huly-selfhost
huly-selfhost copied to clipboard
hcengineering
Guidance on Deployment
Hello everyone, I was working on deploying a Huly.io instance locally using docker and Treafik. I am only using http as I am running this in my home network. I am getting as far as 10% deployment on the workspace before it hangs indefinitely. Does anyone have any pointers on my compose file? I think I may have incorrectly configured one of the internal service URLs.
Note: I am using mongodb<5 due to lack of AVX support on my hardware.
---
services:
mongodb:
image: "mongo:4.4.18"
container_name: mongodb
environment:
- PUID=1000
- PGID=1000
volumes:
- /apps/huly/db:/data/db
networks:
- huly-services
deploy:
placement:
constraints:
- node.labels.name == Server
restart_policy:
condition: any
elastic:
image: "elasticsearch:7.14.2"
command: |
/bin/sh -c "./bin/elasticsearch-plugin list | grep -q ingest-attachment || yes | ./bin/elasticsearch-plugin install --silent ingest-attachment;
/usr/local/bin/docker-entrypoint.sh eswrapper"
volumes:
- /apps/huly/elastic:/var/share/elasticsearch/data
environment:
- ELASTICSEARCH_PORT_NUMBER=9200
- BITNAMI_DEBUG=true
- discovery.type=single-node
- ES_JAVA_OPTS=-Xms1024m -Xmx1024m
- http.cors.enabled=true
- http.cors.allow-origin=http://localhost:8082
healthcheck:
interval: 20s
retries: 10
test: curl -s http://localhost:9200/_cluster/health | grep -vq '"status":"red"'
networks:
- huly-services
deploy:
placement:
constraints:
- node.labels.name == Server
restart_policy:
condition: any
minio:
image: "minio/minio:latest"
command: server /data --address ":9000" --console-address ":9001"
volumes:
- /apps/huly/files:/data
networks:
- huly-services
deploy:
placement:
constraints:
- node.labels.name == Server
restart_policy:
condition: any
rekoni:
image: "hardcoreeng/rekoni-service:${HULY_VERSION}"
environment:
- SECRET=${HULY_SECRET}
networks:
- huly-services
- traefik
deploy:
resources:
limits:
memory: 500M
placement:
constraints:
- node.labels.name == Server
restart_policy:
condition: any
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.rekoni.entrypoints=web"
- "traefik.http.routers.rekoni.rule=Host(`huly.local`) && PathPrefix(`/rekoni`)"
- "traefik.http.services.rekoni.loadbalancer.server.port=4004"
- "traefik.http.routers.rekoni.middlewares=rekoni-stripprefix"
- "traefik.http.middlewares.rekoni-stripprefix.stripprefix.prefixes=/rekoni"
- "traefik.http.services.rekoni.loadbalancer.server.scheme=http"
transactor:
image: "hardcoreeng/transactor:${HULY_VERSION}"
environment:
- SERVER_PORT=3333
- SERVER_SECRET=${HULY_SECRET}
- SERVER_CURSOR_MAXTIMEMS=30000
- ELASTIC_URL=http://elastic:9200
- ELASTIC_INDEX_NAME=huly_storage_index
- MONGO_URL=mongodb://mongodb:27017
- METRICS_CONSOLE=false
- METRICS_FILE=metrics.txt
- STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
- REKONI_URL=http://rekoni:4004
#- FRONT_URL=http://localhost:8080
- FRONT_URL=http://front:8080
- ACCOUNTS_URL=http://account:3000
- LAST_NAME_FIRST=true
depends_on:
- mongodb
- elastic
- minio
networks:
- huly-services
- traefik
deploy:
resources:
limits:
memory: 500M
placement:
constraints:
- node.labels.name == Server
restart_policy:
condition: any
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.transactor.entrypoints=web"
- "traefik.http.routers.transactor.rule=Host(`huly.local`)"
- "traefik.http.services.transactor.loadbalancer.server.port=3333"
- "traefik.http.services.transactor.loadbalancer.server.scheme=http"
collaborator:
image: "hardcoreeng/collaborator:${HULY_VERSION}"
environment:
- COLLABORATOR_PORT=3078
- SECRET=${HULY_SECRET}
- ACCOUNTS_URL=http://account:3000
- MONGO_URL=mongodb://mongodb:27017
- STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
depends_on:
- mongodb
- elastic
- minio
networks:
- huly-services
- traefik
deploy:
resources:
limits:
memory: 500M
placement:
constraints:
- node.labels.name == Server
restart_policy:
condition: any
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.collaborator.entrypoints=web"
- "traefik.http.routers.collaborator.rule=Host(`huly.local`)"
- "traefik.http.services.collaborator.loadbalancer.server.port=3078"
- "traefik.http.services.collaborator.loadbalancer.server.scheme=http"
account:
image: "hardcoreeng/account:${HULY_VERSION}"
environment:
- SERVER_PORT=3000
- SERVER_SECRET=${HULY_SECRET}
- MONGO_URL=mongodb://mongodb:27017
- DB_URL=mongodb://mongodb:27017
- TRANSACTOR_URL=ws://transactor:3333;ws://huly.local:3333
#- TRANSACTOR_URL=ws://transactor:3333
- STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
- FRONT_URL=http://front:8080
- MODEL_ENABLED=*
- ACCOUNTS_URL=http://localhost:3000
- ACCOUNT_PORT=3000
networks:
- huly-services
- traefik
deploy:
placement:
constraints:
- node.labels.name == Server
restart_policy:
condition: any
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.account.entrypoints=web"
- "traefik.http.routers.account.rule=Host(`huly.local`) && PathPrefix(`/accounts`)"
- "traefik.http.routers.account.middlewares=account-stripprefix"
- "traefik.http.middlewares.account-stripprefix.stripprefix.prefixes=/accounts"
- "traefik.http.services.account.loadbalancer.server.port=3000"
- "traefik.http.services.account.loadbalancer.server.scheme=http"
workspace:
image: "hardcoreeng/workspace:${HULY_VERSION}"
environment:
- SERVER_SECRET=${HULY_SECRET}
- DB_URL=mongodb://mongodb:27017
- MONGO_URL=mongodb://mongodb:27017
- TRANSACTOR_URL=ws://transactor:3333;ws://huly.local:3333
#- TRANSACTOR_URL=ws://transactor:3333
- STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
- MODEL_ENABLED=*
- ACCOUNTS_URL=http://account:3000
- NOTIFY_INBOX_ONLY=true
depends_on:
- mongodb
- transactor
- elastic
- minio
networks:
- huly-services
deploy:
placement:
constraints:
- node.labels.name == Server
restart_policy:
condition: any
front:
image: "hardcoreeng/front:${HULY_VERSION}"
environment:
- SERVER_PORT=8080
- SERVER_SECRET=${HULY_SECRET}
- ACCOUNTS_URL=http://huly.local/accounts
#- ACCOUNTS_URL=http://account:3000
- REKONI_URL=http://huly.local/rekoni
#- REKONI_URL=http://rekoni:4004
- CALENDAR_URL=http://huly.local:8095
- GMAIL_URL=http://huly.local:8088
- TELEGRAM_URL=http://huly.local:8086
- UPLOAD_URL=/files
- ELASTIC_URL=http://elastic:9200
- COLLABORATOR_URL=ws://huly.local:3078
#- COLLABORATOR_URL=ws://collaborator:3078
- STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
- MONGO_URL=mongodb://mongodb:27017
- TITLE=Huly Self Host
- DEFAULT_LANGUAGE=en
- LAST_NAME_FIRST=true
networks:
- huly-services
- traefik
deploy:
placement:
constraints:
- node.labels.name == Server
restart_policy:
condition: any
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.huly.entrypoints=web"
- "traefik.http.routers.huly.rule=Host(`huly.local`)"
- "traefik.http.services.huly.loadbalancer.server.port=8080"
- "traefik.http.services.huly.loadbalancer.server.scheme=http"
networks:
traefik:
name: traefik
external: true
huly-services:
name: huly-services
I was able to get this working using Let's Encrypt. I referred to the install guide here.... Before allowing Docker and Nginx to restart, I installed Let's Encrypt and deployed a self-managed Let's Encrypt server. Once the certificate was successfully created, I updated the /installdir/huly-selfhost/nginx.conf file after completing the symlink, and then proceeded to start Docker and Nginx.
Here is the updated configuration:
listen 443 ssl;
add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem;
I was able to get this working using Let's Encrypt. I referred to the install guide here.... Before allowing Docker and Nginx to restart, I installed Let's Encrypt and deployed a self-managed Let's Encrypt server. Once the certificate was successfully created, I updated the /installdir/huly-selfhost/nginx.conf file after completing the symlink, and then proceeded to start Docker and Nginx.
Here is the updated configuration:
listen 443 ssl; add_header 'Content-Security-Policy' 'upgrade-insecure-requests'; ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem;
Is let's encrypt required?
I wanted to run everything within my insecure local network (http).