8s with something like microk8s from ubuntu:
You will learn k8s and you will get the same thing as they do but with open components, industry standards and a whole industry moving in this direction.
I have already microk8s running at home with argocd. I have never had IaC that quick and that simple setup.
With traefik you can have your domains as well. Then just go to gitlab (or now to github, haven't checked out yet if i wanna migrate back) and register your microk8s cluster as a buildrunner.
Thats it you are set. Quite future proof setup, modern, stable, easy to use.
How does the deployment process differ from CapRover/Dokku?
Deploying a simple app with a database with Dokku is something like:
1. Run command to create a database of your choice(Postgres, MySQL, Redis etc)
2. Run command to create application
3. Run command to link the database to the application
4. Push to the Dokku repo to deploy the application.
Don't bother k8s is like the lvl of the dragon in front of something like dokku, If you don't really look for auto scaling, or you are running a business alone, don't go for k8s
Both can solve the same issue and both are similiar as they orchestrate your platform.
Kubernetes is just the future, used by much more people and you have the additional benefit of learning kubernetes which might help you in your job/day to day business etc.
If you are already thinking of operating CapRover/Dokku, i would strongly considering using kubernetes instead.
This tool looks really cool. The section where it listed reasons for using it really struck a chord with me. I am not the most comfortable using all the Linux tools when it comes to setting up servers / system administration. This product looks to be a really good bridge between devs who dev primarily, and those with skills in deployment. Super cool. Thanks for sharing, I will be using this!
Isn't that a setup waiting for disaster to happen? Everything is happily running up to a serious production problem, at which point you miss the experience to debug and fix it.
Then I will have to learn then. I feel most productive and comfortable working on a hobby project if I don't need to spend all of my time dotting the i's and crossing the t's with cli and configuration files. I just want to build. I don't see the value investing my time learning the ins and outs of tooling that I will use maybe a few times when it makes minimal impact, as it comes with an opportunity cost for me elsewhere. That's just me though, I have no gripes with people who love to tinker with their set ups. It just isn't my thing.
And that's the problem; by then it's too late (i.e. never took the time to backup the db). It's about finding the balance, writing a PHP app shouldn't involve studying C compilers and CPU design. But I think these tools (whichever you decide to use) are such an essential part of what you're building that "outsourcing" them as much as possible might be a bit ignorant.
That being said, as long as it works, it works. And if your app is small enough never to get into the grey waters, all the better.
I absolutely agree, were it something commercial these things would need to be considered.
Are there any tools you recommend looking into, were I to take the next step? I don't plan on depending on CapRover to fill gaps in my knowledge for too long, but for now this product really is a good start for me.
No problem in depending on CapRover, as long as you are at least somewhat familiar with the tools it sets up for you. Combine that with some crude generic UNIX skills (quickly analyze cpu/ram/disk usage, search in logs, transfer files, modify configs etc.) and you're way better prepared.
Ironically it's best learned "on the job" (for me at least); just try to deploy your app from scratch. Play around with nginx/apache, letsencrypt, your db stack, packages installation etc. and get a working product.
I'm no expert by far in any of this, but think that knowing "just enough" about these tools really helped along the way. Up to the point where I can now use CapRover like tools with some degree of confidence, closing the full circle ;)
There's also the issue of security. How do you know there's not a big security hole and it's just a matter of time before your data gets stolen or your server becomes part of a botnet or starts serving illegal content?
The same thing applies with these turnkey admin panels like cPanel or Plesk and which is why I don't recommend getting anywhere near those.
A few weeks ago I mentioned on HN [1] I was looking for something where I can take a $5 VPS and install a bunch of Node.js apps easily. I did this with DigitalOcean + CapRover and it was extremely smooth. Initialising the app, enabling SSL, deploying - everything just worked. It was great.
I was hoping to move over, but I won't just yet. Was hoping for two factor auth support [2]. The dashboard was publicly facing and only guarded by a password.
There was also an issue which concerned me: 'netdata image in use is spyware' [3] - however I have not digested that thread and its related discussions to understand if it's a genuine issue yet.
Finally, I was hoping to understand more about the motivations of the project. Who's funding this project? The OpenCollective [4] page shows an annual budget of $529.55 USD? What are the long term goals? How can they sustain themselves?
I use PM2 for running some of my Node.js apps, but I can see there's also PM2 Plus and PM2 Enterprise [5] which helps me understand how they're able to sustain the free version.
I don't mean to be pessimistic towards a piece of software which actually works extremely well. Just want to better understand its long-term suitability for deploying production-grade applications.
Caprover is a great tool to have in one's kit but coming from Dokku [0] i think it lacks a certain flexibility when deploying applications with worker processes. You can get around this by creating multiple "captain-definition" files in your project but i prefer Dokku's adherence to Heroku's "Procfile" approach. However Caprover's web admin/dashboard and docker swarm features are a nice touch.
I'm using CapRover on a personal server of mine and it's pretty awesome. I use it for side projects and tinkering and tooling (analytics, bitwarden). it's very stable with lots of "one click app deploys" of popular open source software.
Combined with portainer (which u can install with caprover) I'm improving my docker knowledge. I'd recommend it for someone starting out with containers and "home labs".
CapRover was mentioned in the thread about the coinbase stack [1] - I guess that's why it's popping up here now.
As I said in that thread - this looks interesting, but the installation instructions put me off a bit. Open a port on your server, and don't change the default password `captain42` - then run a cli tool from your dev machine.
Can some developers explain to me why they don't want to set things up themselves? If you already know how to do it, it's not very time consuming. If you don't yet know how to do it, learning how it all works only benefits your understanding of the service you're providing, and empowers you to fix it. It's almost like learning a new trade, and can give you a new perspective how your code runs.
Maybe it's because there's so much arduous research required to finally figure out what magic commands to run to get something to work. Would having a set of HOWTOs that just explain the steps to set up each component work as well for you as a turn-key solution? (It would be great if we could start a trend of people writing a HOWTO.md after writing their README.md)
I mean, speaking for myself — I know how to set things up for myself and have done it plenty of times, but sometimes for side projects and playing around, I just don’t want to go through that process. I like having a dashboard I can login to, I like having to install one thing rather than having to setup my environment from scratch the same way every time. And I like that if I have to let someone else have access to something, I can give them something without having to pray they don’t break something or teach them.
Honestly, I do a lot of the setup work for my actual job — including documenting/creating demos and examples for others — when I’m doing my own side stuff, I really just don’t want to bother, especially if it isn’t in production and it’s just on the home lab.
To use a crude analogy, I could build my own robust NAS with hardware components and a BSD or Linux distro optimized for storage and acting as a home server with better performance at a lower price than a Synology system. Or I could continue to use my 8-bay Synology NAS (that I really want to upgrade), because the appliance nature is worth the extra cost and pure performance deficits. There was a time I took great pleasure in maintaining all that stuff myself but honestly, I just want to plug it in and know it’ll work with all my machines without having to think about it.
it isn't about how time consuming it is, it's about consistency with the deploys and consistency with the environments. you want your development and production environments to match.
Since someone was happy with this before, I’d like to recommend https://github.com/exoframejs/exoframe again for a more console oriented way of doing this same thing.
Looks solid. I am all set for the wave of fully controlled PaaS solutions coming our way. Most of the innovation has stayed locked behind closed rooms at AWS, Microsoft or one of the major cloud companies. This brings in more control and an extra dimension to optimize.
this makes me so happy - to see a PAAS on Docker Swarm!
However, I wish the caprover had built this experience on top of kubernetes (or k3s) instead of Swarm. The future of Swarm is really unknown and the ecosystem is undoubtedly behind k8s.
Platform as a service. It's like a step up in abstraction from IAS, infrastructure as a service. The lines begin to blur near the edges though, it's a marketing thing really. Just like "cloud" means many different things to many different people but it's a simple one syllable word perfect for brochures.
Does Caprover support multiple "ingresses"? In that I can have an external load balancer balancing between my clusters servers?
I can't seem to find any info on that in their docs.
I'd be interested to know how people who use this kind of thing (or Dokku, etc.) keep their OS, database, applications, etc. up to date, for security reasons if nothing else.
You update your image, stop the container, start the container (with the new image). That's all.
You can create complex containers that could update with security fixes without restarting. But it is easier to update an image e.g. once per week/day and auto restart the containers.
I've been using portainer for managing a handful of basic containers on my home server (zoneminder, deluge, jellyfin, unifi controller). Overall I really like it, but some kind of feature to do this is probably the #1 thing I'm missing. It even lets you launch "stacks" from a compose file in a git repo, but doesn't have any facility to remember that info or do a redeploy, so you're basically starting from scratch every time:
I wonder about the underlying instance's OS, though... in the past, for home servers, I've set up cron jobs to get OS updates and reboot, but that seems wrong for a web server I'd like to be always up.
Maybe create a new instance, update the OS, install the app, switchover? Is there automation for this kind of thing?
K8s does not deal with CI/CD of your source code, nor can it automagically package your code out of the box. You need to compile your source and bundle it in the form of a docker image, host it and provide access to K8s to pull it. K8s is like Linux kernel, it's not usable for most people unless you package it with GNU utilies and other components people expect out of a distro.
Sort of yes, for personal projects and small business I would go for something like this or dokku and try to split services as much as I can, rather than managing k8s in my own
I can see exactly why this exists. It won't suit hard core roll your own developers - any more than WordPress theme generators suit DIY web developers - but for those who may be light on skills and time, this could be a superb way to get an MVP going really quickly and easily. Very nice tool to fill a gap.
(non dev) looking to run my own installation of https://github.com/excalidraw/excalidraw for team. Could I use this app? Straightforward to do? How would I estimate the costs?
As long as you have a (sub) domain you can use and a bit of free time, you could go to your favourite cheap 'cloud' provider, i.e. Digital Ocean, Scaleway, ...
Spin up a cheap instance (DO has a preconfigured image ready to go), git pull and caprover deploy to test.
I am pretty sure even the cheapest ones will be able to run that.
Yes, that is easy and work right out of the box. You should deploy it with 3 nodes and lat the manager work as the LB (is a single point of failure, though).
A more complex solution would be deploying it with an external LB
EDIT: Rephrased
this is a bit like sandstorm.io, which is also an open source platform for web applications. I've used it for a couple of years, and love it. It's cool to see other people exploring the same software space.
I find it surprising that they choose nginx as routing/reverse proxy while Traefik does the job very seamless in a matter of minute with benefit of docker container tag for live configuration. and with full integration of letsencrypt.
If you are going to go full paranoid, you can't pretend that the media is 100% trueful at every aspect, especially when it comes to internal US affairs.
Yeah, the difference is at least some of the media can at least attempt to be truthful with limited chances of accidental novichok exposure, falling through the window or accidentally falling on a knife multiple times. etc.
Basically, you can create a bare git repository on your server (`git init --bare`), and put a `hooks/post-receive` script within it that will clone sources in a temporary directory, build the docker image and rotate containers. That way, you can `git push` to build and deploy, and it's easy to migrate server.
The added bonus is that you now have a central git repos that can act as backup, so you don't need github or gitlab.
The main painpoint, which I find dokku interesting for (and I assume caprover too) is zero-downtime deployment. But well, if this is critical, you probably need something more extensive.