14
submitted 1 year ago* (last edited 1 year ago) by tarneo@lemmy.ml to c/selfhost@lemmy.ml

Tl;dr: Automatic updates on my home server caused 8 hours of downtime of all of renn.es' docker services including email and public websites

top 8 comments
sorted by: hot top controversial new old
[-] Moonrise2473@feddit.it 10 points 1 year ago

I don't want to seem rude, but in my opinion automated unattended updates on Gentoo is a bad idea.

[-] tarneo@lemmy.ml 4 points 1 year ago* (last edited 1 year ago)

That's what I learned :-)

Edit: no saying that isn't rude

[-] ReversalHatchery@beehaw.org 5 points 1 year ago* (last edited 1 year ago)

While we are here: what do you think about unattended updates on Debian and such? (as such being derivatives, including Proxmox VE)

[-] tarneo@lemmy.ml 6 points 1 year ago

Unattended updates are 10x better because those programs allow you to only do security updates. Plus they are much more stable, and something like this would never happen on a stable distro.

[-] thisisawayoflife@lemmy.world 2 points 1 year ago

What is the reason to shy away from Ubuntu? It is pretty solid in terms of automatic updating and rebooting. I used to be hardcore centos but I gave up after all of the hubbub around 8. I just need to server to update, reboot when necessary and keep running all my stuff so I don't have to touch it. In my old age, I don't care to tinker anymore - I just want my services running and I want reports given to me about health and status.

Also, if you're concerned about privilege escalation, running a MAC is probably a good idea. SELinux saved my hide one a dozen years ago with a php bug where I did not sandbox an app properly. Thankfully, SELinux caught this and prevented anything bad from happening.

[-] tarneo@lemmy.ml 1 points 1 year ago

what is the reason you shy away from ubuntu? Canonical. Snaps. Ubuntu is the first server OS I used, and while it was quite good I think I prefer using a base distrobox instead of a derivative. If I'm going to use Debian, I'll use Debian. Not Debian with corporate stuff on top.

As for SELinux: I've tried around a year ago. But as soon as I started doing stuff with users and tweaking docker permissions things went wrong and I just set it to permissive. Maybe I'll try that again soon, because other parts of managing servers have become much easier over time as I learned. I agree that having a server without SELinux is quite dumb and not very professional.

[-] thisisawayoflife@lemmy.world 1 points 1 year ago

Permissive mode is definitely a life saver. My path was usually exercising the application in permissive mode for a few days then running the SELinux scanner on the log file to determine what roles needed to be setup. Same with the Debian/Ubuntu equivalent.

Good luck!

[-] yote_zip@pawb.social 1 points 1 year ago

Blind automatic upgrades are a bad idea even for casual home users. You could run into a Linus Tech Tips "do as I say" scenario where it uninstalls half your system due to a dependency issue. Or it could accidentally uninstall part of your system that you don't notice.

I'm not sure how stable Gentoo's default branch is but I know that daily upgrades on Arch Linux is close to suicide - you have a higher chance of installing a buggy package before it's fixed if you install every package version as it comes in.

I'm surprised this strategy was approved for a public server - it's playing with a loaded revolver and it looks like you were finally shot.

this post was submitted on 20 Aug 2023
14 points (93.8% liked)

Self Hosted - Self-hosting your services.

11399 readers
3 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules

Important

Beginning of January 1st 2024 this rule WILL be enforced. Posts that are not tagged will be warned and if not fixed within 24h then removed!

Cross-posting

If you see a rule-breaker please DM the mods!

founded 3 years ago
MODERATORS