Skip to main content

- Defending Internet Freedom

- IndieHosters

- Give Docker Trainings

- libre.sh, yet another Docker PaaS

- Meteor Freelancer

- ToS;DR

- IndieWeb

- I have something to Hide and you?

- Framasoft

indiehosters.net

github.com/IndiePaaS/IndiePaaS

twitter.com/pierreozoux

github.com/pierreozoux

tosdr.org/

pierre-o.fr

www.humancoders.com/formations/docker

www.meetup.com/Internet-Freedom-Lisbon/

ihavesomethingtohi.de/

framadrive.org

pierre@ozoux.net

Pierre Ozoux

Nice tool to monitor email - MX Lookup Tool - Check your DNS MX Records online - MxToolbox http://mxtoolbox.com/default.aspx

Pierre Ozoux

cc @laurentchemla Caliopen introduction by gdchamal · Pull Request #16 · OpenTechFund/secure-email https://github.com/OpenTechFund/secure-email/pull/16 any update on that?

Pierre Ozoux

Looking for partner/co-founder at @IndieHosters

2 min read

Hi!

As you may have heard, Michiel is quitting IndieHosters. Right now, I'm handling everything by myself. There is a lot of work to be done, and it is not yet paying, not even one salary. I would say we have around 70 users (not all are paying, we offer hosting for some associations). I'll share more figures beginning of November.

The last campaign with framasoft brought a lot of attention and this was nice. We got lot of visit on our website, a lot of emails, but only 2 conversions so far. The website needs some attention in the general design and also in the translated version.

I plan one crowdfunding, probably around February. I'd like to aim at 10k€ this time, in order to pay 2 salaries of 1k/month for 2 people during 5 month. With this, I'd like to develop the infrastructure in many ways, and offer a more diverse list of application. Ideas to have better infra would be:

  • use ceph for distributed storage
  • use kubernetes
  • provide an SSO
  • couple odoo with kubernetes or develop our own app (would manage eshop, plus apps management)

So, if you are interested, please email me at pierre@ozoux.net

Basically, I need SysAdmin skills. Docker would be a plus, but not really necessary. If you are Business developer/marketting guru, we can discuss about sharing revenue also, but well, for now, there is not much... We are not a startup (and don't want to be) so we have no shares to offer. We can discuss about setting up a coop or whatever you have in mind.

I still think it is for me the best way to help the world be a better place. Nobody is offering free software as a service. We are still the only one doing it! And I want to do it right with you :)

On top, you can learn neat technos like coreOS/docker/kubernetes. I'll share my knowledge with you.

Please RT/Reshare, if you have ideas, I'm open also :)

Pierre Ozoux

Last week of work! A fully usable email system! https://github.com/indiehosters/email preparing IndieHostersV2 :)

Pierre Ozoux

Test of @whiteoutio (cc @MyCozyCloud)

3 min read

Context

As you know, for IndieHosters, I'm always looking for open source alternatives to proprietary cloud software. One headache I had lately was to find a nice webmail for our users. Of course there are some candidates like:

  • rainloop
  • roundcube
  • owncloud webmail (beta)
  • mailpile (beta)

these 4 are of the most serious competitors when it comes to webmail.

There is also the option of letting the user choose his mail client. It doesn't have to be webmail actually. More and more users are using native clients due to mobile adoption.

But with recent changes in the surveillance domain, we now need serious "encryption first" mails. There are not many apps that do it. On the previous list, just MailPile is the known project that is working to tackle this challenge! And the first 3 ones are maybe betting on the use of Mailevelope.

I will not go in the details of the encrypted emails market as this GitHiub repo is doing the job in a in depth way.

But lately, I stumbled upon one really nice candiate, whiteout.io.

Test

The first nice things is that you don't necessarly need a personal server to use it. You have iOS, Android, chrome app and FOS coming soon.

I used the chromium app version on my ubuntu.

It looks like it is still beta, but it is already really good.

Something didn't work like key export or search. There is no "muti-account" yet. And I couldn't test the auto MX, but I hope it is working. This was the "beta" part.

The great thing is I could send an encrypted email to another account without taking any action. The app did the job of searching my public key directly on the keys server. I was bluffed, I have to admit. And they also publish the key to keys server automatically!

One good point for the UI that gives you confidence about security. It is telling you clearly if your mail is encrypted or not.

I also really like the fact that this is a normal client, and not an "half open source" project where just the client is FOSS, and then you have a proprietary server. In the case of Whitout.io, it just plugs into IMAP/SMTP. I think it also uses this protocol to share the key accross devices (with a passphrase).

I still have a doubt about if it encrypts every sent and received message with the key on the local imap. This way, I could host emails for IndieHosters users, without having access to their emails. (I could log their packets, but well, I wouldn't!)

I think it is really easy to use. Unfortunately, MailPile looks difficult to handle for end users as you need a personal webserver. In the case of Whiteout, this is a pure javascript client! They just need access to TCP, that's why you need to install it as chrome app.

This is my impression, and I'm really looking forward to see more development.

One more thing, it would be better if they use 4096bit long keys instead of 2048.

Congrats whitout!

PS: Cozy, I think it is a really good candidate for your webmail :) Cheers!

Pierre Ozoux

Some minutes left to support our friends Whiteout: Email Privacy. Open Source. End-to-End. http://igg.me/p/whiteout-email-privacy-open-source-end-to-end/x/9169969

Pierre Ozoux

How IndiePaaS work in the big lines and futur of IndiePaaS

7 min read

It's been some month now I'm developping this for IndieHosters. Until now, I'm the only one using this piece of software, but some people show interest. It is wether out of curiosity or to understand the new trend on the DevOps ecosytem. I'll take the opportunity in this blog post to develop a bit more why I developped it, how it works internally and what is the future of it.

Why developping yet another docker PaaS

This is actually a good question. I started thinking about this last year after I took the decision to quit my job to start IndieHosters.

At this time, I was working at Seedrs.com and I was playing with tools like chef, vagrant and packer. I was already fascinated by how Docker could revolutionize the way we host Internet application for the 12 factor app.

During this research, I stumbled accros a really nice article from airbnb describing the way they manage their services internally: SmartStack. It is really interesting article. I never tried their technology, but was fascinated to discover this new way to think about how to administer Internet Application. So last summer, after reading a lot, I took the decision to go for CoreOS. At this time, their was already deis, flynn and dokku.

So why not choosing one of them?

First of all, there were all really beta-ish. Then, there were designed to run 12 factor app. For IndieHosters we wanted to host "legacy" app like wordpress and owncloud, which are far from 12factor app. Without entering too much into the details, it didn't fit. Of course, at IndieHosters, we didn't want to develop any piece of software. And somehow, IndiePaaS is mostly CoreOS configuration. But I agree with you, we are reinventing maybe not the wheel, but maybe the tire. I'd like to avoid that, but there is still no software on the market that would fit our needs. So I continue to happily develop IndiePaaS. And actually, I learnt a lot on the process. And even if IndiePaaS is not perfect, when some people ask me "why yet another docker PaaS", I could answer "Just for fun", and it would be an accurate answer. (And also now, this knowledge will be a part of my personal funding as I provide Docker training, so for fun and profit :) ).

This was the backgroud of the decision. You can find more tools on this page if you are interested: docker ecosystem survey.

how it works internally

Without entring too much into details, I use service registration/discovery concepts. And I use the CoreOS implementation.

How does it work in practice.

First you need a distributed key-value store. CoreOS uses etcd. IndiePaaS doesn't use it in a distributed manner as I didn't have time yet to investigate how to use it properly and securely over different cloud providers.

As an example, let's say I want to start https://forum.indie.host (this is the new IndieHosters forum based on Discourse.)

I would clone the discourse indiepaas app onto /data/domains/forum.indie.host.

Then I'd follow instruction for this specific app from the README.

Then, I need to put the right cert under /data/domains/forum.indie.host/TLS/forum.indie.host.pem

I still have to modify by hand the list of cert file under /data/runtime/haproxy/crt-list

and add a line like

/data/runtime/haproxy/approved-certs/forum.indie.host.pem forum.indie.host

(before, it was automatic, but I had problems during restarts. It is a workaround, and I want to get it back automatic, but you know :) one thing after another.)

Once the app is properly configured, you can start it.

systemctl start universal@forum.indie.host

This is a new unit file I'm experimenting. One unit file to run them all! It is very flexible. It will look into /data/domains/forum.indie.host and launch the RUN script. The issue was that there was a lot of different way to start an app, so a bash script is very flexible!

And this universal runner will also take care of starting the hourly backup. This hourly backup will just start BACKUP file from the right folder every hour. This allows of abstraction to know if you need to backup a mongo DB, or a mysql DB, or whatever.

Stay tune, the magic is coming!

This universal will also start discovery-u@.service this is what is called a sidekick. This is the cool part. When the discourse is started (or whatever app), the sidekick will start, check the internal IP of the container, and put it in the key-value store.

Basically it will register the following value: {"ip":172.16.1.15, "port": 80} under the following key: /services/web/forum.indie.host. This is the registration process.

Then I use HAproxy as the front for all the services. It is taking care of offloading the https traffic, and sending the clear traffic to the right container. But it needs to discover where are the containers, right?

This is where confd is coming handy. This little piece of software will listen to etcd changes, and whenever there is a change, will re-render a haproxy.cfg template I gave to it. After that, it will gently restart HAproxy \o/

Cool isn't it?

If you have more question about this, please do ask a question as comment, and I'd be happy to answer. All the code is on github, so please, feel free to open an issue also.

What is the future of IndiePaaS

As you can see, it is not rocket science. It looks like, but at the end of the day, it is just a configuration of indiustry standard. I would actually prefer to use a piece of software that is used by more person than just me, but still didn't find the right one :/

So for now, I just keep adding more app for IndiePaaS and IndieHosters. I know this work is needed and useful for more people than just us. I keep correcting little bugs that are showing on the way. I still miss some features that I still don't know how to solve and other projects do not solve properly like:

  • central logging
  • DNS management (discovery/registration style)
  • ERP integration
  • green/blue services deployment (with regression test on the users application maybe though a screenshot)

I think one of the way would be to try out all these orchestration framework for Docker by comparing how they perform when it comes to host wordpress.

And if we can't find any thing that fit the need, then continue to happily hack IndiePaaS and add these features.

In this case, there is a lot to be done in term of:

  • documentation
  • API
  • community

That's it. I'm happy to share my thoughts with you about this project I'm working on since almost a year now. I know, it's kind of bad in a lot of ways, but it is effectively working to host 45 people Internet services in a relatively stable manner.

Please, I'd love to hear your feedback on that. If you have any questions, please do not hesitate to comment or send an email!

To go further, I recommend this blog post: What makes a cluster a cluster?

Cheers!

Pierre Ozoux

Pierre Ozoux

Owncloud Email \o/ - Munich ownCloud community http://www.meetup.com/de/owncloud-munich/events/221456144/

Pierre Ozoux

NewsLetter Pierre's hosting, issue #3

2 min read

Version française plus bas

The April issue

News

Uptime

99.83% (last 30 days) I found a way to greatly improve the uptime.

Finance

  • hosting: 85€
  • domain: 47€

Warrant canary

https://github.com/pierreozoux/hosting/blob/master/warrant-canary/2015-05-07

If you have any questions on any things, please do not hesitate to send an email!

39 people freed and counting!

PS: referal - if you convince a friend of joining IndieHosters, we give a month for free for you and your friend!

Version française

La newsletter d'avril

Nouvelles

Qualité du service

Sur les 30 derniers jours, le service était disponible 99,83% du temps.

Finance

  • hébergement:85€
  • domaines: 47€

Warrant canary

https://github.com/pierreozoux/hosting/blob/master/warrant-canary/2015-05-07

Si vous avez des questions ou suggestions, n'hésitez pas à m'en faire part en répondant à ce mail!

39 personnes libérées!

PS: parrainage - si vous arrivez à convaincre un ami de rejoindre IndieHosters, on vous donne un mois gratuit à vous et à votre ami!