wffurr · February 25, 2017 14:33
diff --git a/Dokku Deployment Notes b/Dokku Deployment Notes
 Dokku Deployment Notes
 ======================

 Created a $5 Linode: https://www.linode.com/pricing

 Set up dokku using instructions: http://dokku.viewdocs.io/dokku/getting-started/installation/
 Used the Linode-specific instructions to enable AUFS  http://dokku.viewdocs.io/dokku/getting-started/install/linode/
 Used the bootstrap script:
 wget https://raw.githubusercontent.com/dokku/dokku/v0.8.0/bootstrap.sh;
 sudo DOKKU_TAG=v0.8.0 bash bootstrap.sh

 To access the setup page, I had to open port 80 in iptables
 sudo iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT

 Used my personal SSH key from my Macbook, left vhosts setting alone

 Deployed the Dokku sample app: http://dokku.viewdocs.io/dokku/deployment/application-deployment/
 Again had to punch a hole for the port number

 Created my own EVE SSO app for the dokku IP address
 Have to update with port after deploying since the app gets a unique port instead of a vhost name
 Updated config.local.json with secret and client id

 Creating the eve-roster app:
 dokku app:create eve-roster

 Setting up persistent storage for the eve-roster app: http://dokku.viewdocs.io/dokku/advanced-usage/persistent-storage/
 sudo mkdir -p /var/lib/dokku/data/storage/eve-roster
 sudo chown -R dokku:dokku /var/lib/dokku/data/storage/eve-roster
 dokku storage:mount eve-roster /var/lib/dokku/data/storage/eve-roster:/eve-roster/storage

 Set app environment variables:
 NODE_ENV=production
 PORT=???

 Set config.json.local variables, these should be environment vars:
  "dbFileName": "/eve-roster/storage/roster.sqlite",
  "logDir": "/eve-roster/storage/logs",

 Had to force commit config.local.json blergh

 Created an app.json file with pre/post deploy hooks for building webpack bundle and running DB migrations

 Pro tip, make sure your app runs correctly in prod mode without dev dependencies installed.  Maybe even have a staging repo separately on your machine from the working one.

 Many code changes later... deployed!
 Punch another firewall hole for the deployed port
 Dokku should be doing this automatically
 sudo iptables -A INPUT -p tcp --dport 63158 -j ACCEPT

 It works!  But the hostname stuff is crazy wrong, and PORT is the port inside the Docker container, not the external PORT, which is DOKKU_NGINX_PORT.

 Doesn't work after a deploy - 502 bad gateway.  nginx says connection refused by the docker container.  I did a dokku ps:restart eve-roster - still busted.  ...because it's listening on the wrong goddamn port now.  The express app needs to listen on 5000 the default docker container port, but use the external port for the login UI.

 Setting up Virtual Host deployment on port 80 and SSL
 =====================================================
 June set up the roster.osm.com alias for pepperoni.  I am going to try to move staging to pepperoni.osm.com and also deploy roster.osm.com.
 http://dokku.viewdocs.io/dokku/configuration/domains/

 sudo dokku domains:set-global of-sound-mind.com

 I took a side trip to install security updates and reboot, to see if Dokku apps would come back up with their mapped drives and such.  It all worked fine!

 sudo dokku domains:add roster-staging pepperoni

 Now staging is running directly on pepperoni.osm.com.  However, the add character flow is broken and still brings us back to 41612, even though DOKKU_NGINX_PORT: 80 in the container.

 sudo dokku deploy roster-staging

 This deployed a new copy of the roster-staging app, and kicked it over.  Didn't help.

 sudo dokku enter roster-staging

 This opened a bash shell into the container in the /app directory.  Everything seems fine, there's no hardcoded 41612 anywhere.  Maybe it's a problem with setting the port to a const on startup.

 Made a branch from 5ff0acf0bbd8e5913e6ceaec68c2a1bdd71b6a78, without the in-progress de-config-file-ifying work, did the commit config.local.json, push, delete branch dance.  That seemed to reset the port business, but now it's explicitly redirecting to port 80.  I also had to change my EVE app configuration to use port 80 for the redirect URL.  Everything works now, able to log in and add characters directly on pepperoni.

 Now trying SSL setup:  sudo dokku letsencrypt roster-staging
 By default it wants to encrypt using the app name as the subdomain, argh:
 https://acme-v01.api.letsencrypt.org/acme/authz/ic8eb7P9QDVZ5olAF6vOesCIylu4UKCzX_FPfSEOnF8
 Ah, sudo dokku domains roster-staging lists only roster-staging.of-sound-mind.com, something got messed up
 Re-added pepperoni and removed roster-staging.of-sound-mind.com:
 sudo dokku domains:add roster-staging pepperoni
 sudo dokku domains:remote roster-staging roster-staging.of-sound-mind.com
 This might have been the letsencrypt plugin screwing up my vhost configuration I just had

 Trying again with letsencrypt: DNS name does not have enough labels
 Probably wants the FQDN and not just the subdomain.
 sudo dokku domains:add roster-staging pepperoni.of-sound-mind.com
 sudo dokku domains:remove roster-staging pepperoni
 sudo dokku letsencrypt roster-staging
 Success!
 http://pepperoni.of-sound-mind.com now redirects to https://pepperoni.of-sound-mind.com

 Port configuration is now screwed up though, and we need code changes to support SSL redirects in the OAuth flow
 DOKKU_NGINX_PORT=80 but now DOKKU_NGINX_SSL_PORT=443
 I was still able to add a new character, but it used the port 80 connection instead of 443 for the OAuth response.
 Made some code changes to use https and 443 and updated the EVE application details.
 Everything works!

 Deploying to Prod
 =================
 sudo dokku apps:create roster
 sudo mkdir -p /var/lib/dokku/data/storage/roster
 sudo chown -R dokku:dokku /var/lib/dokku/data/storage/roster
 sudo dokku storage:mount roster /var/lib/dokku/data/storage/roster:/roster/storage
 sudo dokku domains:add roster roster.of-sound-mind.com

 Set up a new app on https://developers.eveonline.com/applications with https://roster.of-sound-mind.com:443/authenticate
 as the redirect URL, and the scope list.  Edit config.local.json for the new storage location and SSO secrets.

 git remote add prod [email protected]:roster
 git push prod deploy:master

 http://roster.of-sound-mind.com/login works!

 I set up the app with SSL, so we need to encrypt:

 sudo dokku config:set --no-restart roster [email protected]
 sudo dokku letsencrypt roster

 https://roster.of-sound-mind.com/login works!

 The redirect_uri for login is http://a31cee3c4d8e:80/authenticate, have to set hostname and restart for the ssl changes

 sudo dokku config:set roster HOSTNAME=roster.of-sound-mind.com NODE_ENV=production

 https://roster.of-sound-mind.com/ works with a different DB, I am signed in!
	Dokku Deployment Notes
	======================

	Created a $5 Linode: https://www.linode.com/pricing

	Set up dokku using instructions: http://dokku.viewdocs.io/dokku/getting-started/installation/
	Used the Linode-specific instructions to enable AUFS http://dokku.viewdocs.io/dokku/getting-started/install/linode/
	Used the bootstrap script:
	wget https://raw.githubusercontent.com/dokku/dokku/v0.8.0/bootstrap.sh;
	sudo DOKKU_TAG=v0.8.0 bash bootstrap.sh

	To access the setup page, I had to open port 80 in iptables
	sudo iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT

	Used my personal SSH key from my Macbook, left vhosts setting alone

	Deployed the Dokku sample app: http://dokku.viewdocs.io/dokku/deployment/application-deployment/
	Again had to punch a hole for the port number

	Created my own EVE SSO app for the dokku IP address
	Have to update with port after deploying since the app gets a unique port instead of a vhost name
	Updated config.local.json with secret and client id

	Creating the eve-roster app:
	dokku app:create eve-roster

	Setting up persistent storage for the eve-roster app: http://dokku.viewdocs.io/dokku/advanced-usage/persistent-storage/
	sudo mkdir -p /var/lib/dokku/data/storage/eve-roster
	sudo chown -R dokku:dokku /var/lib/dokku/data/storage/eve-roster
	dokku storage:mount eve-roster /var/lib/dokku/data/storage/eve-roster:/eve-roster/storage

	Set app environment variables:
	NODE_ENV=production
	PORT=???

	Set config.json.local variables, these should be environment vars:
	"dbFileName": "/eve-roster/storage/roster.sqlite",
	"logDir": "/eve-roster/storage/logs",

	Had to force commit config.local.json blergh

	Created an app.json file with pre/post deploy hooks for building webpack bundle and running DB migrations

	Pro tip, make sure your app runs correctly in prod mode without dev dependencies installed. Maybe even have a staging repo separately on your machine from the working one.

	Many code changes later... deployed!
	Punch another firewall hole for the deployed port
	Dokku should be doing this automatically
	sudo iptables -A INPUT -p tcp --dport 63158 -j ACCEPT

	It works! But the hostname stuff is crazy wrong, and PORT is the port inside the Docker container, not the external PORT, which is DOKKU_NGINX_PORT.

	Doesn't work after a deploy - 502 bad gateway. nginx says connection refused by the docker container. I did a dokku ps:restart eve-roster - still busted. ...because it's listening on the wrong goddamn port now. The express app needs to listen on 5000 the default docker container port, but use the external port for the login UI.

	Setting up Virtual Host deployment on port 80 and SSL
	=====================================================
	June set up the roster.osm.com alias for pepperoni. I am going to try to move staging to pepperoni.osm.com and also deploy roster.osm.com.
	http://dokku.viewdocs.io/dokku/configuration/domains/

	sudo dokku domains:set-global of-sound-mind.com

	I took a side trip to install security updates and reboot, to see if Dokku apps would come back up with their mapped drives and such. It all worked fine!

	sudo dokku domains:add roster-staging pepperoni

	Now staging is running directly on pepperoni.osm.com. However, the add character flow is broken and still brings us back to 41612, even though DOKKU_NGINX_PORT: 80 in the container.

	sudo dokku deploy roster-staging

	This deployed a new copy of the roster-staging app, and kicked it over. Didn't help.

	sudo dokku enter roster-staging

	This opened a bash shell into the container in the /app directory. Everything seems fine, there's no hardcoded 41612 anywhere. Maybe it's a problem with setting the port to a const on startup.

	Made a branch from 5ff0acf0bbd8e5913e6ceaec68c2a1bdd71b6a78, without the in-progress de-config-file-ifying work, did the commit config.local.json, push, delete branch dance. That seemed to reset the port business, but now it's explicitly redirecting to port 80. I also had to change my EVE app configuration to use port 80 for the redirect URL. Everything works now, able to log in and add characters directly on pepperoni.

	Now trying SSL setup: sudo dokku letsencrypt roster-staging
	By default it wants to encrypt using the app name as the subdomain, argh:
	https://acme-v01.api.letsencrypt.org/acme/authz/ic8eb7P9QDVZ5olAF6vOesCIylu4UKCzX_FPfSEOnF8
	Ah, sudo dokku domains roster-staging lists only roster-staging.of-sound-mind.com, something got messed up
	Re-added pepperoni and removed roster-staging.of-sound-mind.com:
	sudo dokku domains:add roster-staging pepperoni
	sudo dokku domains:remote roster-staging roster-staging.of-sound-mind.com
	This might have been the letsencrypt plugin screwing up my vhost configuration I just had

	Trying again with letsencrypt: DNS name does not have enough labels
	Probably wants the FQDN and not just the subdomain.
	sudo dokku domains:add roster-staging pepperoni.of-sound-mind.com
	sudo dokku domains:remove roster-staging pepperoni
	sudo dokku letsencrypt roster-staging
	Success!
	http://pepperoni.of-sound-mind.com now redirects to https://pepperoni.of-sound-mind.com

	Port configuration is now screwed up though, and we need code changes to support SSL redirects in the OAuth flow
	DOKKU_NGINX_PORT=80 but now DOKKU_NGINX_SSL_PORT=443
	I was still able to add a new character, but it used the port 80 connection instead of 443 for the OAuth response.
	Made some code changes to use https and 443 and updated the EVE application details.
	Everything works!

	Deploying to Prod
	=================
	sudo dokku apps:create roster
	sudo mkdir -p /var/lib/dokku/data/storage/roster
	sudo chown -R dokku:dokku /var/lib/dokku/data/storage/roster
	sudo dokku storage:mount roster /var/lib/dokku/data/storage/roster:/roster/storage
	sudo dokku domains:add roster roster.of-sound-mind.com

	Set up a new app on https://developers.eveonline.com/applications with https://roster.of-sound-mind.com:443/authenticate
	as the redirect URL, and the scope list. Edit config.local.json for the new storage location and SSO secrets.

	git remote add prod [email protected]:roster
	git push prod deploy:master

	http://roster.of-sound-mind.com/login works!

	I set up the app with SSL, so we need to encrypt:

	sudo dokku config:set --no-restart roster [email protected]
	sudo dokku letsencrypt roster

	https://roster.of-sound-mind.com/login works!

	The redirect_uri for login is http://a31cee3c4d8e:80/authenticate, have to set hostname and restart for the ssl changes

	sudo dokku config:set roster HOSTNAME=roster.of-sound-mind.com NODE_ENV=production

	https://roster.of-sound-mind.com/ works with a different DB, I am signed in!