Digital Ocean has a bunch of one-click apps. Often these system are fairly complex to setup but run on their own pretty well. Not sure if they are to be recommended for any given app, so let’s get queuing!
Every few days I’ll look at an app, see what it’s about.
In their marketplace they have categories, and that seems like an okay way to process them.
Okay, let’s see what “developer tools” are!
You can launch a whole server for… node.
Buddy is a Continuous Integration and Delivery tool for web and software developers. The tool uses delivery pipelines to build, test, and deploy code. The pipelines consists of actions (over 100 types) that can be easily arranged with drag and drop in a clear & telling GUI – there is no need to script the whole process.
Okay, that’s kinda neat. I’ll look into that more, as I like having a pipes server to do stuff for me. Maybe we can invest in one instance and all use it.
Gitea is a painless self-hosted Git service, which allows for programmers to collaboratively develop software. It is similar to GitHub, Bitbucket, and GitLab.
This package is supported by Gitea, as well. Notably, we host https://allthe.codes as a Gitea instance. @tim, thoughts on DO versus RPi?
Dokku makes it a breeze to deploy and manage web applications on your own server. Now available as a 1-Click installation, it’s even easier to have your own private application platform in a matter of minutes.
I love Dokku! It’s a personal Heroku. I used to run an instance, but ultimately decided that apps developed for Heroku are generally designed poorly for my use.
Sourcegraph is a code search and intelligence tool for developers. It lets you search and explore all of your organization’s code on the web, with integrations into your existing tools. Sourcegraph is used by developers at Uber, Lyft, Yelp, and more to help them search and review code at enterprise scale.
Wow, with so many name drops, this is sure to cause strain from eye-rolls. Skip!
One click Onjection Jenkins provides production ready CI/CD tool. This is compatible with different DevOps tools required for code scanning, code building, code testing and code deployment. Writing a declarative pipeline is easy now using shared libraries. Onjection Jenkins is integrated and configured with many Plugins - Docker, Bitbucket, SonarQube Scanner, Gradle, Blueocean, Junit, Kubernetes pipeline, Logstash, Nodejs, Role Based Auth, Git, JDK, Ant, Maven, Shared Libraries
Hmmm, I think this is a pre-configured Jenkins instance by a specific company that supports it, called Onjection. So, hmmm.
Passbolt is an open source password manager for businesses and IT teams. It helps centralize, organize, and share passwords securely with collaborators and teams while enforcing strong security policies. Passbolt is open source, self-hosted and respects your privacy. Passbolt Community Edition (CE) is free and will remain free forever.
AGPL, CC BY-SA
Extendable JSON API
Interesting enough to investigate if they mess it up trying to make a dollar.
A lightning fast implementation of Selenium WebDriver protocol running browsers in Docker containers. Its main application is the automated web-applications testing in real browsers. This image comes with two last versions of Firefox, Chrome and Opera browsers available for testing.
Very cool project, rendered valuable for the hubris of society.
Docker containers wrap up software and its dependencies into a standardized unit for software development that includes everything it needs to run: code, runtime, system tools and libraries. This guarantees that your application will always run the same and makes collaboration as simple as sharing a container image.
Been using DO for a long time but I’ve never looked into the one-click apps! The dokku setup seems pretty cool, I’ve been reading about it lately and not having to set it up from scratch would be nice!
OpenVPN Access Server is a full featured SSL VPN software solution that integrates OpenVPN server capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client software packages that accommodate Windows, MAC, and Linux, mobile OS (Android and iOS) environments. OpenVPN Access Server supports a wide range of configurations, including secure and granular remote access to internal network and/ or private cloud network resources and applications with fine-grained access control.
So this is interesting. The ability to deploy a VPN endpoint on one’s own is hot.
Getting started after deploying OpenVPN Access Server
Log on via SSH to start the setup procedure, you will be asked a number of questions that need to be answered.
Once that is complete, enter the command “passwd openvpn” to set a password for your Access Server.
Now open the address of your server in a web browser, for example: https:///admin/
If you see any SSL certificate warnings, that is normal, please override them.
Now log on with username ‘openvpn’ and the password you set in step 2.
Notice that fourth step, it’s a flag for sure, but that’s how certs work. My point is, without reading a lot more about OpenVPN, deploying as a one-click may not be the best idea, given the importance of this application.
But more we shall learn!
CloudBees Jenkins Distribution
CloudBees Jenkins Distribution provides development teams with a highly dependable, secure Jenkins environment curated from the most recent supported Jenkins release. The distribution comes with a recommended catalog of tested plugins available through the CloudBees Assurance Program. Upgrades are now a smooth, seamless experience with the Beekeeper Upgrade Assistant. The Beekeeper Upgrade Assistant works in parallel with the CloudBees Assurance Program to provide a centralized view of the monitored Jenkins plugins, as well as recommended actions and configuration options. The free CloudBees Jenkins Advisor plugin keeps an eye out for potential issues and recommendations and sends you email notifications with suggestions tailored to your installation. The CloudBees Jenkins Distribution License Report has a list of included plugins. For 24 hours a day, 7 days a week support from the Jenkins experts, visit CloudBees Jenkins Support.
Okay, so this is like that Onjection one. But by a Cloud of Bees posing as people. Not sure if that is a point against or for them…
GitLab Enterprise Edition
Shorten development cycles and innovate faster with reliability through DevOps automation. GitLab is a single application that provides end to end DevOps solutions ranging from Source Code Management, Continuous Integration and Delivery, Security with Monitoring, as well as rich project management features to development teams across the enterprise. With this marketplace listing, you get source code management, built-in CI/CD, project tracking functionality and much more for free. Unlock additional features like security and monitoring with Enterprise Edition without the need of setting up a new Droplet. Simply scale up your instance and apply your license key purchased online here.
Uh-oh, I smell bullshit!
But we played with GitLab for many years, and it is very nice for what it does, if you need to be GitHub but are too .
CapRover is an easy to use PaaS with a dashboard. It helps you to take your app from http://localhost:3000 to https://awesomeapp.com in seconds. It makes HTTPS enabling as simple as clicking on a button. It makes database (MongoDB, MySQL, Postgres and etc) deployment available with a single click. No more manual nginx configurations, or building everything from scratch. See Getting Started · CapRover for setup documentation. If you are using this One-Click droplet, you should skip step 1 in the guide.
Huh, sounds like Dokku. Apache 2 license. Make note to quest.
NKN Full Node
NKN is the new kind of P2P network connectivity protocol & ecosystem powered by a novel public blockchain. Our open source node software allows Internet users to share network connections and unused bandwidth for rewards. By running an NKN node, you become part of the NKN network community helping to build the decentralized Internet so everyone can enjoy secure, low cost, and universally accessible connectivity.
Hmmm, can I use the Data gif again?
Okay, I’ll give them: their pitch sounds nice. But it also sounds like they don’t go out of their way to address any issues blockchain-based applications bring. Worth looking up more, see if there is anything beyond the hype and good intentions. On the other hand, their support URL is Discord…
Build scalable games and apps with a production ready server used by ambitious game studios and app developers all around the world. Have a look at the documentation and join the developer community for more info.
I don’t know really know if this interest me. Do I want a game server that handles a bunch of stuff for me, that I can one-click install or API cluster (built-in)? Sure! But this is likely for mobile app game makers, and I simply don’t care about those kinds of games. They allow for horrible consequences to mobile gamers. I am not particularly interested in learning more about supporting that sub-industry.
PacVim is a game that will teach you how to use the vim text editor.
Getting started after deploying PacVim
To play, ssh into your Droplet and then run:
pacvim [LEVEL_NUMBER] [MODE]
You may specify the starting level and mode ( n and h for normal/hard). Default mode is hard:
pacvim 8 n
How To Play
The objective of PacVim is very similar to PacMan.
You must run over all the characters on the screen while avoiding the ghosts (red G ).
PacVim has two special obstacles:
You cannot move into the walls (yellow color). You must use vim motions to jump over them.
If you step on a tilde character (cyan ~ ), you lose!You are given three lives. You gain a life each time you beat
level 0, 3, 6, 9, etc. There are 10 levels, 0 through 9. After
beating the 9th level, the game is reset to the 0th level, but
the ghosts move faster. Winning conditions: Use vim commands to move the cursor
over the letters and highlight them. After all letters are
highlighted, you win and proceed to the next level.
Losing conditions: If you touch a ghost (indicated
by a red G ) or a tilde character, you lose a life. If you
I want to learn about this, because self-hosting functions is dope. I could hook all my processes together if I had a grasp of building functions.
There are only two products on offer, so this is low-hanging fruit for accomplishing the process.
OpenFaaS (Functions as a Service) is a framework for building serverless functions with Docker and Kubernetes which has first class support for metrics. Any process can be packaged as a function enabling you to consume a range of web events without repetitive boiler-plate coding.
With OpenFaaS ® you can package anything as a serverless function - from Node.js to Golang to CSharp, even binaries like ffmpeg or ImageMagick.
You can try out OpenFaaS in 60 seconds or write and deploy your first Python function in around 10-15 minutes. From there you can take the OpenFaaS workshop, a series of tried-and-tested self-paced labs which teach you everything you need to know about functions - and more.
You know you can trust someone when they include ® in their descriptive text. Their values are aligned with mine, surely.
I’m having a difficult time understanding how this works, mostly because of the central premise stated above:
a framework for building serverless functions with Docker and Kubernetes
That seems like a lot servers to me. Like, more than “-less”. What’s that other one about?
Nimbella Lite provides you with a platform for building serverless applications, not just functions. It is Powered by Apache OpenWhisk, an industry-strength platform for serverless computing that can handle enterprise-level scaling. This one-click deployment comes bundled with the Nimbella Serverless Workbench which complements your day-to-day development and provides a uniform experience for building serverless applications, from your desktop to the cloud. Connect with us via email@example.com to get early updates to the Workbench.
Oh, Apache OpenWhisk sounds cool:
Apache OpenWhisk (Incubating) is an open source, distributed Serverless platform that executes functions (fx) in response to events at any scale. OpenWhisk manages the infrastructure, servers and scaling using Docker containers so you can focus on building amazing and efficient applications.
The OpenWhisk platform supports a programming model in which developers write functional logic (called Actions), in any supported programming language, that can be dynamically scheduled and run in response to associated events (via Triggers) from external sources (Feeds) or from HTTP requests. The project includes a REST API-based Command Line Interface (CLI) along with other tooling to support packaging, catalog services and many popular container deployment options.
So what is Nimbella?
Nimbella is a pure serverless cloud that leverages the public cloud infrastructure and can be extended to private on-premise infrastructure. It is built on open standards, giving developers full control over their architecture and code, without vendor lock-in.
At this point I have to eject, my brain doesn’t make words sense more any.
Back to the deployment:
The OpenWhisk API host in your droplet can be accessed by its Droplet_IP , or as a subdomain 1-2-3-4.nimbella-lite.com , replacing 1-2-3-4 with your droplet’s IP address. Notice that - is used instead of . to refer to your droplet when referenced in this way. The message-of-the-day which is printed to the console when you ssh to the droplet will show you the hostname specific to your droplet.
That seems particularly banana pants to me, and can hardly be considered self-hosted.
Okay, so I think I learned that OpenWhisk might be worth paying attention to. OpenFaaS has several options I’d need to understand to deploy. Hmmm.
It was a tie between Monitoring (9 apps) and Databases (6 apps)… so databases win! My policy is to choose the less work.
Thousands of startups use MongoDB for their mission-critical applications. It’s the leading NoSQL database, offering a simple and elegant way to help developers scale.
NoSQL! It is probably worth diving into the broad database paradigms.
A couple of things about MongoDB stand out:
GNU AGPL v3
The droplet required additional setup to be secure; I like they include them on the droplet app page
Hasura GraphQL Engine lets you make powerful queries with built-in filtering, pagination, pattern search, bulk insert, update, delete mutations & subscriptions. You can also Trigger webhooks or serverless functions on Postgres insert/update/delete events. Comes with fine-grained dynamic access control that integrates with your auth system. This one-click setup also includes an empty Postgres database and automatic HTTPS from Let’s Encrypt using Caddy webserver.
This VPS additionally comes with Postges (database), Caddy (web server), and Docker (containers). So pretty hefty, though it sounds kinda neat. If one needs GraphQL.
phpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQL over the Web.
A classic is the best sense of the word. Though it is kinda funny to install this rather a MySQL server with this added. I suppose it may allow administration of remote databases… but how many folks are gonna use it for that?
Acra encryption suite — data protection in distributed applications, web and mobile apps that use PostgreSQL/MySQL RDBMS.
Acra provides selective encryption, multi-layered access control, SQL firewall (SQL injections prevention), database leakage prevention, and intrusion detection capabilities in a convenient, developer-friendly package.
Huh, Acra is this whole thing, and it does some really interesting stuff. But deploying this VPS is one step in a long journey to get an ultra-secure environment setup when most of us get by with merely excellent security.
Very neat though, especially if I were looking at secure communication platforms that have high stakes. The descriptive text goes on and on explaining how it works; suffice to say this is interesting tech, but not of personal interest.
RethinkDB is the first open-source scalable database built for realtime applications. It exposes a new database access model – instead of polling for changes, the developer can tell the database to continuously push updated query results to applications in realtime. RethinkDB allows developers to build scalable realtime apps in a fraction of the time with less effort.
What a great tech to constantly distract lots of people operating out in the real world where their attention is just being wasted on their surroundings and ooh! a push update!
Additional security notes:
Note that RethinkDB is started with a default account with user admin with no password . You should secure your RethinkDB instance immediately
The best way to secure a RethinkDB cluster is to run it on a protected network (DigitalOcean Private IP and/or VPC), that doesn’t allow access from the outside world. However, this may not always be feasible. Some cloud deployments often require access from wide area networks.
I don’t mind require other software to secure databases. I just wish there were standardized ways to do so.
The world’s most popular open source database
My favorite part of that description is the lack of a period. CoughMariaDBcough.
Okay, here’s the weird thing. First, I’m gonna quote myself from earlier:
Though it is kinda funny to install this rather a MySQL server with this added. I suppose it may allow administration of remote databases… but how many folks are gonna use it for that?
Yeah… this is the same VPS as phpMyAdmin.
GPL 2 w/modifications
GPL 2 with modifications
Both maintained by DigitalOcean, so I guess my question is answered with: marketing.
Before I wrap this up I wanted to point out SQLite is dope, and works in many cases where a different database could be used. Consider you use case, it might get done with SQLite, including WordPress.
I thought the database would be more interesting. Maybe apps are used to bundling them on the same machine, which makes a type of sense.
Okay, we are getting down to only a few categories!
One reason is that you can make PMA public to the internet without it potentially living on the same server as the database. You can swap around the database droplets, change their IPs, etc. But PMA stays in the same place.
Of course, from a security standpoint it’s neither here nor there, since breaking into PMA means getting full access to the database anyway. But having one PMA with multiple database connections is easier than having one PMA instance per-database droplet
SQLite is dope. If you’re in a many-reader, 0-10 writers situation, it’s perfect. One of my favorite projects was building a Slack bot for my friends that queried a read-only sqlite database with Magic card info in it. Had a little Go program that sucked in an MTGJSON archive and spat out a sqlite database.
Har har, three-way tie! Well, I broke the tie, and choose…
A category with a mere six options!
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Built by experienced developers, it takes care of much of the hassle of Web development, so you can focus on writing your app without needing to reinvent the wheel. It’s free and open source.
Django comes up for a lot of python that touches the web. I have no idea if it makes sense to install a VPS this way. It includes what I infer to be common python web server components:
Although… I don’t think I would install Postfix on a server. That’s just me, maybe Django has an awesome connector or something.
I’m not sure why that table says Custom for license, it is available under BSD license.
The Django OpenLiteSpeed One-Click app automatically installs Linux, performance web server OpenLiteSpeed, Python LSAPI and ACME. OpenLiteSpeed features easy setup for SSL and RewriteRules. It’s flexible enough to host multiple Django apps, and supports many other apps including NodeJS, Ruby, and CMSs like WordPress.
Okay, but what is OpenLiteSpeed again?
OpenLiteSpeed is the Open Source edition of LiteSpeed Web Server Enterprise.
I like web servers, but folks that use “open source” and “enterprise” in the same sentence and don’t spit on the ground afterward, in my experience these folks are not to be trusted.
Ruby on Rails
A web-application framework that includes everything needed to create a database-backed web application according to the Model-View-Controller (MVC) pattern.
Seems like a good option, and updated by DO themselves. But it sure installs a lot of software:
So are the links wrong, or am I tripping in thinking that’s an odd inclusion on the software list?
The LEMP stack is a group of open source software to get web servers up and running. Available as a one-click install, get NGINX, MySQL, and PHP-FPM installed on your Droplet in less than a minute.
Hey, now we are getting into the tried and true! The LAMP VPS is last on this particular occasion, but it came first and LEMP is LAMP with NGINX (pronounced “engine”, hence the “E”) rather than Apache (“A”).
Let’s see what hey load up:
GPL 2 with modifications
You get the sense that DO doesn’t want users to ask them about email hosting, so just include Postfix in every image. Fail2Ban is a nice addition, and would be my choice to include on every VPS.
I don’t install MySQL anymore, always MariaDB, which to my understanding is a drop-in replacement, but with better licensing and open development. However, I haven’t seen it anywhere in the VPS images. It wasn’t even listed in the database servers. Huh.
The Node.js OpenLiteSpeed One-Click app automatically installs Linux, performance web server OpenLiteSpeed, Node.js, NPM, and CertBot. OpenLiteSpeed features easy setup for SSL and RewriteRules. It’s flexible enough to host multiple Node.js apps, and supports many other apps including Python, Ruby, and CMSs like WordPress.
LudicrousSpeed Webby Server
The LudicrousSpeed Webby Server One-Click app installs the latest in HyperTextTravellingTech (HTTT) Enterprise Core Library, Browsable Source Edition. Flexible enough to make both new web publishers and seasoned webmasters feel like they are accomplishing their duties for the Empire!
That said, the software list for this one is really all over the place, license-wise.
HTTT ECL, BSE
Artistic License 2.0
Also, I’m not sure about the non-standard set-up instructions:
Getting started after deploying LudicrousSpeed Webby Server
From a terminal on your local computer, connect to the Droplet as root. Make sure to substitute the Droplet’s IP address.
An interactive script that runs will first prompt you for your domain or subdomain.
Next, attach the voice-activated configuration dongle; you’ll use this input device to finish setup.
You can also automatically apply Let’s Encrypt SSL if your domain is pointed to this server already.
I’m gonna wait and see how much “market share” this server gets. A lot of these seem half-baked ideas that will be quickly discarded and never revisited.
¯_ (ツ) _/¯
In less than a minute, spin up a cloud server with Apache, MySQL, and PHP installed.
You can tell this is one of the earliest VPS on offer, as they hadn’t figured out how to laden the descriptive text with buzz terms yet.
GPL 2 with modifications
GPL 2 with modifications
Not too much cruft, but honestly, I’d sooner install all this server software and manage it with the package manager on the server. It’s nice to have a quick spin-up VPS like this, but it is also just like one command with a bunch of package names in it, and then you’re getting the latest, rather than shelling in the first time and downloading the latest versions anyhow.
So, your mileage will vary, as the cool kids often type out, verbosely.
That’s actually correct. Puma is an “application” server that handles spinning up ruby processes. It speaks Rack which is kind of a server abstraction that applications talk to. Then you use Nginx as what is known as a “reverse proxy”, which means that it handles all the stresses and configuration of actually talking to the wider internet, and then Nginx talks to Puma, usually over a local port or named pipe.
I think the primary reason these boxes usually come with Postfix is for outgoing, transactional mail only (cron jobs, ecommerce receipts, shipping notifications, etc). They’re likely not configured for incoming mail at all, although I believe Rails 5 added Active Mail and can actually take action on incoming mail when configured.
So, maybe their script is picking up the wrong package name and linking incorrectly?
That’s my point: most folks shouldn’t be setting up postfix on their own. Or maybe DO users are advanced enough to handle transactional email, in terms of deliverability and “trust”. I certainly wouldn’t suggest folks set it up on their own.
To start, monitoring is basically one or more services that are “watching” some computing resource. Glancing at the list, most of these are outside the hobbyist sphere, and look to be pretty hefty servers.
Also, I’m not going over the two Kubernetes apps, since they are in their own category I was planning to skip, but as they are both monitoring and that makes sense for Kubernetes, I’ll do a post on it after all.
InfluxDB TICK Stack
The open source TICK Stack, which includes InfluxDB, is a high performance platform to collect, store, visualize and act on time-series data for DevOps metrics, IoT telemetry, and real-time analytics. The four TICK Stack components: Telegraf for collecting data, InfluxDB for storage, Chronograf for graphs, and Kapacitor for alerts; contain everything needed to make beautiful dashboards, observe Kubernetes clusters, store syslog messages, and even monitor your smart home. Get started in 60 seconds with the InfluxDB TICK Stack 1-Click App.
I don’t know… I feel like if I am going through that much trouble to lock this thing down, I’m probably building my own server images and tracking each component in version controlled configuration.
Maybe one-click apps in this category are demos.
The HoneyDB Agent is a low-to-medium interaction honeypot for security purposes, that supports emulation of common TCP and UDP network services. The HoneyDB Agent can be configured to send captured honeypot data to the HoneyDB web site - a community-driven honeypot data collection and aggregation security service. Using the HoneyDB Threat Info RESTful API, you can download your honeypot data and/or all community contributed honeypot data to help defend your applications and network
This relies on generating keys from the HoneyDB website:
After you create a HoneyDB Agent One-Click Droplet, the HoneyDB Agent (honeydb-agent) will be installed. The next step is to SSH into the Droplet to configure and start the honeydb-agent service. The first time you SSH into the Droplet you will be prompted to configure honeydb-agent by entering your agent keys. Agent keys can be generated and retrieved by creating a free account at HoneyDB.io. Once you’ve entered the agent keys into the prompt the honeydb-agent service will start.
I’m not going to look into this now, but this could be interesting. Maybe this is a great community resource… but how likely is that?! Anyhow, the license for the agent software is at https://riskdiscovery.com/honeydb/license:
HoneyDB Agent End User License Agreement (HoneyDB Agent EULA)
Redistribution of HoneyDB Agent binary forms and related documents, are permitted provided that redistributions of HoneyDB Agent binary forms and related documents reproduce the above copyright notice as well as a complete copy of this EULA.
You agree not to reverse engineer, decompile, disassemble, modify, translate, make any attempt to discover the source code of this software, or create derivative works from this software.
The HoneyDB Agent is bundled with open source software components, some of which fall under different licenses. By using HoneyDB Agent or any of the bundled components, you agree to be bound by the conditions of the license for each respective component.
This software is provided â€œas isâ€ and any expressed or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall HoneyDB be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage.
HoneyDB is the sole distributor of HoneyDB Agent licenses. This agreement and licenses granted by it may not be assigned, sublicensed, or otherwise transferred by licensee without prior written consent of HoneyDB Any licenses violating this provision will be subject to revocation and deactivation.
I tend to charge folks a premium when I have to deal with such bullshit.
The analytics platform for all your metrics. Grafana allows you to query, visualize, alert on and understand your metrics no matter where they are stored. Create, explore, and share dashboards with your team and foster a data driven culture. Trusted and loved by the community.
Hey, Grafana! Such fun, pretty software! Here is a screenshot of their demo site (https://play.grafana.org):
So I went about using all the visual graphing things I could get my hands on. Grafana was quick to get up and running, and nearly impossible to self-host in any meaningful way. There were no docs, and it seemed apparent the front end was open-sourced to drive customers to “Grafana CloudButt”.
So, may I point a domain at this Droplet and get a Let’s Encrypt Cert?
After you create a Grafana One-Click Droplet, Grafana will be installed. Start adding your datasources and dashboards by visiting http://Droplet_IP:3000 The default login credentials are admin/admin - you will be prompted to change this after your first login.
Again, a demo server… so much for fostering a data-driven culture!
In Greek mythology, Prometheus is a Titan, culture hero, and trickster figure who is credited with the creation of man from clay, and who defies the gods by stealing fire and giving it to humanity, an act that enabled progress and civilization. Prometheus is known for his intelligence and as a champion of mankind.
Wow, that sounds like a lot for server software to live up to! Let’s see what this VPS is about?!
Prometheus is an open-source systems monitoring and alerting toolkit part of the Cloud Native Computing Foundation. Since its inception in 2012, many companies and organizations have adopted Prometheus, and the project has a very active developer and user community. Prometheus’s main features are: - a multi-dimensional data model with time series data identified by metric name and key/value pairs - PromQL, a flexible query language to leverage this dimensionality - no reliance on distributed storage; single server nodes are autonomous - time series collection happens via a pull model over HTTP - pushing time series is supported via an intermediary gateway - targets are discovered via service discovery or static configuration - multiple modes of graphing and dashboarding support
Well, at least whoever supports this image must make it really easy to get up and running on a secure production node!
Supported By:Grafana Labs
After the droplet is created you can visit the prometheus UI on
Prometheus by default is configured to monitor itself and nodeexporter. You can add more targets by editing the config file located at /etc/prometheus/prometheus.yml on the droplet. For a run through of what is happening and how to write queries, refer to this guide.
When running in production, you should make sure that prometheus is not exposed to public but rather only to a few users protected by a reverse-proxy/firewall. This guide gives you an example on how to do that using basic auth and NGINX.
Securing Prometheus API and UI endpoints using basic auth
Prometheus does not directly support basic authentication (aka “basic auth”) for connections to the Prometheus expression browser and HTTP API. If you’d like to enforce basic auth for those connections, we recommend using Prometheus in conjunction with a reverse proxy and applying authentication at the proxy layer.
FastNetMon is a very high performance DDoS detector built on top of multiple packet capture engines: NetFlow, IPFIX, sFlow and SPAN/port mirror. FastNetMon can detect malicious traffic in your network and immediately block it with BGP blackhole or BGP flow spec rules. FastNetMon has solid support for all top network vendors and has unlimited scalability due to flexible design. You could integrate FastNetMon into any existing network without any changes and additional hardware!
With clear simple monthly pricing, you can trial FastNetMon for one month completely free.
Okay, so this is a commercial VPS, so there’s that. But check the warez list:
Grafana and InfluxDB are included in this package. It’s almost like they shouldn’t be their own one-click apps. But the thing that caught my attention, something I missed earlier:
AGPL; that’s true and not true. From https://www.mongodb.com/community/licensing:
MongoDB Database Server and Tools
MongoDB, Inc.’s Server Side Public License (for all versions released after October 16, 2018, including patch fixes for prior versions).
Free Software Foundation’s GNU AGPL v3.0 (for all versions released prior to October 16, 2018).
That’s certainly a flag. I mean, for MongoDB. Makes sense FastNetMon would include it. Next!
Zabbix is an enterprise-class open source distributed monitoring solution designed to monitor and track performance and availability of network servers, devices, services and other IT resources. Zabbix is an all-in-one monitoring solution that allows users to collect, store, manage and analyze information received from IT infrastructure, as well as display on-screen, and alert by e-mail, SMS or Jabber when thresholds are reached. Zabbix allows administrators to recognize server and device problems within a short period of time and therefore reduces the system downtime and risk of system failure. The monitoring solution is being actively used by SMBs and large enterprises across all industries and almost in every country of the world.
Zabbix does not play around! Zabbix is enterprise AF! Zabbix has… jabber support!
Well let’s get into it!
First of all, Zabbix is a lot of software. One cubic lot of warez, soft.
Zabbix Java gateway
Okay, here are a few assumptions I make about this project based on that table:
Zabbix is pointedly modular
A lot of GPL, MariaDB and OpenJDK means software freedom is a consideration
Several java apps with a web interface: this software is gonna be cloud-ugly.
Let’s test the last one!
Ah, it isn’t that bad (https://www.zabbix.com/screenshots):
Why? It’s DokuWiki! And it definitely pegs Zabbix to a particular era of enterprise support that included versioned docs for each release as technical wiki books. And if this continues to work for them, then hey, that’s a business model worth investigating!
Oh, anyhow, the docs show setting up reverse proxies and all that. Could use some work there, especially as a one-click install. However, this may not be the best VPS for using Zabbix. Yep!
First, there is one last entry, a branded Zabbix install, in this category. Secondly, as I was poking around in the docs, I noticed 4 Installation from packages [Zabbix Documentation 4.2], which includes all the major food groupsdistro server families. Considering you’ll need to configure your web server separately, that’s probably the best way to go, unless…
The Zeromon Zabbix One-Click will install the latest version of Zabbix 4.0.x from the Zabbix.com software repositories. Additionally, Apache, PHP, Postfix, UFW, and MariaDB will be pre-configured. All that you will need to do is log in to the Zabbix web interface running on your Droplet in order to start monitoring agents. Certbot is also pre-installed allowing you to quickly and easily set up HTTPS/SSL encryption for your Zabbix web interface.
Oh, there’s one more line…
You’ll need to deploy Zeromon Zabbix using an SSH key for login, setup will not complete using a root password
Okay, so this one sounds better than the more Zabbixy Zabbix. Let’s see those warez!
4 (Zabbix repository)
Apache HTTP Server
Postfix mail daemon
Aside: look up Postfix’s license later…
Okay, so LAMP stack with Zabbix and Certbot, even some Postfix. Sounds dope. What is Zeromon?
No, the folks we are looking for make a hosted image for Zabbix, and would love to charge you for it!
*DigitalOcean does not currently allow vendors to charge for marketplace images.
Alas! They have released their something on Microsoft’s code platform, and the README has this quip:
The cost for usage of the Amazon AMI software is $0.05 USD per hour (or basically, $36.00 USD per month) for all instance types in all regions, in addition to the EC2 pricing itself. We also offer a 7-day 100% money-back guarantee.
The DigitalOcean Marketplace “One-Click” installation is currently undergoing testing and is free to deploy for the near future.
So that’s the agenda.
Install from packages it is!
Okay, that’s Monitoring. No voting this time, I’ll do Blogs & Forums next. There are a bunch, so I’ll probably break it up into multiple posts. And some time I’ll hit the monitoring apps for Kubernetes, but it doesn’t really excite me…
And now we come to Blogs & Forums. This category should have the most friendly VPS images, and I would expect most of them to get up and running rather quickly… let’s find out!
Helpy is a modern helpdesk platform written in Ruby on Rails. The goal of Helpy is to power your support email and ticketing, integrate seamlessly with your app, and run an amazing customer helpcenter. Helpy is an integrated support solution- combining and leveraging synergies between support ticketing, knowledge base and a public community. Each feature is optional however, and can be easily disabled.
I was gonna mention how Helpy looks really pretty, or discuss how great it is to handle mail through a CRM, but all I can say is someone at Helpy wrote “combining and leveraging synergies” and then they published it, online, out in the world!
Hmmm. That doesn’t seem like a blog or a forum.
Plesk is the leading secure WordPress and website management platform providing you with a simple yet performant and scalable platform developed for modern website hosting.
With Plesk on DigitalOcean you get access to a modern and lightweight stack to build, secure, and run websites and applications through one intuitive browser-based interface. The 1-click version of Plesk on DigitalOcean is FREE for up to 3 domains.
Ha! That emphasis isn’t even mine! Next.
Over 60 million people choose WordPress to power their websites and blogs. Born out of a desire for an elegant personal publishing system built on PHP and MySQL, its potential has evolved to a full content management system.
To the point, and supported by DO. A LAMP stack with certbot and fail2ban. Basically everything most people would need to run their little blog. Anything more complicated would be ludicrous…
OpenLiteSpeed is the Open Source edition of LiteSpeed Web Server Enterprise and contains all of the essential features. OLS provides enormous scalability, and an accelerated hosting platform for WordPress. This One-Click gives you OpenLiteSpeed, PHP, MySQL Server, WordPress, LiteSpeed Cache, and other useful applications.
It’s like the other WordPress image, but with a weird web server and no fail2ban. Enterprise people sure are different.
FASTPANEL® is a website management tool that aims to break the mold and make site administration easier than ever. FASTPANEL allows users to place full-fledged sites in seconds with just a few mouse clicks.
So, did they have a cap on categories, and Kubernetes pushed out “web management panels”? FASTPANELR obfuscates it’s cost and license, so pass.
The CyberPanel image provides a One-Click installer to automatically install OpenLiteSpeed, LSCache, WordPress, Prestashop, Joomla and git. It also automates the initial setup for components like Mail service and DNS, to reduce the time it takes to get set up for hosting.
“Anything you can do, we can do as middleware!” LiteSpeed at it again!
Cloudron is the eternal arch-enemy of his twin brother Bare-metal. Also known as the Lord of Butts, the Butt Bringer, and the Planet Eaterbutt, he is dedicated to consuming the VPS resources. His massive form is powered by the consumption of RAM, storage, electricity, and even the very billing area itself. Cloudron will not be sated until his ultimate goal is attained: to bring an end to the annoying computer hobbyists boasting independence around him, and find peace by becoming the living center of a swirling, infinite torrent of nothingness at the butt of all things.
Cloudron is a turnkey solution for running apps like WordPress, Rocket.Chat, NextCloud, GitLab, OpenVPN & many more. Cloudron performs end-to-end deployment of apps including provisioning databases, automated DNS setup, certificate management, centralized user management, periodic backups. Apps on Cloudron also receive automatic updates saving you the hassle of tracking upstream releases and keeping the installation secure.
Oh, Cloudron is a solution.
cPanel & WHM®
The cPanel interface allows your customers to do a multitude of things to manage their sites, intranets, and keep their online properties running smoothly.
Remember when we used to install blogs and forums and stuff? I think it got lost in the “multitude of things”…
Discourse is the 100% open source discussion platform built for the next decade of the Internet. Use it as a mailing list, discussion forum, long-form chat room, and more!
Hey, I know that one! And I do use it as a mailing list, discussion forum, long-form chat room, and more!
Because Discourse basically runs from Docker, I don’t think it much matters how you get to that point, so this might make sense. I’ll test it out soon.
Also, Discourse is GPL. Say what you want about the GPL, but it is chosen by some of the best projects.
Open Source Social Network
Open Source Social Network (OSSN) is a social networking software written in PHP. It allows you to host your own private social networking site and helps your members build social relationships with people who share similar professional or personal interests. It is available in 10 international languages.
And created their own license (https://www.opensource-socialnetwork.org/licence/):
OPEN SOURCE SOCIAL NETWORK LICENSE (OSSN LICENSE) v3.1
The Open Source Social Network License does not permit incorporating your program/software into proprietary program/software.
Permission is hereby granted, free of charge, to any person obtaining a copy of this Program/Software and associated documentation files (the “Program/Software”), to deal in the Program/Software with restriction, including limitation the rights to use, copy, modify, distribute, or sell copies of the Program/Software.
“Copyright” also means copyright-like laws that apply to other kinds of works, such as semiconductor masks.
To “modify” a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a “modified version” of the earlier work or a work “based on” the earlier work.
“You” refers to the individual/organization that uses the program/software.
2. Modifying, copy, distribution/selling of Program.
2.1 You are allowed to modify the program/software subject to the following conditions:
2.1.0 You shall not remove the copyrights including powered by notice/links.
2.1.1 You shall not try to apply any techniques that hides copyright, ‘powered by’ notice/links.
2.1.2 You shall not claim the ownership of the software. The users data and the contents on the website is your ownership (you own the contents except the software itself).
2.2. You are allowed to distribute, sell the copies of product keeping the section 2.1 in view.
2.3 If you use the part or piece of software code within other software you must include the visible ‘Powered by Open Source Social Network’ in the footer of website.
2.4. You shall not sell or modify the logo of ‘OPEN SOURCE SOCIAL NETWORK’ and use it on your website.
3. Other 3rd party open source program/software
Some of other open source program/software within this program/software released under different license like LGPL, MIT etc, you shall agree to the respective license. We tried to put the license name in the comment section of respective file or sub-program/software.
4. Violation and Termination of License.
If your use of program/software violates the license, the license and the use of program/software shall terminated immediately.
5. Revised Versions of this License
The Open Source Social Network Authors may publish revised and/or new versions of the Open Source Social Network License from time to time. Such new versions will be similar to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number.
6. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
7. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
8. Interpretation of Sections 6 and 7
If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee.
That’s too bad, I like self-hosted social networks. I was available to be wow’d…
Ghost is a fully open source, adaptable platform for building and running a modern blog or publication.
I haven’t installed Ghost, and hardly used it. It’s proponents never hit any talking points that interested me, and commercially WordPress keeps me busy. Also, #gohugo. But if I wanted to test it out, this is how I’d do it! Spin it up, test it out, maybe move to production.
One thing I like is the Ghost-CLI, or I presume I will. I like wp-cli. And I like drush. And command lines in general.
So, this category should be called, “Blogs (WordPress, Ghost) and Forum (Discourse) and web management panels and whatever Microweber is”. At the very least drop the plural from Forum.
What is Microweber? Microweber is a Drag and Drop website builder and a powerful CMS of the new generation. It’s based on the PHP Laravel Framework. You can use Microweber to quickly and simply make any kind of website, online store and blog. The Drag and Drop technology allows you to build your website without any technical knowledge.
The core idea of the software is to let you create your own website, online shop or blog. From this moment of creation on, your journey towards success begins. Tagging all along will be different modules, customizations and features of the CMS, among them many specifically tailored for e-commerce enthusiasts and bloggers.
The most important thing you need to know is that Microweber pairs the latest CMS trend –unique Drag & Drop technology– with a revolutionary Real-Time Text Writing & Editing feature right in the browser. Talking in user benefits, this pair of features means improved user experience, easier and quicker content management, visually highly appealing environment, and simple flexibility.
Okay, that all sounds great. MIT license, too! But their website is about selling plans, and doesn’t link to the code, and that is a bad pattern for a sustainable CMS. We know this from experience. Maybe we’ll uncover something here… one day.
Well, I thought that was gonna take longer than it did. Mostly because these web management panels should be in their own category, and this is a “marketplace”, and that means if it isn’t DO trying to get people in the door, it is a marketing team of various skill levels trying to get you to one-click. Bummer.
Okay, what now? Well, I’ll probably glance at the Kubernetes things. I wanted to find hobbyist servers, maybe encourage folks to spin up something new. But Kubernetes ain’t that.
I think I’ll go through and #quest-board the interesting packages, start building a database of software that interests me. We are in post-processing.
Okay folks, I’ve processed this, and created a few #warez quests, but for the majority of these I’ve no interest. Are there any VPS instances folks thought were particularly interesting? #quest-board it and tag it #warez!