Installation
Telar Social backend can be deployed to a variety of container orchestrators such as Kubernetes, OpenShift, Docker Swarm or to a single host with faasd and docker-compose. Frontend can be deployed to the same infrastructure or hosting on Firebase hosting, AWS web hosting, Netlify, Render, or Vercel separately.
Running locally (Development)
Pre-required
Setup
- Clone repository
git clone git@github.com:red-gold/ts-ui.git
-
Add
[127.0.0.1 social.example.com]
domain into your host file. Doc you may refer to -
Copy
ts-ui/docker/config/.env.secrets.init
file and set the name.env.secrets
. -
Config email to receive email notification for signup, reset password, etc. Please refer to doc #2
- Set your smtp email
(e.g. for gmail is smtp.gmail.com:587)
and your email my@email.com
npx envedit -s ./docker/config/.env.app_config -l smtp_email=YOUR_EMAIL_SMTP -l ref_email=YOUR_EMAIL
- Set your email password
npx envedit -s ./docker/config/.env.secrets -l ref_email_pass=YOUR_EMAIL_PASS -b64
- Set your smtp email
-
Run back-end
cd docker
docker-compose up
#or new docker compose installed by docker
docker compose up
If you want change other configuration like default URL or MongoDB host URL(form Secrets ) you can change all config in path-to-project/ts-ui/docker/config/
.
- Run front-end
yarn
yarn start
Running on Kubernetes using Telar CLI
Telar CLI is under development. Use manual setup instead!
Running on Kubernetes (Manually)
Pre-required
- Familiar with Kubernetes
- Know how to work with OpenFaaS
Setup
- Clone Telar repositories
git clone git@github.com:red-gold/ts-serverless.git && \
git clone git@github.com:red-gold/telar-web.git && \
git clone git@github.com:red-gold/ts-ui.git && \
git clone git@github.com:red-gold/ts-websocket.git
- Change projects config based on your requirements
- Set your Telar Web configuration in
path-to-project/telar-web/config/*.yml
- Set your Telar Scoial configuration in
path-to-project/ts-serverless/config/*.yml
- Set your User Interface configuration in
path-to-project/ts-serverless/.env.production
- Set your WebSocket server configuration in
path-to-project/ts-websocket/k8s/deploy.yml
- Set your Telar Web configuration in
For WebSocket server PAYLOAD_SECRET
, PUBLIC_KEY
in configuration, read from Kubernetes secret which you will create on next step.
- Create Secret for Kubernetes Telar Social use Kubernetes secrets to keep sensitive information safe. Set the environment variable (e.g. ) in terminal and run commnad below.
kubectl -n openfaas-fn create secret generic secrets --from-file=./key --from-file=./key.pub --from-file=./serviceAccountKey.json \
--from-literal="ts-client-secret=$CLIENT_SECRET" --from-literal="mongo-host=$MONGO_HOST" \
--from-literal="mongo-database=$MONGO_DB" \
--from-literal="recaptcha-key=$RECAPTCHA_KEY" --from-literal="ref-email-pass=$REF_EMAIL_PASS" \
--from-literal="redis-pwd=$REDIS_PWD" --from-literal="admin-username=$ADMIN_USERNAME"\
--from-literal="admin-password=$ADMIN_PASSWORD" --from-literal payload-secret="$PAYLOAD_SECRET"\
--from-literal="phone-auth-token=$PHONE_AUTH_TOKEN" --from-literal="phone-auth-id=$PHONE_AUTH_ID"
To know more about each secret field check here.
- Deploy
telar-wb
andts-serverless
We supposed you are familiar withOpenFaaS
. All you need now is moving to root of each project and change thestack.yml
file to your own docker user (e.g.qolzam/actions:v0.1.13
tomy_docker_user/actions:v0.1.0
). Then run command below to build/push/depoy each Microservice.
faas up
- Deploy WebScoket server You are able to run WebScoket server on any server(e.g. Heroku) but here we prefer to keep the WebSocket server on Kuberenetes cluster. Run command below to deploy WebSocet server.
kubectl apply -f ./k8s/service.yml
kubectl apply -f ./k8s/deploy.yml
- Deploy User Interface (
ts-ui
) User interface can be deployed on Kubernetes or web host providers like Firebase hosting.
- Hosting on web host providers, you can simply build the project using
npm run build
and deploy based on web host provider instruction. (e.g. Firebase hosting) - To host on Kebenetes change
stack.yml
file for your own docker user and run command below.
npm run build
faas up
- To start go
https://your-social-domain/admin/login
page. Login with admin username/password and wait until you see welcome page. And we are done!
Running on faasd
We will add it soon :)
Expose Social Network to the internet from your local
In the case you need to make your social network available on the internet from your local PC/Server, you may consider options below.
-
inlets (Recommended): inlets uses a websocket to create a tunnel between a client and a server. The server is typically a machine with a public IP address, and the client is on a private network with no public address. inlets is considered production-ready, but you should do some testing before you depend on it. For a commercially-supported solution, see inlets PRO, which enables additional use-cases, has more thorough testing and secure defaults.
-
ngrok: ngrok provides a real-time web UI where you can introspect all HTTP traffic running over your tunnels. Replay any request against your tunnel with one click.
-
Cloudflare: You can connect applications, servers, and other resources to Cloudflare's network using Cloudflare Tunnel. When connected, Cloudflare can apply Zero Trust policies to determine who can reach the resource.
Config Traefik for Telar Social
Traefik is an open-source Edge Router that makes publishing your services a fun and easy experience. It receives requests on behalf of your system and finds out which components are responsible for handling them.
We also config DNS challenge to resolve certificate by Let's Encrypt. We used digitalocean
provider as an example but you can find your own provider here
Create secret for certificate resolver
Change digitalocean
with your provider name and replace your_token
with your token.
kubectl create secret -n kube-system generic digitalocean --from-literal=dns-token=your_token
Deploy Traefik on K8S cluster
Excute command below to deploy Traefik. Before that, change my@email.com
to your email and digitalocean
to your provider.
In command below we use letsencrypt in
production
mode if you are in development statge you can change it tostaging
.letsencrypt production: https://acme-v02.api.letsencrypt.org/directory
letsencrypt staging: https://acme-staging-v02.api.letsencrypt.org/directory
helm install --namespace=kube-system \
--set="additionalArguments={--accesslog=true,--api.insecure=true,--log.level=DEBUG,--certificatesresolvers.letsencrypt.acme.email=my@email.com,--certificatesresolvers.letsencrypt.acme.storage=/data/acme.json,--certificatesresolvers.letsencrypt.acme.caserver=https://acme-v02.api.letsencrypt.org/directory,--certificatesResolvers.letsencrypt.acme.dnschallenge=true,--certificatesResolvers.letsencrypt.acme.dnschallenge.provider=digitalocean}" \
--set="env[0].name=DO_AUTH_TOKEN" \
--set="env[0].valueFrom.secretKeyRef.name=digitalocean" \
--set="env[0].valueFrom.secretKeyRef.key=dns-token" \
traefik traefik/traefik
Deploy Telar Social functions ingress route
To have a pretty URL we use social-middleware-gateway
ingress route to have https://my.social.com/*
URL instead of https://my.social.com/function/*
. The ingress-route-social
ingress route will route requests to OpenFaaS
gateway service.
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: social-middleware-gateway
spec:
addPrefix:
prefix: /function
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingress-route-social
spec:
entryPoints:
- websecure
routes:
- match: Host(`my.social.com`)
kind: Rule
middlewares:
- name: social-middleware-gateway
namespace: default
services:
- name: gateway
namespace: openfaas
kind: Service
port: 8080
tls:
certResolver: letsencrypt
domains:
- main: my.social.com
sans:
- '*.my.social.com'
Deploy WebSocket ingress route
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ws-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`ws.social.com`)
kind: Rule
services:
- name: ws-service
namespace: openfaas-fn
kind: Service
port: 3001
tls:
certResolver: letsencrypt
domains:
- main: social.com
sans:
- '*.social.com'
⭐️ This page needs help. Please help with your contribution. To start click on edit button.