I’m moving again, from an Ubuntu 16.04 droplet with a rather complex deployment (in Brexit-land) to Docker containers on a Fedora 28 droplet (in Europe-land).
These are some tips I wanted to share along the way. But First..
$100 Free Credit on Digital Ocean
Now that’s out of the way lets talk about our new droplet. Its a $5 per month beast with 1 vCPU a whole 1 Gigabyte of RAM, 25 Gigs of SSD storage for the OS drive. I also added another 20 Gigs of block storage for Nextcloud.
Tip 1: Create a swap file
Performance on this droplet was great, until the memory usage climbed above 60%, then the performance was far from ideal. Sometimes fast, sometimes slow, occasionally stuttering.
Fedora has its swappiness set to 60%. This means when RAM is consumed above 60% the kernel should try and move some data out to swap. The problem is by default the droplet has no swap enabled. You could change the swappiness value to 1% if you wanted, but what happens when you do run out of RAM? Yea the kernel will kill a random process that is consuming RAM (in my case it likes to go for my database more often than not).
Instead I suggest to create, enable and mount on boot a swapfile:
# dd if=/dev/zero of=/swap bs=1024 count=1048576
# chown root:root /swap
# chmod 0600 /swap
# mkswap /swap
# swapon /swap
# echo "/swap none swap sw 0 0" >> /etc/fstab
This will stabilize our performance and if we do consume too much RAM, things will slow down, but continue to run.
Tip 2: Install Cockpit
Cockpit is a nice web based admin console. You can install it with
# dnf install cockpit
Once you have enable the socket and opened the firewall you will be able to log into your server on port 9090 using your local Linux account. This will be helpful later if you install Docker, or wish to troubleshoot SELinux issues.
It also has a built in terminal so if you disable ssh access or it is blocked for some reason (some public WiFi does this) then you can still manage your server.
Tip 3: Put SELinux in permissive mode while you deploy your apps
SELinux is helpful in production, but can be a right pain during development. Placing SELinux in permissive mode will allow you to work as if it was disabled, however you can open the SELinux panel in Cockpit and view both the rules that would be broken and how to allow the required access.
Once you’ve applied all the rules you can safely put SELinux in enforcing mode knowing it won’t break anything.