18
votes
How to install + serve Tildes directly on a VPS?
Hi,
I would like to run a Tildes instance on a VPS, using a custom domain.
QUESTION:
Is it possible to install and serve Tildes directly on a VPS? (eliminate Vagrant / VirtualBox entirely)
Being a solo dev, it feels like Vagrant / VB adds excess complexity for little benefit.
-
note 1: I tried the Vagrant / VB install method (on an Ubuntu VPS), and hit some errors - all related to Vagrant / VB.
-
note 2: I found this 3-year old comment of Deimos’ instructions, though I'm guessing it's out of date, since the code has changed a lot in 3 years (salts, minions, etc).
If it IS possible to install and serve Tildes directly on a VPS - what is the best / simplest way to do it in 2022?
I will very much appreciate any ideas.
Vagrant/Virtualbox is only for local development, so that you can have all the right versions of everything inside a single contained VM. You don't want to use those if you're actually trying to host an instance of the site.
If you're setting up a VM specifically to host Tildes, you can just install
Ubuntu 20.04Debian 10 on it and then run Ansible on it directly to install and set up everything it needs. I think there might be a couple of manual steps necessary like cloning the tildes repo somewhere and creating a symlink to it from/opt/tildes
, but almost everything else should be done by Ansible. That comment of mine that you linked should have the manual steps in it, but it's mostly obsolete things related to Salt (which was replaced by Ansible) that you can ignore.I think the tildes.net domain is probably hardcoded in various places still too, so you'll probably need to do a search and replace on that with your own domain, but that should be pretty straightforward.
Hey, thank you for the detailed reply. I will set up a new VPS and give it a try.
Please let me know if you run into any difficulties with it, or if anything else ends up being necessary. I'd like to add a document to the repo that just has the specific steps needed to get it up and running.
Okay great. I’m keeping track of the specific steps / commands as I go - I will clean it up and send it over.
It seems there are two approaches:
target localhost in ansible for a loopback install (all on the VPS) - tweaking the ansible commands / configuration accordingly. ( <== That is what I'm trying now.)
target the VPS-IP from another machine, and configure ansible for that approach.
Which do you think is optimal?
Also - which playbook host-patterns are integral for a direct-VPS install (all, app_server, dev, prod)?
^ That might be self-evident, but I'd rather confirm up front (if possible).
I really appreciate your communication and willingness.
Personally, I run ansible on my local machine, which does all the necessary setup commands over SSH. You can set it up to run entirely on the VPS, but I think it's more complex. I probably wouldn't do it that way unless you can't do it from your local machine for some reason. The
prod
playbook is the one you want.Also, I'm not sure why I said Ubuntu 20.04 above, the OS should be Debian 10 ("buster").
I have tried repeatably to launch my own instance, with varying results -- none of them entirely successful. The vagrant method has been broken for quite some time, wish I had some tips but I haven't had any luck with this either.
Is there something specific that's broken in the Vagrant method for you? That's how I set up my own local dev environment, so it's still working for me.
When setting up a fresh VM in a fresh Git clone, there's an Ansible problem creating the
node_modules
directory. The site probably functions normally, but at least some style checks requiring Node.js break.This is the fix: https://gitlab.com/tildes/tildes/-/merge_requests/133
Oh, thanks - I'll test that out later today and merge it. I guess that wouldn't have been affecting me because I already have the folder?
Right. On a new-from-scratch Git checkout, Ansible (via
vagrant up
) will skip creating node_modules, causing tests and Git hooks to fail.A few months back I put in some work to get Tildes unit tests and code checks running on GitHub Actions free tier. This info may inform as to what software packages need to get installed, and folders and permissions to create.
https://github.com/talklittle/tildes/commit/a337415ed1c91e4fd47c99d5099ec132e78f8701
The first file,
ci.yml
, is where most of the good info lies.Notes/caveats:
Thank you, that is good information.
I am targeting a Debian 10 VM, via SSH.
Seems the challenge is aligning the ansible commands / configuration until everything is integrated (as your document shows).
A docker method would be beneficial. Were you attempting a Tildes install? (If so, how did it go?)
Has anyone successfully created an instance?
No, my goal was only to run the tests, to catch setup errors for newly setup development environments.
That said, some of the tests, in the "webtests" folder, do encompass the core website code, such as creating a user and accessing the homepage, so following my CI document should at least get you as far as loading the homepage.
Things that I am not sure about include fetching remote content (like article word count), and background services and cron jobs. And things like gracefully restarting nginx and server components, and auto-restarting components using systemd.
As far as I know, no, but multiple people have expressed interest. If you do succeed and document how you got there, that would be fantastic. I'm sure it would get the creative juices flowing for other developers, imagining how they could build on top of the Tildes codebase.
Okay thank you, I’ve looked through all the CI code and the webtests code.
Yes that is what I’m excited about too. To see what kind of features people develop, and to experiment with new ideas.
Tildes is such a solid codebase, there’s a lot of room for expansion (though it’s also great how it is).
I was going to send an email to @Deimos, but might as well post it here:
We’re ~500 person company and we’ve been looking to spin up an internal “redditboard” (hopefully that doesn’t sound degrading to ~) to share the technical info/discussions/memes and what not.
I love Tildes and decided to have a go spinning it up. Ansible playbooks are awesome, everything came up in less than 10 minutes on a fresh Debian 10 machine. I need to figure out the Postgres config to make it a bit more compact, but the base prod installation works great!
Now it's time to figure out how to make it usable for us:
The real question to answer - is this manageable at all in a decent amount of time, or do you think we'd be better off setting up something else? I know that open source != easy self-hosting, but I'd love to have our own tildes instance to use internally.
Posting it here is good - I haven't been posting much recently, but I'm generally around and will see it if people message/mention me.
Good to hear that it was easy to get running for you! Some thoughts about the changes you're hoping to make:
Google/LDAP SSO - I have no idea about this at all either. I feel like it probably wouldn't be too difficult, but it could depend on whether there are good existing libraries for it that you can get working easily.
Tildes being set up as invite-only is probably helpful here overall, since you won't have to worry about disabling registration or anything like that. Depending how many people you need to give access to, it may be a lot simpler to just find a way to distribute invite codes internally than implement SSO.
This one might end up being an issue with most of the self-hostable similar platforms available too, I don't know which ones (if any) would already have built-in SSO support.
Embedding images - I think there are two different parts here, and the difficulty will depend on exactly what you need:
![label](url)
, and Tildes is specifically stripping that out: https://gitlab.com/tildes/tildes/-/blob/master/tildes/tildes/lib/markdown.py#L213-214Moderator-like actions/permissions - Yeah, this is definitely a rough part right now. The permissions have to be managed manually by inserting the rows directly into the database (in the
user_permissions
table), and there isn't really any documentation of what each of the permissions do.The valid permissions are listed here: https://gitlab.com/tildes/tildes/-/blob/master/tildes/tildes/enums.py#L299-311
Most of them should probably be pretty intuitive from their names, but figuring out some of them could be a little tricky and would involve looking in the
__acl__()
methods that define permissions for different objects. For example, if you wanted to know what thetopic.edit_by_generic_user
permission does (which is probably the most confusing one), you'd search for that string in the code and find this section: https://gitlab.com/tildes/tildes/-/blob/master/tildes/tildes/models/topic/topic.py#L364-374That's in
Topic.__acl__()
, so that's adding permission to topics. In this case, someone is getting theedit
permission on a topic if it's a text topic, posted by theuser_id
of-1
(the "generic" user that makes scheduled posts), and they have thattopic.edit_by_generic_user
permission.If you need to go a level deeper on that, you'd need to look at where the
edit
permission on a topic is actually checked, like: