This guide covers how to set up a production environment using CDX docker images based on an Ubuntu Linux server. Note that the environment will be configured so that CDX is the only web application running on the server; a more complex setup including a reverse proxy is required if multiple virtual hosts are needed.
During this guide, we'll assume that the server will be set up on http://cdx.example.com
.
Install Docker on your server following the instructions listed on the Docker page. This guide has been tested on docker version 1.9.0, though may work on other versions.
Install docker-compose as well. This guide has been tested on compose version 1.5.2.
Docker does not rotate log files by default. To enable this, and prevent log files from flooding the host's capacity, add the following line to /etc/default/docker
:
DOCKER_OPTS="--log-opt max-size=1m --log-opt max-file=100"
Then restart the docker service via restart docker
.
Create a folder where all configuration files will be stored, such as /u/apps/cdx/
, and there create the configuration files.
All the following files are required.
This file contains the information on the CDX SSH client to be used for this server.
{
"version": "0.1.0",
"url": "https://github.com/instedd/cdx-sync-client/releases/download/release-v0.1.0/cdx-win32-0.1.0.exe"
}
This file contains miscellaneous settings for the server. Remember to change the host
key to your own hostname.
Google client id and secret are required to enable login using Google, and you should also enter a maps API key to be used for the static maps API. You can apply for these values in Google's Developers Console.
host: cdx.example.com
app_version: latest
nndd_url: "/nndd/index.html"
location_service_url: https://locations-stg.instedd.org
google_client_id:
google_client_secret:
google_maps_api_key:
user_password_expire_in_months: 12
web_session_timeout: 360000000
This file contains all environment values to be injected into the Docker containers.
Again, remember to change cdx.example.com
to your corresponding hostname.
MAILER_SENDER
should be the address from which user emails will be sent.
The last required setting is SECRET_KEY_BASE
, which should be set to a random hex value to be kept secret; a sample value can be generated using Ruby by running SecureRandom.hex(128)
.
RAILS_ENV=production
MYSQL_HOST=db
MYSQL_PASSWORD=root
REDIS_URL=redis://redis:6379
ELASTICSEARCH_URL=elasticsearch:9200
[email protected]
SECRET_KEY_BASE=
VIRTUAL_HOST=cdx.example.com
SSH_KEYS_PATH=/home/cdx-sync/.ssh/authorized_keys
SSH_SYNC_DIR=/home/cdx-sync/sync
SSH_SERVER_PORT=2223
SSH_SERVER_HOST=cdx.example.com
Last but not least, set up the docker-compose.yml
file for the application stack. The easiest way is to copy both docker-compose.base.yml
and docker-compose.prod.yml
from the project root, which contain the base configuration and the overrides for running in a production environment, respectively.
The docker-compose.prod.yml
assumes there is data
dir in the same folder as the compose config file, where mysql, elasticsearch and ssh clients will store their persistent data.
Make sure to change the image from instedd/cdx:dev
to the image you actually want to use for this deployment. You should never work on dev, but choose a specific tag.
Device models images and instructions are managed via paperclip.
If running on AWS, the recommended configuration is to use S3 for storage, setting the following variables in docker.env
. The first is the name of the bucket where attachments will be stored, and the remaining two are the credentials used to upload them.
PAPERCLIP_S3_BUCKET=
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
If the S3 bucket is not in the default (us-east-1
) region, you need to also specify the bucket's region-specific host name:
PAPERCLIP_S3_HOST_NAME=s3.us-west-1.amazonaws.com
Alternatively, attachments can be stored locally. Create a folder within the data directory owned by user 9999
and mount it in /app/public/system
. Assuming the data directory is /u/apps/cdx/data/uploads
, then:
mkdir -p /u/apps/cdx/data/uploads
chown 9999:9999 /u/apps/cdx/data/uploads
And add the following entry to the volumes
of the web
service in docker-compose.prod.yml
:
- './data/uploads:/app/public/system'
The SMTP server for sending emails is managed via the SMTP
settings in docker.env
. It is recommended to set them to an external SMTP server, such as Google's Gmail; in AWS, we suggest using SES.
SMTP_HOST=
SMTP_PORT=
SMTP_USERNAME=
SMTP_PASSWORD=
Alternatively, to spin up a local SMTP server, add the following configuration to your docker-compose.prod.yml
file, replacing cdx.example.com
to your own domain:
smtp:
image: catatnight/postfix
ports:
- 25
environment:
maildomain: cdx.example.com
smtp_user: cdx:cdx
Add a link from the web
container to the new smtp
:
web:
links:
- smtp
...
And set the SMTP
section of your docker.env
file to:
SMTP_HOST=smtp
SMTP_PORT=25
SMTP_USERNAME=cdx
SMTP_PASSWORD=cdx
SMTP_TLS=false
The CDX app already ships with the New Relic agent installed. In order to enable it, set the following environment variables in docker.env
, using your New Relic license key:
NEW_RELIC_LOG=stdout
NEW_RELIC_LOG_LEVEL=info
NEW_RELIC_AGENT_ENABLED=1
NEW_RELIC_APP_NAME=CDX
NEW_RELIC_LICENSE_KEY=
Note that all docker related commands typically require sudo
privileges.
After all configuration files are set up, the next step is to set up the database. For the first run only, you need to set up the database from scratch:
docker-compose -f docker-compose.base.yml -f docker-compose.prod.yml run --rm web rake db:setup
Seed data for manufacturers and institutions can be inserted via, changing demopass
to the default password to be used for the new created users:
docker-compose -f docker-compose.base.yml -f docker-compose.prod.yml run --rm web rake institutions:load manifests:load PASSWORD=demopass
Afterwards, run any migrations via:
docker-compose -f docker-compose.base.yml -f docker-compose.prod.yml run --rm web rake db:migrate
Remember to remove the -f docker-compose.base.yml -f docker-compose.prod.yml
from all the previous commands if you use a single docker-compose.yml
file.
Start or restart the app stack running:
docker-compose -f docker-compose.base.yml -f docker-compose.prod.yml up -d --force-recreate
To upgrade to a new version of CDX, simply change the tag for the docker image in the docker-compose file; for instance, change instedd/cdx:0.6
to instedd/cdx:0.7
.
After the modification, restart the stack via the command listed in the previous section.