I’m in the middle of rebuilding my server. For years I provisioned one-off virtual machines for clients that needed custom solutions. Dedicated IPs for TLS (for shopping carts), custom coded extensions that turned a photo app into a shopping cart, email servers, etc. I’ve been maintaining those VMs for years while the cost of technical debt has been growing.
The base OS in the VMs is years old. As software gets upgraded, the state of the VMs slowly drift and the result is a snowflake server. Upgrades frequently break something. I monitor most services and usually get them fixed before anyone notices. Still. Even on conservative OSes like Debian and FreeBSD, stuff regularly breaks and manual intervention is required. And those manual fixes here and there contribute to the drift.
So I’m rearchitecting everything for composability and simplicity. HAproxy handles all the HTTP redirection and HTTPS termination. The certificate management is now completely automated with Let’s Encrypt and acme.sh. HAproxy routes the requests to the backend web servers. No longer do apache, lighttpd, and nginx handle SSL/TLS or URL manipulation. The web server configs are simpler and require fewer customizations.