Skip to content

holdex/backend

BranchesTags

Repository files navigation

Holdex Backend

In this README:


Deploying locally

1. Install dependencies:

make

2. Copy the content from .env.dev into .env:

cp .env.dev .env

3. Add credentials for full working features:

Ask Vadim or Mark for stage credentials.

3.1. Update the following vars in .env file

  • GQL_QUERY_SECRET_KEY - if not set, following requests will fail:
    • Login with Twitter
    • Login with Telegram
    • Add/Remove Webhook endpoints
    • Query communities and postedMessages with more than 25 items per page
  • EMAILS_SENDGRID_API_KEY - if not set, requests sending emails will fail
  • EMAILS_SENDGRID_WEBHOOK_VERIFICATION_KEY - is not set, webhooks from sendgrid will fail payload verification
  • SEGMENT_SECRET - if not set, events will not be sent to segment
  • PUSHER_APP_ID - if not set, events to pusher will not be sent
    • Also set PUSHER_APP_KEY, PUSHER_APP_SECRET and PUSHER_APP_CLUSTER
  • POSTHOG_PERSONAL_API_KEY - if not set, requests to PostHog will fail
  • INTERCOM_IDENTITY_VERIFICATION_SECRET - if not set, intercom user id hash will not be generated correctly

3.2. Add the GCP Storage credentials file, use the one for stage environment

If not configured, files I/O will be skipped without errors

Store the file in the root folder with the name gcs-credentials.json

For a different name and/or path change GCS_CREDENTIALS_JSON_FILE in .env

3.3. Add the Firestore credentials file, use the one for stage environment

If not configured, legacy threads views will resolve to 0

Store the file in the root folder with the name firebase-adminsdk.json

For a different name and/or path change FIREBASE_ADMIN_SDK_FILE_PATH in .env

4. Add the following line into /etc/hosts:

127.0.0.1 api.holdex.localhost

5. Run the project in development mode:

make dev

6. Access http://api.holdex.localhost:8090/graphql/playground

To use different port, change HTTP_SERVER_ADDR in the .env file


Deploying new releases on stage/production

Deployment is done manually

1. Get the docker image tag

After each merge into master branch, a new build is launched to build a docker image from that commit.

Go to Google Cloud Build and copy the value from the Commit column, or the docker image tag from the Artifacts column.

![Google Cloud Build Screenshot](docs/Google Cloud Build.png)

2. Access the server

Provide your public ssh key to Mark/Vadim to be authorised to access the server.

ssh coreusr@SERVER_IP

cd ./backend

3. Update the DEPLOY_VERSION env var

You can also add/update/remove any other variables at this step

  1. Access backend folder on the server.
  2. Open the .env file and update the DEPLOY_VERSION with the image tag. Save and close the file.

4. Restart the docker container

make prodp - This will just pull the new docker image.

make prod - This will deploy the new docker image.

make prodc - This will deploy the new docker image, but also delete the SQLite cache on disk. Execute this command only when the SQLite schema has been updated, or a resync is required.


Setup new production-like environment

Instructions are for Google Cloud Platform

1. Create new VM

Create a new VM with following settings:

  • Name: core-vm

  • Zone: us-west2-a

  • Machine type: e2-medium (General purpose)

  • Disk: SSD 20gb, Debian/GNU10

  • Firewall: Enable HTTP & HTTPS traffic

    Additional settings:

  • Enable deletion protection

  • Disable disk deletion when instance is deleted

2. Setup static IP

Wait until the VM instance is created succesfully

  1. go to https://console.cloud.google.com/networking/addresses/list,
  2. Find the IP used by the new VM, and change from Ephemeral to Static IP.
  3. Assing name core-ip

3. Configure remote SSH access

  1. SSH into the instance via Cloud Shell (from GCP interface)
  2. Switch to root user: sudo su
  3. Create a new user with sudo permissions and switch to it
    1. sudo adduser coreusr
    2. sudo usermod -aG sudo coreusr
    3. su coreusr
    4. cd ~
  4. Create .ssh directory: mkdir .ssh && cd .ssh
  5. Create a file named authorized_keys and add inside all authorized public keys
  6. Open the terminal, and you should be able to access the server via ssh coreusr@SERVER_IP

4. Install docker, docker-compose, and build-essentials

To install docker, check Step 1 and Step 2 in this guide: https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-debian-10

To install docker-compose, check Step 1 in this guide: https://www.digitalocean.com/community/tutorials/how-to-install-docker-compose-on-debian-10

To install build-essentials:

  • sudo apt-get update
  • sudo apt-get install build-essential

5. Install and configure google-fluentd agent

Follow the installation guide for a single VM here: https://cloud.google.com/logging/docs/agent/installation#agent-install-debian-ubuntu

  1. Install the latest version of google-fluentd agent and make sure the installation command includes structured logging --also-install
  2. Update agent config: sudo nano /etc/google-fluentd/google-fluentd.conf
  3. Overwrite the contents of this file with those provided in repo at /docs/google-fluentd.conf
  4. Save and close
  5. Restart to apply changes sudo service google-fluentd restart

6. Configure the proxy server

Follow this guide: https://github.com/holdex/cloud-proxy#setup-new-production-like-environment

7. Configure the api server

  1. Create the directory: mkdir backend && cd backend

  2. Copy the following files from the repo via Filezilla, or manually create with nano command and copy/paste the content:

    • Makefile
    • dc-prod.yml
    • .env.stage or .env.prod as .env

  3. Get the following files from Mark/Vadim. Copy them into the same backend folder.

    • gcs-credentials.json
    • stackdriver-credentials.json
    • firebase-adminsdk.json
    • gcp-credentials.json

  4. Create .keys folder and webhooks folder inside it. Copy the following file into webhooks folder.

    • .keys/webhooks/key.pem

  5. Return to backend folder. Open .env file. Update the following env variables with values given from Mark/Vadim:

    • GQL_QUERY_SECRET_KEY
    • DOMAIN_EVENTS_PUB_SUB_SQL_DSN
    • USER_IN_APP_NOTIFICATIONS_PUB_SUB_SQL_DSN
    • USER_IN_APP_NOTIFICATIONS_SQL_DSN
    • EVENT_STORE_SQL_DSN
    • RECAPTCHA_API_KEY
    • EMAILS_SENDGRID_API_KEY
    • EMAILS_SENDGRID_WEBHOOK_VERIFICATION_KEY
    • SEGMENT_SECRET
    • INTERCOM_IDENTITY_VERIFICATION_SECRET
    • PUSHER_APP_ID
    • PUSHER_APP_KEY
    • PUSHER_APP_SECRET
    • PUSHER_APP_CLUSTER
    • POSTHOG_PERSONAL_API_KEY

  6. Update DEPLOY_VERSION in .env with the latest docker image tag (commit column) from Google Cloud Build ![Google Cloud Build Screenshot](docs/Google Cloud Build.png)

  7. Login into registry.gitlab.com: docker login registry.gitlab.com -u holdex-gitlab

Ask Mark/Vadim for password

7. Start the docker container

make prodp - This will just pull the docker image.

make prod - This will start de container.

8. Update DNS

Make sure the Orange cloud from CloudFlare is disabled initially. Enable it after the website is accessible.

  • If there is issue with website access after enabling the Orange Cloud, disable it and try accesing the website without the option.

9. Launch NGINX proxy server

https://github.com/holdex/cloud-proxy#5-generate-certificates


Enable agent requests:

  1. Create an account
  2. Create a Holdex community in your local environment
  3. In the .env file, set the HOLDEX_COMMUNITY_ID={HoldexCommunityID}
  4. Restart the server

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

10 tags

Packages

 
 
 

Contributors

Languages