Guidance on Deployment

[Knucklessg1]

Hello everyone, I was working on deploying a Huly.io instance locally using docker and Treafik. I am only using http as I am running this in my home network. I am getting as far as 10% deployment on the workspace before it hangs indefinitely. Does anyone have any pointers on my compose file? I think I may have incorrectly configured one of the internal service URLs.

Note: I am using mongodb<5 due to lack of AVX support on my hardware.

---
services:
  mongodb:
    image: "mongo:4.4.18"
    container_name: mongodb
    environment:
      - PUID=1000
      - PGID=1000
    volumes:
      - /apps/huly/db:/data/db
    networks:
      - huly-services
    deploy:
      placement:
        constraints:
          - node.labels.name == Server
      restart_policy:
        condition: any

  elastic:
    image: "elasticsearch:7.14.2"
    command: |
      /bin/sh -c "./bin/elasticsearch-plugin list | grep -q ingest-attachment || yes | ./bin/elasticsearch-plugin install --silent ingest-attachment;
      /usr/local/bin/docker-entrypoint.sh eswrapper"
    volumes:
      - /apps/huly/elastic:/var/share/elasticsearch/data
    environment:
      - ELASTICSEARCH_PORT_NUMBER=9200
      - BITNAMI_DEBUG=true
      - discovery.type=single-node
      - ES_JAVA_OPTS=-Xms1024m -Xmx1024m
      - http.cors.enabled=true
      - http.cors.allow-origin=http://localhost:8082
    healthcheck:
      interval: 20s
      retries: 10
      test: curl -s http://localhost:9200/_cluster/health | grep -vq '"status":"red"'
    networks:
      - huly-services
    deploy:
      placement:
        constraints:
          - node.labels.name == Server
      restart_policy:
        condition: any

  minio:
    image: "minio/minio:latest"
    command: server /data --address ":9000" --console-address ":9001"
    volumes:
      - /apps/huly/files:/data
    networks:
      - huly-services
    deploy:
      placement:
        constraints:
          - node.labels.name == Server
      restart_policy:
        condition: any

  rekoni:
    image: "hardcoreeng/rekoni-service:${HULY_VERSION}"
    environment:
      - SECRET=${HULY_SECRET}
    networks:
      - huly-services
      - traefik
    deploy:
      resources:
        limits:
          memory: 500M
      placement:
        constraints:
          - node.labels.name == Server
      restart_policy:
        condition: any
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=traefik"
        - "traefik.http.routers.rekoni.entrypoints=web"
        - "traefik.http.routers.rekoni.rule=Host(`huly.local`) && PathPrefix(`/rekoni`)"
        - "traefik.http.services.rekoni.loadbalancer.server.port=4004"
        - "traefik.http.routers.rekoni.middlewares=rekoni-stripprefix"
        - "traefik.http.middlewares.rekoni-stripprefix.stripprefix.prefixes=/rekoni"
        - "traefik.http.services.rekoni.loadbalancer.server.scheme=http"

  transactor:
    image: "hardcoreeng/transactor:${HULY_VERSION}"
    environment:
      - SERVER_PORT=3333
      - SERVER_SECRET=${HULY_SECRET}
      - SERVER_CURSOR_MAXTIMEMS=30000
      - ELASTIC_URL=http://elastic:9200
      - ELASTIC_INDEX_NAME=huly_storage_index
      - MONGO_URL=mongodb://mongodb:27017
      - METRICS_CONSOLE=false
      - METRICS_FILE=metrics.txt
      - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
      - REKONI_URL=http://rekoni:4004
      #- FRONT_URL=http://localhost:8080
      - FRONT_URL=http://front:8080
      - ACCOUNTS_URL=http://account:3000
      - LAST_NAME_FIRST=true
    depends_on:
      - mongodb
      - elastic
      - minio
    networks:
      - huly-services
      - traefik
    deploy:
      resources:
        limits:
          memory: 500M
      placement:
        constraints:
          - node.labels.name == Server
      restart_policy:
        condition: any
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=traefik"
        - "traefik.http.routers.transactor.entrypoints=web"
        - "traefik.http.routers.transactor.rule=Host(`huly.local`)"
        - "traefik.http.services.transactor.loadbalancer.server.port=3333"
        - "traefik.http.services.transactor.loadbalancer.server.scheme=http"

  collaborator:
    image: "hardcoreeng/collaborator:${HULY_VERSION}"
    environment:
      - COLLABORATOR_PORT=3078
      - SECRET=${HULY_SECRET}
      - ACCOUNTS_URL=http://account:3000
      - MONGO_URL=mongodb://mongodb:27017
      - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
    depends_on:
      - mongodb
      - elastic
      - minio
    networks:
      - huly-services
      - traefik
    deploy:
      resources:
        limits:
          memory: 500M
      placement:
        constraints:
          - node.labels.name == Server
      restart_policy:
        condition: any
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=traefik"
        - "traefik.http.routers.collaborator.entrypoints=web"
        - "traefik.http.routers.collaborator.rule=Host(`huly.local`)"
        - "traefik.http.services.collaborator.loadbalancer.server.port=3078"
        - "traefik.http.services.collaborator.loadbalancer.server.scheme=http"

  account:
    image: "hardcoreeng/account:${HULY_VERSION}"
    environment:
      - SERVER_PORT=3000
      - SERVER_SECRET=${HULY_SECRET}
      - MONGO_URL=mongodb://mongodb:27017
      - DB_URL=mongodb://mongodb:27017
      - TRANSACTOR_URL=ws://transactor:3333;ws://huly.local:3333
      #- TRANSACTOR_URL=ws://transactor:3333
      - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
      - FRONT_URL=http://front:8080
      - MODEL_ENABLED=*
      - ACCOUNTS_URL=http://localhost:3000
      - ACCOUNT_PORT=3000
    networks:
      - huly-services
      - traefik
    deploy:
      placement:
        constraints:
          - node.labels.name == Server
      restart_policy:
        condition: any
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=traefik"
        - "traefik.http.routers.account.entrypoints=web"
        - "traefik.http.routers.account.rule=Host(`huly.local`) && PathPrefix(`/accounts`)"
        - "traefik.http.routers.account.middlewares=account-stripprefix"
        - "traefik.http.middlewares.account-stripprefix.stripprefix.prefixes=/accounts"
        - "traefik.http.services.account.loadbalancer.server.port=3000"
        - "traefik.http.services.account.loadbalancer.server.scheme=http"

  workspace:
    image: "hardcoreeng/workspace:${HULY_VERSION}"
    environment:
      - SERVER_SECRET=${HULY_SECRET}
      - DB_URL=mongodb://mongodb:27017
      - MONGO_URL=mongodb://mongodb:27017
      - TRANSACTOR_URL=ws://transactor:3333;ws://huly.local:3333
      #- TRANSACTOR_URL=ws://transactor:3333
      - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
      - MODEL_ENABLED=*
      - ACCOUNTS_URL=http://account:3000
      - NOTIFY_INBOX_ONLY=true
    depends_on:
      - mongodb
      - transactor
      - elastic
      - minio
    networks:
      - huly-services
    deploy:
      placement:
        constraints:
          - node.labels.name == Server
      restart_policy:
        condition: any

  front:
    image: "hardcoreeng/front:${HULY_VERSION}"
    environment:
      - SERVER_PORT=8080
      - SERVER_SECRET=${HULY_SECRET}
      - ACCOUNTS_URL=http://huly.local/accounts
      #- ACCOUNTS_URL=http://account:3000
      - REKONI_URL=http://huly.local/rekoni
      #- REKONI_URL=http://rekoni:4004
      - CALENDAR_URL=http://huly.local:8095
      - GMAIL_URL=http://huly.local:8088
      - TELEGRAM_URL=http://huly.local:8086
      - UPLOAD_URL=/files
      - ELASTIC_URL=http://elastic:9200
      - COLLABORATOR_URL=ws://huly.local:3078
      #- COLLABORATOR_URL=ws://collaborator:3078
      - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
      - MONGO_URL=mongodb://mongodb:27017
      - TITLE=Huly Self Host
      - DEFAULT_LANGUAGE=en
      - LAST_NAME_FIRST=true
    networks:
      - huly-services
      - traefik
    deploy:
      placement:
        constraints:
          - node.labels.name == Server
      restart_policy:
        condition: any
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=traefik"
        - "traefik.http.routers.huly.entrypoints=web"
        - "traefik.http.routers.huly.rule=Host(`huly.local`)"
        - "traefik.http.services.huly.loadbalancer.server.port=8080"
        - "traefik.http.services.huly.loadbalancer.server.scheme=http"

networks:
  traefik:
    name: traefik
    external: true
  huly-services:
    name: huly-services

[LiteeDev]

I was able to get this working using Let's Encrypt. I referred to the install guide here.... Before allowing Docker and Nginx to restart, I installed Let's Encrypt and deployed a self-managed Let's Encrypt server. Once the certificate was successfully created, I updated the /installdir/huly-selfhost/nginx.conf file after completing the symlink, and then proceeded to start Docker and Nginx.

Here is the updated configuration:

listen 443 ssl;
add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem; 
ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem; 

[Knucklessg1]

I was able to get this working using Let's Encrypt. I referred to the install guide here.... Before allowing Docker and Nginx to restart, I installed Let's Encrypt and deployed a self-managed Let's Encrypt server. Once the certificate was successfully created, I updated the /installdir/huly-selfhost/nginx.conf file after completing the symlink, and then proceeded to start Docker and Nginx.

Here is the updated configuration:

listen 443 ssl;
add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem; 
ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem; 

Is let's encrypt required?

I wanted to run everything within my insecure local network (http).