DokChat is quite extensive project that uses a multitude of AWS and Google Cloud service to function hence, it is not trivial to set up. Fortunately, we have configured Terraform, Docker, NGINX and other similar tools so this process is highly automated.
You can divide this process into three main steps:
- Infrastructure Prerequisites - Create AWS account and Google Cloud project
- Tools Prerequisites - Install required tools on Your PC
- Infrastructure Deploy - Deploy required AWS Services using Terraform
- Optional Modules and Configuration - Enable E-Mails, reCAPTCHA, TLS and Security Measures
Before going forward, you need to set up our two cloud providers AWS and Google Cloud
- Create account on Amazon Web Services. You will be required to input your credit card information but, don't worry. DokChat operates within 12-month free tier boundaries.
- Create new EC2 Key Pair You will need it to SSH into your instance, save it somewhere safe.
- Create Access Key for AWS and store it somewhere safe. You can do it through IAM Dashboard.
- Create account on Google Cloud. You don't need to set up a billing account here.
- Create new Google Cloud project. You can choose any project name. Note the Project ID that you have been assigned, you will need it for later.
- Enable Cloud Resource Manager API on Google Cloud Project. It is required in order for Terraform to menage Google Cloud.
You are now ready to install the required tools!
Now that you have both AWS and Google Cloud accounts you can can now download their respective CLI Tools and Terraform it is a Infrastructure as Code tool that will set up most of the infrastructure for you, automatically.
- Download and install the following tools:
- Run
aws configure
and input Access Key that you created earlier - Run
gcloud init
to initialize gcloud CLI via browser - Run
gcloud auth application-default login
to initialize Google Auth Libiary via browser
You are now ready to deploy infrastructure
Now that you have everything configured, you can provision your whole infrastructure using Terraform.
- Clone this repo to wherever you want
git clone https://github.com/MrBartusek/DokChat.git
- Go into the infrastructure folder
cd DokChat/infra
- Create
terraform.tfvars
in the infra folder, it should look something like this:key_name = "YOUR_SSH_KEY_NAME_HERE" google_project = "YOUR_GOOGLE_PROJECT_ID_HERE"
- Run Terraform
terraform apply
- Terraform will show you the planned infrastructure, accept it.
- After deploying Terrafrom will output
ec2_instance_public_ip
this is your EC2 Elastic IP, it won't work for couple of minutes. It will most likely return NGINX 502 or won't work at all. After around 5 minutes it will finish set up and show your new DokChat instance
At this point, you have your very own DokChat instance. You may now wish to finish optional set up.
Next steps are optional modules, they are not required however, it's recommended to setup all of them. Every step till this point was highly automated but now, you need to do some manual labor. Before we begin, you need to connect to your instancies to edit configuration file. There are multiple ways to do it:
- SSH You can SSH to your instancies using key that you've created:
ssh ec2-user@PUBLIC_IP -i PATH_TO_PEM_FILE
- SFTP You can SFTP protocol and login using user:
ec-user
and key that you've created - EC2 Instance Connect - Navigate to EC2, select your instance and click connect.
DokChat uses Invisible reCAPTCHA to detect and block bots.
- Create new Google reCAPTCHA project.
- Input any label, for type select Challenge (v2) → Invisible reCAPTCHA badge and input your domain or EC2 Instance IP
- After creating project you can now see your reCAPTCHA site key and secret key.
- Connect to your instancies - See this section introduction
- Edit
~/DokChat/.env
file - Change reCAPTCHA section to:
ENABLE_RECAPTCHA = true RECAPTCHA_SITE_KEY = "<YOUR-SITE-KEY>" RECAPTCHA_SECRET = "<YOUR-SECRET-KEY>"
- Restart DokChat - In
~/DokChat
directory rundocker-compose -f docker-compose.yaml -f docker-compose.prod.yaml up -d
Default DokChat Terraform have set up most of the email system for you. You now only need to create an identity and enable it.
- After running
terraform apply
Terraform has generatedaws_ses_identities_url
, as output, navigate to this URL. - Create and verify BOTH Domain and Email address. You are by default put in SES sandbox and you will be able to only send emails from verified domains to verified email addresses.
- Connect to your instancies - See this section introduction
- Edit
~/DokChat/.env
file - Change Email Service section to
ENABLE_EMAIL_SERVICE = true SES_EMAIL_SENDER = "DokChat <no-reply@YOUR_VERIFIED_DOMAIN>" SES_CONFIGURATION_SET_NAME = "dokchat-configuration-set"
You would probably also want to enable email bounces/complaints handling system. It is not required. If you want to leave SES Sandbox you are reqired to properly handle Bounces and Complaints to maintain good sender reputation. You can read more about that in AWS Guide.
If you want to enable this module just change ENABLE_SNS_BOUNCES_HANDLING
to true
. Everything
else should be setup by Terraform:
ENABLE_SNS_BOUNCES_HANDLING = true
Default DokChat Terraform setup have partially configured NGINX and certbot for you. For this step you need to have a domain name registered.
- Connect to your instancies - See this section introduction
- Rename
/etc/nginx/dokchat.dokurno.dev.conf
to match your domain name like:/etc/nginx/example.com.conf
- In this file change this line:
To match your domain, for example:
server_name _;
server_name wwww.example.com example.com;
- Run the following command to generate certificates with the Cerbot NGINX plug‑in:
sudo certbot --nginx -d example.com -d www.example.com
- Respond to prompts from certbot to configure your HTTPS settings, which involves entering your email address and agreeing to the Let’s Encrypt terms of service.
- You have now successfully setup certificate for the next 90 days. You can see that your
/etc/nginx/example.com.conf
file have been modified. - To enable automatic renew, you need to add new crontab entry, type following command:
sudo crontab -e
- Add certbot to run daily
0 12 * * * /usr/bin/certbot renew --quiet
- Save and close the file. All installed certificates will be automatically renewed and reloaded.
- Now you have TLS working, can enable additional security measures, edit
~/DokChat/.env
file - Change
ENABLE_HELMET = false
toENABLE_HELMET = true
- Also don't forget to change the base url
SERVER_BASE_URL
to your server URL likeSERVER_BASE_URL = "https://example.com/
- Restart DokChat - In
~/DokChat
directory run
docker-compose -f docker-compose.yaml -f docker-compose.prod.yaml up -d
Congratulations! You are now proud owner of DokChat Instance. There are some useful administrative actions that you can do!
Run this from ~/DokChat
directory:
docker-compose -f docker-compose.yaml -f docker-compose.prod.yaml up -d
Run this from ~/DokChat
directory:
docker-compose -f docker-compose.yaml -f docker-compose.prod.yaml stop
Terraform deploy use mrbartusek/dokchat:latest image which is pre-built by Github Actions on every commit. If you wish to update your image you need to run:
docker-compose -f docker-compose.yaml -f docker-compose.prod.yaml pull
You can as simply as terraform provisioned infrastructure for you, it can also destroy it but, it takes a little more work.
You can't just simply remove the infrastructure by using terraform destroy
since EC2
instance is protected by prevent_destroy
flag. Before proceeding forward you need to understand
that his process will remove all DokChat data including: database, .env configuration file,
attachment, logs and any other user data. There is no going back.
Warning Removing
prevent_destroy
lifecycle tags is going to remove your database, .env configuration file, attachment, logs and any other user data. There is no going back.
Navigate to infra/aws_ec2.tf and remove following:
resource "aws_s3_bucket" "this" {
...
lifecycle {
- # WARNING: REMOVING prevent_destroy IS GOING TO
- # REMOVE ALL USER ATTACHMENTS
- prevent_destroy = true
}
}
Navigate to infra/aws_ec2.tf and remove following:
resource "aws_instance" "ec2_instance" {
...
lifecycle {
ignore_changes = [
user_data # user data runs only after the initial launch of instance
]
- # WARNING: REMOVING prevent_destroy IS GOING TO
- # REMOVE YOUR DATABASE, CONFIGURATION FILE AND
- # ALL OTHER DOKCHAT DATA
- prevent_destroy = true
}
}
Say you final goodbyes and run:
terraform destroy