github.com/quickfeed/quickfeed@v0.0.0-20240507093252-ed8ca812a09c/doc/deploy.md (about) 1 # Quickfeed Deployments 2 3 - [Quickfeed Deployments](#quickfeed-deployments) 4 - [Technology Stack](#technology-stack) 5 - [Recommended VSCode Plugins](#recommended-vscode-plugins) 6 - [Setup](#setup) 7 - [Install Tools for Deployment](#install-tools-for-deployment) 8 - [Install Tools for Development](#install-tools-for-development) 9 - [Preparing the Environment for Production](#preparing-the-environment-for-production) 10 - [Preparing the Environment for Testing](#preparing-the-environment-for-testing) 11 - [First-time Installation](#first-time-installation) 12 - [Configuring Docker](#configuring-docker) 13 - [Configuring Fixed IP and Router](#configuring-fixed-ip-and-router) 14 - [Building QuickFeed Server](#building-quickfeed-server) 15 - [Running QuickFeed Server](#running-quickfeed-server) 16 - [Flags](#flags) 17 - [Running Server on a Privileged Port](#running-server-on-a-privileged-port) 18 - [Using GitHub Webhooks When Running Server On Localhost](#using-github-webhooks-when-running-server-on-localhost) 19 - [Troubleshooting](#troubleshooting) 20 21 ## Technology Stack 22 23 QuickFeed depends on these technologies. 24 25 - [Go](https://golang.org/doc/code.html) 26 - [TypeScript](https://www.typescriptlang.org/) 27 - Buf's [connect-go](https://buf.build/blog/connect-a-better-grpc) for gRPC 28 - Buf's [connect-web](https://buf.build/blog/connect-web-protobuf-grpc-in-the-browser) replaces gRPC-Web 29 - [Protocol Buffers](https://developers.google.com/protocol-buffers/docs/proto3) 30 31 ## Recommended VSCode Plugins 32 33 - Go 34 - vscode-proto3 35 - Code Spell Checker 36 - ESLint 37 - markdownlint 38 - Better Comments 39 - GitLens 40 - Git History Diff 41 - SQLite 42 43 ## Setup 44 45 ### Install Tools for Deployment 46 47 This assumes you have homebrew installed. 48 For systems without homebrew, the make target should list well-known packages available on most Unix distributions. 49 50 ```sh 51 % make brew 52 ``` 53 54 ### Install Tools for Development 55 56 The development tools are only needed for development, and can be skipped for deployment only. 57 To install: 58 59 ```sh 60 % make devtools 61 ``` 62 63 The `devtools` make target will download and install various Protobuf compiler plugins and the grpcweb Protobuf compiler. 64 65 ### Preparing the Environment for Production 66 67 QuickFeed expects the `.env` file to contain certain environment variables. 68 For a first-time installation, the `.env` file is not present. 69 However, the `.env-template` file contains a template that can be copied and modified. 70 The following is an example production deployment on the `example.com` domain. 71 72 ```shell 73 # GitHub App IDs and secrets for deployment 74 QUICKFEED_APP_ID="" 75 QUICKFEED_APP_KEY=$QUICKFEED/internal/config/github/quickfeed.pem 76 QUICKFEED_CLIENT_ID="" 77 QUICKFEED_CLIENT_SECRET="" 78 QUICKFEED_WEBHOOK_SECRET="" 79 80 # QuickFeed server domain or ip 81 DOMAIN="example.com" 82 83 # Comma-separated list of domains to allow certificates for. 84 # IP addresses and "localhost" are *not* valid. 85 # The whitelist must also include the domain defined above. 86 QUICKFEED_WHITELIST="example.com" 87 ``` 88 89 You only need to edit the `$DOMAIN` environment variable to point to your public landing page for QuickFeed. 90 The [QuickFeed App installation process](#first-time-installation) will guide you through the rest of the setup, 91 setting the environment variables in your `.env` file and saving the `quickfeed.pem` file. 92 93 ### Preparing the Environment for Testing 94 95 For a localhost test deployment, you additionally need to specify the file names for the self-signed certificates. 96 And the `QUICKFEED_WHITELIST` must be removed from your `.env` file. 97 98 ```shell 99 # Certificate chain and private key file 100 QUICKFEED_KEY_FILE=$QUICKFEED/internal/config/certs/privkey.pem 101 QUICKFEED_CERT_FILE=$QUICKFEED/internal/config/certs/fullchain.pem 102 103 # QuickFeed server domain or ip 104 DOMAIN="127.0.0.1" 105 ``` 106 107 The [QuickFeed App installation process](#first-time-installation) will guide you through the rest of the setup, 108 setting the environment variables in your `.env` file and saving the self-signed certificate files. 109 110 ### First-time Installation 111 112 To start the server for first-time installation, use the `-new` flag. 113 114 ```shell 115 % make install 116 % quickfeed -new 117 2022/09/11 16:45:22 running: go list -m -f {{.Dir}} 118 2022/09/11 16:45:22 Loading environment variables from /Users/meling/work/quickfeed/.env 119 2022/09/11 16:45:22 Important: The GitHub user that installs the QuickFeed App will become the server's admin user. 120 2022/09/11 16:45:22 Go to https://example.com/manifest to install the QuickFeed GitHub App. 121 2022/09/11 16:46:00 Successfully installed the QuickFeed GitHub App. 122 2022/09/11 16:46:00 Loading environment variables from /Users/meling/work/quickfeed/.env 123 2022/09/11 16:46:00 Starting QuickFeed in production mode on example.com 124 ``` 125 126 After starting the server you should see various configuration files saved to `internal/config`: 127 128 ```shell 129 % tree internal/config/ 130 internal/config/ 131 ├── certs 132 │ ├── acme_account+key 133 │ └── example.com 134 └── github 135 └── quickfeed.pem 136 ``` 137 138 In addition, your `.env` file should be populated with important secrets that should be kept away from prying eyes. 139 140 ```shell 141 % cat .env 142 # GitHub App IDs and secrets for deployment 143 QUICKFEED_APP_ID=<6 digit ID> 144 QUICKFEED_APP_KEY=/Users/meling/work/quickfeed/internal/config/github/quickfeed.pem 145 QUICKFEED_CLIENT_ID=Iv1.<16 chars of identifying data> 146 QUICKFEED_CLIENT_SECRET=<40 chars of secret data> 147 QUICKFEED_WEBHOOK_SECRET=<40 chars of secret data> 148 ``` 149 150 ### Configuring Docker 151 152 To ensure that Docker containers has access to networking, you may need to set up IPv4 port forwarding on your server machine: 153 154 ```sh 155 sudo sysctl net.ipv4.ip_forward=1 156 sudo sysctl -p 157 sudo service docker restart 158 ``` 159 160 ### Configuring Fixed IP and Router 161 162 In your domain name provider, configure your IP and domain name; for instance: 163 164 ```text 165 Type Host Value TTL 166 A Record cyclone 92.221.105.172 5 min 167 ``` 168 169 Set up port forwarding on your router. 170 External ports 80/443 maps to internal ports 80/443 for TCP. 171 172 ## Building QuickFeed Server 173 174 After editing files in the `public` folder, run the following command. 175 This should also work while the application is running. 176 177 ```sh 178 % make ui 179 ``` 180 181 Build the `quickfeed` server. 182 183 ```sh 184 % make install 185 ``` 186 187 After editing any of the `.proto` files you will need to recompile the protobuf files, run the following command. 188 189 ```sh 190 % make proto 191 ``` 192 193 This may require you to run both `make install` and `make ui`. 194 195 ## Running QuickFeed Server 196 197 To run in production mode on `$DOMAIN` using default values: 198 199 ```sh 200 % quickfeed &> quickfeed.log & 201 ``` 202 203 To run in development mode on localhost: 204 205 ```sh 206 % quickfeed -dev &> quickfeed.log & 207 ``` 208 209 To view the full usage details: 210 211 ```sh 212 % quickfeed -help 213 ``` 214 215 ### Flags 216 217 | **Flag** | **Description** | **Example** | 218 | --------------- | ---------------------------------------------------- | ----------- | 219 | `database.file` | Path to QuickFeed database | `qf.db` | 220 | `http.addr` | Listener address for HTTP service | `:8081` | 221 | `dev` | Run development server with self-signed certificates | | 222 | `new` | Create a new QuickFeed App | | 223 224 ### Running Server on a Privileged Port 225 226 It is possible to run server in development mode on different ports by setting the `http.addr` flag. 227 However, by default the server will run on port `:443`. 228 If the quickfeed binary cannot access port `:443` on your Linux system, you can enable it by running: 229 230 ```sh 231 sudo setcap CAP_NET_BIND_SERVICE=+eip /path/to/binary/quickfeed 232 ``` 233 234 Note that you will need to repeat this step each time you recompile the server. 235 236 ### Using GitHub Webhooks When Running Server On Localhost 237 238 GitHub webhooks cannot send events directly to your server if it runs on localhost. 239 However, it is possible to setup a tunneling service that will be listening to the events coming from webhooks and redirecting them to the locally deployed server. 240 241 One of the many options is [ngrok](https://ngrok.com/). To use ngrok you have to create a free account and download ngrok. 242 After that it will be possible to receive webhook events on QuickFeed server running on localhost by performing a few steps. 243 244 1. Start ngrok: `ngrok http 443` - assuming the server runs on port `:443`. 245 2. ngrok will generate a new endpoint URL. 246 Copy the urls an update webhook callback information in your GitHub app to point to this URL. 247 E.g., `https://de08-2a01-799-4df-d900-b5af-5adc-a42a-bcf.eu.ngrok.io/hook/`. 248 249 After that any webhook events your GitHub app is subscribed to will send payload to this URL, and ngrok will redirect them to the `/hooks` endpoint of the QuickFeed server running on the given port number. 250 251 Note that ngrok generates a new URL every time it is restarted and you will need to update webhook callback details unless you want to subscribe to the paid version of ngrok that supports static callback URLs. 252 253 ## Troubleshooting 254 255 If `go install` fails with the following (on Ubuntu): 256 257 ```sh 258 cgo: exec gcc-5: exec: "gcc-5": executable file not found in $PATH 259 ``` 260 261 Then run and retry `go install`: 262 263 ```sh 264 % brew install gcc@5 265 % go install 266 ```