Differences

This shows you the differences between two versions of the page.

--- hosting:hostingchangeplan [2023/06/05 14:45] – [Ongoing work] jim
+++ hosting:hostingchangeplan [2024/04/19 09:44] (current) – Correct formatting jim
@@ Line 1: / Line 1: @@
 ====== Moving hosting away from Bytemark ======
-Bytemark's new owners (for the last few years) IoMart are looking to tackle their steadily declining share prices by stopping all support on Bytemark's BigV hosting system. They offer to replace our VPS will one from their standard fleet, but as they are no longer the technical-lead organisation they were, but a set of financial engineers, I would like, if we are to move the hosting, to put work into moving it to a different organisation. Specifically I have in mind [[https://mythic-beasts.com|Mythic Beasts]] with whom I am moving my personal hosting from Bytemark.
+Bytemark's new owners (for the last few years) IoMart are looking to tackle their steadily declining share prices by stopping all support on Bytemark's BigV hosting system. They offer to replace our VPS will one from their standard fleet, but as they are no longer the technical-lead organisation they were, but a set of financial engineers, I would like, if we are to move the hosting, to put work into moving it to a different organisation. Specifically I have in mind [[https://mythic-beasts.com|Mythic Beasts]] to whom I have recently moved my personal hosting from Bytemark.
 ===== Current situation =====
@@ Line 20: / Line 20: @@
 Publication of popular articles in particularly Overload can cause load spikes that seriously degrade website performance. We don't have much headroom.
-On the plus side, ioMart have not yet stopped Bytemark's generous provision of the above (except for the recent increase in storage) gratis.
+On the plus side, ioMart have not yet stopped Bytemark's generous provision of the above (except for the recent increase in storage) gratis. They have, though, started withdrawing their support for some more high profile sites they previously supported, so I think we cannot depend on our support continuing indefinitely.
 ===== Goals =====
@@ Line 36: / Line 36: @@
 ===== Trial work =====
-I run a personal server setup that is not dissimilar to the ACCU setup, though with rather less traffic. I have recently completed the process of moving this from Bytemark to Mythic Beasts. Specifics are:
+I run a personal server setup that is not dissimilar to the ACCU setup, though with considerably less traffic. I have recently completed the process of moving this from Bytemark to Mythic Beasts. Specifics are:
   * Two hosts configured.
@@ Line 49: / Line 49: @@
 ===== New hosts =====
-Almost uniquely, I believe, Mythic offer hosting on Raspberry Pis. Pi hosting means you get a dedicated, not virtual, host with network attached storage, at an rather attractive price. I have two hosts, one a Pi3 w/ 1Gb RAM and the other a Pi4 w/ 4Gb RAM, both with 100Gb network attached storage. For these I am forking out the princely sum of 15GBP per month. That's all together, not each.
+Almost uniquely, I believe, Mythic offer hosting on Raspberry Pis. Pi hosting means you get a dedicated, not virtual, host with network attached storage, at an rather attractive price. I have two hosts, one a Pi3 w/ 1Gb RAM and the other a Pi4 w/ 4Gb RAM, both with 100Gb network attached storage. For these I am forking out the princely sum of 15GBP per month (inc VAT). That's all together, not each.
-The one downside of this offering is that only IPv6 connectivity is provided. Mythic observe that the annual cost of a single IPv4 address now exceeds the const of the entire computer. They do, however, provide website IPv4 proxying, which I find works very well, and also IMAP proxying, plus NAT64 to handle outbound traffic to IPv4 addresses. Inbound email needs to be passed through their servers, and I have yet to experiment with this. It does mean I can't run spam detection and rejection on connection. However, I have learned that the Mythic email servers run exactly the same spam setup as I currently use - ''rspamd'' and rejecting anything from a host on the SpamHaus ZEN blacklist - so at present I expect this setup to actually simplify my host configuration.
+The one downside of this offering is that only IPv6 connectivity is provided. Mythic observe that the annual cost of a single IPv4 address now exceeds the cost of the entire computer. They do, however, provide website IPv4 proxying, which I find works very well, and also IMAP proxying, plus NAT64 to handle outbound traffic to IPv4 addresses. Inbound email needs to be passed through their servers, which they configure to forward to the Pi.
-I am using SaltStack for configuration management, and (of course) keeping Salt configurations under version control.
+The Mythic email servers do run all incoming email through ''rspamd'' and reject anything from a host on the SpamHaus ZEN blacklist. So email arrives locally with headers reporting spam status, and I propose to use these just to deliver suspicious emails into Junk if delivering to a local mailbox, or just discard if destined for a mailing list. On my server, I continue to run ''rspamd'' locally, so I can train its filters, but won't initially configure that for ACCU unless spam volumes to ACCU mailboxes make it advisable.
-If I can successfully complete this personal project, I suggest ACCU considered following a similar course. For ACCU use I would suggest we go for a pair of RPi4s, but 4Gb RAM, one with 100Gb and the other with   200Gb network attached storage. Paid annually, that would cost 20.50GBP inc VAT per month and give us permitted bandwidth of 2Tb per host per month, which should comfortably accommodate our needs. (I should explain that right now I am typing on my laptop, which for reasons has a US keyboard, and I can't find the GBP sign).
+I am also considering changing all current ACCU forwarding aliases (e.g. ''secretary@'', ''chair@'') to proper IMAP mailboxes. This will enable communication continuity when officers changes, but also solve problems with alias forwarding, which has become unreliable in the modern email world, as the forwarded messages do not come from expected servers and can be treated as spam.
+I am using SaltStack for configuration management, and (of course) keeping Salt configurations under version control. Configuration for my personal sites can be viewed [[https://git.lunch.org.uk/jim/MythicSalt|here]] if you're curious.
+Having successfully complete this personal project, I suggest ACCU considered following a similar-ish course.
+I suggest ACCU rents one RPi4 with 8Gb RAM and 200Gb network attached storage. This would host the website build infrastructure (Git/Gitea, and add Jenkins for CI), email/mailing list, certificate handling, membership database. Backup archives would be created on host and ''rsync''d by certificate access to offsite backups - in the first instance my home server, but other volunteers are welcome.
+For the foreseeable future we need to keep the old website running for the membership system. This in turn has to use an antediluvian version of PHP, which I think realistically means we need to run it on our own host. We can continue to run it for the foreseeable future on the Bytemark server, and also look at using that to continue to server the main website. Alternatively, I suggest renting a second RPi4 with 4Gb, but only 100Gb network storage. This will host this wiki, the membership system and database, the World of Code Wordpress blog aggregator, and, initially at least, the main website.
+We should then look at improving the main website hosting by deploying onto a hosting service & CDN. All I can do here is to hand-wave at the [[https://gohugo.io/hosting-and-deployment/|relevant Hugo documentation]].
+Alternatively, if offers of hosting (such as Guy has made in the past) stand, we can deploy copies of the main website among a fleet of servers.
+The cost of 2 Mythic RPi4s as above, paid annually, would cost £168 and £111 inc VAT. Permitted bandwidth would be 3Tb and 2Tb per month respectively, which should comfortably accommodate our needs.
+====== accu.org domain ======
+As part of the moving process we would also need to move hosting the ''accu.org'' domain to Mythic Beasts to enable generation of Let's Encrypt certificates. This would cost £15.50 + VAT for a single year, or £75 + VAT for 5 years.