Installation/Dokku: Difference between revisions

From diaspora* project wiki
(How to run Diaspora on your own PaaS with Dokku)
 
(setup for redis, sidekiq and letsencrypt)
Line 4: Line 4:


This guide outlines the steps to run your own Platform as a Service (PaaS) using [http://dokku.viewdocs.io/dokku Dokku] and deploy diaspora to it.
This guide outlines the steps to run your own Platform as a Service (PaaS) using [http://dokku.viewdocs.io/dokku Dokku] and deploy diaspora to it.
To keep this guide brief and to make sure you read the most up to date instructions, for some steps we simply link to instructions elsewhere.
To keep this guide brief and to make sure you read the most up to date instructions, for some steps we simply link to instructions elsewhere. We simply describe steps that worked, there may be other or better ways to achieve the same. If you are following the steps on this page, please improve or update them where appropriate
This is somewhat experimental. We simply describe steps that worked, there may be other ways to achieve the same.


== Requirements ==
== Requirements ==
Line 19: Line 18:
We assume you have setup and [https://www.linode.com/docs/security/securing-your-server secured your linux server] and have root access to it via ssh.
We assume you have setup and [https://www.linode.com/docs/security/securing-your-server secured your linux server] and have root access to it via ssh.


= Install Dokku =
== Install Dokku ==


Install Dokku following the their [http://dokku.viewdocs.io/dokku/getting-started/installation/ instructions]. If you have a domain name, dokku can setup "Virtual Hosts" for each application you deploy. This means you can visit diaspora at <code>diaspora.yourdomain.tld</code> and if you deploy another app called "myapp" you can visit it at <code>myapp.yourdomain.tld</code>. Otherwise the address of each app will be  <code><ip address>:<app port nr></code>. You can also get the domain name later and enable the Virtual Hosts later.
Install Dokku following the their [http://dokku.viewdocs.io/dokku/getting-started/installation/ instructions]. If you have a domain name, dokku can setup "Virtual Hosts" for each application you deploy. This means you can visit diaspora at <code>diaspora.yourdomain.tld</code> and if you deploy another app called "myapp" you can visit it at <code>myapp.yourdomain.tld</code>. Otherwise the address of each app will be  <code><ip address>:<app port nr></code>. You can also get the domain name later and enable the Virtual Hosts later.
Line 27: Line 26:
dokku apps:create diaspora</nowiki>
dokku apps:create diaspora</nowiki>


= Local copy with Dokku as remote =
== Local copy with Dokku as remote ==


On your local machine (not the server) make sure you have a clone of diaspora
On your local machine (not the server) make sure you have a clone of diaspora
Line 37: Line 36:
The local branch can have any name you want. Here we name it <code>dokku_branch</code> to distinguish it from the remote branch <code>dokku</code> that we will create later. They can both be called dokku, that is fine.
The local branch can have any name you want. Here we name it <code>dokku_branch</code> to distinguish it from the remote branch <code>dokku</code> that we will create later. They can both be called dokku, that is fine.


= Dokku plugins =
== Postgres database ==
=== postgres ===
Thanks to the hard work of the Dokku team, setting up a database is now as simple as this.


  <nowiki>#install postgresql. On the server run
  <nowiki>#install postgresql. On the server run
Line 48: Line 47:
The postgres:link command creates an environment variable DATABASE_URL and makes that available to the diaspora app. Then diaspora can use this url within its database.yml configuration.
The postgres:link command creates an environment variable DATABASE_URL and makes that available to the diaspora app. Then diaspora can use this url within its database.yml configuration.


=== letsencrypt ===
Do this last. You must have a deployed app running, before you can secure it with the letsencrypt plugin.


== Configuration ==
== Configuration ==
Line 112: Line 108:
dokku run diaspora "env RAILS_ENV=production bin/rake db:create db:migrate"
dokku run diaspora "env RAILS_ENV=production bin/rake db:create db:migrate"
dokku ps:restart diaspora</nowiki>
dokku ps:restart diaspora</nowiki>
== Setup Redis, Sidekiq and Letsenscrypt ==
To get all of the functionality in diaspora working we need to setup a connection to redis and secure the server with SSL.
=== Redis ===
We run redis in a separate container, using the [https://github.com/dokku/dokku-redis redis plugin].
<nowiki>sudo dokku plugin:install https://github.com/dokku/dokku-redis.git redis
dokku redis:create diaspora-redis
dokku redis:link diaspora-redis diaspora</nowiki>
After linking redis, the diaspora app is restarted. Now posts made from your pod can appear on other pods!
However, we still cannot see any posts made by users on other pods. To get that working we need to start a separate container for sidekiq.
<nowiki>dokku ps:scale diaspora sidekiq=1</nowiki>
=== Letsencrypt ===
Finally, we need an SSL Certificate to secure the server. This requires a domain name and requires dokku virtual hosts to be enabled. See [https://stackoverflow.com/questions/21785901/dokku-change-settings-after-install/46009384#46009384 here] how to enable dokku vhosts if that was not enabled yet during installation.
We use the [https://github.com/dokku/dokku-letsencrypt dokku letsencrypt plugin].
<nowiki>sudo dokku plugin:install https://github.com/dokku/dokku-letsencrypt.git</nowiki>
Add some configuration first, and make sure that require ssl is now set to true.
<nowiki>dokku config:set --no-restart diaspora DOKKU_LETSENCRYPT_EMAIL=youremail@yourdomain.tld ENVIRONMENT_REQUIRE_SSL=true</nowiki>
The guys at the letsencrypt plugin have done a great job. You can now acquire and install an SSL certificate and secure your website with a single command.
<nowiki>dokku letsencrypt diaspora</nowiki>
You can check the security of your site at [https://www.ssllabs.com/ssltest/analyze.html]. Follow instructions there to improve security. See also [https://glebbahmutov.com/blog/running-multiple-applications-in-dokku/ this link] for some helpful tips.
That's all.

Revision as of 15:58, 2 September 2017

Running Diaspora in your own PaaS with Dokku

Introduction

This guide outlines the steps to run your own Platform as a Service (PaaS) using Dokku and deploy diaspora to it. To keep this guide brief and to make sure you read the most up to date instructions, for some steps we simply link to instructions elsewhere. We simply describe steps that worked, there may be other or better ways to achieve the same. If you are following the steps on this page, please improve or update them where appropriate

Requirements

  • A linux server running ubuntu 16.04 with at least 1GB memory
  • A local development machine.
  • (Optional) a domain name.

Let's say your domain name is yourdomain.tld, if you don't have a domain name just replace it with the IP address of the server.

After completing this guide we will have Dokku on the linux server. This allows us to simply git push changes made on Diaspora to our server. Then Dokku will take care of the rest. It receives the changes builds and deploys the new version.

We assume you have setup and secured your linux server and have root access to it via ssh.

Install Dokku

Install Dokku following the their instructions. If you have a domain name, dokku can setup "Virtual Hosts" for each application you deploy. This means you can visit diaspora at diaspora.yourdomain.tld and if you deploy another app called "myapp" you can visit it at myapp.yourdomain.tld. Otherwise the address of each app will be <ip address>:<app port nr>. You can also get the domain name later and enable the Virtual Hosts later.

After dokku is installed run

# on the server
dokku apps:create diaspora

Local copy with Dokku as remote

On your local machine (not the server) make sure you have a clone of diaspora

git clone git@github.com:diaspora/diaspora.git

or clone it from your own fork. Create a branch from which we will push to dokku, and add dokku as a remote.

git checkout -b dokku_branch
git remote add dokku dokku@yourdomain.tld:diaspora

The local branch can have any name you want. Here we name it dokku_branch to distinguish it from the remote branch dokku that we will create later. They can both be called dokku, that is fine.

Postgres database

Thanks to the hard work of the Dokku team, setting up a database is now as simple as this.

#install postgresql. On the server run
dokku plugin:install https://github.com/dokku/dokku-postgres.git
# create a postgres database for diaspora
dokku postgres:create diaspora-db
dokku postgres:link diaspora-db diaspora

The postgres:link command creates an environment variable DATABASE_URL and makes that available to the diaspora app. Then diaspora can use this url within its database.yml configuration.


Configuration

Diaspora is configured with two files. database.yml and diaspora.yml. In git these two files are ignored and so they won't be pushed when we push to dokku.

Open the .gitignore file and remove these two lines

config/diaspora.yml
config/database.yml

Never write anything secret in these files. Only use environment variables. Open config/database.yml.example. Edit the part near the bottom, change the production section to

production:
  <<: *combined
  database: diaspora-db
  url: <%= ENV['DATABASE_URL'] %>

then save the file as config/database.yml. Copy config/diaspora.yml.example and save it as config/diaspora.yml, but don't edit this file.

Open the Gemfile and add this line as the second line:

ruby "2.4.1"

Then run

echo 2.4.1 > .ruby-version
bin/bundle install

Commit all changes on your dokku_branch.

git add .
git commit

Environment Variables

The rest of the configuration can be done on the server. Every value in diaspora.yml can be set with an environment variable as described in the file itself.

Here we set a few as example

dokku config:set --no-restart diaspora
SETTINGS_POD_NAME='MyPod'
ENVIRONMENT_ASSETS_SERVE=true
ENVIRONMENT_URL=yourdomain.tld
RAILS_SERVE_STATIC_FILES=true
SERVER_RAILS_ENVIRONMENT=production
SERVER_EMBED_SIDEKIQ_WORKER=true
ENVIRONMENT_CERTIFICATE_AUTHORITIES=/etc/ssl/certs/ca-certificates.crt

These variables are not in diaspora.yml, but we set them as well

dokku config:set --no-restart diaspora
RAILS_ENV=production
BUNDLE_WITH=postgresql
PORT=5000
BUNDLE_BUILD__SIGAR="--with-cppflags='-fgnu89-inline'"
BUNDLE_WITH="production:postgresql"


Push and deploy

Now we can push and deploy with

git push dokku dokku_branch:master

This will create the master branch in the remote dokku repository. Note the name of the remote branch must be master. The first push and deploy will take a long time. Once it's done the app starts, but the database is not created yet. On the server run

# on the server
dokku run diaspora "env RAILS_ENV=production bin/rake db:create db:migrate"
dokku ps:restart diaspora

Setup Redis, Sidekiq and Letsenscrypt

To get all of the functionality in diaspora working we need to setup a connection to redis and secure the server with SSL.

Redis

We run redis in a separate container, using the redis plugin.

sudo dokku plugin:install https://github.com/dokku/dokku-redis.git redis
dokku redis:create diaspora-redis
dokku redis:link diaspora-redis diaspora

After linking redis, the diaspora app is restarted. Now posts made from your pod can appear on other pods! However, we still cannot see any posts made by users on other pods. To get that working we need to start a separate container for sidekiq.

dokku ps:scale diaspora sidekiq=1

Letsencrypt

Finally, we need an SSL Certificate to secure the server. This requires a domain name and requires dokku virtual hosts to be enabled. See here how to enable dokku vhosts if that was not enabled yet during installation.

We use the dokku letsencrypt plugin.

sudo dokku plugin:install https://github.com/dokku/dokku-letsencrypt.git

Add some configuration first, and make sure that require ssl is now set to true.

dokku config:set --no-restart diaspora DOKKU_LETSENCRYPT_EMAIL=youremail@yourdomain.tld ENVIRONMENT_REQUIRE_SSL=true

The guys at the letsencrypt plugin have done a great job. You can now acquire and install an SSL certificate and secure your website with a single command.

dokku letsencrypt diaspora

You can check the security of your site at [1]. Follow instructions there to improve security. See also this link for some helpful tips.

That's all.