diff --git a/.gitignore b/.gitignore index 0fab2ff9e4..26bacf4d4b 100644 --- a/.gitignore +++ b/.gitignore @@ -35,8 +35,11 @@ ui-debug.log /.vscode # env files -server/.env -deployment/.env +server/**/.env +deployment/**/.env + +# keys +**/jwt.key # script output scripts/out diff --git a/deployment/.gitignore b/deployment/.gitignore deleted file mode 100644 index 220dd2c533..0000000000 --- a/deployment/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -.env -jwt.key \ No newline at end of file diff --git a/deployment/docker/.env.example b/deployment/docker/.env.example index e3f447c404..78acfa79e4 100644 --- a/deployment/docker/.env.example +++ b/deployment/docker/.env.example @@ -1,51 +1,63 @@ # example environment variables # read more about all env vars at https://docs.scrumlr.io/self-hosting/env-vars/ -# Analytics (Plausible) -ANALYTICS_DATA_DOMAIN= -ANALYTICS_SRC= -# Auth Providers +## Scrumlr backend +SCRUMLR_BACKEND_VERSION=3.10.2 +SCRUMLR_SERVER_PORT=8080 +SCRUMLR_BASE_PATH="/api" +## Uses the hardcoded insecure key for development +SCRUMLR_INSECURE= +## JWT Private Key (ECDSA). Generate a new key for PRODUCTION +SCRUMLR_PRIVATE_KEY= +## NATS URL +SCRUMLR_SERVER_NATS_URL="nats://nats:4222" +## Redis if you use it instead of NATS +REDIS_HOST= +REDIS_USERNAME= +REDIS_PASSWORD= +## Webhook URL for feedback +WEBHOOK_URL= +## Auth Providers AUTH_CALLBACK_HOST= -APPLE_CLIENT_ID= -APPLE_CLIENT_SECRET= -AZURE_AD_CLIENT_ID= -AZURE_AD_CLIENT_SECRET= -AZURE_AD_TENANT_ID= -GITHUB_CLIENT_ID= -GITHUB_CLIENT_SECRET= GOOGLE_CLIENT_ID= GOOGLE_CLIENT_SECRET= MICROSOFT_CLIENT_ID= MICROSOFT_CLIENT_SECRET= +GITHUB_CLIENT_ID= +GITHUB_CLIENT_SECRET= +AZURE_AD_TENANT_ID= +AZURE_AD_CLIENT_ID= +AZURE_AD_CLIENT_SECRET= +APPLE_CLIENT_ID= +APPLE_CLIENT_SECRET= OIDC_CLIENT_ID= OIDC_CLIENT_SECRET= OIDC_DISCOVERY_URL=http://oidc.localhost:5556/dex/.well-known/openid-configuration # Session Secret SESSION_SECRET= -# Your Postgres Password -POSTGRES_PASSWORD= -# Redis if you use it instead of NATS -REDIS_HOST= -REDIS_PASSWORD= -REDIS_USERNAME= -# API Base Path -SCRUMLR_BASE_PATH="/api" -# Uses the hardcoded insecure key for development -SCRUMLR_INSECURE= -# Frontend Port +SCRUMLR_ENABLE_EXPERIMENTAL_AUTH_FILE_SYSTEM_STORE= + +## Scrumlr frontend +SCRUMLR_FRONTEND_VERSION=3.10.2 SCRUMLR_LISTEN_PORT=8080 -# JWT Private Key (ECDSA). Generate a new key for PRODUCTION -SCRUMLR_PRIVATE_KEY= -# NATS URL -SCRUMLR_SERVER_NATS_URL="nats://nats:4222" -# Server Port -SCRUMLR_SERVER_PORT=8080 -# Server URL SCRUMLR_SERVER_URL="/api" -# Show Legal Documents (Cookie Policy, Privacy Policy, Terms of Service) -SCRUMLR_SHOW_LEGAL_DOCUMENTS=true -# Websocket URL (wss:// or ws://) +## Websocket URL (wss:// or ws://) # SCRUMLR_WEBSOCKET_URL="ws://localhost:8080/api" -# Webhook URL for feedback -WEBHOOK_URL= +## Show Legal Documents (Cookie Policy, Privacy Policy, Terms of Service) +SCRUMLR_SHOW_LEGAL_DOCUMENTS=true +## Analytics (Plausible) +ANALYTICS_DATA_DOMAIN= +ANALYTICS_SRC= SCRUMLR_CLARITY_ID= + +## Postgres +POSTGRES_VERSION=17.2 +POSTGRES_USER= +POSTGRES_PASSWORD= +POSTGRES_DB= + +## Nats +NATS_VERSION=2.10.24 + +## Caddy +CADDY_VERSION=2.9.1 diff --git a/deployment/docker/Caddyfile b/deployment/docker/Caddyfile index 852db0e833..7bc1b23b8f 100644 --- a/deployment/docker/Caddyfile +++ b/deployment/docker/Caddyfile @@ -1,14 +1,14 @@ -0.0.0.0:80 { - log { - output stdout - } - @api { - path /api* - } - reverse_proxy @api scrumlr-backend:8080 +:80 { + log { + output stdout + } + @api { + path /api* + } + reverse_proxy @api scrumlr-backend:{$SCRUMLR_SERVER_PORT} - @frontend { - path / /static* /locales* /login* /board* /new* /timer_finished.mp3 /hotkeys.pdf /legal/* /manifest.json /service-worker.js - } - reverse_proxy @frontend scrumlr-frontend:8080 + @frontend { + path / /static* /locales* /login* /board* /new* /timer_finished.mp3 /hotkeys.pdf /legal/* /manifest.json /service-worker.js + } + reverse_proxy @frontend scrumlr-frontend:{$SCRUMLR_LISTEN_PORT} } diff --git a/deployment/docker/docker-compose.yml b/deployment/docker/docker-compose.yml index f8743aec11..855bfbff3a 100644 --- a/deployment/docker/docker-compose.yml +++ b/deployment/docker/docker-compose.yml @@ -1,25 +1,29 @@ -version: "3.8" - +--- services: scrumlr-backend: restart: always - image: ghcr.io/inovex/scrumlr.io/scrumlr-server:3.10.1 + image: "ghcr.io/inovex/scrumlr.io/scrumlr-server:${SCRUMLR_BACKEND_VERSION:-3.10.2}" + container_name: scrumlr-backend command: - "/app/main" - "-disable-check-origin" environment: - SCRUMLR_SERVER_PORT: "${SCRUMLR_SERVER_PORT}" - SCRUMLR_SERVER_NATS_URL: "${SCRUMLR_SERVER_NATS_URL}" + SCRUMLR_SERVER_PORT: "${SCRUMLR_SERVER_PORT:-8080}" + SCRUMLR_BASE_PATH: "${SCRUMLR_BASE_PATH}" + SCRUMLR_INSECURE: "${SCRUMLR_INSECURE}" SCRUMLR_PRIVATE_KEY: "${SCRUMLR_PRIVATE_KEY}" - SCRUMLR_SERVER_DATABASE_URL: "postgres://scrumlr:${POSTGRES_PASSWORD}@postgres:5432/scrumlr?sslmode=disable" + SCRUMLR_SERVER_DATABASE_URL: "postgres://${POSTGRES_USER:-scrumlr}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB:-scrumlr}?sslmode=disable" + SCRUMLR_SERVER_NATS_URL: "${SCRUMLR_SERVER_NATS_URL}" + # Redis variables (if you decide to use Redis instead of NATS) + SCRUMLR_SERVER_REDIS_HOST: "${REDIS_HOST}" + SCRUMLR_SERVER_REDIS_USERNAME: "${REDIS_USERNAME}" + SCRUMLR_SERVER_REDIS_PASSWORD: "${REDIS_PASSWORD}" + SCRUMLR_FEEDBACK_WEBHOOK_URL: "${WEBHOOK_URL}" + SCRUMLR_AUTH_CALLBACK_HOST: "${AUTH_CALLBACK_HOST}" SCRUMLR_AUTH_GOOGLE_CLIENT_ID: "${GOOGLE_CLIENT_ID}" SCRUMLR_AUTH_GOOGLE_CLIENT_SECRET: "${GOOGLE_CLIENT_SECRET}" SCRUMLR_AUTH_MICROSOFT_CLIENT_ID: "${MICROSOFT_CLIENT_ID}" SCRUMLR_AUTH_MICROSOFT_CLIENT_SECRET: "${MICROSOFT_CLIENT_SECRET}" - SCRUMLR_FEEDBACK_WEBHOOK_URL: "${WEBHOOK_URL}" - SCRUMLR_BASE_PATH: "${SCRUMLR_BASE_PATH}" - SCRUMLR_INSECURE: "${SCRUMLR_INSECURE}" - SCRUMLR_AUTH_CALLBACK_HOST: "${AUTH_CALLBACK_HOST}" SCRUMLR_AUTH_GITHUB_CLIENT_ID: "${GITHUB_CLIENT_ID}" SCRUMLR_AUTH_GITHUB_CLIENT_SECRET: "${GITHUB_CLIENT_SECRET}" SCRUMLR_AUTH_AZURE_AD_TENANT_ID: "${AZURE_AD_TENANT_ID}" @@ -31,54 +35,62 @@ services: SCRUMLR_AUTH_OIDC_CLIENT_SECRET: "${OIDC_CLIENT_SECRET}" SCRUMLR_AUTH_OIDC_DISCOVERY_URL: "${OIDC_DISCOVERY_URL}" SESSION_SECRET: "${SESSION_SECRET}" + SCRUMLR_ENABLE_EXPERIMENTAL_AUTH_FILE_SYSTEM_STORE: "${SCRUMLR_ENABLE_EXPERIMENTAL_AUTH_FILE_SYSTEM_STORE}" # SCRUMLR_CONFIG_PATH: "${SCRUMRL_CONFIG_PATH}" - # Redis variables (if you decide to use Redis instead of NATS) - SCRUMLR_SERVER_REDIS_HOST: "${REDIS_HOST}" - SCRUMLR_SERVER_REDIS_USERNAME: "${REDIS_USERNAME}" - SCRUMLR_SERVER_REDIS_PASSWORD: "${REDIS_PASSWORD}" - ports: - - "8080:8080" depends_on: - - postgres - - nats + postgres: + condition: service_healthy + nats: + condition: service_started + healthcheck: + test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:${SCRUMLR_SERVER_PORT:-8080}/api/health || exit 1"] + start_period: 10s + interval: 10s + timeout: 5s + retries: 5 scrumlr-frontend: restart: always - image: ghcr.io/inovex/scrumlr.io/scrumlr-frontend:3.10.1 + image: "ghcr.io/inovex/scrumlr.io/scrumlr-frontend:${SCRUMLR_FRONTEND_VERSION:-3.10.2}" + container_name: scrumlr-frontend environment: + SCRUMLR_LISTEN_PORT: "${SCRUMLR_LISTEN_PORT:-8080}" SCRUMLR_SERVER_URL: "${SCRUMLR_SERVER_URL}" SCRUMLR_WEBSOCKET_URL: "${SCRUMLR_WEBSOCKET_URL}" SCRUMLR_SHOW_LEGAL_DOCUMENTS: "${SCRUMLR_SHOW_LEGAL_DOCUMENTS}" - # Add missing frontend environment variables here - SCRUMLR_LISTEN_PORT: "${SCRUMLR_LISTEN_PORT:-8080}" SCRUMLR_ANALYTICS_DATA_DOMAIN: "${ANALYTICS_DATA_DOMAIN}" SCRUMLR_ANALYTICS_SRC: "${ANALYTICS_SRC}" SCRUMLR_CLARITY_ID: "${SCRUMLR_CLARITY_ID}" - ports: - - "9090:8080" + depends_on: + scrumlr-backend: + condition: service_healthy postgres: restart: always - image: postgres:16.4 + image: "postgres:${POSTGRES_VERSION:-17.2}" + container_name: postgres environment: - POSTGRES_DB: scrumlr - POSTGRES_USER: scrumlr + POSTGRES_DB: ${POSTGRES_DB:-scrumlr} + POSTGRES_USER: ${POSTGRES_USER:-scrumlr} POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}" volumes: - postgres_data:/var/lib/postgresql/data - ports: - - "5432:5432" + healthcheck: + test: [ "CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-scrumlr} -d ${POSTGRES_DB:-scrumlr}" ] + start_period: 10s + interval: 10s + timeout: 5s + retries: 5 nats: restart: always - image: nats:2.8.4 - ports: - - "4222:4222" - - "8222:8222" + image: "nats:${NATS_VERSION:-2.10.24}" + container_name: nats # oidc.localhost: # restart: always # image: ghcr.io/dexidp/dex:v2.41.1-distroless + # container_name: oidc.localhost # volumes: # - ./dex.yaml:/etc/dex/config.docker.yaml:ro # ports: @@ -87,8 +99,12 @@ services: # - oidc caddy: - image: caddy restart: always + image: "caddy:${CADDY_VERSION:-2.9.1}" + container_name: caddy + environment: + SCRUMLR_SERVER_PORT: "${SCRUMLR_SERVER_PORT:-8080}" + SCRUMLR_LISTEN_PORT: "${SCRUMLR_LISTEN_PORT:-8080}" volumes: - ./Caddyfile:/etc/caddy/Caddyfile ports: diff --git a/docs/src/content/docs/self-hosting/docker.md b/docs/src/content/docs/self-hosting/docker.md index c0a7cc5542..241daf3f7b 100644 --- a/docs/src/content/docs/self-hosting/docker.md +++ b/docs/src/content/docs/self-hosting/docker.md @@ -9,40 +9,58 @@ Scrumlr can be deployed using a Docker Compose file. This is the easiest way to We maintain a Docker Compose file in our Repository that you can use to deploy Scrumlr. ## Prerequisites + Clone the Scrumlr repository to your server and navigate to the deployment directory. + ```sh git clone https://github.com/inovex/scrumlr.io cd scrumlr.io/deployment/docker ``` -Copy the `.env.example` file to `.env` and adjust the variables to your needs. +After you cloned the repository and switched to the directory, copy the `.env.example` file to `.env` and adjust the +variables in the `.env` file to your needs. + ```sh cp .env.example .env ``` +A description of all environment variables can be found [here](/self-hosting/env-vars/). For a new deployment the mandatory variables to fill out are `POSTGRES_PASSWORD` and `SCRUMLR_PRIVATE_KEY`. +Some environment variables have a default value set in the Dockerfile. +If the variable is set in the `.env` file, the default value will be overwritten. +If an environment variable has no default value and is not set in the `.env` file, the value will be ignored. + ## Generating needed secrets ### Postgres Password -Make sure to set the `POSTGRES_PASSWORD` variable in your `.env` file to a secure password. For example you can generate a 64 characters long one from the terminal with the following command (if you have `pwgen` installed): +Make sure to set the `POSTGRES_PASSWORD` variable in your `.env` file to a secure password. For example you can generate +a 64 characters long one from the terminal with the following command (if you have `pwgen` installed): ```sh pwgen -s 64 1 ``` + ### JWT Private Key + We use an ECDSA private key to sign the JWT tokens. -***Make sure to keep this key secure as it can be used to decrypt the tokens and generate new ones, potentially compromising your users' accounts.*** + +***Make sure to keep this key secure as it can be used to decrypt the tokens and generate new ones, potentially +compromising your users' accounts.*** + ```sh openssl ecparam -genkey -name secp521r1 -noout -out jwt.key ``` + Now we need to encode this key to be able to use it as a string in the `.env` file: + ```sh cat jwt.key | awk '{printf "%s\\n", $0}' ``` -Copy the result of this command and paste it into your `.env` file (with `\n` line breaks included) like this, surrounded with quotes: +Copy the result of this command and paste it into your `.env` file (with `\n` line breaks included) like this, +surrounded with quotes: ```ini SCRUMLR_PRIVATE_KEY="-----BEGIN EC PRIVATE KEY-----\n...\n-----END EC PRIVATE KEY-----\n" @@ -58,22 +76,35 @@ pwgen -s 64 1 ``` ## Deployment + You can now start the deployment using the following command. + ```sh -docker-compose up -d +docker compose up -d ``` -After a few seconds you can check with `docker ps --all` to see if all the containers have started up. If one crashed or if there is an issue you can check logs with `docker logs (container name or id)` +After a few seconds you can check with `docker ps --all` to see if all the containers have started up. +The docker containers start in the following order + +1. Postgres, nats and caddy +2. Scrumlr backend +3. Scrumlr frontend + +If one crashed or if there is an issue you can check logs with `docker logs (container name or id)` + +Once all container started you can vist `localhost:80` to access Scrumlr. ## Reverse Proxy + We strongly recommend using a reverse proxy to handle TLS termination and to provide a secure connection to your users. -Scrumlr should work with all major reverse proxies like [Nginx](https://nginx.org), [Traefik](https://traefik.io/traefik/) or [Caddy](https://caddyserver.com/docs/quick-starts/reverse-proxy). +Scrumlr should work with all major reverse proxies like [Nginx](https://nginx.org), [Traefik](https://traefik.io/traefik/) +or [Caddy](https://caddyserver.com/docs/quick-starts/reverse-proxy). We automatically include a caddy deployment in the docker-compose file, which you can use as a reverse proxy. -All you need to do is updating the `Caddyfile` to include your host domain instead of `0.0.0.0:80`. +All you need to do is updating the `Caddyfile` to include your host domain instead of `:80`. If you don't want TLS you can simply keep the specified port. Keep in mind that running Scrumlr without TLS is **not recommended**. -``` +```conf your_domain { } ``` diff --git a/docs/src/content/docs/self-hosting/env-vars.md b/docs/src/content/docs/self-hosting/env-vars.md index 45f636f8f4..d8aa42b1e6 100644 --- a/docs/src/content/docs/self-hosting/env-vars.md +++ b/docs/src/content/docs/self-hosting/env-vars.md @@ -4,192 +4,247 @@ description: A full list of all environment variables that can be used to config sidebar: order: 3 --- + Full documentation of all environment variables that can be used to configure Scrumlr. + ## Frontend ### Show legal documents + Toggle visibility of cookie policy, privacy policy, and terms & conditions in the footer. Recommended for public instances. -```bash + +```ini SCRUMLR_SHOW_LEGAL_DOCUMENTS='' ``` ### Server URL + Override the server address for API calls. This is the URL of the backend server. -```bash + +```ini SCRUMLR_SERVER_URL='' ``` ### Websocket URL -Override the websocket address for API calls. This is the URL of the backend server but beginning with the `ws` or `wss` protocol. -```bash + +Override the websocket address for API calls. This is the URL of the backend server but beginning with the `ws` or `wss` +protocol. + +```ini SCRUMLR_WEBSOCKET_URL='' ``` ### Frontend Listen Port + The port on which the frontend should listen for incoming connections. -```bash + +```ini SCRUMLR_LISTEN_PORT='8080' ``` ### Analytics variables -We provide the option to use [Plausible](https://plausible.io) for analytics. If you want to use Plausible, you need to set the following environment variables. -```bash + +We provide the option to use [Plausible](https://plausible.io) for analytics. If you want to use Plausible, you need to +set the following environment variables. + +```ini SCRUMLR_ANALYTICS_DATA_DOMAIN='' SCRUMLR_ANALYTICS_SRC='' ``` ### Clarity id + The clarity id to use [Clarity](https://clarity.microsoft.com/). -```bash + +```ini SCRUMLR_CLARITY_ID='' ``` ## Backend ### Server Port + The port on which the backend should listen for incoming connections. -```bash + +```ini SCRUMLR_SERVER_PORT='8080' ``` ### NATS URL + The URL of the NATS server. You can either use a NATS server or a Redis server for the backend communication. Only configure one of the two. -```bash + +```ini SCRUMLR_SERVER_NATS_URL='' ``` ### Redis Variables + You can either use a NATS server or a Redis server for the backend communication. Only configure one of the two. -```bash + +```ini SCRUMLR_SERVER_REDIS_HOST='' SCRUMLR_SERVER_REDIS_USERNAME='' SCRUMLR_SERVER_REDIS_PASSWORD='' ``` ### Insecure Mode + Uses the insecure private key for JWT token signing. **Do not use in production!** -```bash + +```ini SCRUMLR_INSECURE='' ``` ### Private Key + The private key used to sign the JWT tokens. Please generate a new key for production use and keep it secure. -```bash + +```ini SCRUMLR_PRIVATE_KEY='' ``` ### Database URL + The URL of the PostgreSQL database. Credentials are passed in the URL. If you havent configured postgres for TLS, you can use the `?sslmode=disable` parameter. -```bash + +```ini SCRUMLR_SERVER_DATABASE_URL='psql://user:password@host:port/database' ``` ### Base Path + The base path of the API. The default is `/`. -```bash + +```ini SCRUMLR_BASE_PATH='' ``` ### Disable Anonymous Login + If set to `true`, users won't be able to log in anonymously, forcing them to use a provider (any OAuth or OIDC). Note that if this is set to `true`, and no valid providers are available, login won't be possible at all. Default is `false`. -```bash + +```ini SCRUMLR_DISABLE_ANONYMOUS_LOGIN=false ``` ### Enable Experimental File System Store -Enables an experimental file store for session cookies, which is used during OAuth authentication to store session info while on the provider page. + +Enables an experimental file store for session cookies, which is used during OAuth authentication to store session info +while on the provider page. Required for some OIDC providers, since their session cookies exceed the size limit of 4KB. Default is `false`. -```bash + +```ini SCRUMLR_ENABLE_EXPERIMENTAL_AUTH_FILE_SYSTEM_STORE=false ``` ### Auth Callback Host + The host to which the OAuth callback should redirect. -```bash + +```ini SCRUMLR_AUTH_CALLBACK_HOST='' ``` ### Google OAuth + Required Google OAuth credentials. Only configure if you wish to use Google OAuth. -```bash + +```ini SCRUMLR_AUTH_GOOGLE_CLIENT_ID='' SCRUMLR_AUTH_GOOGLE_CLIENT_SECRET='' ``` ### GitHub OAuth + Required GitHub OAuth credentials. Only configure if you wish to use GitHub OAuth. -```bash + +```ini SCRUMLR_AUTH_GITHUB_CLIENT_ID='' SCRUMLR_AUTH_GITHUB_CLIENT_SECRET='' ``` ### Microsoft OAuth + Required Microsoft OAuth credentials. Only configure if you wish to use Microsoft OAuth. -```bash + +```ini SCRUMLR_AUTH_MICROSOFT_CLIENT_ID='' SCRUMLR_AUTH_MICROSOFT_CLIENT_SECRET='' ``` ### Azure AD OAuth + Required Azure AD OAuth credentials. Only configure if you wish to use Azure AD OAuth. -```bash + +```ini SCRUMLR_AUTH_AZURE_AD_TENANT_ID='' SCRUMLR_AUTH_AZURE_AD_CLIENT_ID='' SCRUMLR_AUTH_AZURE_AD_CLIENT_SECRET='' ``` ### Apple OAuth + Required Apple OAuth credentials. Only configure if you wish to use Apple OAuth. -```bash + +```ini SCRUMLR_AUTH_APPLE_CLIENT_ID='' SCRUMLR_AUTH_APPLE_CLIENT_SECRET='' ``` ### OpenID Connect OAuth + Required OIDC credentials. Only configure if you wish to use generic OpenID Connect Authentication. -```bash + +```ini SCRUMLR_AUTH_OIDC_CLIENT_ID='' SCRUMLR_AUTH_OIDC_CLIENT_SECRET='' SCRUMLR_AUTH_OIDC_DISCOVERY_URL='' SCRUMLR_AUTH_OIDC_USER_IDENT_SCOPE='' SCRUMLR_AUTH_OIDC_USER_NAME_SCOPE='' ``` + Note: Might require larger session store to be active, see [SCRUMLR_ENABLE_EXPERIMENTAL_AUTH_FILE_SYSTEM_STORE](#enable-experimental-file-system-store) ### Session Secret + The secret for the session. This secret is used by gothic. This needs to be configured if you are using an authentication provider. -```bash + +```ini SESSION_SECRET='' ``` ### Feedback Webhook URL + A webhook URL to which feedback should be sent. This is not required. -```bash + +```ini SCRUMLR_FEEDBACK_WEBHOOK_URL='' ``` ### Scrumlr Config Path + The path to the Scrumlr configuration file. -```bash + +```ini SCRUMLR_CONFIG_PATH='' ``` - diff --git a/docs/src/content/docs/self-hosting/intro.md b/docs/src/content/docs/self-hosting/intro.md index cb6b6b4232..394d4a8161 100644 --- a/docs/src/content/docs/self-hosting/intro.md +++ b/docs/src/content/docs/self-hosting/intro.md @@ -8,13 +8,14 @@ sidebar: We currently offer two ways to self-host Scrumlr: using Docker Compose or a Kubernetes manifest. Scrumlr is composed of 4 main services: + - **frontend**: Our React frontend that is served statically. - **backend**: Our Go backend that serves the API and WebSocket. - **database**: A PostgreSQL database that stores all data. - **nats**: A NATS server which is used to keep our backend services in sync (Mainly used for multi-backend deployments). - ### Getting started + -> [Docker Compose](/self-hosting/docker/) --> [Kubernetes](/self-hosting/kubernetes/) \ No newline at end of file +-> [Kubernetes](/self-hosting/kubernetes/) diff --git a/docs/src/content/docs/self-hosting/ske.md b/docs/src/content/docs/self-hosting/ske.md index 215d6e4be2..38d88cbb11 100644 --- a/docs/src/content/docs/self-hosting/ske.md +++ b/docs/src/content/docs/self-hosting/ske.md @@ -6,67 +6,91 @@ sidebar: --- ## Pre-requisites + The following pre-requisites are required to deploy Scrumlr using SKE: + - STACKIT Project - Service Account with a valid Token for the STACKIT API +- [terraform](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli) +- [helm](https://helm.sh/docs/intro/install/) +- [kubectl](https://kubernetes.io/docs/tasks/tools/) ## Deployment ### Clone the Repository + +First clone the Scrumlr repository and switch to the deployment directory. + ```sh git clone https://github.com/inovex/scrumlr.io.git -``` -```sh -cd scrumlr.io/deployment/ske +cd scrumlr.io/deployment/SKE ``` ### Deploy SKE and Postgres Flex using Terraform + In order to gurantee the correct deployment of SKE and Postgres Flex, you can use our premade Terraform code. + ```sh cd terraform ``` + You need to create a `terraform.tfvars` file with the following variables: -``` + +```tf service_account_token = "YOUR_SERVICE_ACCOUNT_TOKEN" project_id = "YOUR_PROJECT_ID" ``` + Now you can deploy SKE and Postgres Flex using Terraform. + ```sh terraform init terraform apply ``` ### Deploy Scrumlr + Now that you have successfully deployed SKE and Postgres Flex, you can deploy Scrumlr. We have created a bash script which will bootstrap the deployment of Scrumlr. For this to work you need an active `kubectl` context. + If you used the terraform code above, we recommend using `kubecm`for managing your kubectl contexts. You can install kubecm from [here](https://kubecm.cloud/en-us/install). + ```sh cd .. -kubecm add -f terraform/kubeconfig.yaml +kubecm add -f terraform/kubeconfig.yaml ``` + Switch to the external cluster context: + ```sh # Make sure to select the external cluster context kubecm sw ``` + Now you can deploy Scrumlr using the following command: + ```sh ./deploy.sh ``` + Make sure to replace `` with the URL of your Postgres Flex instance. You can view the url by running the following command: + ```sh cat terrafrom/postgres_connection_url.txt ``` #### DNS Configuration + During Execution the script will ask you to enter the domain you want to use for Scrumlr. This requires a DNS entry pointing to the LoadBalancer IP of the Ingress Controller. You can either use your own DNS provider or use the STACKIT DNS service. STACKIT provides free DNS subdomains you can use. You need to create the following A records: + - `www.` pointing to the LoadBalancer IP - `` pointing to the LoadBalancer IP + After creating the necessary A record simply enter when prompted by the script and press enter.