Setup a production server using Docker
warning
We are moving to deployment based on Meteor Up.
The instructions on this page are deprecated
This page documents the process of setting up a production server for RadGrad using a Docker-based build mechanism.
Setup location
To start, you will need to create the ability for multiple developers to manage a single RadGrad installation on this server. You can do this either via multiple logins, each with sudo access, and a shared directory, or else via a single account whose password is shared amongst developers involved in production.
In this page, we will assume you (or a sysadmin) has created an account called "radgrad" that is used by all developers to manage this installation.
Open ports
Several ports on the server will need to be open:
Port | Service |
---|---|
22 | ssh |
443 | https |
80 | web |
8888 | http |
Install Docker
First, install Docker and Docker Compose.
Please consult the Docker installation documentation and the Docker Compose installation documentation for instructions.
note
TO install Docker on Ubuntu 18, I followed these instructions.
There are useful instructions at the end documenting how to setup the user to not need sudo for docker.
Clone radgrad-docker
Next, clone the radgrad-docker repository with:
Setup config/
Your local radgrad-docker directory contains a subdirectory called "sample-config" containing various files and directories needed for the installation.
A production server will access a customized version of these template files from a directory you must create called config/. Here's how to do it:
Setup settings
In order for RadGrad to deploy successfully, it expects to find a file called "settings.production.json" in the config/ directory. To create this file from a template, run:
See the reference guide on settings.production.json for details.
Setup https
RadGrad needs to run on HTTPS. Here is a procedure to request SSL certificates for your domain (from Let's Encrypt) so that it can run over HTTPS.
In addition to Meteor and MongoDB services, the RadGrad Docker services include nginx and certbot. The Nginx web server on port 80 is configured to forward HTTP traffic to an HTTPS web server on port 443, which subsequently reverse proxies traffic to the RadGrad application on port 8888.
Modify nginx.env
To begin, you will need to modify some of the configuration variables in the radgrad-docker/config/nginx/nginx.env file on the production server. This configuration file should have already been copied over from the sample-config/ directory earlier during the setup process.
This file contains three variables that you will need to modify. It defaults to this:
Modify the NGINX_SERVER_NAME variable with the domain name pointing to your host machine.
Modify the LETSENCRYPT_EMAIL variable with an email address that should be associated with the SSL certificate generated for the given domain name.
Finally, leave the LETSENCRYPT_STAGING_MODE variable set to 1
for the time being. This will ensure that you do not hit any certificate request limit while testing your HTTPS configuration.
Your nginx.env file should now look something like this:
Perform a test run
Before we begin, ensure that all RadGrad services are shut down by changing into the radgrad-docker directory and invoking docker-compose down
.
Then, invoke the init-letsencrypt.sh script and follow the prompts. It should look something like this:
Request real SSL certificate
Now that everything looks good, we can now go ahead and request a real SSL certificate!
First, shut down all RadGrad services by changing into the radgrad-docker directory and invoking:
Then, open the opq-docker/config/nginx/nginx.env file and set the LETSENCRYPT_STAGING_MODE variable to 0. The file should now look something like this:
Finally, invoke the init-letsencrypt.sh script and follow the prompts. The output should be nearly identical to that of the test run that was performed earlier.
Verify that the certificate was granted by visiting the RadGrad application using https.
Debugging: Check service status
Check to make sure all required services are running:
Debugging: Check Docker logs
Sometimes they reveal problems. For example:
Setup oplog tailing
TBA
Setup DB indexes
caution
ensure-indexes.js is not yet ready for use with RadGrad.
When you create a new RadGrad database, it's best to ensure that the indexes are created before any data is accepted.
Change directories into the radgrad-docker/scripts/mongodb directory.
Next, ensure that the MongoDB docker container is running.
Finally, invoke the ensure-indexes.sh script: