Staging (http) and Production (https) on same server

Hi guys!

First of all I want to personally thank you for the great work you’ve done on the Roots projects. It is amazing!
Secondly I want to ensure that I’ve spend 3 days reading all the threads related to my problem but could not find any suitable fix for the latest Trellis version I am using.

My problem is that I cannot run a http staging version and a https production version on a DO Droplet.
What I have:

branch: develop






branch: master





I’ve run ansible-playbook server.yml -e env=staging and created the env, DB, files. Everything works fine. But when I try to run ansible-playbook server.yml -e env=production' I get this error:

fatal: []: FAILED! => {"changed": false, "failed": true, "module_stderr": "", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE", "parsed": false}

My question, if you could please help, is there a way of doing this? I feel that I am pretty close but I’m missing something for making this run smoothly.

Apart from this, the second part of my problem is if I can setup http - staging and https - production (with http2). I know that the nginx host file is generated by Trellis. Is it a good way of altering what’s in that file? I could do it manually, change port, add certs and so on but not sure if this is the best way.

Many thanks

@dani_z It is possible to see the error sudo: a password is required if you

The first run of server.yml will disable root from connecting in the future. The second run will need to connect as admin_user and will need this user’s sudo password passed in. From the docs:

With root login disabled, the admin_user will need to run commands using sudo with a password, so you will need to add the option --ask-become-pass when running server.yml.

ansible-playbook server.yml -e env=production --ask-become-pass

This prompts you to enter the sudoer password described in the “Admin User Sudoer Password” section below.

The default sudoer password to enter is example_password.

I haven’t tried http staging and https production on same server. Your approach appears to mirror the first option discussed here. I believe the second option discussed at that link could be modified for the updated Trellis file setup, if you want. What you’ve described looks good to me, assuming the group_vars/staging/ in the Production paths you listed is really 'group_vars/production/.

As for the Nginx conf files, I can’t think of any needed alterations off the top of my head. Trellis will automatically create separate conf files in …


Thank you @fullyint.
That post was the first one to use as an example. Steps I have done:

When I run nsible-playbook -i hosts/ server.yml I get the following error:
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "Environment missing. Use-eto defineenv:\nansible-playbook server.yml -e env=<environment>\n"}

Tried also to add -e env=production or staging but then I get skipping: no hosts matched
And I don’t think it’s right to specify the env because what I’m trying to achieve is basically a setup for both staging and production envs.

Did I miss something in the process?

Many thanks,

Hey, I finally manage to creat the setup.
After creating /hosts/ and merging the production and staging I had to run
ansible-playbook -i hosts/ server.yml -e
Everything was created as expected:

  • 2 website folders
  • 2 vhosts files, 1 with https and http2 enable (production) 1 with http only (staging)
  • 2 DBs

I only need to try the deploy, seems to have some problems there but hopefully I figure it out.

I will update this thread with details, maybe someone else is in need of this setup.

Many thanks for the support!

Just wanted to throw this out there — considering how easy it is to spin up, provision, and deploy to servers with Trellis, I definitely would recommend having separate servers for staging and production. DO servers are pretty cheap, too.

They are different environments and you should definitely keep them on separate servers.

edit: Also, if production is on SSL then staging should be too :slightly_smiling: