We use DigitalOcean for hosting virtual servers. We chose DO over AWS EC2 and other options like RackSpace because DO is very easy to use and they donated free credit to our account as a 501c3 non-profit.
We use dokku as a mini Heroku running on a single server. It allows us to deploy apps as simply as git push dokku. We run several apps on the same server since our server load is very low right now.
Digital Ocean have a pre-installed Dokku droplet, but we make some tweaks:
- We upgrade nginx to the latest version, which allows us to turn off proxy_request_buffering which speeds up submitting images with Simple-ODK by streaming the uploaded forms directly to our
simple-odknode server app. - We add an 8GB swap file
- We lock down ssh and block repeated access attempts
- We use iptables to block all ports apart from 22, 80, 443
- We tweak nginx worker_connections to the max supported by the server
For details of these tweaks see cloud-init.sh which is the script used to configure the server.
Currently we maintain two servers: a 1gb production server at apps.digital-democracy.org and a 512mb development server at dev.digital-democracy.org
The scripts in this repo are little helpers to provision and configure a server. Clone this repo and change into the directory:
git clone https://github.com/digidem/digidem-server.git
cd digidem-serverTo provision a new server for Digital Democracy with default options simply run:
export DO_API_KEY=our_digitalocean_api_key
./provisionThis will create a new 1gb 'droplet' (server) with dokku installed in nyc3 region, and configure it with all the tweaks we need. You will need to visit https://cloud.digitalocean.com/ to find out the IP of the newly created droplet for the next step.
To see other available options type ./provision --help
We ideally want a DNS name to point at the new server. We manage our DNS with CloudFlare. Visit the DNS management page and add an A record for the new server IP address.
Visit the new server IP address in the browser and add you should see the Dokku setup page. Update the Hostname to the new address you just added to Cloudflare, and select 'virtual host naming'.
If you have provisioned (created) a new server with dokku installed and you just want to run the configure script, you can run ./configure. DO NOT run this command twice, or on a server that has already been provisioned with the script above, since it does not do any checks on repeat configuration right now and may mess things up.
ssh root@server_hostnameYou can then run remote commands on the server, such as dokku apps:create myapp
If you want additional users to be able to access the server or dokku, you need to add their public keys.
Adding a users key to the server will give them root access. Be careful with this. This is not needed for deploying new apps, only for server maintenance.
cat /path/to/public_key | ssh root@server_hostname "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"This will allow a user with the public key to push new apps dokku and other dokku admin functions.
cat /path/to/public_key | ssh root@server_hostname "sudo sshcommand acl-add dokku [description]"[description] can be anything as long as it is one word only (e.g. "personal", "home", etc.).
To deploy a new app you need to add a git remote for dokku:
cd /path/to/my/app
git remote add dokku dokku@server_hostname:app_nameNow you can git push dokku master to deploy your app to dokku. See dokku docs for more details.
The easiest way to run dokku commands locally is to install dokku-toolbelt:
npm install -g dokku-toolbeltThen when in your app folder (you need to already have the dokku git remote configured) you can run commands like dt config:set MY_ENV_VARIABLE=some_secret_sauce
We use New Relic for basic server monitoring. Connect to the server and follow the New Relic install instructions