Trellis deploy site offline / without internet access (rsync)

Hi there,

I am hoping to gather some insights regarding a current project which has a few special requirements…

The project
I am developing a website based on Trellis, Bedrock and Sage (10) that will run in a local network and serves as an “intranet” for the client and its personell.

So far we’re working on the site in a regular staging env (online / droplet) and things are running smoothly.

When it comes to provisioning the production env though things look a bit different:

  • The SSH-connection to the bare-bone Ubuntu server is only possible via VPN
  • Once the VPN-connection is established, all other network connections are being cut-off – I am not able to communicate with the “outside world” any more due to security concerns and this behaviour is also not adjustable
  • The target server itself is connected to the internet via proxy

I have just finished provisioning the server (after working around quite a few limitations and quirks) and now it comes to establishing a proper workflow for the actual deployments.

Deployment / questions
Since the regular deployment routine relies on reading from a remote repo and installing plugins via Composer this won’t work in my case…

The idea would be to just use the local env and rsync everything from plugins to the theme folder. Going down that route exclusively would mean though that I’d miss out on all the neat features like rollbacks, deploy hooks (for triggering backups, cache purging or whatever)…

So it boils down to this:

  • Do you think it is feasible to re-work the deployment to work in an “offline-fashion” and replace the remote tasks via rsync or similar?
  • Has anyone already gathered insights with a similar setup? What were your learnings & takes on this?

Looking forward to hearing your thoughts.

Thanks in advance & regards

Nevermind – I was able to work my way through the proxy-setup etc. and learned a lot about Ansible in the process :sunglasses:

Some findings:

  • Expose http_proxy-vars in /etc/environment for global use
  • Use https://<personal_access_token><user>/<repo> to work around SSH-issues
  • GPG keyserver calls when adding a custom apt_repository are somewhat tricky to make since GPG isn’t able to use a proxy (at least that’s what their IT said) – needs manual fetching & adding via apt-key-commands