 All right, so hi everyone. So we are Yeah, so my kids here. So we are in the oysters and we are going to present our project today So this is Pierre and Tim and we started this business about three years ago So we are doing we are hosting free software. We're doing free software as a service as we say and Today we're going to explain how we do it where we do it and what exactly we do So we're going to focus more on the how because I think that's what's interesting you here So The idea is that we started from a statement. So we all love free software We all promote free software, but it can be really a pain in the ass to host it So if I'm a business for instance, and I want a cloud for sharing my files calendar, etc If I go to Dropbox, it's super easy. I just have this sign up button Fill the form and then I've got everything set up if I want to use next cloud for instance, it's not the same so I've got So I just click on get next cloud and I get this install button download button So I have to install it myself and that's like really a bottleneck for 98% of the people And that's those people that really need it and that's we want to have them So we're trying to do this intermediary role of hosting it for yourself and integrating it So it's you get just this sign up button and you can get your cloud your chart your WordPress Whatever you want and that's pretty much our goal So as if you go to the next one next on the website, for instance You get this sign up button and our dream is that you get this sign up button and on every free software Like could be in your search, of course, but it could be another business So that's really the idea to it to provide the easy access to to this and Yes, so that's pretty much the vision so now I'm gonna Let Pierre talk about more the technical aspect of it and how we make it happen yes, so if we you just saw the conference about Chateau and if you think as Chateau as a free software they are writing the draft of the protocol of how Chateau will be developed and The project we are developing for indie roasters, which is called Libre SH or SH is like an implementation of this protocol and So some Chateau would prefer to use dbian and others Ubuntu Windows is not allowed because Chateau is just free software right and Libre SH is an implementation and as an implementation we have strong opinion about how this job should be done and We did a bet three years ago when we started to use Docker and look at it for us. It's actually broadly adopted nowadays and Okay, right now Libre SH is just on one server But the idea is to transition to some stuff like kubernetes and be able to deploy it on clusters And so I will show you how it's easy to install Does it work like this easy to install your own Libre SH and So how you can bootstrap easily your own Chateau for you your family your association your small and medium business or whatever Okay, so this is the live demo time on the command line I'm not afraid So I Just I just start by creating a VM on the cloud provider and this is in the rhythm of Libre SH but there are also instructions to install it on bare metal and Then you are free to make instructions for whatever you use But to make it easier. I just use a VM on digital ocean Okay, and so So what I'm doing now. It's actually fully installing Libre SH system so Now I will get an IP for this server and what I will do is to Point all my domains to this IP like it's an important step For the demo to show you how we generate automatically our Certificates using let's encrypt So here's the IP I go to my DNS provider And it's awful But okay So in some minutes the DNS will be propagated and I will wait until So we rely heavily on Docker and I will show you Okay So I'm on the VM. Yeah, I should do We still have to manage a bit better the rights So here is one part of the file system called System and this is where we install all the the modules of the system and So the main module is the load balancer. This is where All the traffic the ctp traffic is entering So we use hf proxy as a load balancer and we have we use containers and there was a little companion that is taking care of Let's encrypt so I will start by installing my load balancer as So I will So module is a basically just a git repo in the host is proxy Okay, so I go there and then I just leave a start So I just started my proxy I can consult the journal and What you see is that it's pulling some Docker images And basically Everything like all the packages like there are user packages like web applications and modules And everything is a git repo containing a docker compose at the moment, but the idea is to migrate it to Kubernetes at one point Okay, so if we look at the journal, it's pulling images and that's why it's a lot better to use a VM Because this VM has a good Good download a link whereas here I would not be able to do this implementation Okay, so it looks like everything is running. Yeah, actually my chat So everything should be running and if I leave a PS Well, the output is not really pretty but everything is up. So it's kind of finished So I just want to check that this IP got propagated in the meantime So if I ping Cloud no, sorry. Yeah No, sorry. Okay So my IP is propagated and now I'm ready to deploy applications so What do you want for your association? Okay, it's a pair Install next cloud. So it should be as easy as Libre provision So you specify a parameter code you for URL and you put the URL. So let's say cloud dot Libre dot sh You specify the application. So it's github.com Slash in the hosters will migrate to git cloud soon, but it takes time, you know Next cloud and I will start it right away and And there was one more flag which is called by it's just to buy the domain name if I didn't buy it yet But yeah, I already bought this domain name. So I don't okay. There are some warnings, but you know, you can safely ignore the warnings Now it's just that normally there is an email back-end and it provisioned an email automatically for each instance So then next cloud will be able to send emails. So this instance of next cloud would not be able to send emails but that's fine for the demonstration and so if I go to data domains and to cloud Libre slash and to Libre journal again, it's just pulling some Docker images and Here actually we are a bit lucky because If you see here This means that it's an official Docker hub image. It's great because it means like we don't have to manage this package Well, actually we did the Docker image for next cloud, but We don't really we have many people maintaining it not us only okay, so looks like things are working If I leave a PS everything seems up. I can Libre logs to see what's happening Yeah, it looks like nice and so We have an X cloud instance And with the HTTPS certificate and Now we need a chat also right because chat is trending. We don't have metrics yet, but So we can also install Chat dot Libre dot sh with the application hosted on github.com slash in the hosters slash rocket chat And in the hosters Okay, some warning to ignore and And if I go to the Yet So it's pulling the image and set up a rocket chat. So it's quite nice So I just wanted to show That we have a github Account and there we have all the packages packages that we provide with our Libre SH And of course you are more than welcome if you want to come and help on this part and Actually what we want it's people using it and I was really happy to receive my first pull request some months ago to Modify the mail system to make it a bit better and it's really as a Because you start your code and you don't know and somebody is using it. So it's amazing and Yeah, if you go Here, it's our page and it's all our projects and we can create new packages and there was a bit of documentation and Okay, that's it. And maybe if we check Yes, so we have a rocket chat instance All right, so now just to conclude maybe we're gonna talk a bit about the next steps So as you see the infrastructure is working pretty well We are still improving it of course and you can help us as he mentioned and now the idea of Libre SH is So the next step will be to to migrate to Kubernetes at one point and also the Main step that we have to work on now is the identity management because for now It's we need we want single sign-on. We want like people to manage their users and stuff So that's really the next step we're working on if people are Have skills in held up. You're looking for it Actually, I'm maybe we're talking the next cloud or something if we cannot help us on this So that's like our really the next step and with that we could have something similar in some ways in like Google apps For instance, you could just click on it and boom installing like as easy as good apps So that's that's where it is a step we want to go to do and of course in the hosters It's just not only the two of us like we really really wish that people use this infrastructure improve it work on it And that we all work together to have many indie hosters or whatever you want to call it Or at least like different channels that are using the same infrastructure than us So if you want to join to join your welcome if you want to use it your welcome If you want to if you have questions or so you're welcome to And yeah So the question is I have a free software project and I wanted to be packaged by indie hosters Yes, it's possible. We can help on that we actually did it for some projects and So either We have a user that wants it and pay for the development of this image Or maybe you as a free software you have a bit of funding and you help us by paying some time To to help us to package it and so it's usually how we do it because it's difficult for us just to package it Yes, yes, yes, it's there is a documentation if you want Exactly, this is the thing you can do it by yourself and you we can help you on this And if you ask us to do it like either we do it for free or not and we can work around some solution and if you go to Yes on our repo Slash application And it doesn't work like this So applications So here you have a rough documentation I would say but basically it's like a docker compose that expose service called web that expose a port 80 and This is the minimum viable then you can have a little install script and It's recommended to have like a pre backup script to dump the database and then do we take care of the rest? Yeah, yes, okay, so we use core OS and So I don't know if you bit familiar with them, but their tagline is securing the internet and So they have all the plumbing and with docker. Actually, this is the the nice part Is that if we want to update a server we basically do a core OS update They have a mechanism and so I will not enter the details and Then actually whenever there was a security issue we just go to the So to update this chat I would do like this and what's happening behind the scene Yeah, that's fine. What's happening behind the scene is that It's doing a git pool to have the latest version of the repo and then a docker pool to have the latest version of the images and then restarting the service So it's really easy to update and This is on the paper Then hopefully the docker image handles well also the update But this is the goal of the docker images and so some are doing it well and some not yet, but yes Okay, so the question is how does it compare to Sunstorm or why no host? Let's say that Sunstorm and why no host is an implementation of Chateau and we are another one and so we have different ideas about What's nice or not and for instance on Sunstorm? It's really nice, but I don't really like their API that is a Sunstorm ish And I think the web should be open and use standard API of plugins Why you know host? It's nice, but maybe not yet made for big hosting And doesn't use docker Well, like everybody is free like and I prefer docker and That's it. So to do backups. We have a little module called backups and What it does it loops through all the domains and And for each domain if there is a pre-backup script it runs it it runs it and so usually the pre-backup is a Dump database dump. So we plan to move this inside the docker image of the database, but this is another topic So then there was no pre-backup script anymore So we just do like a little dump and then Zip Not zip but use duplicity Yes use duplicity to push it to a distant server through SSH and then on this server There is actually a process that is putting the backups the old backups as read only for this user So if either server got compromised Cannot erase both sides And so there was a package for that also Yes Yes, it's the question is if I can if we can handle aliases and so Actually so yeah, you probably need want alias on the cloud and Yeah, so actually Yeah, we use a CIS admin padding called discovery registration So it means that our microservices the web server are Registering themselves in a central database and this is all they do and to do it like this registering to the database currently is just starting Nenginx container with the unviable virtual host So it's just like hi, I have a little there and then on the other side There is H a proxy that is listening to every new containers created that have this on viable and so and That's it So then it could be aliased from the outside and it would get an HTTP a certificate also And it could be what it would be wired by the load balancer to the right websites Okay, so One of the bet we did was that docker compose. Sorry. Sorry. Sorry. The question is How big would be to move the infrastructure to Kubernetes and So we did a bet on docker compose And with the hope that somehow the docker cluster would be easy to manage docker compose It's not true Kubernetes is winning at the moment So it means that we have to rewrite all our decompose docker compose file The good news is that the docker images are already written and we can reuse them So this is one part Then there are two hard parts in docker that are still difficult at the clustering level and for clustering for Kubernetes This is the same is first the network and second the storage. Okay So for the network ideally we would like to have an IPsec network between the nodes and Currently docker swarm Provides this thing, but we don't want to cause one Flannel doesn't implement it. There are various pull requests, but never got merged There are some projects around using tink with EDCD backend This would be my guess if I would have to do it and Flannel is don't do it But I ask the city of Coors and they plan to have an IPsec on Flannel So this is good news. So the network should be finished. Then the last bit is storage and Our bet is safe and On one hand red hat is working on making safe working well on Kubernetes So if you go to safe slash docker, there was a lot of recipes on how to run it on Kubernetes and City of Coors told me also that there was a company that is also doing a kind of operator for safe so The world might be full of rainbows soon