I believe Trellis to be one of the best maintained opensource LEMP stacks.
One possible drawback when using multiple sites is isolation, ideally each site would run as a different user with different php-fpm pools and more restrict permissions, that way a hacked website would have a harder time to impact the other ones.
However I think it falls out of the scope of Trellis (not sure) and you should NOT use it as a shared hosting replacement, it serves a different purpose.
As for my own experience, I run my own LEMP setup (that is mostly based on Trellis config), also with Ansible to host multiple client websites on one machine. However take care with this as you should monitor performance issues if one website has a lot of traffic, in some cases it’s best to have each site on a individual VPS.~
As a resource you might want to check (please do not follow them blindly):
OFF-TOPIC: Any chance we get a working and stable mailserver?
Or is this completely of the goals of trellis?
This could be something I would contribute to, got a few ansible playbooks written for postfix/dovecot setup.
Not quite reinventing the wheel, this is a different approach than mailgun.
Mailgun is a great service however it does not match everyone needs.
Some clients need (or want) to have full control about their email/data and requested me more than once to setup the mailserver on their servers.
Also there are some features that you can’t have with mailgun and other services.
Having their own mailserver is not for everyone, however there are some very valid use cases and due to all the privacy stuff going on I’m finding paranoid clients more frequently.
@swalkinshaw - do you guys have a documented process for going through this and dealing with the SSL implications? I.e., how do you deal with provisioning a new server and getting it set up with LetsEncrypt without significant/any downtime for the website?
Easy enough to provision and deploy to a new server with SSL disabled, repoint domain name, then reprovision with SSL enabled. Shouldn’t be any downtime and should be completed in around 15 minutes. You may have a site without SSL enabled for 5-10 minutes.