Have you seen cartoons drawn by the XKCD or, alternatively, Randall Munroe? A definite recommendation to check out his comic strips. They are quite geeky but on a wide range of topics. In particular, he has this cartoon which is a drawing of a spreadsheet with “how often used” vs “time saved”. It’s good generic guidance to consider when being tired with a mundane task and thinking about automating it. My personal spreadsheet is inexistent but if I were to do it there would be additional dimensions, e.g. what’s the learned value. Even if I’m not saving much time the knowledge gain and scratch of curiosity itch is a big win.
Recently I’ve adopted and embraced the containerization through the Docker family. These lightweight, all-inclusive environments allow to develop, build and deploy locally and make sure that when deployed they’ll behave the same. Smack everything in containers, create a yaml template for the docker-composer and deploy on a remote host through docker-machine. Quick and easy. Except for some caveats.
One of the issues that almost made me regret all these containers was with getting CA certificates to terminate TLS on the remote host using the Let’s Encrypt. In short, to obtain the certificate you need to prove that you’re in control of the domain and respond in a specific way for a specific request. Fine but to do that you first need to make the domain responsive thus you need to have some certificates but you don’t have since that’s what you’re trying to do. What to do? Get some self-signed certificates, ask for help, get new certificates, replace the old ones and show that you have new ones. Doing this manually takes a couple of minutes and can be done with a combination of ssh-ing and running a script. Having this done in an automatic fashion as deployment to any host is not that simple.
There are a number of blogs that have tried to describe what to do in such situation but most (that I’ve seen) still focus on using the docker-compose from within the remote host. Unfortunately, that isn’t what I want; for small projects, I want to run a single command from a local host and have everything done automagically. So I have spent days trying out some solutions. Two of my favourite that I’ll return to in the future are Traefik and docker-letsencrypt-nginx-proxy-companion sidecars. The former is nginx replacement with a dashboard and Let’s Encrypt solution, whereas the latter is a container that works with two others to do some magic. In both cases, one has to configure relations either through the environment variables or labels and these then work. Well, it should work but I haven’t actually managed to make them work. The approach with Traefik is nicely documented from the Digital Ocean writers though it takes a while to properly configure everything. The other, nginx-based, is a bit outdated and updating it for example to docker-compose v3… it didn’t go that well.
All in all, I tried to make things run smoothly and automatically, and not needing to ever do them again. What I ended up is to spend 10 min to do things manually, copy over with `scp` and update volume references. Quick and easy. Even writing documentation on how to do it again in the future took me a couple extra minutes, but not days.
Have I done what I was going to? Yes. I have learned new technologies by testing them out and knowing what is where and, also, optimized the future releases through having better documentation and explanation why other things won’t help.