octo
/
BirdsiteLive
mirror of https://github.com/NicolasConstant/BirdsiteLive
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
BirdsiteLive/INSTALLATION.md

5.9 KiB
Raw Blame History

Installation

Prerequisites

You will need a Twitter API key to make BirdsiteLIVE working. First create an Standalone App in the Twitter developer portal and retrieve the API Key and API Secret Key.

Please make sure you are using a Standalone App API Key and not a Project App API Key (that will NOT work with BirdsiteLIVE), if you don't see the Standalone App section, you might need to apply for Elevated Access as described in the API documentation.

Server prerequisites

Your instance will need docker and docker-compose installed and working.

Setup

Download the docker-compose file:

sudo curl -L https://raw.githubusercontent.com/NicolasConstant/BirdsiteLive/master/docker-compose.yml -o docker-compose.yml

Then edit file:

sudo nano docker-compose.yml

Attributes to change in the docker-compose file

Personal info

  • Instance:Domain the domain name you'll be using, for example use birdsite.live for the URL https://birdsite.live
  • Instance:AdminEmail the admin's email, will be displayed in the instance /.well-known/nodeinfo endpoint
  • Twitter:ConsumerKey the Twitter API key
  • Twitter:ConsumerSecret the Twitter API secret key

Database credentials

The database credentials must be changed the same way in the server and db section.

  • database name:
    • Db:Name
    • POSTGRES_DB
  • database user name:
    • Db:User
    • POSTGRES_USER
  • database user password:
    • Db:Password
    • POSTGRES_PASSWORD

Startup

Launch the app with:

docker-compose up -d

By default the app will be available on the port 5000

Nginx

On a Debian based distrib:

sudo apt update
sudo apt install nginx # or httpd or apache2 depending on O/S

Check nginx status:

sudo systemctl status nginx # or httpd or apache2 depending on O/S

Create nginx configuration (if not using Apache)

Create your nginx configuration

sudo nano /etc/nginx/sites-enabled/{your-domain-name.com}

And fill your service block as follow:

server {
    listen        80;
    server_name   {your-domain-name.com};
    location / {
        proxy_pass         http://localhost:5000;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }
}

Save and start/restart your Nginx service

sudo service nginx start
# or restart it if its already started
sudo service nginx restart

Create Apache configuration (if not using Nginx)

.../conf.f/birdsite.conf

<virtualHost *:80>
        servername {your-domain-name.com}
        RewriteCond %{REQUEST_URI} !^/\.well-known.*
        rewriteRule (.*) https://%{HTTP_HOST}$1
        DocumentRoot /usr/share/letsencrypt/.well-known
</virtualHost>

<virtualHost *:443>
        servername {your-domain-name.com}
        
        Alias /.well-known /usr/share/letsencrypt/.well-known
        
        ProxyPass /.well-known !
        ProxyPass / http://localhost:5000/ Keepalive=On
        RequestHeader set Host "birdsite.falkensweb.com"
        ProxyPassReverse / https://birdsite.falkensweb.com

       SSLEngine On
       SSLCertificateFile /etc/letsencrypt/live/{your-domain-name.com}/cert.pem 
       SSLCertificateKeyFile /etc/letsencrypt/live/{your-domain-name.com}/privkey.pem
       SSLCertificateChainFile /etc/letsencrypt/live/{your-domain-name.com}/chain.pem
</virtualHost>

Save the file and restart Apache

apachectl graceful

Secure your hosted application with SSL

After having a domain name pointing to your instance, install and setup certbot:

sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d {your-domain-name.com}

Or for Apahce

sudo certbot certonly --cert-name {your-domain-name.com} -d {your-domain-name.com} --webroot --webroot-path /usr/share/letsencrypt/.well-known

Make sure you're redirecting all traffic to https when asked.

Finally check that the auto-revewal will work as espected:

sudo certbot renew --dry-run

Set the firewall

Make sure you're securing your firewall correctly:

sudo apt install ufw #if not installed
sudo ufw app list
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable
sudo ufw status

You should now have an up and running BirdsiteLIVE instance!

Updating

Make sure your data belong outside the containers before migrating (set by default).

To update your installation to the latest release:

# Edit `docker-compose.yml` to update the version, if you have one specified
# Pull new images
docker-compose pull
# Start a new container, automatically removes old one
docker-compose up -d

Auto-Updating

To set auto-updates on your deployment, add to the docker-compose.yml file this section:

version: "3"

networks:
    birdsitelivenetwork:
        external: false

services:
    server:
        image: nicolasconstant/birdsitelive:latest
        [...]

    db:
        image: postgres:9.6
        [...]
        
+   watchtower:
+       image: containrrr/watchtower
+       restart: always
+       container_name: watchtower
+       environment:
+           - WATCHTOWER_CLEANUP=true
+       volumes:
+           - /var/run/docker.sock:/var/run/docker.sock
+       command: --interval 300

More options

You can find more options available here