Hosting several sites on same server using Docker

Developer help Self-hosting
1

I currently have three sites hosted on a single server using Ghost 5.130.2.

The goal is to migrate these to a new server.
I am tempted to use Docker, as it’s already installed and used for various other things on the new server.

I understand that Ghost v6 in Docker is still early days, but in case someone has experience in this it’d be great to hear about it.
For example:

  • I guess (don’t know for sure though) that each site needs its own ghost container, but what about
    • caddy and MySql should be shared across all site containers… anything else would be a waste of electrons.
    • What about the other containers?
      • traffic-analytics
      • activitypub
      • tinybird-login
      • tinybird-sync
      • tinybird-deploy
      • activitypub-migrate

Or is using Docker for this a time-consuming way of asking for trouble…?
Better using the old file-based Ghost deploy, which is proven to work well?

Thanks guys,

/G

2

Both traffic analytics and activitypub (and their dependencies – which are rather “jobs” and not runtime containers) are designed to serve multiple Ghost sites. So, you could theoretically have a docker compose for all “shared services” and one for each Ghost site – or any other combination.

It will certainly require some tinkering. Setting up traffic analytics and activitypub isn’t quite straightforward, but doable. In my eyes, once you’ve set it up though, it requires less maintenance (since all dependencies are in the containers) than the CLI.

3

i use the docker container on docker hub and host multiple sites with that.i have a couple volumes for each site service mapped to the file system so i can customize the themes as needed. everything ghost core is still mapped inside the container. i have them all behind cloudflare on separate tunnels, a waf, and then to the proxy which kicks the connections out to that vm on the specific port for the ghost instance

4

Yeah that’s my thinking as well.
Well, it will be an adventure, and best case it will even work. Easy choice! :smiley:

3 Likes
5

@jannis Worked a treat.
Sure, some initial toothing issues, but all in all it was pretty smooth.

Even managed to get a reasonable fail2ban setup for protecting the sites.
With associated banning data pushed into an InfluxDB store and visualized in Grafana.

image
image1920×1099 240 KB

I am always amazed of how much…cr*p is being thrown at sites these days.
Long gone are the friendly days of BITNET:slight_smile:

The fail2ban setup was a bit interesting though.
Not entirely clear what jails should be used, but I ended up using these:

  • ssh (of course…)
  • ghost-private-auth: One of the sites is password-protected, this jail detects repeat attempts at that password prompt
  • ghost-magic-link-spam: Repeat requests for a email with login link/code
  • ghost-admin-auth: If the site has a separate admin domain, this will detect repeat login attempts there
  • ghost-rate-limit-errors: Generic rate limit detection for trying to block DOS attacks

Could probably find one or two more that are relevant - I am all open to ideas if someone have any.

1 Like