Short background: I host an environment consisting of LXC containers with different functions like e-mail, XMPP server etc. One of them is a Nginx reverse proxy / Certbot which pulls a shared certificate for all (sub)domains I need and then it is mounted to all containers that need it. I know, probably not ideal, but it is what it is.
Now, I cannot follow the default Funkwhale install script, since it tries to install Certbot from Snap, which doesn't work by default inside LXC containers. Some posts suggest that enabling it is possible, but they are mostly "here's what worked for me" kind of instructions, and some suggest that it requires restricting the default LXC security measures: not ideal.
In theory, I don't need to use Certbot at all, because I can already create and mount the certificate from another container mentioned above. However, the install script in its current state bundles the "Install and manage" steps for both Nginx and Certbot, so I can have both or none. Enabling them, leads to the Certbot error, whereas disabling both leaves me with an unusable instance and this message:
Done!
- Everything was installed in the /srv/funkwhale directory
- Created a superuser account with username dominik and the password you supplied
- To complete the installation, you need to setup an Nginx or Apache2 reverse proxy: https://docs.funkwhale.audio/installation/index.html#reverse-proxy
- You can run management commands by calling /srv/funkwhale/manage, e.g /srv/funkwhale/manage import_files
- Edit your pod configuration in /srv/funkwhale/ansible/playbook.yml and apply the changes with: sudo /srv/funkwhale/ansible/reconfigure
- To upgrade to the latest version, run: sudo sh -c "$(curl -sSL https://get.funkwhale.audio/upgrade.sh)"
It seems that the message desynchronised with the documentation, because such section doesn't exist anymore, so here's my question: out of the following options, which one would be the easiest to handle this situation?
- Disable install and management for both Nginx and Certbot, and finish installation manually (How? Won't I loose in the long run, since the instance won't be "managed" during upgrades?)
- Modify the script to use the default Debian repo in place of Snap? (Probably would need to hand-maintain it for the rest of my life for every update?)
- Use another install method whatsoever? (Docker in LXC in another thing, unfortunately…)
- Something else?
Thank you for your time, if you read all of this.