From 2f4de94ec649640ee2d1271f1dae9895d48101ad Mon Sep 17 00:00:00 2001 From: Pokey <79169880+Pokeylooted@users.noreply.github.com> Date: Sun, 3 Mar 2024 21:44:09 -0600 Subject: [PATCH 1/7] Update 1.deploy.md add more info Add more thorough guide for selfhosting --- content/4.backend/1.deploy.md | 84 +++++++++++++++++++++++++++++------ 1 file changed, 70 insertions(+), 14 deletions(-) diff --git a/content/4.backend/1.deploy.md b/content/4.backend/1.deploy.md index 475bce0..b2d2c30 100644 --- a/content/4.backend/1.deploy.md +++ b/content/4.backend/1.deploy.md @@ -12,26 +12,82 @@ For configuration, check out the [configuration reference](2.configuration.md). The postgres database will need to be populated with [migrations](0.introduction.md#migrations) if `postgres.migrateOnBoot` isn't enabled. :: -## Method 1 - Docker +## Method 1 - Docker Deployment -This method will help you set up the backend with the bare minimum configuration options. You'll most likely want to [add some more environment variables](2.configuration.md) to customize your experience more thoroughly. +This method provides a straightforward setup with minimal configuration. For more extensive customization, see the [Configuration Reference](2.configuration.md). -The command below will not work unless customized by you, change the [`MWB_POSTGRES__CONNECTION`](2.configuration.md#postgresconnection) and [`MWB_CRYPTO__SESSION_SECRET`](2.configuration.md#cryptosessionsecret) to something valid for the backend to function. +**Prerequisites** -If you're using a hosted postgres database like [Neon](https://neon.tech/){target="\_blank"}, you'll also want to enable SSL support for the backend using the [`postgres.ssl`](2.configuration.md#postgresssl) option. +* **Docker:** If you don't have Docker installed, download it from the official website: [Docker installation](https://www.docker.com/get-started) +* **Docker Compose:** Install Docker Compose following the instructions for your operating system: [Docker-Compose installation](https://docs.docker.com/compose/install/) -For other versions of the image, [check out the package page](https://github.com/movie-web/backend/pkgs/container/backend){target="\_blank"}. +**Setup** +1. **Create `docker-compose.yml`:** -```sh -docker run \ - -p 80:80 \ - -e MWB_POSTGRES__CONNECTION=postgresql://localhost:5432 \ - -e MWB_CRYPTO__SESSION_SECRET=add-your-own-secret \ - -e MWB_META__NAME=unofficial-movie-web \ - ghcr.io/movie-web/backend:latest -``` + ```yaml + version: '3.8' -After running that command, your backend [_should_](../1.self-hosting/4.troubleshooting.md) now be available on `localhost:80`. if you want to be able to connect to the backend outside of your local network (for example sharing it with your friends), then you'll need set up to port forwarding. + services: + postgres: + image: postgres + environment: + POSTGRES_USER: movie_web_user + POSTGRES_DB: movie_web_backend + POSTGRES_PASSWORD: YourPasswordHere + ports: + - "5432:5432" + networks: + - movie-web-network + + movie-web: + image: ghcr.io/movie-web/backend:latest + environment: + MWB_POSTGRES__CONNECTION: postgresql://movie_web_user:YourPasswordHere@postgres:5432/movie_web_backend + MWB_CRYPTO__SESSION_SECRET: 32CharacterLongStringHere + MWB_META__NAME: unofficial-movie-web + MWB_POSTGRES__MIGRATE_ON_BOOT: "true" + ports: + - "80:80" + depends_on: + - postgres + networks: + - movie-web-network + + networks: + movie-web-network: + driver: bridge + ``` + + **Important:** + * Replace `YourPasswordHere` with your secure database password. + * Generate a strong session secret and replace `32CharacterLongStringHere`. + +2. **Start the Backend:** Open a terminal in the directory containing `docker-compose.yml` and execute: + + ```bash + docker-compose up -d + ``` + +**Accessing Your Backend** + +Your backend should be accessible on `(YourPrivateIP):80`. To share it outside your local network, you'll need to configure port forwarding or cloudflared tunnel. + +**Optional: Using a Reverse Proxy** +For SSL and domain configuration, consider setting up a reverse proxy like Nginx. + +## Method 2 - Railway (Easy) + +Railway provides a simple deployment process and $5 of initial credit, usually enough to run the backend for several months. + +[![Deploy on Railway](https://railway.app/button.svg)](https://railway.app/template/TS4mw5) + +1. **Create or Log in to Railway:** Visit https://railway.app and either create an account or log in. +2. **Deploy with One Click:** Click the "Deploy on Railway" button above. +3. **Configure Environment Variables:** Fill in the required environment variables or modify the defaults. +4. **Deploy:** Click the "Deploy" button. +5. **Access Your Deployment:** Once deployment is complete, retrieve the URL from your Railway Deployments page. + +**Congratulations!** You've successfully deployed the backend. Proceed to [set up the client](../1.self-hosting/2.use-backend.md). ## Method 2 - Railway (Easy) From 59ef01d5b1c56d32caf280d7c29b878695d16ef1 Mon Sep 17 00:00:00 2001 From: Pokey <79169880+Pokeylooted@users.noreply.github.com> Date: Sun, 3 Mar 2024 21:56:37 -0600 Subject: [PATCH 2/7] Added more useful MWB Enviornment Variables --- content/4.backend/1.deploy.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/content/4.backend/1.deploy.md b/content/4.backend/1.deploy.md index b2d2c30..c5146be 100644 --- a/content/4.backend/1.deploy.md +++ b/content/4.backend/1.deploy.md @@ -61,7 +61,6 @@ This method provides a straightforward setup with minimal configuration. For mor **Important:** * Replace `YourPasswordHere` with your secure database password. * Generate a strong session secret and replace `32CharacterLongStringHere`. - 2. **Start the Backend:** Open a terminal in the directory containing `docker-compose.yml` and execute: ```bash @@ -75,6 +74,9 @@ Your backend should be accessible on `(YourPrivateIP):80`. To share it outside y **Optional: Using a Reverse Proxy** For SSL and domain configuration, consider setting up a reverse proxy like Nginx. +* If you do use a reverse proxy, you may need to add `MWB_SERVER__CORS: "example.com movie.example.com"`. +* Dependent on your setup you may also need `MWB_SERVER__TRUST_PROXY: true`, and `MWB_SERVER__TRUST_CLOUDFLARE: true`. + ## Method 2 - Railway (Easy) Railway provides a simple deployment process and $5 of initial credit, usually enough to run the backend for several months. From 209cf4e5bcd37d7780fd80787e07068101ac0333 Mon Sep 17 00:00:00 2001 From: Pokey <79169880+Pokeylooted@users.noreply.github.com> Date: Mon, 4 Mar 2024 17:32:23 -0600 Subject: [PATCH 3/7] Apply suggestions from code review Co-authored-by: William Oldham --- content/4.backend/1.deploy.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/4.backend/1.deploy.md b/content/4.backend/1.deploy.md index c5146be..93f6eda 100644 --- a/content/4.backend/1.deploy.md +++ b/content/4.backend/1.deploy.md @@ -45,7 +45,8 @@ This method provides a straightforward setup with minimal configuration. For mor MWB_POSTGRES__CONNECTION: postgresql://movie_web_user:YourPasswordHere@postgres:5432/movie_web_backend MWB_CRYPTO__SESSION_SECRET: 32CharacterLongStringHere MWB_META__NAME: unofficial-movie-web - MWB_POSTGRES__MIGRATE_ON_BOOT: "true" + MWB_POSTGRES__MIGRATE_ON_BOOT: "true" + MIKRO_ORM_MIGRATIONS_DISABLE_FOREIGN_KEYS: "true" ports: - "80:80" depends_on: From 74335dc29d8e7b5b668c57fa2e85e2e13ba2d048 Mon Sep 17 00:00:00 2001 From: Pokey <79169880+Pokeylooted@users.noreply.github.com> Date: Mon, 4 Mar 2024 17:40:41 -0600 Subject: [PATCH 4/7] removed duplicated railway --- content/4.backend/1.deploy.md | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/content/4.backend/1.deploy.md b/content/4.backend/1.deploy.md index 93f6eda..9c5268b 100644 --- a/content/4.backend/1.deploy.md +++ b/content/4.backend/1.deploy.md @@ -80,20 +80,6 @@ For SSL and domain configuration, consider setting up a reverse proxy like Nginx ## Method 2 - Railway (Easy) -Railway provides a simple deployment process and $5 of initial credit, usually enough to run the backend for several months. - -[![Deploy on Railway](https://railway.app/button.svg)](https://railway.app/template/TS4mw5) - -1. **Create or Log in to Railway:** Visit https://railway.app and either create an account or log in. -2. **Deploy with One Click:** Click the "Deploy on Railway" button above. -3. **Configure Environment Variables:** Fill in the required environment variables or modify the defaults. -4. **Deploy:** Click the "Deploy" button. -5. **Access Your Deployment:** Once deployment is complete, retrieve the URL from your Railway Deployments page. - -**Congratulations!** You've successfully deployed the backend. Proceed to [set up the client](../1.self-hosting/2.use-backend.md). - -## Method 2 - Railway (Easy) - Railway offers you $5 of credit once you verify your account, which is enough to run the backend for around 5 months (~$0.90 per month). [![Deploy on Railway](https://railway.app/button.svg)](https://railway.app/template/TS4mw5) From 5597d2f17a8e2509de580d672cce39a7e8d517d2 Mon Sep 17 00:00:00 2001 From: Pokey <79169880+Pokeylooted@users.noreply.github.com> Date: Mon, 4 Mar 2024 18:12:55 -0600 Subject: [PATCH 5/7] Added cloudflare zero trust docs --- content/4.backend/1.deploy.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/content/4.backend/1.deploy.md b/content/4.backend/1.deploy.md index 9c5268b..34155bc 100644 --- a/content/4.backend/1.deploy.md +++ b/content/4.backend/1.deploy.md @@ -72,11 +72,12 @@ This method provides a straightforward setup with minimal configuration. For mor Your backend should be accessible on `(YourPrivateIP):80`. To share it outside your local network, you'll need to configure port forwarding or cloudflared tunnel. -**Optional: Using a Reverse Proxy** -For SSL and domain configuration, consider setting up a reverse proxy like Nginx. +**Optional: Implementing a Reverse Proxy** -* If you do use a reverse proxy, you may need to add `MWB_SERVER__CORS: "example.com movie.example.com"`. -* Dependent on your setup you may also need `MWB_SERVER__TRUST_PROXY: true`, and `MWB_SERVER__TRUST_CLOUDFLARE: true`. +To enhance your SSL and domain configuration, it's advisable to establish a reverse proxy, such as Nginx. For an optimal choice in this regard, Cloudflare Zero Trust Tunnel is recommended. You can find more information [here](https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/). + +- If you decide to utilize a reverse proxy, it's important to include `MWB_SERVER__CORS: "example.com movie.example.com"` in your configuration. +- Depending on your specific setup, you may also require the addition of `MWB_SERVER__TRUST_PROXY: true` and `MWB_SERVER__TRUST_CLOUDFLARE: true`. ## Method 2 - Railway (Easy) From f0b56274d75374169e5fd33a4adbc30884e4eec9 Mon Sep 17 00:00:00 2001 From: Pokey <79169880+Pokeylooted@users.noreply.github.com> Date: Mon, 4 Mar 2024 18:15:33 -0600 Subject: [PATCH 6/7] Make CORS variable info more specific --- content/4.backend/1.deploy.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/content/4.backend/1.deploy.md b/content/4.backend/1.deploy.md index 34155bc..0829e70 100644 --- a/content/4.backend/1.deploy.md +++ b/content/4.backend/1.deploy.md @@ -77,6 +77,9 @@ Your backend should be accessible on `(YourPrivateIP):80`. To share it outside y To enhance your SSL and domain configuration, it's advisable to establish a reverse proxy, such as Nginx. For an optimal choice in this regard, Cloudflare Zero Trust Tunnel is recommended. You can find more information [here](https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/). - If you decide to utilize a reverse proxy, it's important to include `MWB_SERVER__CORS: "example.com movie.example.com"` in your configuration. +- If you use a reverse proxy behind a domain, add `MWB_SERVER__CORS: "https://movie.example.com"`. + - `MWB_SERVER__CORS` must contain a **space-separated** list of origins (Protocol + Hostname) for the client to be able to access the backend. + - Depending on your specific setup, you may also require the addition of `MWB_SERVER__TRUST_PROXY: true` and `MWB_SERVER__TRUST_CLOUDFLARE: true`. ## Method 2 - Railway (Easy) From 5a1f212c5dffe7498606e8180aed05e62beafe41 Mon Sep 17 00:00:00 2001 From: Pokey <79169880+Pokeylooted@users.noreply.github.com> Date: Mon, 4 Mar 2024 18:18:43 -0600 Subject: [PATCH 7/7] Fix duplication --- content/4.backend/1.deploy.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/content/4.backend/1.deploy.md b/content/4.backend/1.deploy.md index 0829e70..ddb1fb6 100644 --- a/content/4.backend/1.deploy.md +++ b/content/4.backend/1.deploy.md @@ -76,10 +76,8 @@ Your backend should be accessible on `(YourPrivateIP):80`. To share it outside y To enhance your SSL and domain configuration, it's advisable to establish a reverse proxy, such as Nginx. For an optimal choice in this regard, Cloudflare Zero Trust Tunnel is recommended. You can find more information [here](https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/). -- If you decide to utilize a reverse proxy, it's important to include `MWB_SERVER__CORS: "example.com movie.example.com"` in your configuration. -- If you use a reverse proxy behind a domain, add `MWB_SERVER__CORS: "https://movie.example.com"`. +- If you decide to utilize a reverse proxy, it's important to include `MWB_SERVER__CORS: "https://movie.example.com"` in your configuration. - `MWB_SERVER__CORS` must contain a **space-separated** list of origins (Protocol + Hostname) for the client to be able to access the backend. - - Depending on your specific setup, you may also require the addition of `MWB_SERVER__TRUST_PROXY: true` and `MWB_SERVER__TRUST_CLOUDFLARE: true`. ## Method 2 - Railway (Easy)