search

hcengineering / huly-selfhost

Huly for Self Hosting
Eclipse Public License 2.0
1.69k stars 132 forks source link

How to install with Caddy? #82

Open ja49619 opened 1 month ago

ja49619 commented 1 month ago

Hello, First of all, I'd like to say thanks for your app, it's truly the best I've seen lately🚀.

I saw that you have installation scripts using nginx and traeffik, but I already have Caddy installed and configured, so I would like to use it further.

I tried to install your app and configure the reverse proxy in the same way as all other applications that are running on my server, i.e I receive an external port from the app's container and set up something like this:

example.com {
    reverse_proxy localhost:8087
}

I ran the application but on client got an error: Unknown Error: Failed to Fetch, in the developer console there was GET http://localhost:3000/providers net::ERR_CONNECTION_REFUSED

I found a comment, that says that you need to set the environment variables correctly. I tried to adapt the nginx configuration files for caddy using its directives like rewrite, handle_path and header, tried set variables, but unfortunately I was never able to configure the application,

THEREFORE

if anyone was able to set up this with reverse proxy Caddy on a host please show how to do it ✍️👀

Commands for reproduce

> presettings: install docker, check A-record from domain DNS ``` # install Huly $ git clone https://github.com/hcengineering/huly-selfhost.git $ cd huly-selfhost $ ./setup.sh localhost $ docker-compose up -d # install and setup Caddy $ apt install -y debian-keyring debian-archive-keyring apt-transport-https curl $ curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg $ curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list $ apt update $ apt install caddy $ read -p "domain: " domain && echo -e "$domain {\n\treverse_proxy localhost:8087\n}" | tee /etc/caddy/Caddyfile $ systemctl restart caddy open $domain and check DevTools ```

Pukimaa commented 1 month ago

This is what I'm using. However be sure to update your ACCOUNTS_URL, ... env variables (everywhere where the services down below are listed)

YOUR_DOMAIN:80 {
  reverse_proxy localhost:8087
  handle_path /account* {
    reverse_proxy localhost:3005
  }
  handle_path /transactor* {
    reverse_proxy localhost:3333
  }
  handle_path /rekoni* {
    reverse_proxy localhost:4004
  }

  # If you have the love container (livekit/office calls), use this too
  #handle_path /_love* {
  #  reverse_proxy localhost:8096
  #}
}
ja49619 commented 1 month ago

This is what I'm using.

@Pukimaa thanks for reply, can u show your docker-compose.yml file here in < details >< /details > block?

gptlang commented 2 weeks ago

I just set mine up today.

version: "3"
services:
  mongodb:
    image: "mongo:7-jammy"
    container_name: mongodb
    environment:
      - PUID=1000
      - PGID=1000
    volumes:
      - db:/data/db
    ports:
      - 27017:27017
    restart: unless-stopped
  minio:
    image: "minio/minio"
    command: server /data --address ":9000" --console-address ":9001"
    ports:
      - 9000:9000
      - 9001:9001
    volumes:
      - files:/data
    restart: unless-stopped
  elastic:
    image: "elasticsearch:7.14.2"
    command: |
      /bin/sh -c "./bin/elasticsearch-plugin list | grep -q ingest-attachment || yes | ./bin/elasticsearch-plugin install --silent ingest-attachment;
      /usr/local/bin/docker-entrypoint.sh eswrapper"
    volumes:
      - elastic:/usr/share/elasticsearch/data
    ports:
      - 9200:9200
    environment:
      - ELASTICSEARCH_PORT_NUMBER=9200
      - BITNAMI_DEBUG=true
      - discovery.type=single-node
      - ES_JAVA_OPTS=-Xms1024m -Xmx1024m
      - http.cors.enabled=true
      - http.cors.allow-origin=http://localhost:8082
    healthcheck:
      interval: 20s
      retries: 10
      test: curl -s http://localhost:9200/_cluster/health | grep -vq '"status":"red"'
    restart: unless-stopped
  account:
    image: hardcoreeng/account:v0.6.333
    ports:
      - 3001:3001
    environment:
      - SERVER_PORT=3001
      - SERVER_SECRET=NotMyActualSecretObviously
      - DB_URL=mongodb://mongodb:27017
      - TRANSACTOR_URL=ws://transactor:3333;wss://transact.huly.duti.dev
      - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
      - FRONT_URL=http://front:8080
      - MODEL_ENABLED=*
      - ACCOUNTS_URL=https://accounts.huly.duti.dev
      - ACCOUNT_PORT=3001
      - DISABLE_SIGNUP=true
    restart: unless-stopped
  workspace:
    image: hardcoreeng/workspace:v0.6.333
    environment:
      - SERVER_SECRET=NotMyActualSecretObviously
      - DB_URL=mongodb://mongodb:27017
      - MONGO_URL=mongodb://mongodb:27017
      - TRANSACTOR_URL=ws://transactor:3333;wss://transact.huly.duti.dev
      - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
      - MODEL_ENABLED=*
      - ACCOUNTS_URL=http://account:3001
      - NOTIFY_INBOX_ONLY=true
    restart: unless-stopped
  front:
    image: hardcoreeng/front:v0.6.333
    ports:
      - 8087:8080
    environment:
      - SERVER_PORT=8080
      - SERVER_SECRET=NotMyActualSecretObviously
      - ACCOUNTS_URL=https://accounts.huly.duti.dev
      - REKONI_URL=https://rekoni.huly.duti.dev
      - CALENDAR_URL=https://calendar.huly.duti.dev
      - GMAIL_URL=https://gmail.huly.duti.dev
      - TELEGRAM_URL=https://telegram.huly.duti.dev
      - UPLOAD_URL=/files
      - ELASTIC_URL=http://elastic:9200
      - COLLABORATOR_URL=wss://collab.huly.duti.dev
      - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
      - MONGO_URL=mongodb://mongodb:27017
      - TITLE=Huly Self Hosted
      - DEFAULT_LANGUAGE=en
      - LAST_NAME_FIRST=true
      - DISABLE_SIGNUP=true
    restart: unless-stopped
  collaborator:
    image: hardcoreeng/collaborator:v0.6.333
    ports:
      - 3078:3078
    environment:
      - COLLABORATOR_PORT=3078
      - SECRET=secret
      - ACCOUNTS_URL=http://account:3001
      - MONGO_URL=mongodb://mongodb:27017
      - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
    restart: unless-stopped
  transactor:
    image: hardcoreeng/transactor:v0.6.333
    ports:
      - 3333:3333
    environment:
      - SERVER_PORT=3333
      - SERVER_SECRET=NotMyActualSecretObviously
      - SERVER_CURSOR_MAXTIMEMS=30000
      - ELASTIC_URL=http://elastic:9200
      - ELASTIC_INDEX_NAME=huly_storage_index
      - DB_URL=mongodb://mongodb:27017
      - MONGO_URL=mongodb://mongodb:27017
      - METRICS_CONSOLE=false
      - METRICS_FILE=metrics.txt
      - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
      - REKONI_URL=http://rekoni:4004
      - FRONT_URL=https://huly.duti.dev
      - ACCOUNTS_URL=http://account:3001
      - LAST_NAME_FIRST=true
    restart: unless-stopped
  rekoni:
    image: hardcoreeng/rekoni-service:v0.6.333
    ports:
      - 4004:4004
    environment:
      - SECRET=NotMyActualSecretObviously
    deploy:
      resources:
        limits:
          memory: 500M
    restart: unless-stopped
volumes:
  db:
  files:
  elastic:
  etcd:
huly.duti.dev {
        log
        reverse_proxy 100.64.0.6:8087
}

(hulyoptions) {
        handle_path /* {
                @options {
                        method OPTIONS
                }
                header @options {
                        Access-Control-Allow-Origin "https://huly.duti.dev"
                        Access-Control-Allow-Methods "*"
                        Access-Control-Allow-Headers "*"
                        Access-Control-Allow-Credentials "true"
                }
                respond @options 204
        }
}

accounts.huly.duti.dev {
        log
        import hulyoptions
        reverse_proxy 100.64.0.6:3001
}

transact.huly.duti.dev {
        log
        import hulyoptions
        reverse_proxy 100.64.0.6:3333
}

rekoni.huly.duti.dev {
        log
        import hulyoptions
        reverse_proxy 100.64.0.6:4004
}
calendar.huly.duti.dev {
        log
        import hulyoptions
        reverse_proxy 100.64.0.6:8095
}

gmail.huly.duti.dev {
        log
        import hulyoptions
        reverse_proxy 100.64.0.6:8088
}
telegram.huly.duti.dev {
        log
        import hulyoptions
        reverse_proxy 100.64.0.6:8086
}
collab.huly.duti.dev {
        log
        import hulyoptions
        reverse_proxy 100.64.0.6:3078
}

Works nicely for the most part (some bugs with documents though)

ja49619 commented 2 weeks ago

I just set mine up today.

@gptlang Thanks for reply. Your method looks a little strange. You need to create 7 new subdomains and forward 7 ports through the router. Is it safe? I think all microservices should be on localhost and proxied via the handle_path directive. Correct me if I'm wrong

gptlang commented 2 weeks ago

I think all microservices should be on localhost

I have a weird setup where the machine running the containers is not directly exposed to the internet. I route them through headscale/tailscale to a tiny VPS to expose things.

Is it safe?

It is equivalent to routing them through a single handle_path. However with handle_path, you also need to change the URL environment variables to prefix them such that things don't conflict.

e.g.

- ACCOUNTS_URL=https://accounts.huly.duti.dev

would become

- ACCOUNTS_URL=https://huly.duti.dev/_accounts