Night before last was the heights of ecstasy, the depths of despair, and this morning I need to start cleaning up after the party/riot. Digitally speaking, it looks like a disaster area. All the pis are shut down; what exists is running on the back-up hardware.
YunoHost is a hosting administration tool. It automates the installation and maintenance of a range web services and applications, including single-sign-on across many of them. It even includes a fully-functioning e-mail server stack, and #XMPP server, by default. And all of it at best-practices security.
Which would make the life of a lowly amateur sysadmin very much easier, if it could be convinced to play nice in the sandbox with the already-existing collection of web applications and services.
But, most importantly of all, YunoHost successfully (although it takes a loooooong time) installs Mastodon on the Raspberry Pi. This is not a trivial accomplishment. After manually installing Mastodon successfully once, I was unable to actually connect to it with a browser to test. And this has become a major goal: to get a #fediverse #microblogging service online as part of the family of web sites.
So, with all these motivators, I was super pleased when I was finally able to connect to a new installation of YunoHost. I thought I had it transiting the reverse proxy without installing additional security certificates. The SSO page was fine, the first application (a webmail app) worked fine.
When I went to log in to Mastodon for the first time, browser blocked the site for a security error.
And it blocked every other site, even those utterly uninvolved in the YunoHost installation.
The only point in common was the Nginx reverse-proxy. Making direct connection to the previous server, which has been operating flawlessly behind the reverse-proxy, did not result in the browser block. So, as it was late at night and I was questioning my decision-making, I decided to fall back on the old server, and shut everything else down.
A few quick configuration file changes, and it was done. The old hardware was back in its rôle as sole device. The other machines were manually powered off. And I went to bed.
Now I have a wee bit of work ahead of me.