Since the time that post was written, the ansible folder has been renamed trellis (folder names are just recommendations anyway). So, when you read, translate ansible to trellis and figure that your current site directory corresponds to any one of the salon names in the example, but is renamed after the salon name. Need another salon? Just copy site and rename it to the new salon name.
Generally, I do think it is better to keep sites on different droplets, one Trellis project per site. But if you find a compelling reason that all sites are part of a group and should be on one droplet, I suppose it could be justified under some circumstances.
Here’s another example of the potential folder structure on your local machine:
├── domain1/ (copy of bedrock `site` directory)
├── domain2/ (copy of bedrock `site` directory)
└── domain3/ (copy of bedrock `site` directory)
thank you, I will start again and hopefully I can set it up
also, regarding your suggestion about running each site on one droplet, I have like 4 websites and they are not heavy traffic websites so it would be waste of money to run each on its own droplet.
Would this cause any security issues if one of the websites is compromised? since I will have all of them in one droplet.
ERR_EMPTY_RESPONSE makes it sound like there isn’t a functional nginx conf for site.dev. The nginx conf would be created/updated in the wordpress-setup role, so we really only need to run the wordpress tags of the playbook. Try this:
then try loading site.dev in a new browser tab. If it still doesn’t work, you could vagrant ssh and inspect the nginx confs in /etc/nginx/sites-enabled to ensure they look correct to you.
Notes on the commands:
SKIP_GALAXY saves some time because you already have those roles installed
ANSIBLE_TAGS runs only the relevant roles
reload is to ensure that vagrant has synced up the two bedrock site directories
--provision is so that it runs the dev.yml playbook and its roles tagged wordpress
vagrant hostmanager updates the entries in /etc/hosts to ensure your browser will serve from the VM instead of real public DNS.
As for the security risks of multiple sites on the same server, I’m not a pro on the topic, but it seems safe to say that the nature of the risk depends on the nature of the compromise. In general, of course, any given site would be safer on its own separate server, unless that means the caretaker is overwhelmed and not being as vigilant. I’m not aware of Trellis attempting any special sandboxing between sites on the server, however.
so every time I add a new site I have to run this command: SKIP_GALAXY=true ANSIBLE_TAGS=wordpress vagrant reload --provision
for the security question what I was thinking was that when using Cpanel, every site has its own FTP and login information, so if one of the websites is hacked, the person can’t access all other sites even if they are in the same server (I think that is true, please correct me if I am wrong). Would something like that apply to trellis sites? can we lock down each website so it doesnt give access to the entire files?
As for a presentation of the security issues regarding multiple sites on a single Trellis server, I’ll yield to the community or to your research and testing on the topic.
Trellis doesn’t set up FTP by default, but you could set up specific FTP-only users with access to specific sites only, customizing the sshd role with FTP settings. You’d be doing it manually with sshd_config, vs. using Cpanel (no Cpanel with Trellis).
The sites’ files aren’t sandboxed because Trellis loads all the sites in the same web root, which is owned by the single web user. I don’t think Trellis intends to build an environment like shared hosting with sandboxed web roots.
This isn’t a topic I’ll be researching at present, but I’d be interested to read someone’s review of the details and implications of setting up something like this. One slightly related security topic with Trellis is roots/trellis#368