9.6 KiB
Getting Started
Table of Contents
Installation
Installation of Shynet is easy! Follow the Basic Installation guide below if you'd like to run Shynet over HTTP or if you are going to be running it over HTTPS through a reverse proxy. If you'd like to run Shynet over HTTPS without a reverse proxy, skip ahead to Installation with SSL instead.
These commands assume Ubuntu. If you're installing Shynet on a different platform, the process will be different.
Before continuing, please be sure to have the latest version of Docker installed.
Basic Installation
-
Pull the latest version of Shynet using
docker pull milesmcc/shynet:latest
. If you don't have Docker installed, install it. -
Have a PostgreSQL server ready to go. This can be on the same machine as the deployment, or elsewhere. You'll just need a username, password, host, and port. (For info on how to setup a PostgreSQL server on Ubuntu, follow this guide).
-
Configure an environment file for Shynet, using this file as a template. (This file is typically named
.env
.) Make sure you set the database settings, or Shynet won't be able to run. -
Launch the Shynet server by running
docker run --env-file=<your env file> milesmcc/shynet:latest
. Watch the output of the script; if it's the first run, you'll see a temporary password printed that you can use to log in. You may need to bind Docker's port 8080 (where Shynet runs) to your local port 80 (http); this can be done using the flag-p 80:8080
afterrun
. -
Visit your service's homepage, and verify everything looks right! You should see a login prompt. Log in with the credentials from step 4. You'll probably be prompted to "confirm your email"—if you haven't set up an email server, the confirmation email will be printed to the console instead.
-
Create a service by clicking "+ Create Service" in the top right hand corner. Fill out the options as appropriate. Once you're done, press "create" and you'll be redirected to your new service's analytics page.
-
Finally, click on "Manage" in the top right of the service's page to get the tracking script code. Inject this script on all pages you'd like the service to track.
Updating Your Configuration
When you first setup Shynet, you set a number of environment variables that determine first-run initialization settings (these variables start with SHYNET_
). Once they're first set, though, changing them won't have any effect. Here's how to update their values:
-
Create an admin account by running
docker run --env-file=<your env file> milesmcc/shynet:latest python manage.py registeradmin <your email>
. The command will print a temporary password that you'll be able to use to log in. -
Configure Shynet's hostname (e.g.
shynet.example.com
orlocalhost:8000
) by runningdocker run --env-file=<your env file> milesmcc/shynet:latest python manage.py hostname "<your hostname>"
. This doesn't affect Shynet's bind port; instead, it determines what hostname to inject into the tracking script. (So you'll want to use the "user-facing" hostname here.) -
Name your Shynet instance by running
docker run --env-file=<your env file> milesmcc/shynet:latest python manage.py whitelabel "<your instance name>"
. This could be something like "My Shynet Server" or "Acme Analytics"—whatever suits you.
Enhancements
Installation with SSL
If you are going to be running Shynet through a reverse proxy, please see Configuring a Reverse Proxy instead.
-
We'll be cloning this into the home directory to make this installation easier, so run
cd ~/
if you need to. -
Instead of pulling from Docker, we will be pulling from GitHub and building using Docker in order to easily add SSL certificates. You will want to run
git clone https://github.com/milesmcc/shynet.git
to clone the GitHub repo to your current working directory. -
To install
certbot
follow the guide here or follow along below- Ubuntu 18.04
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot
- Ubuntu 18.04
-
Run
sudo certbot certonly --standalone
and follow the instructions to generate your SSL certificate.- If you registering the certificate to a domain name like
example.com
, please be sure to point your DNS records to your current server before runningcertbot
.
- If you registering the certificate to a domain name like
-
We are going to move the SSL certificates to the Shynet repo with with command below. Replace
<domain>
with the domain name you used in step 3.cp /etc/letsencrypt/live/<domain>/{cert,privkey}.pem ~/shynet/shynet/
-
With that, we are going to replace the
webserver.sh
withssl.webserver.sh
to enable the use of SSL certificates. The originalwebserver.sh
will be backed up tobackup.webserver.sh
mv ~/shynet/shynet/webserver.sh ~/shynet/shynet/backup.webserver.sh
mv ~/shynet/shynet/ssl.webserver.sh ~/shynet/shynet/webserver.sh
-
Now we build the image!
docker image build shynet -t shynet-ssl:latest
-
Have a PostgreSQL server ready to go. This can be on the same machine as the deployment, or elsewhere. You'll just need a username, password, host, and port (default is
5432
). (For info on how to setup a PostgreSQL server on Ubuntu, follow this guide). -
Follow the Basic Installation guide with just one modification: in step #4, change the local bind port from
80
to443
, and useshynet-ssl:latest
as your Docker image instead ofmilesmcc/shynet:latest
.
Configuring a Reverse Proxy
A reverse proxy has many benefits. It can be used for DDoS protection, caching files to reduce server load, routing HTTPS and/or HTTP connections, hosting multiple services on a single server, and more!
Cloudflare
Cloudflare is a great reverse proxy option. It's free, automatically configures HTTPs, offers out-of-the-box security features, provides DNS, and requires minimal setup.
-
Follow Cloudflare's getting started guide.
-
After setting up Cloudflare, here are a few things you should consider doing:
- Under the
SSL
Tab >Overview
> Change yourSSL/TLS Encryption Mode
toFlexible
- The following will block your admin panel from anyone who isn't on your IP address. This is optional, but great for security.
- Under the
Firewall
tab >Overview
>+ Create Firewall Rule
: - Name:
Admin Panel Restriction
- Field:
URI Path
- Operator:
equals
- Value:
/admin
- Click
AND
- Field:
IP Address
- Operator:
does not equal
- Value:
<your public IP address>
- Then:
Block
- Under the
- Under the
Nginx
Nginx is a self hosted, highly configurable webserver. Nginx can be configured to run as a reverse proxy on either the same machine or a remote machine.
Set up
These commands assume Ubuntu. If you're installing Nginx on a different platform, the process will be different.
-
Before starting, shut down your Docker containers (if any are running)
- Run
docker container ls
to find the container ID - Run
docker stop <container id from the last step>
- Run
-
Update your packages and install Nginx
sudo apt-get update
sudo apt-get install nginx
-
Disable the default Nginx placeholder
sudo unlink /etc/nginx/sites-enabled/default
-
Create the Nginx reverse proxy config file
cd /etc/nginx/sites-available/
vi reverse-proxy.conf
ornano reverse-proxy.conf
- Paste the following configuration into that file:
# Know what you're pasting! Read the Reference! # Reference: https://nginx.org/en/docs/ server { listen 80; location / { proxy_pass http://127.0.0.1:8080; } }
- Save and exit the text editor
:wq
for victrl+x
theny
for nano
- Link Nginx's
sites-enabled
to read the new configsudo ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf
- Make sure the config is working
service nginx configtest
service nginx restart
-
Restart your Docker image, but this time use
8080
as the local bind port, as that's where we configured Nginx to lookcd ~/
docker run -p 8080:8080 --env-file=<your env file> milesmcc/shynet:latest
-
Finally, time to test!
- Go to
http://<your site>/admin
- Go to
-
If everything is working as expected, please read through some of the following links below to customize Nginx