Way back in 2011 when I started on different support role at work that involved more sysadmin-type duties, I signed up with the VPS provider Linode so I would have my own remote Linux box that I could muck around with and break and generally learn about Linux a bit more on. At that point, my actual website was hosted on Dreamhost but I slowly expanded what I was using my Linode box for, and in 2017 I eventually ditched Dreamhost and migrated everything to the Linode. Linode’s hosting has been absolutely rock solid, I think in the 14 years I’ve been with them there have been… maybe two outages? And from memory both of them were when I had my VPS in one of their older datacentres California prior to them starting up a datacentre in Sydney and me migrating to it.
Towards the end of 2023 I posted about how I’d used Ansible to keep the configuration of the system under version control, and set up a whole migration script to migrate from one Linode box to a new one. Since then I’ve also started up a second smaller (1GB RAM) Linode to experiment with the fediverse software GoToSocial as an lightweight alternative to Mastodon that I could host myself instead of being on someone else’s server. I dutifully reused my existing Ansible playbooks and extended them for this purpose, and Linode have a whole collection that allows you to manage the actual VPSes and their external firewall as well.
Unfortunately with the orange idiot in charge of the US and all his tariff nonsense, the Australian dollar has gone right downhill compared to the USD and so a 1GB Linode + 2GB Linode and automatic backups were costing around AU$37/month. With that and the whole vibe of “Hey maybe we shouldn’t depend so much on US tech companies” lately, I figured maybe some local Australian company might have a decent VPS offering. I saw some recommendations for Binary Lane, did some poking around and even the people on Whingepool liked them. The price was certainly good, around AU$4 for a 1GB VPS versus US$5 with Linode (which works out to be over AU$8 once you do the currency conversion and tack on GST).
Binary Lane don’t have anything as fancy as Linode’s Ansible offerings, though the actual process of creating the VPS in the first place really isn’t something that happens very often so it’s not a big deal. The larger downside I discovered was that while Linode have a very robust external firewall that you can use Ansible to configure programmatically (and you bet your bippy I did!), Binary Lane’s offering is far less capable. I decided I’d need to add a local firewall instead that runs on the actual VPS itself, and found ufw which Ansible conveniently has a module for. After a bunch of trial and error I got it all figured out, and started modifying my existing Ansible migration script to consolidate the two Linode boxes into the one single Binary Lane one.
One interesting stumbling block I ran into when I first tried to migrate my GoToSocial instance — which runs in a Docker container and uses PostgreSQL that’s running directly on the box as its database — was that it turned out GoToSocial couldn’t actually contact PostgreSQL because it was being blocked by ufw! I did a whole lot of reading and figuring things out, and eventually it ended up being as easy as allowing the IP range that Docker Compose uses by default to connect to 172.17.0.1:
ufw allow from 172.16.0.0/16 to 172.17.0.1Once that was figured out, it was relatively smooth sailing, though with a reasonable amount of trial and error and testing various bits of the migration. I had previously updated my Ansible playbooks to put all the static parts of my DNS configuration (things like MX/DKIM/SPF records and CNAMEs and so forth, all the parts that don’t point at a specific IP address) under version control and use Cloudflare’s† DNS Ansible collection to update it, and I was able to extend this to have full control of DNS records that actually point to an individual server and update that all dynamically from my playbooks!
†Yes I know Cloudflare are also a US tech company. One thing at a time. 😛
I ran the final migration last Sunday, and while there were a few hiccups there were far fewer than when I had originally migrated back in 2023 and I should be much better prepared next time I migrate boxes again.
One weird post-migration issue that I ran into that really stumped me for a while was that trying to load the URL of the website I run my IRC client through was giving me an invalid certificate error where it was trying to load one of the Cloudflare-proxied domain SSL certificates instead, and when I clicked through the warning I ended up on the domain for my GoToSocial instance instead.
After a whole lot of scratching my head, I figured out that while I had IPv6 enabled for the new Binary Lane VPS it turns out that Nginx won’t use IPv6 unless you explicitly turn it on in the virtual host configuration with a listen directive like on line 3 here:
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name blog.virtualwolf.org;
[...]With that all figured out and everything running along nicely, my next projects are going to be to set up fail2ban for Nginx (looking at my logs, there were almost ten THOUSAND requests to /xmlrpc.php on this blog URL, just within the last day of having it running 😑), and migrating my aus.social Mastodon account over to my GoToSocial at toot.virtualwolf.org!
Now, let’s see if publishing this blog post via the WordPress ActivityPub plugin makes my new VPS crumble…