Deployment

Kendall Masse edited this page Nov 18, 2018 · 8 revisions

Deploying your own PELD-Server

This guide will walk you through how to deploy your own PELD-Server instance using Docker, as well as setting up automatic cert renewals with certbot

Getting started

These steps are the basics for setting up any ESI app, so you shouldn't need any additional details for these steps.

  1. Provision your server (VPS, AWS EC2, etc.), any flavor of linux should do
  2. Register your domain, point it to your server
  3. Create your app on https://developers.eveonline.com/
    • You need to add the following ESI scopes for PELD-Server to work:
      • esi-fleets.read_fleet.v1
      • esi-fleets.write_fleet.v1
    • Make sure your callback URL is https://YOUR_URL/sso/callback
    • Copy your Client ID and Secret Key somewhere, you will need them later

Getting PELD-Server

From where ever you want to store the app, run:
git clone https://github.com/ArtificialQualia/PELD-Server.git
then
cd PELD-Server
All the following steps assume you are in the PELD-Server directory

Using certbot for the first time

If you are going to use your own 3rd party cert, you can skip this section.

Most package manager repositories contain a version of certbot that you can use, so try to get it from there first. If that doesn't work, run:
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
Feel free to move it to somewhere on your path (like /usr/bin/) if you want easier access to it.

To get your first cert, run something like this (note: by running this you agree to certbot's TOS)
sudo certbot certonly --agree-tos --text --email YOUR_EMAIL@HERE.com --server https://acme-v02.api.letsencrypt.org/directory -d YOUR_DOMAIN.com --standalone --standalone-supported-challenges http-01 --debug
Be sure to replace YOUR_EMAIL@HERE.com with your email (you will get notified if cert renewals fail or your cert is about to expire), YOUR_DOMAIN.com with your domain name you registered above, and certbot with /path/to/certbot-auto if you downloaded that.

If that worked, move on to the next section. If you get an error like don’t know how to bootstrap Certbot on your OS, make sure you have the augeas and a python 2.7 package with pip on your system, and try running
sudo pip install --upgrade requests
sudo pip install --upgrade cryptography
sudo pip install certbot
then try running the certbot command above again.

If that still doesn't work, refer to certbot's documentation (you can always run it using docker!)

Get docker and docker-compose

Docker is available on most package managers, look for it there first. It may be named docker-ce or docker.io. This is by far the easiest way to get it. If it isn't available there, read docker's docs on how to get it

docker-compose is easier, just run these commands:
sudo curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m) -o /usr/bin/docker-compose
sudo chmod +x /usr/bin/docker-compose

After you have those, make sure the docker service is running:
sudo service docker start

Now, make sure docker works:
sudo docker version
You should see version information. If you get an error, you may need to check the docker service logs or review docker's docs.

Once you have that working, also run:
sudo docker-compose version
and you should again see version information.

Configuring PELD-Server

First, we need to add a special file for docker. Perform this, replacing YOUR_DOMAIN.com with your domain name:
echo "SERVER_NAME=YOUR_DOMAIN.com">>./.env

There are a few files in the root directory of PELD-Server that you need to edit before you start PELD-Server. Do this with your editor of choice.

Note that these files will get overwritten if you git pull to get the latest code. You should back them up before doing an update.

config.py

You need to change the following values:
SECRET_KEY - This can be any random string that you want, it is used to encrypt secrets for the server. Just make sure it is unique and don't share it.
HOST - This needs to be your domain, like peld-fleet.com
ESI_SECRET_KEY - This needs to be the Secret Key provided by CCP that you got when you created your ESI app
ESI_CLIENT_ID - This needs to be the Client ID provided by CCP that you got when you created your ESI app

You should leave the rest as-is.

docker-compose.yml

You can leave this file as is and everything will work, but you probably want to edit the number of workers that the webserver uses for websockets. By default, there is 1 primary web process, and 4 workers. The exact number of workers you want depends on your use-case, but in most cases 2*(cpu count) is a good number.

Unfortunately, this process is a little clumsy due to the nature of docker-compose. There isn't an easy way to just make a number bigger to add more workers while maintaining configurability of the platform.

To add (or remove) workers, find the comments that say # add extra workers here and copy the code above them for the previous worker, incrementing the number by one. For instance, to add one worker you'd add this code at the first comment:

  web-worker5:
    image: peld:latest
    restart: always
    command: python3 app.py
    expose:
      - "5000"
    depends_on:
      - web-primary

and at the second # add extra workers here you would add this:
server web-worker5:5000;

If you didn't follow the steps for certbot above and are using your own certs, be sure to change the volumes: section of the nginx container to point to your certs/key.

If you know your way around docker-compose you may want to do some extra stuff like changing the peld:latest tag to something else, so you can maintain multiple versions and roll back easier, or move the nginx config out and mapping it, etc.

Build and Start

You need to 'build' your docker images before you start them (you need to rebuild every time you change your config.py or update your PELD-Server code!)
sudo docker-compose build
This will take a while when you do it the first time.

To start everything:
sudo docker-compose up -d
It will take about a minute after your containers start for your site to become available.

Your PELD-Server is ready to use! Make sure your line members running peld insert your server domain instead of the default peld-fleet.com!

You will need to familiarize yourself with docker-compose commands to effectively manage your PELD-Server instance. Read the docs on them here. At some point you're going to want to run docker-compose commands like ps, down, logs, etc.

Automating cert renewals

If you are using certbot, you will want to automate the renewals of your cert since they expire every 90 days. To do so, add something like this to your root's crontab (run sudo crontab -e):
0 11 * * * certbot renew --text --server https://acme-v02.api.letsencrypt.org/directory --standalone --debug --pre-hook "docker stop peld-server_nginx_1" --post-hook "docker start peld-server_nginx_1"
Replacing certbot with /path/to/certbot-auto if you are using certbot-auto.
You'll also want to replace the cron schedule with something that makes sense for you. Shown above is when EVE downtime is in UTC.
You should probably just convert that to when downtime is in your local timezone, but you could really do it anytime. There is a very slight hiccup in the websocket connections when you do it, but they reconnect in <1s.

Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.