Soon i am going to deploy my first phoenix app. And that will be also my first deploy experience. I decided to use vps. I really dont know what kind of problems will have in future about servers. For example, what do you use for avoid database data loses, and for backup? And another related problems after deploy i will face to.
Can you share your experiences please?
Also i really want to see opinions of @kokolegorille @peerreynders @OvermindDL1
Do you have experience administering a Linux server? If not, you might not want to use a VPS.
Instead, take a look at PaaS services; You can run Elixir on CloudFoundry or other systems via Docker, even Google App Engine now supports Elixir or you could go with a specialized service like Gigalixir.
No i havent experience administering a linux server. Just some tutorials. This is my first app.
Instead of paas i want to experience via vps for future deploys. My concern is after deploy problems. I want to know what kind of problems can be and what is your solutions from your experiences.
If you do not have someone who takes you by the hand and explains you how to secure your server properly, how to back it up properly and all the other stuff, do yourself a favor and use a PaaS.
Especially securing up the server can cause a lot of legal issues when doing wrong.
Depending on the kind of your service, data leakage or data loss can cause your customers a lot of trouble which you then will have to compensate for, not to speak about your applications reputation…
If you are doing this as a hobby-project, however, I would like to say: do use a Virtual Private Server. There’s no better way to learn something than doing it yourself, and there is a plethora of tutorials out there.
@NobbZ Thanks for reply. Your comment made me scared about security . Will i need more than default server configrations ? I was thinking security mostly about in app codes and bugs.
@Qqwy it wont be hobby app. Small startup project. I want to use vps because when it grows i want to be able scale better.
You will most definitely need more security than just the default server configuration. This is why people use PaaS so they don’t have to deal with this. Think of PaaS as outsourcing your server administration.
Scaling on most PaaS ist easier than on a VPS. Like @Qqwy said, if you’re doing this as a hobby project, you might consider setting everything up yourself a useful learning experience. But if you’re not yet experienced and plan to handle real user data, you can’t just start an Ubuntu VPS and be done with it.
thanks all of your comments opened my mind. I will use a PaaS for this app. I can experience vps, with less security needed another app
sounds like going with a Paas is a good idea, yeah…
for the hobby project these articles should get you started A Beginner's Guide To Deployment with Edeliver and Distillery
Once you want to test it out this one also has some tips, from setting up a basic firewall in ubuntu, to using ssl certs https://medium.com/@zek/deploy-early-and-often-deploying-phoenix-with-edeliver-and-distillery-part-one-5e91cac8d4bd . You can use the same guide mostly as it is for ubuntu on ec2 too. EC2 also offers you some protection out of the box, in the form of security groups (so that you lock out SSH access for any ip other than your own, block all outbound requests except for http (or https only)).
@amnu3387, @outlog thanks for good article. Do you think that guide enough for security?
Also for phoenix apps, should i focus cpu or memory. How much resources will be enough for my app ? In observer i see 50mb total ram usage with server start. Let me guess nearly 50 requests for a sec.
I doubt it’s good enough but I think security is something very hard to get right no matter what. I’m by no means an expert in security and I think you need to take it seriously, but I also think if you never try to understand what are the things you need to take care of then you’ll never be able to deal with that, and you’ll always have to outsource that part to someone or something else (which is probably a good option, most of the times, except when it’s not).
I think ultimately security is more of a human/social engineering question than it is about brute forcing. Of course there are exploits and ways of exploiting systems by technical means, but the big problems are usually more in leaked information through non technical means (it would seem).
Then you have the reality of using open source to develop programs. Although some part of it is peer reviewed you never know what those hundreds of libs npm just installed on your app folder so you could use Object.keys on IE 8, or upload a file through ajax actually do. Ditto for every other lib out there, unless you have the time and knowledge to go through all of them.
Then if you go deeper on the rabbit hole, you see that it seems that even a processor can somehow be exploited? And that even SSH key libs are routinely found to be broken in some way/measure. Now imagine what goes on every other piece of software out there, written casually, out of the main job. I think that if whatever you’re doing holds important information that can compromise others safety, privacy or wtv, then you should try to understand and limit the surface of attack, and try to understand how things work together, and possibly outsource part of the security to another service - so as to have some protection in case of a problem - but that’s about all you can do.
Of course heroku and whatnot will provide you better guarantees against a DoS (they need to protect their own infra-structure against that), known exploits, they’ll have engineering teams just dealing with security (most of the times smarter than most developers), closed “systems” by default and so on. But perhaps you can start with something like EC2 in AWS which is already architected in a way as to diminish the surface you can screw up yet is not as much hand-holding as heroku so allows you to understand better what’s going on and how you could implement some things for yourself as you move on further?
Like I said this is by no means coming from a security expert, so take it with a grain of salt, just what I would think are common sense points.
Thanks amazing comment. Another question if i start with a PaaS can i move my files to a vps in future?
Database, user images etc… all of my app
Why not, should be more or less easy - there are no restrictions like that - except you’re using some provider-specific functions, in that case you’ll need time to rewrite related pieces
I don’t think you’ll be saving user files in most Paas (at least heroku) as they don’t provide long-term storage - so you’ll probably use an external form of storage (S3, etc) which is agnostic to where the requests for the files are coming and independent of the underlying app. If you use EC2 you could write in it, but it just doesn’t feel right either way. From the database point of view as long as you have a connection to it you can always dump it somewhere. Some options/plans will allow you to backup and export through an UI, but you can always, last case scenario do it by yourself and (since you have the schemas as part of your app, and you have access to the data), again, I think there will be already designed libs to do that in case you need (db dumps). Your app will be on your your computer or/and on a cloud version control.
I see then no local files i need to use S3 for images. Thanks i havent known that
I don’t think you’ll be saving user files in most Paas (at least heroku) as
they don’t provide long-term storage - so you’ll probably use an external
form of storage (S3, etc) which is agnostic to where the requests for the
files are coming and independent of the underlying app.
Exactly, and there’s no reason you can’t build your app this way
from the start: store your images in S3 in development, use a
remote (e.g. AWS RDS instance) DB in development, etc.
Decoupling these services from the start will give you flexibility in
deployment options for the future.
Fwiw, the absolute best experience is doing it. Read through tutorials for machine setup on Digital Ocean that will step you through the setup and configuration process.
If this is going to be something that is critical for you or somebody else…I’d recommend using a platform until you are comfortable though.