This README tries to describe all the steps to put a fabmanager app into production on a server, based on a solution using Docker and Docker-compose. We recommend DigitalOcean, but these steps will work on any Docker-compatible cloud provider or local server.
In order to make it work, please use the same directories structure as described in this guide in your fabmanager app folder. You will need to be root through the rest of the setup.
- Preliminary steps
1.1. setup the server
1.2. buy a domain name and link it with the droplet
1.3. connect to the droplet via SSH
1.4. prepare server
1.5. setup folders and env file
1.6. setup nginx file
1.7. SSL certificate with LetsEncrypt
1.8. requirements - Install Fabmanager
2.1. Add docker-compose.yml file
2.2. pull images
2.3. setup database
2.4. build assets
2.5. prepare Elasticsearch (search engine)
2.6. start all services - Generate SSL certificate by Letsencrypt
- Docker utils
- Update Fabmanager
5.1. Steps
5.2. Good to know
Go to DigitalOcean and create a Droplet with One-click apps "Docker on Ubuntu 16.04 LTS" (Docker and Docker-compose are preinstalled). You need at least 2GB of addressable memory (RAM + swap) to install and use FabManager. We recommend 4 GB RAM for larger communities. Choose a datacenter. Set the hostname as your domain name.
- Buy a domain name on OVH
- Replace the IP address of the domain with the droplet's IP (you can enable the flexible ip and use it)
- Do not try to access your domain name right away, DNS are not aware of the change yet so WAIT and be patient.
You can already connect to the server with this command: ssh root@server-ip. When DNS propagation will be done, you will be able to
connect to the server with ssh root@your-domain-name.
We recommend you to :
- ugprade your system
- add at least 2GB of swap
- verify that you are using a connection via an SSH key. If so, you can set the root passord (for the debug console) and disable password connection. To do this, you can use the following script :
cd /root
git clone https://github.com/sleede/lazyscripts.git
cd lazyscripts/
chmod a+x prepare-vps.sh
./prepare-vpsCreate the config folder:
mkdir -p /apps/fabmanager/configMake a copy of the docker/env.example file and use it as a starting point. Set all the environment variables needed by your application. Please refer to the FabManager README for explanations about those variables.
Then, copy the previously customized env.example file as /apps/fabmanager/config/env
Create the nginx folder:
mkdir -p /apps/fabmanager/config/nginxCustomize the docker/nginx_with_ssl.conf.example file
- Replace MAIN_DOMAIN (example: fab-manager.com).
- Replace URL_WITH_PROTOCOL_HTTPS (example: https://www.fab-manager.com).
- Replace ANOTHER_URL_1, ANOTHER_URL_2 (example: .fab-manager.fr)
Use nginx.conf.example if you don't want SSL for your app.
Then,
Copy the previously customized nginx_with_ssl.conf.example as /apps/fabmanager/config/nginx/fabmanager.conf
OR
Copy the previously customized nginx.conf.example as /apps/fabmanager/config/nginx/fabmanager.conf if you do not want to use ssl (not recommended !).
FOLLOW THOSE INSTRUCTIONS ONLY IF YOU WANT TO USE SSL.
Let's Encrypt is a new Certificate Authority that is free, automated, and open. Let’s Encrypt certificates expire after 90 days, so automation of renewing your certificates is important. Here is the setup for a systemd timer and service to renew the certificates and reboot the app Docker container:
mkdir -p /apps/fabmanager/config/nginx/sslRun openssl dhparam -out dhparam.pem 4096 in the folder /apps/fabmanager/config/nginx/ssl (generate dhparam.pem file)
mkdir -p /apps/fabmanager/letsencrypt/config/Copy the previously customized webroot.ini.example as /appsfabmanager/letsencrypt/config/webroot.ini
mkdir -p /apps/fabmanager/letsencrypt/etc/webrootauthRun docker pull quay.io/letsencrypt/letsencrypt:latest
Create file (with sudo) /etc/systemd/system/letsencrypt.service and paste the following configuration into it:
[Unit]
Description=letsencrypt cert update oneshot
Requires=docker.service
[Service]
Type=oneshot
ExecStart=/usr/bin/docker run --rm --name letsencrypt -v "/apps/fabmanager/log:/var/log/letsencrypt" -v "/apps/fabmanager/letsencrypt/etc:/etc/letsencrypt" -v "/apps/fabmanager/letsencrypt/config:/letsencrypt-config" quay.io/letsencrypt/letsencrypt:latest -c "/letsencrypt-config/webroot.ini" certonly
ExecStartPost=-/usr/bin/docker restart fabmanager_nginx_1 Create file (with sudo) /etc/systemd/system/letsencrypt.timer and paste the following configuration into it:
[Unit]
Description=letsencrypt oneshot timer
Requires=docker.service
[Timer]
OnCalendar=*-*-1 06:00:00
Persistent=true
Unit=letsencrypt.service
[Install]
WantedBy=timers.targetThat's all for the moment. Keep on with the installation, we'll complete that part after deployment in the Generate SSL certificate by Letsencrypt.
Verify that Docker and Docker-composer are installed : (This is normally the case if you used a pre-configured image.)
docker info
docker-compose -vOtherwise, you can install docker to ubuntu with the following instructions : https://docs.docker.com/engine/installation/linux/ubuntu/#install-using-the-repository
To install docker-compose :
curl -L https://github.com/docker/compose/releases/download/1.13.0/docker-compose-`uname -s`-`uname -m` > ./docker-compose
sudo mkdir -p /opt/bin
sudo mv docker-compose /opt/bin/
sudo chmod +x /opt/bin/docker-composeCopy docker-compose.yml to your app folder /apps/fabmanager.
The docker-compose commands must be launched from the folder /apps/fabmanager.
docker-compose pulldocker-compose run --rm fabmanager bundle exec rake db:create # create the database
docker-compose run --rm fabmanager bundle exec rake db:migrate # run all the migrations
docker-compose run --rm -e ADMIN_EMAIL=xxx ADMIN_PASSWORD=xxx fabmanager bundle exec rake db:seed # seed the databasedocker-compose run --rm fabmanager bundle exec rake assets:precompile
docker-compose run --rm fabmanager bundle exec rake fablab:es_build_stats
docker-compose up -d
Important: app must be run on http before starting letsencrypt
Start letsencrypt service :
sudo systemctl start letsencrypt.serviceIf the certificate was successfully generated then update the nginx configuration file and activate the ssl port and certificate
editing the file /apps/fabmanager/config/nginx/fabmanager.conf.
Remove your app container and run your app to apply the changes running the following commands:
docker-compose down
docker-compose up -dFinally, if everything is ok, start letsencrypt timer to update the certificate every 1st of the month :
sudo systemctl enable letsencrypt.timer
sudo systemctl start letsencrypt.timer
(check) sudo systemctl list-timersdocker-compose restart fabmanager
docker-compose down fabmanager
docker-compose restart
docker-compose down
docker-compose up -d
docker-compose run --rm fabmanager bash
docker-compose ps
docker-compose restart nginx
docker-compose run --rm -e ADMIN_EMAIL=xxx ADMIN_PASSWORD=xxx fabmanager bundle exec rake db:seed
This procedure updates fabmanager to the most recent version by default.
When a new version is available, this is how to update fabmanager app in a production environment, using docker-compose :
-
go to your app folder
cd /apps/fabmanager -
pull last docker images
docker-compose pull -
stop the app
docker-compose stop fabmanager -
remove old assets
rm -Rf public/assets/ -
compile new assets
docker-compose run --rm fabmanager bundle exec rake assets:precompile -
run specific commands
Do not forget to check if there are commands to run for your upgrade. Those commands are always specified in the CHANGELOG and prefixed by [TODO DEPLOY]. They are also present in the releases page.
Those commands execute specific tasks and have to be run by hand.
-
restart all containers
docker-compose down docker-compose up -d
You can check that all containers are running with docker ps.
Yes, indeed. It's the default behaviour as docker-compose pull command will fetch the latest versions of the docker images.
Be sure to run all the specific commands listed in the CHANGELOG between your actual
and the new version in sequential order. (Example: to update from 2.4.0 to 2.4.3, you will run the specific commands for the 2.4.1, then for the 2.4.2 and then for the 2.4.3).