Pardon the title, I need to vent. I installed my first public facing app, and I am ready to format my system and never touch Yunohost again.
I’ve used YNH on my server for almost a month now. From the outset I setup a few apps that are just meant to sit in the background and do their thing: Radarr, Sonarr, Transmission are just for me and my household and for what they are they work. I’ve been SSHing in and transferring files with SFTP, no problem. Then I started tinkering with a public facing website, and here my frustrations began.
I installed the unofficial microblog.pub app to try out a self-hosted ActivityPub site. I’ve been setting up websites for decades, ranging from CMSes to plain HTML/CSS - I even managed to maintain a Nextcloud instance for eight years - but the shared hosting I’ve used prohibited command line access so YNH opens new opportunities for me. In theory, that is, because when I set up a new site, the first thing I do is crack open the CSS and config files to customise it.
At this time there are no detailed YNH web admin configurations for Microblog.pub, but it is a fairly simple setup with straightforward configuration instructions: Open and edit a TOML file, save, restart. Cool, I assumed all of the files needed should be in /var/www/
. Rather than dig around with SSH I opened Filezilla to edit them with SFTP, but… my admin account doesn’t have access to /var/www/
? Wouldn’t it be intuitive that a web admin should have access to that folder?
So I enter the folder as root with SSH, and there is nothing there but the standard NGINX HTML file. Okay, I may not be used to the inner workings of a web server, but I’ve run Debian for several years, so I dig around the usual locations to find where the app is actually installed. There is no sign in either my user’s or the yunohost-app ~/
folders. In fact, out of the six YNH apps I have installed, only two have subdirectories in ~/yunohost-app/
. Transmission is its own user with a separate home directory; the three others are nowhere to be seen.
No sign of Microblog.pub in /usr/share
, /usr/local/
, /etc/default
, either. /etc/yunohost/
looks salient, but I don’t have access. The microblog.pub-ynh uninstall instructions give a hint that at least some app profile information should be in /opt/yunohost/microblogpub/
. But my “admin” account is denied access.
At this point I begin to suspect something is wrong with the YNH user permissions. If this were a plain Debian system I would consult the support pages. The same approach with YNH leads me to a page that says In YunoHost permission management web admin interface, you can specify which user can access your system through SFTP. No further instructions given, but I still manage to find the user permission settings interface. The only user that I can add SFTP to is my admin account, so that’s what I do. I reconnect with Filezilla, and where I could access the entire file system before, now I can only read the /home
directory.
So granting permissions to my account in the web admin UI actually limited my access. What the hell? Back in that permissions interface, app permissions for Micropub.blog are already granted to all users, so I get error messages when I try to explicitly grant them to individual accounts. Now, I still want to believe that Yunohost has some semblance of logic despite the absolute state of the documentation and irrational permissions policies, and despite the fact that app files are tucked away in corners of my system that I’m apparently not allowed to access.
The YNH documentation also gives an example of granting SFTP edit permissions using CLI, but this includes binding a /var/www/
subdirectory to one in ~/apps/
… Once again, there are no directories whatsoever in my /var/www/
.
Let me remind you that through all of this all I needed was to edit a config file and customise some CSS! It is only with an SSH search as root for any TOML files that I realise that yes, the files I need are really in /opt/yunohost/microblogpub/microblogpub/
(great nesting of identically named directories, there!) and /etc/yunohost/microblogpub/
… ie, directories that I - a flipping admin - cannot access in a visual way through SFTP, and need root to access in SSH.
In other words, Yunohost makes it really easy to set up server software that I couldn’t install on my previous shared hosting, but with the density of user permissions and labyrinthine file locations makes it almost impossible to perform simple tasks like editing a CSS file. It did occur to the developers that people want to also tinker with the web apps we install?
Before installing YNH I quite happily hosted Transmission and a few media NFS shares on my home network using bare Debian. YNH does set up a firewall and NGINX for you, but the overbearing handholding past that point is utterly frustrating. I find myself spending more time accommodating to the restrictions and forced workflows of YNH than I do actually using the apps I install. After spending a day trying to find files that should have been up front and accessible to me, the person who installed them, I can’t say that the benefits of Yunohost outweigh the complete black box that it has made of my system.
Hardware: Old laptop or computer
YunoHost version: 5.10.0-23-amd64
I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen | Through SFTP
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no