An HTTPS Terminator Box

Over the last couple days at asquera we’ve been on a retreat at the Landhaus Fredenwalde. It’s really beautiful out here and it’s given me a chance to work on a few small projects which I’ve been wanting to explore for awhile now.

Anyways, yesterday I set up a system that uses Ansible, Let’s Encrypt, nginx, and DigitalOcean to terminate HTTP and proxy requests to arbitrary hosts. The intended use case for this is to have Github Pages sites able to be dropped onto a custom domain that is SSL enabled, but there are many other use cases which I haven’t experimented with (yet).

I was, primarily, interested in exploring using Ansible and DigitalOcean. It worked out quite well http://hoverbear.org/ is running on it at the moment!

Without further ado, you can check out the repository here. Trying it out on a test subdomain should be quite cheap (in the order of a few cents) and it’s rather interesting to poke at.

On Ansible

I’ve had some experience with Puppet, Chef, and Terraform in different capacities however I had only ever played with Ansible in a minimal fashion. In particular I’d only used Ansible as part of some course work on the GENI Experiment Engine which gives you slices of machines distributed around North America. I liked my experience and after a recent talk at the Berlin DevOps summit I was inspired to try it more.

So what’s the differentiator between it and the others? Well the big differences are:

So that’s basically it! Puppet, Chef, and Ansible all essentially address the same problems in different fashions and they all do so in a perfectly acceptable manner. I think it’s pretty much down to personal opinion and experience.

As for me, I’ll be using Ansible on my next few projects to learn more about it. I think I prefer it.