You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by mc...@apache.org on 2021/03/10 12:27:01 UTC
[cassandra-builds] branch trunk updated: added docs for Plausible
deployment (CASSANDRA-16488)
This is an automated email from the ASF dual-hosted git repository.
mck pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra-builds.git
The following commit(s) were added to refs/heads/trunk by this push:
new 3659429 added docs for Plausible deployment (CASSANDRA-16488)
3659429 is described below
commit 3659429f88b787b47db34e26601929434bd06e78
Author: Stefan Miklosovic <st...@instaclustr.com>
AuthorDate: Tue Mar 9 21:14:55 2021 +0100
added docs for Plausible deployment (CASSANDRA-16488)
Co-authored-by: mck <mc...@apache.org>
---
plausible/README.adoc | 151 +++++++++++++++++++++++++++++++++++++++++++
plausible/app.conf | 31 +++++++++
plausible/docker-compose.yml | 55 ++++++++++++++++
3 files changed, 237 insertions(+)
diff --git a/plausible/README.adoc b/plausible/README.adoc
new file mode 100644
index 0000000..84b12ca
--- /dev/null
+++ b/plausible/README.adoc
@@ -0,0 +1,151 @@
+== Analytics for Cassandra Web
+
+This document serves as a guide for anybody who wants to re/deploy https://plausible.io/[Plausible].
+
+=== Overview of the current deployment
+
+Plausible is currently deployed on t2.medium instance in AWS EC2, it runs on Debian 10 Buster and
+it has Elastic IP 3.124.255.5 (stays after restarts). Plausible runs in Docker Compose and it is
+secured by HTTPS. Certificates for HTTPS are obtained from Let's Encrypt and they are
+automatically renewed after expiration. There is nginx reverse proxy in front of Plausible as
+the other Docker Compose deployment.
+
+Plausible service is hosted under https://www.instaclustr.com[Instaclustr]'s account. Please contact
+stefan dot miklosovic at instaclustr dot com for any related questions / issues.
+
+Domain `plausible.cassandra.apache.org` points to 3.124.255.5. Please contact gmcdonald at apache dot org for
+any related questions / issues.
+
+For the access to all credentials (PEM to ssh to that box, logins to Plausible etc), please contact
+someone on the PMC, as credentials are stored in the private subversion repository.
+
+=== Setup of Plausible from scratch
+
+Please be sure that before proceeding, your box has these services / software installed:
+
+* docker
+* docker-compose
+* git
+
+The deployment consists of these logical steps:
+
+* setup HTTPS for nginx proxy
+* setup & run self-hosted Plausible
+* setup & run reverse nginx proxy talking to Plausible
+
+==== Setup of HTTP for nginx proxy
+
+First we generate HTTPS certificates:
+
+----
+$ git clone https://github.com/wmnnd/nginx-certbot.git
+$ cd nginx-certbox
+----
+
+Follow the https://github.com/wmnnd/nginx-certbot[readme] of nginx-certbox repo. You need to change
+`domains` in `init-letsencrypt.sh` script to `domains=(plausible.cassandra.apache.org)`.
+
+Next, modify `data/nginx/app.conf`, change `server_name` to `plausible.cassandra.apache.org` for
+both 80 and 443 case and change paths to certificates.
+
+`proxy_pass` field of `location /` for server listening to port 443 should be set to `http://plausible:8000/;`.
+`plausible` in this address points to name of a service of Docker compose we will setup afterwards.
+
+This will generate HTTPS certificates, please be sure that you have 80 and 443 port open.
+
+----
+$ ./init-letsencrypt.sh
+$ docker-compose up -d
+----
+
+`data/nginx/app.conf` file with described changes is also in the same directory as this document for reference.
+
+==== Setup of Plausible
+
+----
+$ git clone https://github.com/plausible/hosting
+$ cd hosting
+----
+
+The main configuration file is `plausible-conf.env`
+
+----
+ADMIN_USER_EMAIL=stefan.miklosovic@instaclustr.com
+ADMIN_USER_NAME=admin
+ADMIN_USER_PWD=you will log in with this password under ADMIN_USER_EMAIL
+BASE_URL=https://plausible.cassandra.apache.org/
+SECRET_KEY_BASE=see for the explanation below
+PORT=8000
+DISABLE_AUTH=false
+DISABLE_REGISTRATION=false
+GEOLITE2_COUNTRY_DB=/geoip/GeoLite2-Country.mmdb
+----
+
+`SECRET_KEY_BASE` is an internal secret key used by Phoenix Framework which Plausible builds on.
+Follow the https://hexdocs.pm/phoenix/Mix.Tasks.Phx.Gen.Secret.html#content[instructions] to generate one.
+The setup to generate such a secret is very long as it requires you to setup Erlang OTP, Phoenix etc etc and it seems
+to me that the value of `SECRET_KEY_BASE` needs to be some random string so https://github.com/plausible/analytics/discussions/824[anything sensible will do].
+
+For GeoIP (seeing a world map with hits from countries), you need to https://dev.maxmind.com/geoip/geoip2/geolite2/[create an account here].
+Then provide credentials in `geopip/geoip.conf`.
+
+`DISABLE_REGISTRATION` might be set to `true` after all accounts are created as we will prevent everybody to
+try to create accounts and potentially abuse this service.
+
+You do not need to do anything for SMTP to work, all default values are just fine in order to be able to
+send transactional emails. Please consult SMTP setup in FAQ section to know more if you happen to run on AWS.
+
+For more details, follow the https://plausible.io/docs/self-hosting-configuration[official docs].
+
+For simplicity, you will find unified Docker compose file with Plausible as well as with GeoLite
+integration in `docker-compose.yaml` in this directory.
+
+Do `docker-compose up -d` to start and move it to background.
+
+=== FAQ
+
+==== When I do docker-compose down, does it remove data of Plausible?
+
+No, unless you delete them by `-v` flag. This means that normal down / up will keep data / statistics
+from the last run. Some browsers might cache older stats, the rule of thumb is to open analytics dashboard
+in a private tab.
+
+==== How to lift limits on SMTP on AWS?
+
+By default, AWS blocks any SMTP traffic outside (e.g. to prevent spamming) so Plausible's mail c
+container will not be able to send anything. You need to send an email to AWS support to lift these
+restrictions. Submit https://aws.amazon.com/forms/ec2-email-limit-rdns-request[this form] to resolve this.
+
+You may check if your hosting is preventing the box to e.g. contact SMTP servers like this:
+
+----
+$ sudo traceroute -n -T -p 25 gmail-smtp-in.l.google.com
+----
+
+==== How two verify email in Plausible when e-mails do not work?
+
+----
+$ docker exec -ti hosting_plausible_db_1 psql -U postgres plausible_db
+----
+
+After getting into Postgres shell:
+
+----
+UPDATE users set email_verified=true;
+----
+
+==== How much disk space I should specify upon box provisioning?
+
+40G is more you will ever need. 20G is fine too.
+
+==== How do I restart everything?
+
+----
+$ cd ~/hosting
+$ docker-compose down && docker compose up -d
+$ cd ~/ngxin-certbot
+$ docker-compose down && docker-compose up -d
+----
+
+It might take some time to start Plausible especially when it is for the first time as DB has to be
+created etc.
diff --git a/plausible/app.conf b/plausible/app.conf
new file mode 100644
index 0000000..6c35522
--- /dev/null
+++ b/plausible/app.conf
@@ -0,0 +1,31 @@
+server {
+ listen 80;
+ server_name plausible.cassandra.apache.org
+ server_tokens off;
+
+ location /.well-known/acme-challenge/ {
+ root /var/www/certbot;
+ }
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
+
+server {
+ listen 443 ssl;
+ server_name plausible.cassandra.apache.org;
+ server_tokens off;
+
+ ssl_certificate /etc/letsencrypt/live/plausible.cassandra.apache.org/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/plausible.cassandra.apache.org/privkey.pem;
+ include /etc/letsencrypt/options-ssl-nginx.conf;
+ ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+ location / {
+ proxy_pass http://plausible:8000/;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+}
diff --git a/plausible/docker-compose.yml b/plausible/docker-compose.yml
new file mode 100644
index 0000000..5092672
--- /dev/null
+++ b/plausible/docker-compose.yml
@@ -0,0 +1,55 @@
+version: "3.3"
+services:
+ mail:
+ image: bytemark/smtp
+ restart: always
+
+ plausible_db:
+ image: postgres:12
+ volumes:
+ - db-data:/var/lib/postgresql/data
+ environment:
+ - POSTGRES_PASSWORD=postgres
+
+ plausible_events_db:
+ image: yandex/clickhouse-server:latest
+ volumes:
+ - event-data:/var/lib/clickhouse
+ - ./clickhouse/clickhouse-config.xml:/etc/clickhouse-server/config.d/logging.xml:ro
+ - ./clickhouse/clickhouse-user-config.xml:/etc/clickhouse-server/users.d/logging.xml:ro
+ ulimits:
+ nofile:
+ soft: 262144
+ hard: 262144
+
+ plausible:
+ image: plausible/analytics:latest
+ command: sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh db init-admin && /entrypoint.sh run"
+ depends_on:
+ - plausible_db
+ - plausible_events_db
+ - mail
+ - geoip
+ ports:
+ - 8000:8000
+ env_file:
+ - plausible-conf.env
+ volumes:
+ - geoip:/geoip:ro
+ geoip:
+ image: maxmindinc/geoipupdate
+ environment:
+ - GEOIPUPDATE_EDITION_IDS=GeoLite2-Country
+ - GEOIPUPDATE_FREQUENCY=168
+ env_file:
+ geoip/geoip.conf
+ volumes:
+ - geoip:/usr/share/GeoIP
+
+volumes:
+ db-data:
+ driver: local
+ event-data:
+ driver: local
+ geoip:
+ driver: local
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org