July 25th, 2020
It’s strange to think I’ve barely left my home since the beginning of the great SARS-CoV-2 pandemic. I’ve driven to surrounding areas a bit, a store here and there. The situation we find ourselves in reminds me of Shayamalan’s “The Happening” from 2008, a poorly-executed film dealing with unseen danger. In the film, you sniff some bad air and then decide you want to wreck your car or otherwise harm yourself. Unlike the film, it’s not angry trees that are causing harm in the world. No, I didn’t spoil anything for you.
The great pandemic has forced us all to adapt. If you’re lucky, your employer lets you work from home, greatly limiting your risk of getting yourself or others sick. Humans need contact, however, so you have to keep mindful of your own sanity. I’ve spent a lot of the pandemic working on music. I also felt this would be a good time to put my web site back online.
It’s no longer 1997 and I don’t have to build my own web sites. Why not use WordPress? Security, for one. You can use containers to add a modest amount of containment. Containers provide lots of ways of doing something. Lots of often boneheaded ways. I want to have a site that I can administer, update, migrate, backup, and restore that hopefully offers a touch more security. Containers are a wonderful way of making all of that far more difficult than it needs to be.
I was quite happy to run on RHEL 7, having set up my server years ago. RHEL releases are supported for about ten years, reducing churn and upgrades that can break things. Docker is the dominant container technology, but but I chose Podman due to its ability to run rootless containers. RHEL 7.8’s version of Podman fails (at the time of this writing) when trying to run MariaDB rootless. Things work fine in RHEL 8, so I created a local RHEL 8 VM, transferred it to my cloud provider (which had changed lots of things in the years since I’d last logged in), and copied over my old configs.
Unfortunately some of my configs go back to 2008 or earlier. It’s not difficult to set up a mail server, but it does get a bit more interesting if you want to do things like integrate Dovecot and enable TLS in more areas. So after about twelve or so years, things in RHEL 8 had changed enough that I had to re-learn what some archaic configs meant once again. Dovecot’s config changes in RHEL 8 ensured I wouldn’t be up and running without lots of frustrating trial and error.
Somehow after I’d spent enough time suffering through all of the new tech changes I hadn’t kept up on, I had a working server again. My next concern was getting WordPress running. That’s not difficult using the official container, but you’re in for some fun if you want TLS or if you want WordPress served via location and not via a host name. You’ll notice you’re reading this via “https://words.soupy.org” instead of “https://soupy.org/words”. In short, I’ve given up on trying to make the WordPress container work via location. I got far enough that nearly everything worked, but what you’ll find is that WordPress will work, mostly, but then you’ll get things like improper redirection for login pages or, once you fix that, bad links for password resets for users. You win, container. words.soupy.org it is.
I’ve spent a long time with all manner of new tech, just so I could write a few things. If there’s interest I’d be happy to share what I know. In the meantime, I’ll just say that all of the effort wasn’t strictly necessary. If you want to write things, just get an account at a site that’s already set up somewhere. Or you could spend a lot of time learning and tweaking.
 Containers don’t traditionally ‘contain’ as much as virtualization. Virt is better if you’re after more complete security.
 This post finally solved my Dovecot issues: https://www.linuxbabe.com/redhat/install-dovecot-centos-enable-tls-encryption