<ckocagil>
What's the correct way to deal with apps that expect /opt/app to be writable? Change the app itself, or is it okay to run the app off a writable dir?
<dwrensha>
ckocagil: it's best to avoid putting code in a writable directory
<dwrensha>
often, apps just need a symlink for a tmp or log directory
home has joined #sandstorm
<ckocagil>
dwrensha: Yeah, but this one is PHP
<ckocagil>
(,,#゚Д゚)
<dwrensha>
what does it want to write to /opt/app?
<ckocagil>
I don't know yet. I'll disable the checks and look for errors
itscassa|away has quit [Ping timeout: 268 seconds]
itscassa|away has joined #sandstorm
home has quit [Ping timeout: 265 seconds]
jorge has joined #sandstorm
<jorge>
Hi, I just ran the self-host script behind a nat and can't login to xx.sandcat.io. Is that the expected behaviour? I did self-host before the old way using my own domain.
<paulproteus>
jorge: Hi!
<paulproteus>
You're going to have to make sure you have port forwarding set up with the NAT.
<jorge>
OK, just saw the light. The login subd is already mapped to my local external ip. duh.
<paulproteus>
(-:
<jorge>
so i have to portmap firt
<jorge>
first
<paulproteus>
Yup
<jorge>
sorry
<jorge>
I simply didn't know what to expect.
<jorge>
so if i map 80 to this box it will be ok.
<paulproteus>
Yeah, and 443
<jorge>
right
<paulproteus>
(-:
<jorge>
however, that still comes back to dynamic assignments from my isp...
<paulproteus>
Your server communicates with sandcats.io with a UDP protocol thing that checks every 60 seconds if your IP address has changed, and if it has changed, does a HTTPS POST to update the IP address on file.
<jorge>
how can I tell your dns to use dns... ...
<jorge>
how cool is that????
<paulproteus>
The Time-To-Live on the DNS entry is 60 seconds, so there should be at most a 2 minute outage if your IP address changes.
<paulproteus>
Also kentonv's idea. I just wrote the code. (-; (and jparyani wrote some of it too, actually)
<jorge>
you guys totally rockf
<jorge>
rock
<paulproteus>
Well thanks (-:
<jorge>
So all I have to do is map that port and I win?
<paulproteus>
Yup
<jorge>
words fail me
<jorge>
ok, so what about mail?
<jorge>
mx records
<paulproteus>
For MX records, they're not theoretically needed if the A record is the same as the MX record.
<paulproteus>
(as the MX record would be)
<paulproteus>
That's for inbound mail.
<paulproteus>
For outbound mail, you don't need MX records, although arguably you need something like SPF records for people to trust mail that they receive from you.
<jorge>
can't redirect for that sub then. that's ok.
<paulproteus>
Yeah, no redirect for a subdomain this way.
nwf has joined #sandstorm
<jorge>
yes. dkim, spf, lifetime hobby for a mail server these days
<jorge>
just asking
<paulproteus>
We don't have anything set up for the SPF stuff yet, though I'd like to get to that soon, you can see someone on github.com/sandstorm-io/sandcats/issues asking for that.
<paulproteus>
I think my plan (curious what you think) is to set people up with free-of-cost mailgun.com accounts by default, and if they want to remove that feature, they can remove it.
<jorge>
just a sec
<paulproteus>
And then we could set up SPF SenderID etc for people who are OK with outbound mail going via a service like Mailgun.
<paulproteus>
Sure
<jorge>
yes, mailgun. that's what I recommended in a light tut I did for sandstorm
<jorge>
free for low volumes
<paulproteus>
Oh cool! (-:
<paulproteus>
Where's this tutorial?
<paulproteus>
I'd love to share a link to it from twitter.com/SandstormIO.
<jorge>
only thing on gemlog.ca
<paulproteus>
Ohhhhh hi nice to see you again (-:
<jorge>
maybe too old though now
<jorge>
I don't think it's linked anywhere anyhow though
<paulproteus>
Well I guess there's something to update there.
<jorge>
Is it still valid? I got busy and also finally upgraded boxes at home.
<paulproteus>
I think it's all accurate, but it's written pre-sandcats, so things are easier now for people who use the sandcats DNS & HTTPS service.
<jorge>
si. very much so!
<jorge>
maybe I should take it down
<paulproteus>
Or you could write a new post above it saying, "My Sandstorm post from before was written before sandcats.io was ready. Now that it's ready, think about using that for DNS and HTTPS setup!"
<jorge>
also with (3) in your doc, some linux boxen run fw by default
<jorge>
;-)
<jorge>
yes, could do that
<jorge>
... so portmapping at router won't be enough. need to punch holes or stop fw
<paulproteus>
Fixed, thanks (-:
<jorge>
just to be clear it wasn't the router
<jorge>
I know you'll prettify all that text later
<jorge>
for those wondering about the gaps in conversation it's