Skip to content

Commit

Permalink
Boards AIO
Browse files Browse the repository at this point in the history
  • Loading branch information
@andylwelch
andylwelch committed Jan 12, 2024
1 parent d477f26 commit 8cb95c9
Show file tree
Hide file tree
Showing 3 changed files with 315 additions and 16 deletions.
154 changes: 154 additions & 0 deletions docs/assets/boards/aio/boards.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,154 @@
version: "3.4"

x-minio-access: &minio-access --replace-me--
x-minio-secret: &minio-secret --replace-me--
x-mongo-password: &mongo-password --replace-me--

x-app-env: &app-env
APP_URI: https://--replace-me--
API_GATEWAY: https://--replace-me--
REDIS_CACHE_HOST: redis
USER_HOST: http://user
LICENCE_HOST: http://licence
NOTIFICATION_HOST: http://notification
PROVIDER_HOST: http://provider
APP_HOST: http://app
BOARDS_EVENT_HOST: http://boards-event

x-s3-env: &s3-env
S3_ENDPOINT: minio
S3_ACCESS_KEY: *minio-access
S3_SECRET_KEY: *minio-secret
S3_BUCKET: kudosboards

x-db-env: &db-env
MONGO_HOST: mongo
MONGO_USER: root
MONGO_PASSWORD: *mongo-password
MONGO_PARAMS: authSource=admin

services:
# Proxy
nginx:
image: nginx:1.25.3
restart: always
ports:
- "443:443"
- "80:80"
volumes:
- ./nginx.conf:/etc/nginx/conf.d/proxy.conf
- /path/to/certificate.pem.crt:/etc/nginx/ssl.crt # --replace-me--
- /path/to/key.pem.key:/etc/nginx/ssl.key # --replace-me--

# UI
webfront:
image: quay.io/huddo/boards-webfront:2023-12-18
restart: always
environment:
<<: [*app-env]

# Core App routing logic
core:
image: quay.io/huddo/boards-core:2023-12-18
restart: always
depends_on:
- redis
- minio
- licence
- notification
environment:
<<: [*app-env, *s3-env]

# Boards business logic
app:
image: quay.io/huddo/boards:2023-12-18
restart: always
environment:
<<: [*app-env, *db-env, *s3-env]

user:
image: quay.io/huddo/user:2023-12-18
restart: always
environment:
<<: [*app-env, *db-env, *s3-env]
CONNECTIONS_NAME: --replace-me--
CONNECTIONS_CLIENT_ID: --replace-me--
CONNECTIONS_CLIENT_SECRET: --replace-me--
CONNECTIONS_URL: --replace-me--
CONNECTIONS_ADMINS: '["[email protected]", "[email protected]"]' # --replace-me--
# DOMINO_AUTH_URL: https://domino.rest.api.company.com # --replace-me--
# DOMINO_CLIENT_ID: # --replace-me--
# DOMINO_CLIENT_SECRET: # --replace-me--
# DOMINO_ADMINS: '["[email protected]"]' # --replace-me--
# DOMINO_USE_PROFILE_IMAGE_ATTACHMENTS: 'true'
# DOMINO_PROFILE_IMAGE_NAME: profile.png
# Default values below that can be customised
# DOMINO_AUTH_SCOPE: $DATA
# DOMINO_REST_SCOPE: directorylookup

provider:
image: quay.io/huddo/provider:2023-12-18
restart: always
depends_on:
- redis
- minio
environment:
<<: [*app-env, *s3-env]

notification:
image: quay.io/huddo/notification:2023-12-18
restart: always
depends_on:
- redis
environment:
<<: [*app-env, *db-env]

#Events Service
boards-event:
image: quay.io/huddo/boards-event:2023-12-18
restart: always
depends_on:
- redis
- mongo
environment:
<<: [*app-env, *db-env]
NOTIFIER_EMAIL_HOST: localhost
NOTIFIER_EMAIL_USERNAME: --replace-me
NOTIFIER_EMAIL_PASSWORD: --replace-me

licence:
image: quay.io/huddo/licence:2023-12-18
restart: always
depends_on:
- user
- redis
- mongo
environment:
<<: [*db-env, *app-env]
LICENCE: --replace-with-licence-from-store--

mongo:
image: bitnami/mongodb:7.0
restart: always
environment:
MONGODB_ADVERTISED_HOSTNAME: mongo
MONGODB_ROOT_PASSWORD: *mongo-password
volumes:
- /path/to/db:/bitnami/mongodb # --replace-me--

minio:
image: minio/minio
restart: always
environment:
MINIO_ROOT_USER: *minio-access
MINIO_ROOT_PASSWORD: *minio-secret
volumes:
- /path/to/s3:/data # --replace-me--
command: server /data

# Shared DB for internal caching, communication etc
redis:
image: redis
restart: always
environment:
MASTER: "true"
75 changes: 75 additions & 0 deletions docs/assets/boards/aio/nginx.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
upstream ui {
server webfront:8080;
}

upstream api {
server core:3001;
}

server {
listen 80;
server_name boards-url.replace.me;
rewrite ^ https://$server_name$request_uri? permanent;
}

server {
listen 80;
server_name boards-api-url.replace.me;
rewrite ^ https://$server_name$request_uri? permanent;
}

server {
listen 443 ssl;
server_name boards-api-url.replace.me;

ssl_certificate /etc/nginx/ssl.crt;
ssl_certificate_key /etc/nginx/ssl.key;
ssl_protocols TLSv1.2;
client_max_body_size 50M;

location / {
proxy_buffering off;
proxy_cache off;
proxy_set_header Host $host;
proxy_set_header Connection '';
proxy_http_version 1.1;
chunked_transfer_encoding off;
proxy_pass http://api;
}

location ^~ /socket {
rewrite ^/socket/(.*) /$1 break; #used to send request to base url
proxy_pass http://api;
proxy_redirect off;
proxy_pass_request_headers on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}

server {
listen 443;
server_name boards-url.replace.me;

client_max_body_size 50m;
client_body_timeout 120s;
large_client_header_buffers 4 32k;

ssl_certificate /etc/nginx/ssl.crt;
ssl_certificate_key /etc/nginx/ssl.key;
ssl_protocols TLSv1.2;

location / {
proxy_buffering off;
proxy_cache off;
proxy_set_header Host $host;
proxy_set_header Connection '';
proxy_http_version 1.1;
chunked_transfer_encoding off;
proxy_pass http://ui;
}
}
102 changes: 86 additions & 16 deletions docs/boards/standalone.md
View file
Original file line number Diff line number Diff line change
@@ -1,40 +1,110 @@
# Boards Standalone Deployment

This document outlines a standalone (all in one) deployment of Huddo Boards. This can be used as a proof of concept, staging deployment or even a production deployment for a limited number of users (e.g. &lt; 500).
!!! tip

You may run all services including database and file storage on one server, or you can use an external mongo database or s3 file store.
This document outlines a standalone (all in one) deployment of Huddo Boards using `docker-compose`. This can be used as a proof of concept, staging deployment or even a production deployment for a limited number of users (e.g. &lt; 500).

Like all other deployments of Huddo Boards, this requires configuration of 2 domains: Application and API. e.g. boards.huddo.com and boards.api.huddo.com
You may run all services including database and file storage on one server, or you can use an external Mongo database or S3 file store.

Like all other deployments of Huddo Boards, this requires configuration of 2 domains: Application and API. e.g. `boards.huddo.com` and `boards.api.huddo.com`

## Server requirements

RHEL (or Centos 7) server with:

- 8gb ram minimum
- 4 vCPUs
- 40gb system drive
- 100gb data drive (will be shared for database and file store) <sup>*see Persistence Options below</sup>
- docker and docker-compose
- 8gb ram minimum
- 4 vCPUs
- 40gb system drive
- 100gb data drive (will be shared for database and file store) <sup>\*see Persistence Options below</sup>
- docker and docker-compose

Please [follow this guide](images.md) to get access to our images in Quay.io so that we may give you access to our repositories and templates.
---

## Options

### Network

You may use an external proxy or send traffic directly to the server. If you are sending traffic directly to the server, you will need pem encoded certificate (with full chain) and key.

The implementation of this will require 2 domains in your environment (typically "boards." and "boards-api." subdomains), one for the web app and one for the API.

### Persistence

Boards uses 3 types of persistent data: mongodb, s3 file store and redis cache.
Boards uses 3 types of persistent data:

1. Mongodb
1. S3 file store
1. Redis cache.

Each of these may use external services (e.g. Mongo Atlas) or the included services in the template (this hugely changes the server demand).

!!! warning

If using the included services, you must have a separate mount point on your server for persistent data with a directory each for mongo and s3(minio) storage. You will need to map directories for mongo and s3 containers to this data drive. This data drive should be backed up however you currently backup data.

---

## Deployment

### Access to Images

Please [follow this guide](images.md) to get access to our images in Quay.io so that we may give you access to our repositories and templates. Once you have access please run the `docker login` command available from the Quay.io interface, for example:

docker login -u="<username>" -p="<encrypted-password>" quay.io

---

### Configuration

1. download the configuration files:

- [docker-compose yaml](../assets/boards/aio/boards.yml)
- [nginx proxy conf](../assets/boards/aio/nginx.conf)

1. update all example values in both files as required. Most required variables are in the template, for more information see the Kubernetes docs

- [Global config](kubernetes/index.md#update-config-file)
- [Boards variables](env/common.md)

The minio credentials are are used to both set in the minio service and access it from other services, the x-minio-access field is used as the username in minio and the x-minio-secret is used as the password you can view minios documentation on these fields here: https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html#root-credentials and an example of the values used here: https://docs.min.io/docs/minio-docker-quickstart-guide.html the standard seems to be around 20 characters all caps/numbers for the username and around 40 characters any case / number for the password.

The nginx proxy setup assumes that you will have 2 subdomains as stated above with a shared (wildcard) ssl certificate, both the certificate and key file for these domains need to be accessible to the server and the path filled in under the proxy section. you may use separate certificates if needed by mounting them both in the proxy service with appropriate naming and using the new mounted files in the `nginx.conf`.

!!! tip

**Authentication**: the user environment variables in the compose file assume you are installing this in a Connections environment, these can be removed or replaced with a Microsoft 365 tenant info as [shown here](https://docs.huddo.com/boards/msgraph/auth/#configure-oauth-in-boards). For more info on other authentication methods contact the [huddo team](mailto:[email protected]). The default variables for Domino are also included and can be uncommented as required.

### Start

Start the deployment using the following command

docker-compose -f ./boards.yml up -d

---

## Debugging

The mount point on your system for the mongo data needs to include user 1001 with read/write access, see [bitnami/mongodb](https://github.com/bitnami/bitnami-docker-mongodb) for more info and full documentation.

Each of these may use external services or the included services in the template (this hugely changes the server demand).
if your setup is not running, first check the db logs and make sure it is not complaining about permissions to write the files it needs
`docker-compose logs mongo`

If using the included services, you will need to map directories for mongo and s3 containers to the data drive above, this data drive should be backed up however you currently backup data
To remove any other network configuration/hops on the docker server you should be able to:
`curl -H "Host: your.web.url" --insecure https://localhost`
This should return the html from webfront
`curl -H "Host: your.api.url" --insecure https://localhost`
This should return the html for the swagger api documentation
`curl -H "Host: your.api.url" --insecure https://localhost/health`
This should return "{listening: 3001}"

### Environment Variables
If the above works then you may have configuration issues with a proxy / dns not pointing traffic to the docker server properly
If it does not work then the local nginx proxy is probably not working, check `docker-compose logs nginx` to see if it points out any misconfiguration

Most required variables are in the template, for more information see the Kubernetes docs
The core image has ping enabled and has access to all others so you can use it to test connectivity

- [Global config](kubernetes/index.md#update-config-file)
- [Boards variables](env/common.md)
```shell
docker-compose exec -it core sh
ping user
ping mongo
... etc
```

0 comments on commit 8cb95c9

Please sign in to comment.