[Scroll down for some screenshots]
Hey guys, many thanks for all of your opinions! After your cautious but overall very positive feedback, I decided to give it a shot! In the following, I want to give you some insight into my ideas and considerations as well as my progress on the kirby fleet manager (short: kfm):
1. System design
The first idea evaluation from the screenshot above was with Python/FastAPI as a backend framework, which is my intuitive choice for tinkering. But as you expressed a clear preference for self-hosting, a PHP-based stack will probably be much more intuitive for the Kirby developer community. So I decided to go with Laravel, which is an really awesome framework and brings nearly everything I need. It also brings multiple database adapters (sqlite, MariaDB, PostgreSQL, …), which might be helpful for different deployment scenarios.
Frontend-wise I thought about using Vue.js, but for now I will stick with Blade templates and Alpine.js for some interactive elements.
I want to get started with the three main features: Uptime monitoring, a Kirby system overview and of course Notifications if something goes wrong. All three are or will be based on Laravel’s tasks scheduling, which comfortably needs a single cronjob to be configured.
2.1 Uptime monitoring
As a first step, I implemented a simple ping request with latency measurement, status code tracking and some other metrics. The data get stored in the database and I set a data retention period of seven days – later this will surely be an user adjustable value. And: Uptime monitoring will of course work for any website, not only Kirby pages.
2.2 Kirby System Overview
The overall goal is to display all relevant metrics from the Kirby system tab and give some helpful advices. Currently, it only visually indicates if Kirby is at the latest version (green) or not (orange). The next step here is to give more insights by parsing
https://getkirby.com/security.json and distinguish between feature (orange) and necessary updates (red). And the same also for Plugins. Additionally, also the known incidents will be listed on the details page for a website, as in the Kirby system tab.
I’ve taken @bastianallgeier security concerns about dumping system information out of Kirby to heart, and after much deliberation I think I’ve come up with a really good and secure solution for this:
I’m planning to implement an OpenID Connect/OAuth2.0 based authentication/authorization flow using Json Web Tokens (short: JWT) and Json Web Key Set (short: JWKS). Thereby, kfm issues a JWT using public-key crypto and sends it together with the query request to the endpoint provided by the kirby-fleet-manager-plugin at a Kirby instance. In the plugin config, the web address to the kfm is configured, so that the Plugin can reach the kfm’s JWKS (containing the public key of the issuer) and can thereby cryptographically verify the incoming request.
This exact method is for example used by Microsoft Azure to provision user and group data to external directories, which are at least as worthy of protection as our Kirby system information. And for those who are particularly cautious, there can additionally be an IP whitelisting
Obviously, this is quite important. I’ll start with basic email alerts and if the need is there, there will certainly be further integrations such as Telegram bots later on. The exciting part is definitely finding sensible mechanisms so that the notifications don’t get on your nerves. Good default settings are certainly the first, generous configurability the next step for later on.
Uptime issues should probably be sent after some retries and I’m thinking about a batched email notification for all pages when there are available or necessary Kirby updates. It should also be possible to mute individual pages if, for example, the support contract with the customer has expired.
It’s really important to me to build something many can profit from. So please let me know what you think, here, on Discord or via email@example.com. Please also let me know (preferably by mail) if you’re interested in beta testing or even contributing!
After collecting your feedback, I’m planning to add the missing features described above for a stable and satisfactory V1 of the kirby fleet manager. Until then, I would also like to find a suitable license model. Currently I have in mind that the tool can be used for up to 3 websites free of charge and above that a one-time license fee for each major version is needed. And as soon as the license is in place, the source code can also be published.
When I got this far I will be very happy, but I have many more feature ideas for later on and I hope you too! For example:
- Multi-user and team management
- 2FA security for login
- Collecting error logs from Kirby installations
- Lexoffice integration for automatic sending of Kirby update offers to customers without maintenance contracts
So, please let me know your ideas and opinions on this!