Limitations and solutions for using yunohost for more than 100 users?

The (useless) (and too long) intro

You can safely skip this section if you’re just interested in the question. This is just thoughts and opinions motivating the question

I deeply believe in selfhosting, but as of today, it’s still not easy to run your own server. Initiatives like yunohost demonstrate that maybe, running your own server will someday be as easy as installing and using ubuntu on a laptop.
I’ve no idea if we’ll ever get there, but as of today, we’re not there yet.
Yunohost is a great tool, but you still need quite some motivation and time to run your own server with it.
I know many people who are happy to be hosted on a small provider, but who are not willing to be their own provider. That’s why I believe that if I’m motivated to run a server, I would like to do it for quite a few people, for those people who will be happy to benefit this service, but not willing to create it themselves.
So this is not really self-hosting, more like small-hosting. However, small-hosting can complete it’s goal of decentralization with many different scales. Ten users on a server, fifty, a hundred, a thousand, all this is still fairly small compared to a google or facebook.

Yunohost make it really easy to run a server for someone with some knowledge and motivation. I think the gap between running a server with yunohost or installing things yourself is gigantic in fact. So in my opinion, yunohost is a great tool for small-hosting of all kinds of scales.

However in many parts of the forum and documentation, it is explicitly mentioned that it is not recommended to use yunohost for more than 100 users. The two reasons usually brought up are performance and security. I didn’t find extensive details or elaboration on those reasons (if I missed it, please point me to the right place :)), so this topic’s goal is to get to understand a bit better those limitations and, if there are, ways to overcome them.

The question(s)

To summarize the previous paragraph:
As it’s mentioned in the documentation and some places of the forum, yunohost wouldn’t be recommended for more than a 100 users.
Why, and can these limitations be overcome?

Security

In this post, @Aleks mentions that “there’s a general principle that you should reasonable trust your users before giving them access”.
I’m wondering what “ways” a “tech-savvy” could use to “mess up with your server”? And what could a server admin or the yunohost development do to prevent these?

Performance

If the server hardware is properly scaled, what are the performance issues raised with a big amount of users (say 500 for example)?

Other limitations?

What other limitations / reasons not to use yunohost could there be if you may host 500 people?

Note and comment

The aim of this topic is to understand the limitations related to yunohost itself. Of course, an administrator that host 500 people has a much bigger responsibility to make proper backups, anticipate downtimes and make sure to be reactive in case of problems (or properly warn it’s users that all this is not provided).

To me the intermediate scale between self-hosting and large scale professional hosting could be a very valuable brick in the internet freedom world. I wonder if yunohost can play a role in that or not.

Thanks for the ideas and interest in the topic

@Aleks and i (and probably the others contributors) agree with the intro you made. We already discussed it, we even tried to get fund to develop some features to support the use case of what we called “small and medium communities”. Recently, The Apprentilab from CNAM fund some of those features.

Contributors already did some fixes and improvements to support more users, for example security fix on ssh configuration, ssowat caching to support a big number of users, caching in webadmin to avoid page become to slow due to the number of users…

Here are some points we need to fix or develop to be able to run bigger instances properly:

Ergonomy

• Be able to manage hundreds of users correctly :
  • Import / export users massively (will be merge in 4.2)
  • search for users in user panel view on webadmin (already merged in 4.2)
  • replace combobox by searchable combobox (for example in permission view or in app install)
  • Edit/delete several users at a time with a select checkbox system
  • Allow users to reset their password (PR in progress)
  • Allow users to subscribe on an instance (by several ways) (PR in progress)
• Be able to specify the external email address of a user as it’s main mail address (and avoid mailbox creation?)

Stability

• Don’t broke 1 account on 30 during creation (a fix is available in 4.2 branch enh-csv)
• More test with 500 accounts
• Fix some LDAP limitation (some post around 400/500 users created indicates some LDAP error) ?

Performances

• Give ability to share and allocate RAM resources in order to boost performance of applications (i.e. with more than 50 users on nextcloud, you need morer workers, more rams allocated or your nextcloud will become unusable) - The work is in progress with the refactoring of experimental config-panel feature .
• Help users to size their servers. It’s important to understand the number of users possible depends of which kind of apps are used. Some apps like opensondage could support thousand of users and others are more ram consuming. We probably need to document or develop some feature to help admins in sizing correctly the server, and to avoid they could have 1000 users on nextcloud with one servers (in this situation nexctloud setup are done with several servers not just one).

Security

• Honestly i have several issues in mind that could be a problem with users in which the admin couldn’t trust. I won’t details it publicly here.
• Some alert or security score that compute leading surface could be very useful

Nice to have

Some other things could be good to have in this context:

• Small communities could have some specific network context (like a DSI department, some DNS restrictions, Certificate CAA limitations, specific firewall, other running servers) things we don’t properly managed
• Backup daily check to test backup integrity
• and probably a lot of others things

For me big instances, probably means some organization will need more professional supports / formation. Personally i won’t be able to cover that in other country than France. So we probably need people in their country that create kind of enterprise like reflexlibre.net ?

Thank you @ljf for the detailed answer, it gives a great overview of different aspects of the question I was raising, and even much more.
It’s also really nice to see that many of these things are actually being worked on and on their way to be fixed. I didn’t know that and it’s a great news.

Hello
Hosting hundreds user accounts is not the goal of the yunohost project.
It has been released to facilitate self hosting for individual persons and their families/friends. It’s not tailored for anything else.
Some professional open source services exist and can be used to host hundreds or even thousand user accounts (univention corporate server or zentyal, for example), with a friendly admin interface to configure the services.
In my opinion, yunohost must remain a personal self hosting solution, not an enterprise-class one.