Just wondering if there are any blog posts or case studies anywhere of people using Trellis in production environments.
I love the idea of running Trellis-provisioned servers for client websites, but I also don’t want to build more work for myself than I can handle.
Does anyone have personal experience running Trellis-provisioned servers in production with multiple sites to monitor? How often do you have issues? Any common pitfalls I should know of?
Thanks in advance!
I believe Trellis to be one of the best maintained opensource LEMP stacks.
One possible drawback when using multiple sites is isolation, ideally each site would run as a different user with different php-fpm pools and more restrict permissions, that way a hacked website would have a harder time to impact the other ones.
However I think it falls out of the scope of Trellis (not sure) and you should NOT use it as a shared hosting replacement, it serves a different purpose.
As for my own experience, I run my own LEMP setup (that is mostly based on Trellis config), also with Ansible to host multiple client websites on one machine. However take care with this as you should monitor performance issues if one website has a lot of traffic, in some cases it’s best to have each site on a individual VPS.~
As a resource you might want to check (please do not follow them blindly):
We actually used to have that. It was removed when HHVM was added at one point because it wasn’t really compatible.
Trellis is used in production by a lot of people. I’d say that common issues are getting it set up and configured, and not with the stability of a running server.
For our own roots.io site, we’ve been using Trellis in production for years now I think. Every couple months we update Trellis and just create a completely new server without issues 
I use Trellis in production exclusively for new projects. I’ve even migrated some projects we’ve “taken over” into Trellis for ease of use.
It’s more stable and more secure than our old shared hosting servers I used to use (and still maintain), and it’s easier to understand and feel like I have a handle on.
OFF-TOPIC: Any chance we get a working and stable mailserver?
Or is this completely of the goals of trellis?
This could be something I would contribute to, got a few ansible playbooks written for postfix/dovecot setup.
With great tools like Mailgun already in place and well maintained, I think it would be re-inventing the wheel.
Not quite reinventing the wheel, this is a different approach than mailgun.
Mailgun is a great service however it does not match everyone needs.
Some clients need (or want) to have full control about their email/data and requested me more than once to setup the mailserver on their servers.
Also there are some features that you can’t have with mailgun and other services.
Having their own mailserver is not for everyone, however there are some very valid use cases and due to all the privacy stuff going on I’m finding paranoid clients more frequently.
I still think that’s a case for an enterprise email solution, whether that’s Mailgun, or Google Apps, or Exchange, or Office 365.
Mail is hard and these tools already do it well.
@swalkinshaw - do you guys have a documented process for going through this and dealing with the SSL implications? I.e., how do you deal with provisioning a new server and getting it set up with LetsEncrypt without significant/any downtime for the website?
Easy enough to provision and deploy to a new server with SSL disabled, repoint domain name, then reprovision with SSL enabled. Shouldn’t be any downtime and should be completed in around 15 minutes. You may have a site without SSL enabled for 5-10 minutes.
For me the best parts of Trellis are actually the user and sudo management, safely disabling ssh root access and base firewall settings, the basic setup.
Adding to this, you can provision with SSL disabled and then only run the playbook with the letsencrypt tag to make it way faster and minimize any downtime.
Just following on here - had to just do this, and you need to include the “diffie-hellman” tag to get it to work when enabling SSL:
ansible-playbook server.yml -e env=<env> --tags "diffie-hellman,letsencrypt"
@runofthemill I think that’d be a great pull request, if you’re interested in submitting it (i.e., to add letsencrypt to the Diffie-Hellman task tags, like this comma-separated example).
I’ll see what I can do!
i’m interested in this! You got a finished playbook ?
Closing this out as it’s a year old thread and no longer related to the OP. Please create a new topic if you’d like, but we don’t recommend setting up a mailserver on your webserver.