I've had some time while the kids are facing their tablets for afternoon entertainment, so I've kicked in some progress on making the Docker container version of this blog software work.

When I left it last night, I could run it on my desktop, but I couldn't get it to work deployed to my container server. At 3AM (which is only an hour after I turned in), the face-palm hit me, and I realized I was mounting too deep into the /etc/letsencrypt folder, to where the files I needed are actually symlinks to parent folders. It worked on my desktop because I copied the files from there, losing the symlinks. By changing the config a little, to include that deeper path, and moving the mount to that root of /etc/letsencrypt, suddenly the PEM files were accessible in the container, and it started!

I spent a little time fighting over how the media files were copied (the occasional picture or whatever), and their permissions, but going into the container and fixing the permissions there, instead of trying to do it from the host, did the trick. Probably some Docker magic I haven't wrapped my head around.

I also got the right place to slip the time zone information for the blogs, so that I don't have to alter the core blog software. Curiously, it doesn't leverage the basic config script that the other "my site" bits are set on. An obscure blog post pointed out the right php_value in the Apache config would work actually worked! Now the blogs are reporting the desired time zones!

For one blog, there was a big gap between its current version and the latest (whoops). I had built the Docker images separately for each blog site (I'd really like to work out the variables solution, and get it from the container manager), and excluded the "install" directory, which has abuse and security problems, and is recommended to be deleted by the blog peeps. For that one, I built the image with that folder so it could run the update, and then let it go. I then rebuilt it without the folder and now it's running just fine.

I noticed the logs aren't exporting to Splunk correctly. They're by default going into /var/log/apache2 instead of syslog or another. I'll correct and redeploy them all later, so that the logs both don't pollute the containers, but also get exported for analysis. While investigating this, I realized that the virtual domains all have their own error logs, which on the one server is getting correctly pulled into Splunk (local folders), but in the containers where those configs were copied, they aren't being seen by the Splunk forwarder. Missed because other logs are being seen, so small thing.

Most frustrating, I still haven't gotten over how to get my new container to build without putting the variables in files that get baked in. I can make it so those files aren't committed to git, which is a small silver lining, but that means if I change development machines I have to recreate them to rebuild anything. I'm using a private git repo, so they should be safe for now, and when I get it fixed, I'll drop these repos and build them from scratch. Until then, grimacing and bearing it.

Much progress has been made. If I lick that environment variable bit, I might throw this on public Docker and make mention of it in the blog forums. If I have to leave it like it is, the instructions become "git clone the repo, copy the template and add your private information, docker build and push, enjoy." Not too bad, but still makes everyone build containers with credentials inside. So much not cool.