Yesterday I started using Ghost and I simply ran
npm start in a Tmux session.
This is obviously not the best way to do it so I have made some improvements now.
After reading a bit of deployment docs, which by the way are very nice, I decided to give pm2 a try.
So if you already have Ghost blog configured then you only need to install pm2 and maybe create some simple start script.
sudo npm install -g pm2
Then, to launch and daemonize ghost, simply do:
pm2 start index.js
To check on its status
pm2 show index
The (super complicated) start script for my ghost is now:
NODE_ENV=production pm2 start index.js
pm2 show index
I have been thinking for couple of days now that I should give Ghost a try.
Since I am re-starting blogging and all, might as well try different blog engines while I’m at it.
It would be no fun installing it on linux, so I decided to use FreeBSD VM on Digitalocean + a Jail inside of it.
Downloaded and unpacked ghost and then hit a bug.
Nodejs sqlite module would not install.
2695 error FreeBSD 10.1-RELEASE-p10
2696 error argv "node" "/usr/local/bin/npm" "install" "sqlite3"
2697 error node v0.12.6
2698 error npm v2.12.1
2699 error code ELIFECYCLE
2700 error firstname.lastname@example.org install: `node-pre-gyp install --fallback-to-build`
2700 error Exit status 1
2701 error Failed at the email@example.com install script 'node-pre-gyp install --fallback-to-build'.
2701 error This is most likely a problem with the sqlite3 package,
2701 error not with npm itself.
2701 error Tell the author that this fails on your system:
2701 error node-pre-gyp install --fallback-to-build
2701 error You can get their info via:
2701 error npm owner ls sqlite3
2701 error There is likely additional logging output above.
2702 verbose exit [ 1, true ]
Googled a bit and found Ghost forum thread and a page on ghost wiki
The problems there were related but also a bit different and those solutions did not apply fully for me. I found though by reading the debug log that actually I was missing gmake and python in my jail.
I managed to resolve those errors by installing gmake and python and by updating npm modules. But later on discovered that much simpler solution is to install sqlite3 from FreeBSD package.
I have now tested this on a clean jail and at least from my perspective to successfully install ghost on FreeBSD 10.1 you only need to:
sudo pkg install node npm sqlite3
npm install --production
I have been meaning to try out both IPFW and PF.
After reading bsdnow pf tutorial and skimming over nice FreeBSD handbook’s pf section I was a bit hesitant to try PF on FreeBSD as it was said to have slightly older version from OpenBSD and that would cause syntax to differ. So I tried out IPFW first and it was really simple to set up however after adding some rules I realized that I’m not loving the syntax.
So I thought that it’s time to give PF a go (especially since I’m not too comitted to IPFW yet) and it turns out it’s not so bad with those syntax differences, though I did run into one.
Once I wrote up a minimal ruleset with PF and tried to load load it I was getting syntax error:
[fx@badger ~]$ sudo pfctl -f /etc/pf.conf
ALTQ support in kernel
ALTQ related functions disabled
/etc/pf.conf:21: syntax error
pfctl: Syntax error in config file: pf rules not loaded
However there really was nothing eye catching on that line.
So after some experimenting and more careful re-reading of handbook it turns out that FreeBSD’s PF version wants all the lists to be enclosed in curly braces (just as it shows on the nice FreeBSD handbook). Doooh.
After changing that one syntax problem PF complained a bit more about rules ordering
/etc/pf.conf:13: Rules must be in order: options, normalization, queueing, translation, filtering
But that was an easy fix of changing the order (which totally makes sense).
Then I tested rebooting the machine and realized that even though I have
/etc/rc.conf set up correctly, the PF is not loading the rules on boot.
Enlightment came when I realized that this is because I am using my OpenVPN
tun0 interface in the rules and it is not available until after OpenVPN has come up. So I changed the rules to use vpn IP instead of the nic and all was good.
I really like the fact that PF does some syntax checking before it loads the rules. Much better than realizing that your SSH session has hung because you made a noobish mistake in the ruleset 🙂
And also loving the nice stats and counters it can print out.
Overall a positive first experience with PF.
All of my linux servers are connected over OpenVPN and now came the turn for my new FreeBSD droplet to join them.
Ran into one small issue. Upon installing and configuring OpenVPN I was getting this error:
Sun Jul 12 17:59:49 2015 us=222242 Cannot allocate TUN/TAP dev dynamically
Sun Jul 12 17:59:49 2015 us=222330 Exiting due to fatal error
Since I am using tun and not tap, tried manually loading
[fx@badger ~]$ sudo kldload if_tun
kldload: can't load if_tun: module already loaded or in kernel
But that just showed that this is not the problem.
tun interface manually and no probs:
[fx@badger ~]$ sudo ifconfig tun0 create
[fx@badger ~]$ sudo ifconfig tun0
tun0: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
That pointed me to my
openvpn.conf config and sure enough I had specified my VPN device as “VPN”:
Ths works great in Linux but apparently not in FreeBSD. Changed that to
tun0 and problem resolved. Yay.
So just for the record, working OpenVPN installation steps:
sudo pkg install openvpn
Enable OpenVPN starting at boot by adding this to
Configure it, the default config file is
/usr/local/etc/openvpn/openvpn.conf and looks like you have to create
/usr/local/etc/openvpn directory manually.
remote openvpn.server.somewhere.com 1194
# certs that you got from vpn server
# don't forget to make sure this is rotated
It has been couple of years at least (more like three) and I am thinking about blogging again.
Why? Well, why not.
So let’s see if this becomes yet another failed attempt or not.
This time I’m using Jekyll as the blog engine.
Easy to set up and I relly like the idea of static content. Otherwise with the various dynamic options it would be yet another thing that needs maintaining and security patching.