This document contains instructions for deploying h to a production environment. If you are looking for instructions on setting up a development environment for h, please consult :doc:`HACKING` instead.
h is deployed exclusively as a Docker container. This allows the development team to focus their efforts on developing for a single, consistent environment. It also means that across a wide variety of platforms (those support by Docker itself) the instructions for configuring and deploying h are identical.
In addition to the Docker container, h depends on the following services:
- An SQL database. We only officially support PostgreSQL.
- ElasticSearch v1.0+, with the ElasticSearch ICU Analysis plugin installed. Used for storing annotation data.
- NSQ, a distributed message queue. Used for interprocess communication.
- Redis, a fast key-value store. Used for persistent session storage.
You will need to have installed and configured Docker (v1.4 or greater) in order to deploy h. Please follow the Docker team's instructions on how to install Docker.
We do not currently publish a built image for h. You must build the base image for h by running the following from the root of the repository:
$ docker build -t hypothesis/h .
This will take some time to complete, as it will install and configure a complete image of h and all its direct dependencies.
You can now run a Docker container using the hypothesis/h image you just
built. At its simplest, this consists of running:
$ docker run hypothesis/h
but this will usually result in a container which is missing some important configuration. In particular, you need to let the running h instance know where its external service dependencies are. This is most easily done by configuring one or more of the following Docker link names, which will result in automatic configuration of these services:
elasticsearchmailnsqdredisstatsd
In a production environment you should set the following container environment variables:
APP_URLthe base URL of the applicationDATABASE_URLan SQLAlchemy compatible database URLSECRET_KEYa secret key for use in cryptographic operations
Note
You can generate an appropriate secret key as follows:
$ python -c 'import base64; import os; print(base64.b64encode(os.urandom(64))).strip(b"=")'
You will probably also want to set one or more of the following configuration options:
ALLOWED_ORIGINSorigins allowed to connect over the WebSocket protocolCLIENT_IDa unique API key for authenticationCLIENT_SECRETa unique API secret for signing authentication requestsELASTICSEARCH_INDEXthe ElasticSearch index name for annotation storageMAIL_DEFAULT_SENDERa sender address for outbound mailWEBASSETS_BASE_DIRthe base directory for static assetsWEBASSETS_BASE_URLthe base URL for static asset routes