After messing around with my Ubuntu VM hosting this site, I realized that instead of the measly "A0" size (0.25 cores, 0.75 GB RAM) I had chosen, I needed something a little more reasonable. I resized the VM to a "D1" (1 core, 3.5 GB RAM), but in the process, Azure somehow messed it up so that I was unable to log in via SSH anymore. Ghost and NGINX still ran, but I couldn't change anything.
Normally my procedure when faced with a lockout like this would be to power down the machine, pull the OS hard drive, and attach it to another machine running a "rescue OS" so I can reconfigure things. However, Azure doesn't let you detach the OS disk unless you delete the VM first. I tried various other Azure tricks that were purported to give me access again, which all work by installing various "extensions" onto the running VM, but these extension installs all stalled or failed outright.
I declared my Ubuntu VM to be thoroughly hosed, so I figured it might just be easier to start a new one. I hadn't customized that one very much yet, so it should be easy to replace. Enter CoreOS!
I now have this blog running on a new VM, running CoreOS Stable. The Ghost instance was already a docker container, and so I attached the old VM's hard drive image as an external mount, and then merged the Ghost data on there with the CoreOS Docker container using a data volume. Eventually I'll probably just copy that data off that disk and onto the new host, then delete the disk (the rest of the 30GB is wasted space).
Next step was figuring out how to set up NGINX to be my HTTPS proxy again. Unlike Ubuntu, I can't just install NGINX on the host and configure it: with CoreOS, everything has to be Docker containers. This is both scary and awesome!
I've read enough of the Docker manual to figure this one out. I made NGINX config files and put the SSL certificates in my home directory on the host, and then volume-mapped those directories to the right place in the NGINX Docker image. Then I linked the Ghost Docker container with the NGINX one so they can talk to each other over the network, and exposed port 443 from NGINX to the host.
docker run -d -p 443:443 --name nginx-https --link fraserblog \
-v /home/wfraser/nginx/sites:/etc/nginx/conf.d:ro \
-v /home/wfraser/nginx/certs:/etc/nginx/certs:ro \
-v /home/wfraser/nginx/logs:/var/log/nginx \
nginx
The only change to the NGINX config I posted in the last post was to change
proxy_pass http://127.0.0.1:80;
to
proxy_pass http://fraserblog:2368;
This works because the --link fraserblog argument to docker run makes a /etc/hosts entry for the Ghost instance (which is named fraserblog) in the NGINX container. That way NGINX knows what IP address that container is using.
Ghost continues to serve port 80 by itself, which is fine because as long as it's configured to think its URL starts with https://, it will redirect to there automatically. Alternatively, I could remove the port 80 mapping from Ghost and set up NGINX to do that redirection also.
So far so good! Excited to be running CoreOS. It's really radical, in a good way!