Some generic deployment notes from a user who:
- Has no particular knowledge or background in DISP / Internet.nl
- Uses configuration management
Here we go!
- The deployment documentation (e.g.
|
/opt/Internet.nl/docker/compose.sh down |
) refers to /opt/Internet.nl/docker/compose.sh, but that script does not exist. Specifically ran into this to create indexes as instructed in https://github.com/internetstandards/Internet.nl/blob/main/documentation/Docker-deployment-batch.md#application-setup. Workaround: /usr/bin/docker compose --env-file=docker/defaults.env --env-file=docker/host.env --env-file=docker/local.env exec -ti app ./manage.py api_create_db_indexes
- On start, one of the containers writes a release line (like
RELEASE='1.10.8' # deploy Sat Apr 4 09:28:35 UTC 2026) to local.env. This is impractical when using configuration management, as it can cause restarts to be triggered seeing as how the file is changed.
- When running
/opt/Internet.nl/docker/user_manage.sh from a random directory, I get: couldn't find env file: /root/docker/defaults.env. When switching to the /opt/Internet.nl working directory, the env file is found. Makes sense, but should probably be documented.
/opt/Internet.nl/docker/user_manage.sh is not executable (permissions 0444)/opt/Internet.nl/docker/user_manage.sh is interactive, which makes auto-creating users more difficult than it needs to be. Preferred solution: allow taking password as arg/opt/Internet.nl/docker/user_manage.sh calls docker compose with --env-file. On modern Debian installs (not sure about Ubuntu), this arg is only available when installing Compose as a plugin (apt install docker-compose-plugin). Should probably be documented.- When invoking
./manage.py (in the app container) - which user_manage.sh does as well - the following is printed: WARN[0000] The "MI" variable is not set. Defaulting to a blank string.. It's unclear what "The "MI" variable" is.
- It's not (easily) possible to make
api_create_db_indexes idempotent when using configuration management, as there's no way to determine whether indexes were created, re-created or whether the action was a NOOP (the output is deterministic).
- The usage instructions for
/opt/Internet.nl/docker/user_manage.sh add_update say <username> is required, but it is not asked for when specified, and the htpasswd file simply contains no username. The arg should be made required.
- The auto-generated Let's Encrypt certificate has no OSCP responder URL, which is fine by me, but not by the nginx config:
2026/04/04 09:46:13 [warn] 166#166: "ssl_stapling" ignored, no OCSP responder URL in the certificate "/etc/letsencrypt/live/cyberfusion-disp.nl/fullchain.pem" & nginx: [warn] "ssl_stapling" ignored, no OCSP responder URL in the certificate "/etc/letsencrypt/live/cyberfusion-disp.nl/fullchain.pem"
- Following either deployment instruction (https://github.com/internetstandards/Internet.nl/blob/main/documentation/Docker-deployment.md / https://github.com/internetstandards/Internet.nl/blob/main/documentation/Docker-deployment-batch.md), the first thing one sees when accessing the self-hosted instance is "Bad Request (400)". Looking in the app container logs reveals:
django.core.exceptions.DisallowedHost: Invalid HTTP_HOST header: 'cyberfusion-disp.nl'. You may need to add 'cyberfusion-disp.nl' to ALLOWED_HOSTS.. That is not documented.
- For
MONITORING_AUTH_RAW, the documentation says the password is "htpasswd hash". Easy to generate with apache2-utils; for less experienced users, probably helpful to add a pointer.
MONITORING_AUTH_RAW does not work; access is always denied. The password value of /etc/nginx/htpasswd/monitoring.htpasswd is always the same: a hash starting with $4Mpr. No idea where it comes from.- I set
ENABLE_HOF=False, but there is still a 'Hall of Fame' menu item, and the website test says: "Congratulations, your domain will be added to the Hall of Fame soon!"
- There's a bunch of filler (menu item called "base about custom", "article article title" under 'News', etc.) - and no instructions on how to set/customise. Not on https://github.com/internetstandards/Internet.nl/blob/main/documentation/Customize.md either.
- I would expect it's possible to add the Internet.nl instance to an external Prometheus server, but https://github.com/internetstandards/Internet.nl/blob/main/documentation/Docker-metrics.md only touches on using the built-in Grafana dashboard.
- https://github.com/internetstandards/Internet.nl/blob/main/documentation/Docker-deployment.md#application-setup touches on configuring Sentry, and references
SENTRY_DSN, with no further explanation of the format or the level of integration provided. Sentry is not mentioned at all on https://github.com/internetstandards/Internet.nl/blob/main/documentation/Docker-deployment-batch.md
- https://github.com/internetstandards/Internet.nl/blob/main/documentation/Docker-deployment-batch.md says: "This deployment does not include the "Test your connection" test". But while there are no indeed no setup instructions for the connectivity test (e.g. the
conn subdomain), there is a "Test your connection" tile on the frontpage, which's 'Start test' button does link to that subdomain.
- For batch mode, it is not clear whether the dashboard (dashboard.internet.nl) is self-hostable / included.
That said, I shared elaborate feedback on the pretty confusing deployment instructions during one of the Jitsi meetings a couple months ago, and they have tremendously improved since then. Good going!
Some generic deployment notes from a user who:
Here we go!
Internet.nl/documentation/Docker-multi-deployment.md
Line 24 in 7b02b18
/opt/Internet.nl/docker/compose.sh, but that script does not exist. Specifically ran into this to create indexes as instructed in https://github.com/internetstandards/Internet.nl/blob/main/documentation/Docker-deployment-batch.md#application-setup. Workaround:/usr/bin/docker compose --env-file=docker/defaults.env --env-file=docker/host.env --env-file=docker/local.env exec -ti app ./manage.py api_create_db_indexesRELEASE='1.10.8' # deploy Sat Apr 4 09:28:35 UTC 2026) tolocal.env. This is impractical when using configuration management, as it can cause restarts to be triggered seeing as how the file is changed./opt/Internet.nl/docker/user_manage.shfrom a random directory, I get:couldn't find env file: /root/docker/defaults.env. When switching to the/opt/Internet.nlworking directory, the env file is found. Makes sense, but should probably be documented./opt/Internet.nl/docker/user_manage.shis not executable (permissions 0444)/opt/Internet.nl/docker/user_manage.shis interactive, which makes auto-creating users more difficult than it needs to be. Preferred solution: allow taking password as arg/opt/Internet.nl/docker/user_manage.shcallsdocker composewith--env-file. On modern Debian installs (not sure about Ubuntu), this arg is only available when installing Compose as a plugin (apt install docker-compose-plugin). Should probably be documented../manage.py(in theappcontainer) - whichuser_manage.shdoes as well - the following is printed:WARN[0000] The "MI" variable is not set. Defaulting to a blank string.. It's unclear what "The "MI" variable" is.api_create_db_indexesidempotent when using configuration management, as there's no way to determine whether indexes were created, re-created or whether the action was a NOOP (the output is deterministic)./opt/Internet.nl/docker/user_manage.sh add_updatesay<username>is required, but it is not asked for when specified, and the htpasswd file simply contains no username. The arg should be made required.2026/04/04 09:46:13 [warn] 166#166: "ssl_stapling" ignored, no OCSP responder URL in the certificate "/etc/letsencrypt/live/cyberfusion-disp.nl/fullchain.pem"&nginx: [warn] "ssl_stapling" ignored, no OCSP responder URL in the certificate "/etc/letsencrypt/live/cyberfusion-disp.nl/fullchain.pem"django.core.exceptions.DisallowedHost: Invalid HTTP_HOST header: 'cyberfusion-disp.nl'. You may need to add 'cyberfusion-disp.nl' to ALLOWED_HOSTS.. That is not documented.MONITORING_AUTH_RAW, the documentation says the password is "htpasswd hash". Easy to generate withapache2-utils; for less experienced users, probably helpful to add a pointer.MONITORING_AUTH_RAWdoes not work; access is always denied. The password value of/etc/nginx/htpasswd/monitoring.htpasswdis always the same: a hash starting with$4Mpr. No idea where it comes from.ENABLE_HOF=False, but there is still a 'Hall of Fame' menu item, and the website test says: "Congratulations, your domain will be added to the Hall of Fame soon!"SENTRY_DSN, with no further explanation of the format or the level of integration provided. Sentry is not mentioned at all on https://github.com/internetstandards/Internet.nl/blob/main/documentation/Docker-deployment-batch.mdconnsubdomain), there is a "Test your connection" tile on the frontpage, which's 'Start test' button does link to that subdomain.That said, I shared elaborate feedback on the pretty confusing deployment instructions during one of the Jitsi meetings a couple months ago, and they have tremendously improved since then. Good going!