github.com/ddev/ddev@v1.23.2-0.20240519125000-d824ffe36ff3/docs/content/users/topics/hosting.md (about)

     1  # Casual Hosting
     2  
     3  !!!warning "Experimental Feature!"
     4      This is not a replacement for scalable, managed hosting. It’s unknown how much traffic it can handle in a given environment.
     5  !!!warning "Let's Encrypt support not directly compatible with Traefik router"
     6      `ddev config global --use-letsencrypt` is not directly compatible with the Traefik router, but it [can be configured using Traefik docs](https://doc.traefik.io/traefik/https/acme/).
     7  
     8  One of DDEV’s experimental features is lightweight hosting with Let’s Encrypt for HTTPS support. You can run DDEV on a public web server, point DNS to it, and use it as a limited hosting environment.
     9  
    10  This may be appropriate for small or abandoned sites that have special requirements like old versions of PHP that aren’t supported elsewhere.
    11  
    12  Here’s how to try it for yourself:
    13  
    14  1. Install DDEV on an internet-connected Linux server. (You’re responsible for your firewall and maintenance of the server!)
    15  2. On Debian/Ubuntu, you can set up a simple firewall with  
    16  `ufw allow 80 && ufw allow 443 && ufw allow 22 && ufw enable`.
    17  3. Point DNS for the site you’re going to host to the server.
    18  4. Before proceeding, your system and your project must be accessible on the internet on port 80 and your project DNS name (`myproject.example.com`) must resolve to the appropriate server.
    19  5. Configure your project with [`ddev config`](../usage/commands.md#config).
    20  6. Import your database and files using [`ddev import-db`](../usage/commands.md#import-db) and [`ddev import-files`](../usage/commands.md#import-files).
    21  7. Tell DDEV to listen on all network interfaces, omit the SSH agent, use hardened images, and enable Let’s Encrypt:
    22  
    23      ```
    24      ddev config global --router-bind-all-interfaces --omit-containers=ddev-ssh-agent --use-hardened-images --use-letsencrypt --letsencrypt-email=you@example.com`
    25      ```
    26  
    27  8. Create your DDEV project as you normally would, but `ddev config --project-name=<yourproject> --project-tld=<your-top-level-domain>`. If your website responds to multiple hostnames (e.g., with and without `www`), you’ll need to add `additional_hostnames`.
    28  9. Redirect HTTP to HTTPS. If you’re using `nginx-fpm`, for example, create `.ddev/nginx/redirect.conf`:
    29  
    30      ```
    31      if ($http_x_forwarded_proto = "http") {
    32        return 301 https://$host$request_uri;
    33      }
    34      ```
    35  
    36  10. Run [`ddev start`](../usage/commands.md#start) and visit your site. With some CMSes, you may also need to clear your cache.
    37  
    38  You may have to restart DDEV with `ddev poweroff && ddev start --all` if Let’s Encrypt has failed because port 80 is not open, or the DNS name is not yet resolving. (Use `docker logs ddev-router` to see Let’s Encrypt activity.)
    39  
    40  ## Additional Server Setup
    41  
    42  * Depending on how you’re using this, you may want to set up automated database and file backups—ideally off-site—like you would on any production system. Many CMSes have modules/plugins to allow this, and you can use `ddev export-db` or `ddev snapshot` as you see fit and do the backup on the host.
    43  * You may want to allow your host system to send email. On Debian/Ubuntu `sudo apt-get install postfix`. Typically you’ll need to set up reverse DNS for your system, and perhaps SPF and/or DKIM records to for more reliable delivery to other mail systems.
    44  * You may want to generally tailor your PHP settings for hosting rather than local development. Error-reporting defaults in `php.ini`, for example, may be too verbose and expose too much information publicly. You may want something less:
    45  
    46      ```ini
    47      ; Error handling and logging ;
    48      error_reporting = E_ALL
    49      display_errors = On
    50      display_startup_errors = On
    51      log_errors = On
    52      ```
    53  
    54  * To make DDEV start sites on system boot, you’ll want to set up a `systemd` unit on systems like Debian/Ubuntu and Fedora. For example, a file named `/etc/systemd/system/ddev.service` containing:
    55  
    56      ```
    57      # Start DDEV when system starts (after Docker)
    58      # Stop DDEV when Docker shuts down
    59      # Start with `sudo systemctl start ddev`
    60      # Enable on boot with `sudo systemctl enable ddev`
    61      # Make sure to edit the User= for your user and the
    62      # full path to `ddev` on your system.
    63      # Optionally give a list of sites instead of --all
    64      [Unit]
    65      Description=DDEV sites
    66      After=multi-user.target
    67      Requires=docker.service
    68      PartOf=docker.service
    69      [Service]
    70      User=rfay
    71      Type=oneshot
    72      ExecStart=/usr/local/bin/ddev start --all
    73      RemainAfterExit=true
    74      ExecStop=/usr/local/bin/ddev poweroff
    75  
    76      [Install]
    77      WantedBy=multi-user.target
    78      ```
    79  
    80  * You’ll need to regularly renew the Let’s Encrypt certificates. This is often done on a system reboot, but that may not be soon enough. A cron with the command `docker exec ddev-router bash -c "certbot renew && nginx -s reload"` will do the renewals.
    81  * You’ll likely want to turn off PHP errors to screen in a `.ddev/php/noerrors.ini`:
    82  
    83      ```ini
    84      display_errors = Off
    85      display_startup_errors = Off
    86      ```
    87  
    88  Caveats:
    89  
    90  * It’s unknown how much traffic a given server and Docker setup can sustain, or what the results will be if the traffic is more than the server can handle.
    91  * DDEV does not provide outgoing SMTP mail handling service, and the development-focused Mailpit feature is disabled if you’re using `use_hardened_images`. You can provide SMTP service a number of ways, but the recommended way is to use SMTP in your application via a third-party transactional email service such as [SendGrid](https://sendgrid.com), [Postmark](https://postmarkapp.com), or [Mailgun](https://www.mailgun.com). This is the best way to ensure mail is actually delivered.
    92  * You may need an external cron trigger for some CMSes.
    93  * Debugging Let’s Encrypt failures requires viewing the `ddev-router` logs with `docker logs ddev-router`.
    94  * A malicious attack on a website hosted with `use_hardened_images` will likely not be able to do anything significant to the host, but it can certainly change your code, which is mounted on the host.
    95  
    96  When `use_hardened_images` is enabled, Docker runs the web image as an unprivileged user, and the container does not have sudo. However, any Docker server hosted on the internet is a potential vulnerability. Keep your packages up to date and make sure your firewall does not allow access to ports other than (normally) 22, 80, and 443.
    97  
    98  There are no warranties implied or expressed.