Add Installation

2024-04-08 05:06:13 +00:00 · 2024-04-08 05:06:13 +00:00 · 18205bd79d
commit 18205bd79d
parent 2b74b04098
1 changed files with 302 additions and 0 deletions
--- a/Installation.md
+++ b/Installation.md
@ -0,0 +1,302 @@
+# Prerequisites
+
+Clearing houz (clrghouz) is current configured to run on Linux systems under docker. The docker host only needs to have docker installed, and networking configured.
+
+If you have a single IPv4 address, your docker host will receive connections (on appropriate web and FTN ports), and proxy those connections through to the docker containers that respond to those ports.
+
+If you have IPv6, then the docker containers can be configured with a public IPv6 address and receive connections directly.
+
+## Installing Docker
+
+It is recommended to install docker from docker directly (as often linux distribution implementations are often behind the current release). To do so, it can be achieved with a simple command:
+
+`curl -sSL https://get.docker.com | sudo sh`
+
+To test that installation was successful, run `sudo docker info` and you should see something similar to below:
+
+```plaintext
+Client: Docker Engine - Community
+ Version:    24.0.6
+ Context:    default
+ Debug Mode: false
+ Plugins:
+  buildx: Docker Buildx (Docker Inc.)
+    Version:  v0.11.2
+    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
+  compose: Docker Compose (Docker Inc.)
+    Version:  v2.21.0
+    Path:     /usr/libexec/docker/cli-plugins/docker-compose
+
+Server:
+ Containers: 4
+  Running: 2
+  Paused: 0
+  Stopped: 2
+...
+ Docker Root Dir: /var/lib/docker
+ Debug Mode: false
+ Experimental: false
+ Insecure Registries:
+  127.0.0.0/8
+ Live Restore Enabled: false
+```
+
+## Running docker as a user
+
+Normally docker commands can only be run as the `root` user. However, to run docker commands with your (non-root) user id - add your user to the `docker` group.
+
+`sudo usermod -aG docker [your_user_id]`
+
+will do it. You'll need to log off and log on again for it to be effective.
+
+You can confirm with `id`
+
+```
+[deon@c-8-1 php]$ id fred
+uid=500(fred) gid=500(admin) groups=500(admin),10(wheel),27(sudo),498(docker)
+```
+
+(In the above example, you can see `fred` is a member of GID: 498 `docker`.)
+
+## Storage directory
+
+You will want all your data to persist between container restarts. Create a directory to store all the container directory - something like `/srv/docker` (or something you prefer).
+
+## Storage space
+
+Make sure your docker container directory (`/srv/docker`) and `/var/lib/docker` has sufficient space.
+
+If your linux doesnt use mount points, and all your space is mounted under `/`, then you should be OK. But if you do have mount points, then you'll need to have lots of space reserved for those directories.
+
+## Create a directory for Clearing houz
+
+In your storage directory (`/srv/docker`) create a directory to store Clearing houz files (eg:`/srv/docker/clrghouz`). Everything from here on will assume you are working from this directory.
+
+### docker compose
+
+To make restarting containers easier, here is a docker compose file that you can use - this will go in your Clearing houz directory. Make adjustments as appropriate.
+
+```plaintext
+version: "3.5"
+
+services:
+  web:
+    image: registry.dege.au/bbs/clrghouz
+    #cap_add:
+    # SYS_ADMIN
+    # NET_ADMIN
+    # NET_RAW
+    depends_on:
+    - postgres
+    deploy:
+      resources:
+        limits:
+          memory: 512M
+    #devices:
+    # /dev/net/tun
+    environment:
+      APP_KEY: [APP_KEY]
+      APP_TIMEZONE: Australia/Melbourne
+      APP_URL: https://clrghouz.test.dege.au/
+      AWS_ACCESS_KEY_ID: "[MINIO_ACCESS_KEY]"
+      AWS_SECRET_ACCESS_KEY: "[MINIO_SECRET_KEY]"
+      AWS_ENDPOINT: http://minio:9000/
+      AWS_BUCKET: clrghouz
+      DB_PASSWORD: "[DB_PASSWORD]"
+      FIDO_PACKET_KEEP: "true"
+      FIDO_HAPROXY: "false"
+      LOG_LEVEL: info
+      MAIL_FROM_ADDRESS: your@email.address
+      MAIL_FROM_NAME: "YOUR NAME"
+      MEMCACHED_START: "TRUE"
+      #ZEROTIER_START: "false"
+    networks:
+      default:
+      public:
+        ipv6_address: [IPv6_PREFIX]:0d0c:e02::2
+        aliases:
+          - clrghouz
+    hostname: clrghouz.test.dege.au
+    ports:
+    - 53:53/udp
+    #- 80:80
+    #- 24554:24554
+    #- 60179:60179
+    sysctls:
+    - "net.ipv6.conf.all.disable_ipv6=0"
+    volumes:
+    - /srv/docker/clrghouz/app/cache:/var/www/html/storage/framework/cache/data
+    - /srv/docker/clrghouz/app/sessions:/var/www/html/storage/framework/sessions
+    - /srv/docker/clrghouz/app/logs:/var/www/html/storage/logs
+    - /srv/docker/clrghouz/app/data:/var/www/html/data
+    - /srv/docker/clrghouz/app/fido:/var/www/html/storage/app/fido
+    # /srv/docker/clrghouz/zerotier:/var/lib/zerotier-one
+
+  queue:
+    image: registry.dege.au/bbs/clrghouz
+    #cap_add:
+    # SYS_ADMIN
+    # NET_ADMIN
+    depends_on:
+    - postgres
+    deploy:
+      replicas: 1
+      resources:
+        limits:
+          memory: 512M
+    #devices:
+    # /dev/net/tun
+    environment:
+      APP_KEY: [APP_KEY]
+      APP_TIMEZONE: Australia/Melbourne
+      APP_URL: https://clrghouz.test.dege.au/
+      AWS_ACCESS_KEY_ID: "[MINIO_ACCESS_KEY]"
+      AWS_SECRET_ACCESS_KEY: "[MINIO_SECRET_KEY]"
+      AWS_ENDPOINT: http://minio:9000/
+      AWS_BUCKET: clrghouz
+      CACHE_DRIVER: file
+      CONTAINER_ROLE: queue
+      DB_PASSWORD: "[DB_PASSWORD]"
+      LOG_LEVEL: info
+      MAIL_FROM_ADDRESS: your@email.address
+      MAIL_FROM_NAME: "YOUR NAME"
+      WORK_QUEUES: default,poll,tic
+      WORK_TIMEOUT: 900
+      #ZEROTIER_START: "false"
+    networks:
+      default:
+      public:
+        ipv6_address: [IPv6_PREFIX]:0d0c:e02::3
+    sysctls:
+    - "net.ipv6.conf.all.disable_ipv6=0"
+    volumes:
+    - /srv/docker/clrghouz/app/logs:/var/www/html/storage/logs
+    - /srv/docker/clrghouz/app/fido:/var/www/html/storage/app/fido
+    # /srv/docker/clrghouz/zerotier.queue:/var/lib/zerotier-one
+
+  schedule:
+    image: registry.dege.au/bbs/clrghouz
+    deploy:
+      replicas: 1
+      resources:
+        limits:
+          memory: 128M
+    depends_on:
+    - postgres
+    environment:
+      APP_KEY: [APP_KEY]
+      APP_TIMEZONE: Australia/Melbourne
+      APP_URL: https://clrghouz.test.dege.au/
+      CACHE_DRIVER: file
+      CONTAINER_ROLE: scheduler
+      DB_PASSWORD: "[DB_PASSWORD]"
+    networks:
+      default:
+    volumes:
+    - /srv/docker/clrghouz/app/logs:/var/www/html/storage/logs
+    - /srv/docker/clrghouz/app/fido:/var/www/html/storage/app/fido
+
+  postgres:
+    image: postgres:15-alpine
+    deploy:
+      resources:
+        limits:
+          memory: 512M
+    environment:
+      POSTGRES_DB: clrghouz
+      POSTGRES_USER: clrghouz
+      POSTGRES_PASSWORD: "[DB_PASSWORD]"
+    networks:
+      default:
+    #labels:
+    #  cron.container.daily: "root#pg_dumpall -U clrghouz#S3_BUCKET=restic.docker restic -q --no-cache backup --stdin --stdin-filename docker-clrghouz-database"
+    #  backup.stack.daily: "/srv/docker/clrghouz"
+    shm_size: 1g
+    volumes:
+    - /srv/docker/clrghouz/postgres:/var/lib/postgresql/data
+
+  minio:
+    image: tobi312/minio
+    command: ["server", "--console-address", ":9001", "/data"]
+    deploy:
+      resources:
+        limits:
+          memory: 128M
+    healthcheck:
+      test: [ "CMD", "curl", "--fail", "http://localhost:9000/minio/health/live" ]
+      interval: 60s
+      timeout: 10s
+      retries: 3
+    networks:
+      default:
+    ports:
+    - 9001:9001 # Console
+    volumes:
+    - /srv/docker/clrghouz/minio:/data
+
+  haproxy:
+    image: haproxy
+    command: -f /usr/local/etc/haproxy/config
+    #cap_add:
+    #- NET_ADMIN
+    deploy:
+      resources:
+        limits:
+          memory: 128M
+    hostname: hap-1-1.test.dege.au
+    networks:
+      default:
+      public:
+        ipv6_address: [IPv6_PREFIX]:0d0c:e02::f
+    ports:
+    - "24553:24553"
+    - "24554:24554"
+    - "60179:60179"
+    # "53:53/udp"
+    - "80:80"
+    - "443:443"
+    volumes:
+    - /srv/docker/clrghouz/haproxy:/usr/local/etc/haproxy/config
+    - /srv/docker/clrghouz/nginx/ssl/:/usr/local/etc/haproxy/ssl
+
+networks:
+  public:
+    enable_ipv6: true
+    driver: bridge
+    driver_opts:
+      com.docker.network.enable_ipv6: "true"
+    ipam:
+      driver: default
+      config:
+      - subnet: [IPv6_PREFIX]:0d0c:e02::/96
+        gateway: [IPv6_PREFIX]:0d0c:e02::1
+```
+
+_NOTES:_
+
+* This docker compose file should be called `docker-compose.yml`
+* You'll defined the `[APP_KEY]` below
+* Update the `[IPv6_PREFIX]` as appropriate for your setup. This assumes you have your IPv6 setup, and you have configured your router to route this prefix to this host running clrghouz.
+* Create a suitable `[DB_PASSWORD]` and update your docker-compose file.
+* We'll define `[MINIO_ACCESS_KEY]` and `[MINIO_SECRET_KEY]` later - and you'll update your docker-compose file with those details.
+* If you dont want to use haproxy, then you can comment/delete out this section in the docker-compose file. You'll also need to uncomment the post definitions in the _web:_ section.
+* If you dont want to use nginx, or already have nginx as a front end to your web hosts elsewhere, then you can comment/delete it from your docker-compose file. (You'll configure your existing nginx to terminate SSL and/or proxy to the _web:_ container on port 80.)
+
+### Make necessary directories
+
+```plaintext
+# mkdir app app/cache app/data app/fido app/logs app/sessions haproxy minio postgres nginx
+# sudo chown -R 82:82 app/
+```
+
+### Create the app encryption key
+
+```plaintext
+# docker run --rm -e CONTAINER_ROLE=none -e APP_TIMEZONE=UTC registry.dege.au/bbs/clrghouz ./artisan key:generate --show
+
+* Starting NGINX...
+? NO container role "none", AND/OR no laravel install, just starting php-fpm
+base64:iT+8vM9p0X8oupGPKF+/ZqAxqyIQY5dWd72TaAlfcdY= <--- WHAT IS HERE IS YOUR KEY
+```
+
+And update the docker-compose file and replace `[APP_KEY]` with this key.