Documentation Overview

  1. Operation documentation
    1. Installation
      1. Run UBOS on a PC (64bit)
      2. Run UBOS from a boot stick on a PC (64bit)
      3. Run UBOS in a VirtualBox virtual machine (64bit)
      4. Run UBOS on an Amazon Web Services EC2 virtual server
      5. Run UBOS on Raspberry Pi 5
      6. Run UBOS on ESPRESSObin
      7. Run UBOS in a Linux container on a PC (64bit)
      8. Run UBOS in an aarch64 Linux container
    2. Setting up your first Site and App
    3. Setting up networking and DNS
    4. How to create a website secured by SSL/TLS
    5. How to set up a website as a Tor hidden service
    6. Managing Sites and Apps
    7. Backup and restore
    8. Upgrading and keeping UBOS current
    9. The UBOS Staff
    10. App-specific notes
      1. Reliably send e-mail via Amazon Web Services’ Simple E-mail Service: amazonses
      2. Static website hosting with rsync-based upload: docroot
      3. Notes on Mastodon
      4. Notes on Nextcloud
      5. Notes on Redirect
      6. Notes on Wordpress
    11. Device-specific Notes
      1. ESPRESSObin
      2. Raspberry Pi
    12. Advanced management
      1. Enabling non-standard package repositories
      2. Migrating from one App to another
      3. Pinning resources
    13. Command reference
    14. FAQ, HOWTOs and Troubleshooting
      1. “Package not found error” when installing a new App or Accessory
      2. A UBOS container comes up degraded
      3. Booting UBOS on a PC starts out fine, but then the screen goes blank
      4. Can I run UBOS in a Docker container?
      5. Can I use UBOS without purchasing a domain name?
      6. Cannot access MySQL database. File missing: /etc/mysql/root-defaults-ubos.cnf
      7. Cannot boot UBOS from boot stick on a PC
      8. Cannot connect to the public internet from a UBOS container
      9. Cannot create a temporary backup; the backup directory is not empty
      10. Failed to create file /sys/devices/system/cpu/microcode/reload
      11. How are the various UBOS images different from each other?
      12. How can I install more than one web App on the same Device?
      13. How do I set up WiFi?
      14. How to enable non-standard Package Repositories
      15. How to get help
      16. How to log into your UBOS Device
      17. How to modify the configuration of your Site
      18. How to report a bug or issue
      19. How to use Pagekite to reach your UBOS Device behind a firewall
      20. How to use SSH
      21. I need a Package that isn’t in UBOS
      22. I need root
      23. I own a domain name, and I’d like to use it for my UBOS Device. How do I do that?
      24. I want to move from one device to another, or from/to the cloud to/from a device
      25. I want to run ssh on a non-standard port
      26. I’m running out of disk space, what now?
      27. Installing a new Package or updating fails with a message about “invalid or corrupted package” or “key is disabled”
      28. Installing a new Package or upgrading fails with a message about “unknown trust”
      29. Is it safe to have my Site accessible from the public web?
      30. My non-English keyboard layout is all screwed up
      31. My SD card is much larger than the UBOS image. How do I use the rest of the space?
      32. Nothing happens when UBOS is supposed to be booting
      33. Problems with “IPv6 Packet Filtering Framework”
      34. UBOS is in a “degraded” state
      35. ubos-admin status reports “Systemd unit … has failed”
      36. Verify your downloaded UBOS image
      37. What is the default “root” password?
      38. What text editor can I use on UBOS?
      39. Why did you derive UBOS Linux from Arch Linux, and what is the relationship between UBOS Linux and Arch?
      40. Why is it called UBOS?
      41. Writing a disk image to a USB stick or SD card
        1. Writing an image to a USB stick or SD card on Linux
        2. Writing an image to a USB stick or SD card on macOS
        3. Writing an image to a USB stick or SD card on Windows
  2. Developer documentation
    1. Developer setup
      1. Developing using Arch Linux on VirtualBox x86_64 with a systemd-nspawn container
      2. Developing using a UTM Arch Linux VM on Apple Silicon computers with UBOS in a systemd-nspawn container
      3. Alternate developer setups
        1. Developing using a systemd-nspawn container (Linux host only)
        2. Developing using Arch Linux using Parallels on Apple Silicon with a systemd-nspawn container
        3. Developing using a UTM Arch Linux VM on Apple x86_64 computers with UBOS in a systemd-nspawn container
    2. Developer tutorials for standalone UBOS apps (not UBOS Mesh)
      1. Build and run your first UBOS standalone App
      2. How to package UBOS standalone Apps built with a variety of languages
        1. Hello World
        2. Glad-I-Was-Here (PHP, Mariadb)
        3. An Accessory for Glad-I-Was-Here (PHP, Mariadb)
        4. Glad-I-Was-Here (PHP, Postgresql)
        5. Glad-I-Was-Here (Python, Mariadb)
    3. UBOS Gears Reference
      1. UBOS Manifest
        1. Structure of the UBOS Manifest
        2. Info section
        3. Roles section
        4. Customization points section
        5. Appinfo section
        6. Accessoryinfo section
        7. Variables available at deploy or undeploy
        8. Functions that may be applied to variables
        9. Creating random values
        10. Scripts in UBOS Manifests
      2. Site JSON
      3. A complex deployment example
      4. UBOS Networking
      5. Allocating and opening up non-default ports
      6. Logging
      7. UBOS state
      8. UBOS Backup format
      9. Format of the App Status JSON
      10. Testing standalone Apps with “webapptest”
      11. Understanding ubos-admin
        1. Command: ubos-admin backup
        2. Command: ubos-admin backupinfo
        3. Command: ubos-admin createsite
        4. Command: ubos-admin deploy
        5. Command: ubos-admin hostid
        6. Command: ubos-admin init-staff
        7. Command: ubos-admin list-data-transfer-protocols
        8. Command: ubos-admin listnetconfigs
        9. Command: ubos-admin listsites
        10. Command: ubos-admin read-configuration-from-staff
        11. Command: ubos-admin restore
        12. Command: ubos-admin setnetconfig
        13. Command: ubos-admin setup-shepherd
        14. Command: ubos-admin showappconfig
        15. Command: ubos-admin shownetconfig
        16. Command: ubos-admin showsite
        17. Command: ubos-admin status
        18. Command: ubos-admin undeploy
        19. Command: ubos-admin update
        20. Command: ubos-admin write-configuration-to-staff
    4. Release channels and UBOS release process
    5. Miscellaneous
      1. Potentially useful infrastructure for standalone Apps
        1. The UBOS rsync server
      2. Middleware-specific notes
        1. Node.js notes
        2. SMTP notes
      3. Setting up an Arch Linux system as a UBOS development system
        1. How to create a UBOS development VM for VirtualBox on x86_64
        2. How to create a UBOS development VM for UTM on x86_64 Apple computers
        3. How to create a UBOS development VM for UTM on Apple Silicon computers
        4. How to create a UBOS development VM for Parallels Desktop on Apple Silicon computers
      4. Creating cloud images
        1. Amazon Web Services EC2
    6. Developer FAQ
      1. Doesn’t apt / dpkg / yum / pacman etc. does what UBOS Gears does already?
      2. Doesn’t puppet / chef / ansible etc. does what UBOS Gears does already?
      3. Doesn’t Docker do what UBOS Gears does already?
      4. Is it possible to run UBOS Gears or Mesh on an operating system other than UBOS Linux?
      5. Can I manage apps packaged as Docker containers with UBOS?
  3. Architecture
  4. Glossary
    1. Accessory
    2. App
    3. AppConfigId
    4. AppConfigItem
    5. AppConfiguration
    6. Arch
    7. Arch Linux
    8. Attribute
    9. blessing
    10. Bot
    11. Context Path
    12. Customization Point
    13. Data Transfer Protocol
    14. Deployment
    15. Depot
    16. Device
    17. Device Class
    18. diet4j module framework
    19. EntityType
    20. Flock
    21. Gradle
    22. Handlebars
    23. History
    24. Home Server
    25. HostId
    26. Hostname
    27. IDE
    28. Installation
    29. LetsEncrypt
    30. mDNS
    31. MeshBase
    32. MeshObject
    33. MeshObjectIdentifier
    34. MeshType
    35. MeshTypeIdentifier
    36. Middleware
    37. Model
    38. Network Configuration
    39. Package
    40. Pagekite
    41. Parallels Desktop
    42. Personal Server
    43. PKGBUILD
    44. Property
    45. PropertyType
    46. Relationship
    47. RelationshipType
    48. Release Channel
    49. Repository
    50. Retention Bucket
    51. Role
    52. RoleAttribute
    53. RoleProperty
    54. RoleType
    55. Rolling Release
    56. Shepherd
    57. Site
    58. Site JSON
    59. Site JSON Template
    60. SiteId
    61. Transaction
    62. Transaction Log
    63. UBOS Gears
    64. UBOS Linux
    65. UBOS Manifest
    66. UBOS Mesh
    67. UBOS Mesh code generator
    68. UBOS Project
    69. UBOS Staff
    70. unblessing
    71. UTM
    72. VirtualBox
    73. VMWare
    74. Wildcard hostname

A complex deployment example

/docs/development/reference-gears/complex-deployment-example/

In the real world, apps and sites tend to be more complex than the toy apps. Let’s look at one such example, and dissect what happens in detail when such a more complex Site is deployed.

In this example, we deploy a TLS-encrypted Site as it might be used by a small business: it runs a public website, using Wordpress, with an additional plugin. It also runs Nextcloud for the company’s filesharing and calendaring needs, with the Redis cache and calendar accessories. The main site is going to be at https://example.com/. In the real world, we would probably also set up a site at https://www.example.com/ that runs the redirect App to redirect to the main site, but we won’t discuss this here.

The Site JSON file for example.com might look as follows:

{
    "hostname" : "example.com",
    "siteid" : "s6641ad1b780d2330247896c0fe74438fb1e19a33",
    "tls" : {
        "letsencrypt" : true
    },
    "appconfigs" : [
        {
           "appid" : "wordpress",
           "context" : "/blog",
           "appconfigid" : "a5830f84d072d95001a272ab7a5ee2866f93972d0",
           "accessoryids" : [
               "wordpress-plugin-photo-dropper"
           ]
        },
        {
            "appid" : "nextcloud",
            "context" : "/nextcloud",
            "appconfigid" : "a3e2e73410ad9a09fa82794783cd76eb602276736",
            "accessoryids" : [
                "nextcloud-calendar",
                "nextcloud-cache-redis"
            ]
        }
    ]
}

Some observations about the Site defined by this Site JSON file:

  • UBOS needs to obtain a TLS certificate from LetsEncrypt. Because letsencrypt.org performs a callback to this Site to verify ownership, UBOS needs to temporarily stage certain files with the web server that, obviously, should not conflict with any Apps installed at the same Site.

  • After the files for Wordpress and the Wordpress plugin have been put in the right places, the Wordpress plugin needs to be automatically activated by Wordpress.

  • Similarly, after the files for Nextcloud and the Nextcloud accessories have been put in the right places, the accessories need to be activated in Nextcloud as Nextcloud apps.

  • The Redis cache accessory just provides a connector a running Redis daemon (Redis). This deamon needs to be started and stopped at the right times.

  • A unique password needs to be generated that’s used to communicate between the Nextcloud Redis cache extension, and the Redis daemon.

Let’s assume we have the above Site JSON file saved to example.com.json. Then we deploy the Site with:

% sudo ubos-admin deploy --file example.com.json

Here is what UBOS does in (reasonable) detail:

  1. Check the Site JSON file:

    1. It is syntactically correct.

    2. It contains all required fields with syntactically valid values.

    3. It can be deployed to the current Device:

      1. The hostname of the new Site does not conflict with the hostname of any Site already deployed to the current Device.

      2. None of the AppConfigIds conflicts with an existing one. Note that the SiteId is not checked for conflicts, as it is perfectly valid to redeploy an already-deployed Site. This redeployment would cause the existing Site to be reconfigured to the new configuration.

    4. Whether it is a new Site, or an update of an already-existing Site. We won’t discuss the latter here as it makes things even more complex.

  2. Set a flag that prevents other, concurrent invocations of ubos-admin.

  3. Download and install needed packages:

    1. Download and install the App and Accessory Packages referenced in the Site JSON file, and their package dependencies. In our example, they are: wordpress, wordpress-plugin-photo-dropper, nextcloud, nextcloud-calendar, nextcloud-cache-redis, and dependencies such as php and redis.

    2. Now that the Packages for the Apps and Accessories have been downloaded and installed, UBOS can examine their respective UBOS Manifest. First, UBOS downloads and installs the Packages (and, recursively, their dependencies) listed as dependencies in the various (applicable) Role sections in the UBOS Manifest of all the Apps and Accessories. Here: from Wordpress: php, php-apache; nothing from the Photo Dropper Accessory; from Nextcloud: php-apache, php-apcu, php-gd, php-systemd; from the Redis cache Accessory: php-redis.

  4. Check the semantics of the intended configuration. This can only be done now that the UBOS Manifest files are available:

    1. The AppConfigurations at the same Site may not be deployed to conflicting Context Paths. Here we have /blog (for Wordpress) and /nextcloud (for Nextcloud), which is fine.

    2. Values for all required Customization Points have been provided, or have defaults. Here, the value for the Wordpress blog’s title is taken from the default specified in the UBOS Manifest of App Wordpress, and the Redis password for the Nextcloud Redis cache is automatically generated because a random password generation expression has been specified in the UBOS Manifest of the Redis cache Accessory.

    3. Values of the Customization Points are valid according to the constraints specified in the respective UBOS Manifest.

    4. The Accessories specified in the AppConfiguration can be used with the App in that same AppConfiguration. This would catch, for example, if the Site JSON file specified that the Nextcloud Redis cache was supposed to be used with Wordpress instead of Nextcloud.

    5. The UBOS Manifest of all Apps and Accessories is valid. This includes checks for:

      1. Syntactic correctness.

      2. Semantic correctnes.

      3. The files mentioned in the UBOS Manifest actually exist in the file system. This would catch, for example, if the script to activate a Wordpress plugin, contained in the Wordpress package, had been renamed in a recent package update, but an Accessory depending on it hadn’t been updated and was still referencing the old location.

      4. If an Accessory requires the presence of another Accessory at the same AppConfiguration per its UBOS Manifest, check that it is actually present (this does not apply in our example and is rare; an example would we a Wordpress theme, packaged as an Accessory that is a child theme of another Wordpress theme, packaged as a separate Accessory).

  5. As this is the deployment of a new Site, no existing Site needs to be suspended.

  6. Set up a placeholder Site at the same hostname:

    1. Create an Apache configuration file for this virtual host whose document directory is the “maintenance” document directory

    2. Restart Apache.

  7. Obtain the LetsEncrypt certificate:

    • Invoke the certbot program to create a TLS keypair, stage the challenge files in the right location so letsencrypt.org can retrieve them via HTTP, have LetsEncrypt issue a certificate for it, and then save the certificate in the right place with the right Apache configuration directives for it.

  8. Deploy the Site:

    1. Create the directories needed by Apache2 for this Site.

    2. Process all AppConfigurations:

      1. For the Wordpress AppConfiguration:

        1. Create the directory blog below the Site’s Apache document root directory.

        2. First process App Wordpress:

          1. Save the title Customization Point to a file with a well-known location so the ${installable.customizationpoints.title.file} variable can be resolved later.

          2. Process all AppConfigItems for the mysql Role of App Wordpress:

            • Provision a new MySQL database.

            • Provision a new MySQL database user and give it all privileges to the newly provisioned MySQL database, as that is what is specified in the UBOS Manifest.

          3. Create a symbolic link in the Apache modules directory so Apache will load the ssl Apache module upon restart.

          4. Create a symbolic link each in the Apache modules directory so Apache will load all Apache modules upon restart that are specified in Wordpress’s UBOS Manifest: php7 and rewrite.

          5. Create a file each in the PHP modules directory so Apache’s PHP module will load all PHP modules specified in Wordpress’s UBOS Manifest: gd, iconv, mysqli and pdo_mysql.

          6. Process all AppConfigItems for the apache2 Role of App Wordpress, in sequence. This includes:

            • Recursively copy directory trees to the /blog subdirectory of the Site’s Apache document root.

            • Create directories relative to the /blog subdirectory of the Site’s Apache document root.

            • Run the wp-config.pl file that generates the wp-config.php file below the /blog subdirectory of the Site’s Apache document root.

            • Copy the two htaccess files to below the /blog subdirectory of the Site’s Apache document root, while replacing the variables contained in them.

        3. Now process Accessory Photo Dropper:

          1. Process the single AppConfigItem for the apache2 Role of Accessory Photo Dropper:

            • Recursively copy its files into wp-plugins subdirectory below the Wordpress installation

      2. For the Nextcloud AppConfiguration:

        1. Create the directory nextcloud below the Site’s Apache document root directory.

        2. First process App Nextcloud:

          1. Process all :term:AppConfigItems <AppConfigItem> for the mysql Role: of App Nextcloud:

            • Provision a new MySQL database.

            • Provision a new MySQL database user and give it all privileges to the newly provisioned MySQL database.

          2. Create a symbolic link each in the Apache modules directory so Apache will load all Apache modules upon restart that are specified in Nextcloud’s UBOS Manifest: php7, rewrite, headers, env and setenvif.

          3. Create a file each in the PHP modules directory so Apache’s PHP module will load all PHP modules specified in Nextcloud’s UBOS Manifest: apcu, gd, iconv, mysqli, pdo_mysql and systemd.

          4. Process all :term:AppConfigItems <AppConfigItem> for the apache2 Role: of App Nextcloud, in sequence. This includes:

            • Recursively copy directory trees to the /nextcloud subdirectory of the Site’s Apache document root.

            • Create directories relative to the /nextcloud subdirectory of the Site’s Apache document root.

            • Copy files while replacing the variables contained in them.

            • Run the Perl script fix-permissions.pl

            • Start the Systemd timer that runs the Nextcloud background process.

        3. Now process Accessory Nextcloud Calendar:

          1. Process the single AppConfigItem for the apache2 Role: of Accessory Nextcloud Calendar:

            • Recursively copy its files into apps subdirectory below the Nextcloud installation.

        4. Now process Accessory Nextcloud Redis Cache:

          1. Create a file each in the PHP modules directory so Apache’s PHP module will load all PHP modules specified in Nextcloud Redis Cache’s UBOS Manifest: redis and igbinary.

          2. Process all AppConfigItems for the apache2 Role: of Accessory Nextcloud Redis Cache, in sequence. This includes:

            • Create directories below the AppConfiguration’s data directory.

            • Copy the Redis configuration file into the right place, while replacing the variables contained in them (e.g. ${appconfig.appconfigid}, which uniquely identifies this Nextcloud installation from any other running on the same Device, thus allowing multiple Redis daemons to coexist on the same machine)

            • Start a AppConfiguration-specific Redis Systemd service.

    3. Save the Site JSON file so ubos-admin can find the configuration again.

    4. Invoke the hostname callbacks for this Site. This depends on which are installed on the Device, but always includes:

      • Add the hostname of the Site to the /etc/hostname file, resolving to the local IP address.

  9. Run the installers:

    1. Run the installers for the Wordpress installation:

      1. According to Wordpress’s UBOS Manifest, run initialize.pl, which in turn invokes Wordpress’s installer script, so the user does not have to run it from the browser.

      2. According to Photo Dropper’s UBOS Manifest, run activate-plugin.pl (which is actually contained in the Wordpress Package) in order to activate the installed plugin, so the user does not have run it from the browser. As this script is invoked with the context of the Accessory’s variables, no arguments need to be specified.

    2. Run the installers for the Nextcloud installation:

      1. According to Nextcloud’s UBOS Manifest, run install.pl, which in turn runs various Nextcloud command-line commands to initialize the Nextcloud installation correctly. For example, it sets up logging to the system journal instead of the default log file.

      2. According to Nextcloud Calendar’s UBOS Manifest, run activate-app.pl (which is actually contained in the Nextcloud Package) in order to activate the installed Accessory (called “app” by the Nextcloud project), so the user does not have run it from the browser.

      3. According to Nextcloud Redis Cache’s UBOS Manifest, run activate-deactivate.pl, which in turn runs various Nextcloud command-line commands to configure the Nextcloud installation to use the correct Redis instance.

  10. Update the open ports if needed. Neither Wordpress nor Nextcloud open any non-standard ports, but if an App or Accessory requested to open up a port, UBOS would reconfigure its firewall to permit this.

  11. Resume the Site:

    1. Update the Apache virtual host configuration:

      1. Save “well-known” files, like robots.txt (none specified in the example).

      2. Create the Apache virtual host configuration file.

      3. Restart Apache.

Perhaps a good time to state that as a developer, you very rarely really have to know all of this :-)