diff --git a/.env.example b/.env.example deleted file mode 100644 index 602e1c9..0000000 --- a/.env.example +++ /dev/null @@ -1,103 +0,0 @@ -## -## Quark configuration -## - -# MongoDB -MONGODB=mongodb://database - -# Redis -REDIS_URI=redis://redis/ - -# Hostname used for Caddy -# This should in most cases match REVOLT_APP_URL -HOSTNAME=http://local.revolt.chat - -# URL to where the Revolt app is publicly accessible -REVOLT_APP_URL=http://local.revolt.chat - -# URL to where the API is publicly accessible -REVOLT_PUBLIC_URL=http://local.revolt.chat/api -VITE_API_URL=http://local.revolt.chat/api - -# URL to where the WebSocket server is publicly accessible -REVOLT_EXTERNAL_WS_URL=ws://local.revolt.chat/ws - -# URL to where Autumn is publicly available -AUTUMN_PUBLIC_URL=http://local.revolt.chat/autumn - -# URL to where January is publicly available -JANUARY_PUBLIC_URL=http://local.revolt.chat/january - - -## -## hCaptcha Settings -## - -# If you are sure that you don't want to use hCaptcha, set to 1. -REVOLT_UNSAFE_NO_CAPTCHA=1 - -# hCaptcha API key (This is the "Secret key" from your User Settings page) -# REVOLT_HCAPTCHA_KEY=0x0000000000000000000000000000000000000000 - -# hCaptcha site key -# REVOLT_HCAPTCHA_SITEKEY=10000000-ffff-ffff-ffff-000000000001 - - -## -## Email Settings -## - -# If you are sure that you don't want to use email verification, set to 1. -REVOLT_UNSAFE_NO_EMAIL=1 - -# SMTP host -# REVOLT_SMTP_HOST=smtp.example.com - -# SMTP username -# REVOLT_SMTP_USERNAME=noreply@example.com - -# SMTP password -# REVOLT_SMTP_PASSWORD=CHANGEME - -# SMTP From header -# REVOLT_SMTP_FROM=Revolt - - -## -## Application Settings -## - -# Whether to only allow users to sign up if they have an invite code -REVOLT_INVITE_ONLY=0 - -# Maximum number of people that can be in a group chat -REVOLT_MAX_GROUP_SIZE=150 - -# VAPID keys for push notifications -# Generate using this guide: https://gitlab.insrt.uk/revolt/delta/-/wikis/vapid -# --> Please replace these keys before going into production! <-- -REVOLT_VAPID_PRIVATE_KEY=LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUJSUWpyTWxLRnBiVWhsUHpUbERvcEliYk1yeVNrNXpKYzVYVzIxSjJDS3hvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFWnkrQkg2TGJQZ2hEa3pEempXOG0rUXVPM3pCajRXT1phdkR6ZU00c0pqbmFwd1psTFE0WAp1ZDh2TzVodU94QWhMQlU3WWRldVovWHlBdFpWZmNyQi9BPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= -REVOLT_VAPID_PUBLIC_KEY=BGcvgR-i2z4IQ5Mw841vJvkLjt8wY-FjmWrw83jOLCY52qcGZS0OF7nfLzuYbjsQISwVO2HXrmf18gLWVX3Kwfw= - - -## -## Autumn configuration -## - -# S3 Region -AUTUMN_S3_REGION=minio - -# S3 Endpoint -AUTUMN_S3_ENDPOINT=http://minio:9000 - -# MinIO Root User -MINIO_ROOT_USER=minioautumn - -# MinIO Root Password -MINIO_ROOT_PASSWORD=minioautumn - -# AWS Access Key ID -AWS_ACCESS_KEY_ID=minioautumn - -# AWS Secret Key -AWS_SECRET_ACCESS_KEY=minioautumn diff --git a/.github/guide/cloudflare-dns.webp b/.github/guide/cloudflare-dns.webp new file mode 100644 index 0000000..cb25bbd Binary files /dev/null and b/.github/guide/cloudflare-dns.webp differ diff --git a/.github/guide/hostinger-1.location.webp b/.github/guide/hostinger-1.location.webp new file mode 100644 index 0000000..8a8789e Binary files /dev/null and b/.github/guide/hostinger-1.location.webp differ diff --git a/.github/guide/hostinger-2.os.webp b/.github/guide/hostinger-2.os.webp new file mode 100644 index 0000000..9bfbafc Binary files /dev/null and b/.github/guide/hostinger-2.os.webp differ diff --git a/.github/guide/hostinger-3.malware.webp b/.github/guide/hostinger-3.malware.webp new file mode 100644 index 0000000..de9e730 Binary files /dev/null and b/.github/guide/hostinger-3.malware.webp differ diff --git a/.github/guide/hostinger-4.configuration.webp b/.github/guide/hostinger-4.configuration.webp new file mode 100644 index 0000000..da4bac5 Binary files /dev/null and b/.github/guide/hostinger-4.configuration.webp differ diff --git a/.github/guide/hostinger-5.configuration.webp b/.github/guide/hostinger-5.configuration.webp new file mode 100644 index 0000000..008cde2 Binary files /dev/null and b/.github/guide/hostinger-5.configuration.webp differ diff --git a/.github/guide/hostinger-6.complete.webp b/.github/guide/hostinger-6.complete.webp new file mode 100644 index 0000000..c79145b Binary files /dev/null and b/.github/guide/hostinger-6.complete.webp differ diff --git a/.github/guide/hostinger-7.wait.webp b/.github/guide/hostinger-7.wait.webp new file mode 100644 index 0000000..c459f37 Binary files /dev/null and b/.github/guide/hostinger-7.wait.webp differ diff --git a/.github/guide/hostinger-8.connect.webp b/.github/guide/hostinger-8.connect.webp new file mode 100644 index 0000000..40304ca Binary files /dev/null and b/.github/guide/hostinger-8.connect.webp differ diff --git a/.github/guide/hostinger-9.panel.webp b/.github/guide/hostinger-9.panel.webp new file mode 100644 index 0000000..23f7b29 Binary files /dev/null and b/.github/guide/hostinger-9.panel.webp differ diff --git a/.gitignore b/.gitignore index 03fd174..f6a80ee 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,7 @@ data* .env +.env.web Revolt.toml compose.override.yml diff --git a/Caddyfile b/Caddyfile index 6e82152..1a0ca48 100644 --- a/Caddyfile +++ b/Caddyfile @@ -11,7 +11,7 @@ } uri strip_prefix /ws - reverse_proxy @upgrade http://events:9000 + reverse_proxy @upgrade http://events:14703 } route /autumn* { @@ -21,7 +21,7 @@ route /january* { uri strip_prefix /january - reverse_proxy http://january:7000 + reverse_proxy http://january:14705 } reverse_proxy http://web:5000 diff --git a/README.md b/README.md index 9a8d9c5..57c4aa0 100644 --- a/README.md +++ b/README.md @@ -19,57 +19,135 @@ This repository contains configurations and instructions that can be used for de > Please consult _[What can I do with Revolt and how do I self-host?](https://developers.revolt.chat/faq.html#admonition-what-can-i-do-with-revolt-and-how-do-i-self-host)_ on our developer site for information about licensing and brand use. > [!NOTE] -> amd64 builds are only available for `backend` and `bonfire` images currently, more to come. +> amd64 builds are not currently available for the web client. -## Quick Start +## Deployment -This repository provides reasonable defaults, so you can immediately get started with it on your local machine. +To get started, find yourself a suitable server to deploy onto, we recommend starting with at least 2 vCPUs and 2 GB of memory. -> [!WARNING] -> This is not fit for production usage; see below for the full guide. +> [!TIP] +> +> **We've partnered with Hostinger to bring you a 20% discount off VPS hosting!** +> +> 👉 https://www.hostinger.com/vps-hosting?REFERRALCODE=REVOLTCHAT +> +> We recommend using the _KVM 2_ plan at minimum!
Our testing environment for self-hosted currently sits on a KVM 2 instance and are happy to assist with issues. + +The instructions going forwards will use Hostinger as an example hosting platform, but you should be able to adapt these to other platforms if necessary. There are important details throughout. + +![Select the location](.github/guide/hostinger-1.location.webp) + +When asked, choose **Ubuntu Server** as your operating system, this is used by us in production and we recommend its use. + +![Select the operating system](.github/guide/hostinger-2.os.webp) + +If you've chosen to go with Hostinger, they include integrated malware scanning which may be of interest: + +![Consider malware scanning](.github/guide/hostinger-3.malware.webp) + +You should set a secure root password for login (_or disable password login after setup, which is explained later! but you shouldn't make the password trivial until after this is secured at least!_) and we recommend that you configure an SSH key: + +![Configuration unfilled](.github/guide/hostinger-4.configuration.webp) +![Configuration filled](.github/guide/hostinger-5.configuration.webp) + +Make sure to confirm everything is correct! + +![Confirmation](.github/guide/hostinger-6.complete.webp) + +Wait for your VPS to be created... + +| ![Wait for creation](.github/guide/hostinger-7.wait.webp) | ![Wait for creation](.github/guide/hostinger-8.connect.webp) | +| --------------------------------------------------------- | ------------------------------------------------------------ | + +After install, SSH into the machine: ```bash -git clone https://github.com/revoltchat/self-hosted revolt -cd revolt -cp .env.example .env -docker compose up +# use the provided IP address to connect: +ssh root@ +# .. if you have a SSH key configured +ssh root@ -i path/to/id_rsa ``` -Now navigate to http://local.revolt.chat in your browser. +And now we can proceed with some basic configuration and securing the system: -## Production Setup +```bash +# update the system +apt-get update && apt-get upgrade -y + +# configure firewall +ufw allow ssh +ufw allow http +ufw allow https +ufw default deny +ufw enable + +# if you have configured an SSH key, disable password authentication: +sudo sed -E -i 's|^#?(PasswordAuthentication)\s.*|\1 no|' /etc/ssh/sshd_config +if ! grep '^PasswordAuthentication\s' /etc/ssh/sshd_config; then echo 'PasswordAuthentication no' |sudo tee -a /etc/ssh/sshd_config; fi + +# reboot to apply changes +reboot +``` -Prerequisites before continuing: +Your system is now ready to proceed with installation, but before we continue you should configure your domain. -- [Git](https://git-scm.com) -- [Docker](https://www.docker.com) +![Cloudflare DNS configuration](.github/guide/cloudflare-dns.webp) -Clone this repository. +Your domain (or a subdomain) should point to the server's IP (A and AAAA records) or CNAME to the hostname provided. + +Next, we must install the required dependencies: + +```bash +# ensure Git and Docker are installed +apt-get update +apt-get install ca-certificates curl git micro +install -m 0755 -d /etc/apt/keyrings +curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc +chmod a+r /etc/apt/keyrings/docker.asc + +echo \ + "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ + $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ + sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + +apt-get update +apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin +``` + +Now, we can pull in the configuration for Revolt: ```bash git clone https://github.com/revoltchat/self-hosted revolt cd revolt ``` -Copy `.env` and download `Revolt.toml`, then modify them according to your requirements. +Generate a configuration file by running: -> [!WARNING] -> The default configurations are intended exclusively for testing and will only work locally. If you wish to deploy to a remote server, you **must** edit the URLs in `.env` and `Revolt.toml`. Please reference the section below on [configuring a custom domain](#custom-domain). +```bash +./generate_config.sh your.domain +``` + +You can find [more options here](https://github.com/revoltchat/backend/blob/df074260196f5ed246e6360d8e81ece84d8d9549/crates/core/config/Revolt.toml), some noteworthy configuration options: + +- Email verification +- Captcha +- A custom S3 server + +If you'd like to edit the configuration, just run: ```bash -cp .env.example .env -wget -O Revolt.toml https://raw.githubusercontent.com/revoltchat/backend/main/crates/core/config/Revolt.toml +micro Revolt.toml ``` -Then start Revolt: +Finally, we can start up Revolt: ```bash -docker compose up +docker compose up -d ``` ## Updating -Before updating, ensure you consult the notices at the top of this README to check if there are any important changes to be aware of. +Before updating, ensure you consult the notices at the top of this README to check if there are any important changes to be aware of **as well as** [the notices](#notices). Pull the latest version of this repository: @@ -77,6 +155,8 @@ Pull the latest version of this repository: git pull ``` +Check if your configuration file is correct by opening [the reference config file](https://github.com/revoltchat/backend/blob/df074260196f5ed246e6360d8e81ece84d8d9549/crates/core/config/Revolt.toml) and your `Revolt.toml` and comparing for changes. + Then pull all the latest images: ```bash @@ -91,6 +171,37 @@ docker compose up ## Additional Notes +### Quick Start (for advanced users) + +Prerequisites before continuing: + +- [Git](https://git-scm.com) +- [Docker](https://www.docker.com) + +Clone this repository. + +```bash +git clone https://github.com/revoltchat/self-hosted revolt +cd revolt +``` + +Copy `.env` and download `Revolt.toml`, then modify them according to your requirements. + +> [!WARNING] +> The default configurations are intended exclusively for testing and will only work locally. If you wish to deploy to a remote server, you **must** edit the URLs in `.env` and `Revolt.toml`. Please reference the section below on [configuring a custom domain](#custom-domain). + +```bash +echo "HOSTNAME=http://local.revolt.chat" > .env.web +echo "REVOLT_PUBLIC_URL=http://local.revolt.chat/api" >> .env.web +wget -O Revolt.toml https://raw.githubusercontent.com/revoltchat/backend/main/crates/core/config/Revolt.toml +``` + +Then start Revolt: + +```bash +docker compose up -d +``` + ### Custom domain To configure a custom domain, you will need to replace all instances of `local.revolt.chat` in the `Revolt.toml` and `.env` files, like so: diff --git a/compose.yml b/compose.yml index 1149a36..7f9a785 100644 --- a/compose.yml +++ b/compose.yml @@ -1,3 +1,5 @@ +name: revolt + services: # MongoDB database database: @@ -15,16 +17,30 @@ services: minio: image: minio/minio command: server /data - env_file: .env volumes: - ./data/minio:/data + environment: + MINIO_ROOT_USER: minioautumn + MINIO_ROOT_PASSWORD: minioautumn + MINIO_DOMAIN: minio + networks: + default: + aliases: + - revolt-uploads.minio + # legacy support: + - attachments.minio + - avatars.minio + - backgrounds.minio + - icons.minio + - banners.minio + - emojis.minio restart: always # Caddy web server caddy: image: caddy restart: always - env_file: .env + env_file: .env.web ports: - "80:80" - "443:443" @@ -35,24 +51,20 @@ services: # API server (delta) api: - image: ghcr.io/revoltchat/server:20240929-1 - env_file: .env + image: ghcr.io/revoltchat/server:20241024-1 depends_on: - database - redis - - caddy volumes: - ./Revolt.toml:/Revolt.toml restart: always # Events service (quark) events: - image: ghcr.io/revoltchat/bonfire:20240929-1 - env_file: .env + image: ghcr.io/revoltchat/bonfire:20241024-1 depends_on: - database - redis - - caddy volumes: - ./Revolt.toml:/Revolt.toml restart: always @@ -60,28 +72,24 @@ services: # Web App (revite) web: image: ghcr.io/revoltchat/client:master - env_file: .env - depends_on: - - caddy restart: always + env_file: .env.web # File server (autumn) autumn: - image: ghcr.io/revoltchat/autumn:1.1.11 - env_file: .env + image: ghcr.io/revoltchat/autumn:20241024-1 depends_on: - database - createbuckets - - caddy - environment: - - AUTUMN_MONGO_URI=mongodb://database + volumes: + - ./Revolt.toml:/Revolt.toml restart: always # Metadata and image proxy (january) january: - image: ghcr.io/revoltchat/january:0.3.5 - depends_on: - - caddy + image: ghcr.io/revoltchat/january:20241024-1 + volumes: + - ./Revolt.toml:/Revolt.toml restart: always # Create buckets for minio. @@ -89,16 +97,12 @@ services: image: minio/mc depends_on: - minio - env_file: .env entrypoint: > /bin/sh -c " - /usr/bin/mc config host add minio http://minio:9000 $MINIO_ROOT_USER $MINIO_ROOT_PASSWORD; - while ! /usr/bin/mc ready minio; do echo 'Waiting minio...' && sleep 1; done; - /usr/bin/mc mb minio/attachments; - /usr/bin/mc mb minio/avatars; - /usr/bin/mc mb minio/backgrounds; - /usr/bin/mc mb minio/icons; - /usr/bin/mc mb minio/banners; - /usr/bin/mc mb minio/emojis; + while ! /usr/bin/mc ready minio; do + /usr/bin/mc config host add minio http://minio:9000 minioautumn minioautumn; + echo 'Waiting minio...' && sleep 1; + done; + /usr/bin/mc mb minio/revolt-uploads; exit 0; " diff --git a/generate_config.sh b/generate_config.sh new file mode 100755 index 0000000..c4476e4 --- /dev/null +++ b/generate_config.sh @@ -0,0 +1,26 @@ +#!/usr/bin/env bash + +# set hostname for Caddy +echo "HOSTNAME=https://$1" > .env.web +echo "REVOLT_PUBLIC_URL=https://$1/api" >> .env.web + +# hostnames +echo "[hosts]" >> Revolt.toml +echo "app = \"https://$1\"" >> Revolt.toml +echo "api = \"https://$1/api\"" >> Revolt.toml +echo "events = \"wss://$1/ws\"" >> Revolt.toml +echo "autumn = \"https://$1/autumn\"" >> Revolt.toml +echo "january = \"https://$1/january\"" >> Revolt.toml + +# VAPID keys +echo "" >> Revolt.toml +echo "[api.vapid]" >> Revolt.toml +openssl ecparam -name prime256v1 -genkey -noout -out vapid_private.pem +echo "private_key = \"$(base64 vapid_private.pem | tr -d '\n')\"" >> Revolt.toml +echo "public_key = \"$(openssl ec -in vapid_private.pem -outform DER|tail -c 65|base64|tr '/+' '_-'|tr -d '\n')\"" >> Revolt.toml +rm vapid_private.pem + +# encryption key for files +echo "" >> Revolt.toml +echo "[files]" >> Revolt.toml +echo "encryption_key = \"$(openssl rand -base64 32)\"" >> Revolt.toml