Installation/Dokku
Running Diaspora in your own PaaS with Dokku
Introduction
This guide outlines the steps to run your own Platform as a Service (PaaS) using Dokku and deploy diaspora to it. To keep this guide brief and to make sure you read the most up to date instructions, for some steps we simply link to instructions elsewhere. We simply describe steps that worked, there may be other or better ways to achieve the same. If you are following the steps on this page, please improve or update them where appropriate
Requirements
- A linux server running ubuntu 16.04 with at least 1GB memory
- A local development machine.
- (Optional) a domain name.
Let's say your domain name is yourdomain.tld
, if you don't have a domain name just replace it with the IP address of the server.
After completing this guide we will have Dokku on the linux server. This allows us to simply git push changes made on Diaspora to our server. Then Dokku will take care of the rest. It receives the changes builds and deploys the new version.
We assume you have setup and secured your linux server and have root access to it via ssh.
Install Dokku
Install Dokku following their instructions. If you have a domain name, dokku can setup "Virtual Hosts" for each application you deploy. This means you can visit diaspora at diaspora.yourdomain.tld
and if you deploy another app called "myapp" you can visit it at myapp.yourdomain.tld
. Otherwise the address of each app will be <ip address>:<app port nr>
. You can also get the domain name later and enable the Virtual Hosts later.
After dokku is installed run
# on the server dokku apps:create diaspora
Local copy with Dokku as remote
On your local machine (not the server) make sure you have a clone of diaspora
git clone git@github.com:diaspora/diaspora.git
or clone it from your own fork. Create a branch from which we will push to dokku, and add dokku as a remote.
git checkout -b dokku_branch git remote add dokku dokku@yourdomain.tld:diaspora
The name of the remote must be dokku
. The local branch can have any name you want. Here we name it dokku_branch
to distinguish it from the name of the remote. They can both be called dokku, that is fine.
Postgres database
Thanks to the hard work of the Dokku team, setting up a database is now as simple as this.
#install postgresql. On the server run dokku plugin:install https://github.com/dokku/dokku-postgres.git # create a postgres database for diaspora dokku postgres:create diaspora-db dokku postgres:link diaspora-db diaspora
The postgres:link command creates an environment variable DATABASE_URL and makes that available to the diaspora app. Then diaspora can use this url within its database.yml configuration.
Configuration
Diaspora is configured with two files. database.yml and diaspora.yml. In git these two files are ignored and so they won't be pushed when we push to dokku.
Open the .gitignore file and remove these two lines
config/diaspora.yml config/database.yml
Never write anything secret in these files. Only use environment variables. Open config/database.yml.example. Edit the part near the bottom, change the production section to
production: <<: *combined database: diaspora-db url: <%= ENV['DATABASE_URL'] %>
then save the file as config/database.yml. Copy config/diaspora.yml.example and save it as config/diaspora.yml, but don't edit this file.
Open the Gemfile and add this line as the second line:
ruby "2.4.1"
Then run
echo 2.4.1 > .ruby-version bin/bundle install
Commit all changes on your dokku_branch
.
git add . git commit
Environment Variables
The rest of the configuration can be done on the server. Every value in diaspora.yml can be set with an environment variable as described in the file itself.
Here we set a few as example
dokku config:set --no-restart diaspora SETTINGS_POD_NAME=MyPod ENVIRONMENT_ASSETS_SERVE=true ENVIRONMENT_URL=yourdomain.tld RAILS_SERVE_STATIC_FILES=true SERVER_RAILS_ENVIRONMENT=production SERVER_EMBED_SIDEKIQ_WORKER=false ENVIRONMENT_CERTIFICATE_AUTHORITIES=/etc/ssl/certs/ca-certificates.crt
These variables are not in diaspora.yml, but we set them as well
dokku config:set --no-restart diaspora RAILS_ENV=production BUNDLE_WITH=postgresql PORT=5000 BUNDLE_BUILD__SIGAR="--with-cppflags='-fgnu89-inline'" BUNDLE_WITH="production:postgresql"
Push and deploy
Now we can push and deploy with
git push dokku dokku_branch:master
This will create the master branch in the remote dokku repository. Note the name of the remote branch must be master
.
The first push and deploy will take a long time. Once it's done the app starts, but the database is not created yet. On the server run
dokku run diaspora "env RAILS_ENV=production bin/rake db:create db:migrate" dokku ps:restart diaspora
Setup Redis, Sidekiq and Letsenscrypt
To get all of the functionality in diaspora working we need to setup a connection to redis and secure the server with SSL.
Redis
We run redis in a separate container, using the redis plugin.
sudo dokku plugin:install https://github.com/dokku/dokku-redis.git redis dokku redis:create diaspora-redis dokku redis:link diaspora-redis diaspora
After linking redis, the diaspora app is restarted. Now posts made from your pod can appear on other pods! However, we still cannot see any posts made by users on other pods. To get that working we need to start a separate container for sidekiq.
dokku ps:scale diaspora sidekiq=1
Letsencrypt
Finally, we need an SSL Certificate to secure the server. This requires a domain name and requires dokku virtual hosts to be enabled. See here how to enable dokku vhosts if that was not enabled yet during installation.
We use the dokku letsencrypt plugin.
sudo dokku plugin:install https://github.com/dokku/dokku-letsencrypt.git
Add some configuration first, and make sure that require ssl is now set to true.
dokku config:set --no-restart diaspora DOKKU_LETSENCRYPT_EMAIL=youremail@yourdomain.tld ENVIRONMENT_REQUIRE_SSL=true
The guys at the letsencrypt plugin have done a great job. You can now acquire and install an SSL certificate and secure your website with a single command.
dokku letsencrypt diaspora
You can check the security of your site at ssllabs.com. Follow instructions there to improve security. See also this link for some helpful tips.
That's all.