├── .env
├── .github
    └── workflows
    │   └── main.yaml
├── .gitignore
├── .huly.nginx
├── .template.huly.conf
├── .template.nginx.conf
├── LICENSE
├── MIGRATION.md
├── README.md
├── compose.yml
├── kube
    ├── QUICKSTART.md
    ├── README.md
    ├── account
    │   ├── account-deployment.yaml
    │   ├── account-ingress.yaml
    │   └── account-service.yaml
    ├── collaborator
    │   ├── collaborator-deployment.yaml
    │   ├── collaborator-ingress.yaml
    │   └── collaborator-service.yaml
    ├── config
    │   ├── config.yaml
    │   └── secret.yaml
    ├── elastic
    │   ├── elastic-deployment.yaml
    │   ├── elastic-persistentvolumeclaim.yaml
    │   └── elastic-service.yaml
    ├── front
    │   ├── front-deployment.yaml
    │   ├── front-ingress.yaml
    │   └── front-service.yaml
    ├── fulltext
    │   ├── fulltext-deployment.yaml
    │   └── fulltext-service.yaml
    ├── minio
    │   ├── files-persistentvolumeclaim.yaml
    │   ├── minio-deployment.yaml
    │   └── minio-service.yaml
    ├── mongodb
    │   ├── mongodb-deployment.yaml
    │   ├── mongodb-persistentvolumeclaim.yml
    │   └── mongodb-service.yaml
    ├── rekoni
    │   ├── rekoni-deployment.yaml
    │   ├── rekoni-ingress.yaml
    │   └── rekoni-service.yaml
    ├── stats
    │   ├── stats-deployment.yaml
    │   ├── stats-ingress.yaml
    │   └── stats-service.yaml
    ├── transactor
    │   ├── transactor-deployment.yaml
    │   ├── transactor-ingress.yaml
    │   └── transactor-service.yaml
    └── workspace
    │   └── workspace-deployment.yaml
├── nginx.sh
├── setup.sh
└── traefik
    ├── README.md
    ├── setup.sh
    └── template-compose.yaml


/.env:
--------------------------------------------------------------------------------
1 | huly.conf


--------------------------------------------------------------------------------
/.github/workflows/main.yaml:
--------------------------------------------------------------------------------
 1 | name: ci
 2 | 
 3 | concurrency:
 4 |   group: ${{ github.workflow }}-${{ github.ref }}
 5 |   cancel-in-progress: true
 6 | 
 7 | on:
 8 |   pull_request:
 9 | 
10 | jobs:
11 |   kind-selfhost:
12 |     runs-on: ubuntu-latest
13 |     timeout-minutes: 20
14 |     steps:
15 |         - name: "Checkout repository"
16 |           uses: actions/checkout@v4
17 |           with:
18 |             path: ${{ github.workspace }}/src/github.com/${{ github.repository }}
19 | 
20 |         - name: "Install kind"
21 |           run: |
22 |             [ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.26.0/kind-linux-amd64
23 |             # For ARM64
24 |             [ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.26.0/kind-linux-arm64
25 |             chmod +x ./kind
26 |             sudo mv ./kind /usr/local/bin/kind
27 |  
28 |         - name: "Setup k8s cluster"
29 |           run: |
30 |             cat <<EOF | kind create cluster --wait=3m --config=-
31 |             kind: Cluster
32 |             apiVersion: kind.x-k8s.io/v1alpha4
33 |             nodes:
34 |             - role: control-plane
35 |               extraPortMappings:
36 |               - containerPort: 80
37 |                 hostPort: 80
38 |                 protocol: TCP
39 |               - containerPort: 443
40 |                 hostPort: 443
41 |                 protocol: TCP
42 |             EOF
43 | 
44 |         - name: "Print cluster details"
45 |           run: |
46 |             kubectl cluster-info
47 |             kubectl version
48 |             kubectl get pods -n kube-system
49 |             echo "current-context:" $(kubectl config current-context)
50 |             echo "environment-kubeconfig:" ${KUBECONFIG}
51 | 
52 | 
53 |         - name: "Install nginx ingress controller"
54 |           run: |
55 |             kubectl apply -f https://kind.sigs.k8s.io/examples/ingress/deploy-ingress-nginx.yaml
56 |             kubectl wait --namespace ingress-nginx \
57 |               --for=condition=ready pod \
58 |               --selector=app.kubernetes.io/component=controller \
59 |               --timeout=90s
60 | 
61 |         - name: "Huly deploy"
62 |           working-directory: ${{ github.workspace }}/src/github.com/${{ github.repository }}/kube
63 |           run: |
64 |             echo 127.0.0.1 huly.example | sudo tee -a /etc/hosts
65 |             echo 127.0.0.1 account.huly.example | sudo tee -a /etc/hosts
66 |             kubectl apply -R -f .
67 |             kubectl wait --for=condition=Available deployment/mongodb --timeout 3m
68 |             kubectl wait --for=condition=Available deployment/transactor --timeout 3m
69 |             kubectl delete pod -l app=account
70 |             kubectl wait --for=condition=Available deployment/account --timeout 3m
71 |         - name: "Check login"
72 |           run: |
73 |             token=$(curl -v -H 'Content-Type: application/json' \
74 |             -d '{"method":"createAccount","params":["user1","1234","user","1"]}' \
75 |             -X POST \
76 |             http://account.huly.example/ | jq -r '.result.token')
77 | 
78 |             curl -v http://account.huly.example/ \
79 |               -X POST \
80 |               -d '{"method":"getUserWorkspaces","params":[]}' \
81 |               -H 'Content-Type: application/json' \
82 |               -H 'Accept: */*' \
83 |               -H "Authorization: Bearer $token"
84 | 
85 |         - name: Cleanup resources
86 |           if: ${{ success() || failure() || cancelled() }}
87 |           run: |
88 |             kubectl describe pods
89 |             kind delete cluster
90 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | letsencrypt/
2 | traefik/docker-compose.yaml
3 | nginx.conf
4 | nginx.conf.bak
5 | huly.conf
6 | .huly.secret
7 | .idea
8 | 


--------------------------------------------------------------------------------
/.huly.nginx:
--------------------------------------------------------------------------------
 1 | server {
 2 |     listen 80;
 3 |     server_name _;
 4 |     client_max_body_size 100M;
 5 | 
 6 |     location / {
 7 |         proxy_set_header Host $host;
 8 |         proxy_set_header X-Real-IP $remote_addr;
 9 |         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
10 |         proxy_set_header X-Forwarded-Proto $scheme;
11 |         proxy_pass http://front:8080;
12 |     }
13 | 
14 |     location /_accounts {
15 |         proxy_set_header Host $host;
16 |         proxy_set_header X-Real-IP $remote_addr;
17 |         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
18 |         proxy_set_header X-Forwarded-Proto $scheme;
19 | 
20 |         rewrite ^/_accounts(/.*)$ $1 break;
21 |         proxy_pass http://account:3000/;
22 |     }
23 | 
24 |     #location /_love {
25 |     #    proxy_set_header Host $host;
26 |     #    proxy_set_header X-Real-IP $remote_addr;
27 |     #    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
28 |     #    proxy_set_header X-Forwarded-Proto $scheme;
29 | 
30 |     #    proxy_http_version 1.1;
31 |     #    proxy_set_header Upgrade $http_upgrade;
32 |     #    proxy_set_header Connection "upgrade";
33 |     #    rewrite ^/_love(/.*)$ $1 break;
34 |     #    proxy_pass http://love:8096/;
35 |     #}
36 | 
37 |     location /_collaborator {
38 |         proxy_set_header Host $host;
39 |         proxy_set_header X-Real-IP $remote_addr;
40 |         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
41 |         proxy_set_header X-Forwarded-Proto $scheme;
42 | 
43 |         proxy_http_version 1.1;
44 |         proxy_set_header Upgrade $http_upgrade;
45 |         proxy_set_header Connection "upgrade";
46 |         rewrite ^/_collaborator(/.*)$ $1 break;
47 |         proxy_pass http://collaborator:3078/;
48 |     }
49 | 
50 |     location /_transactor {
51 |         proxy_set_header Host $host;
52 |         proxy_set_header X-Real-IP $remote_addr;
53 |         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
54 |         proxy_set_header X-Forwarded-Proto $scheme;
55 |         
56 |         proxy_http_version 1.1;
57 |         proxy_set_header Upgrade $http_upgrade;
58 |         proxy_set_header Connection "upgrade";
59 |         rewrite ^/_transactor(/.*)$ $1 break;
60 |         proxy_pass http://transactor:3333/;
61 |     }
62 | 
63 |     location ~ ^/eyJ {
64 |         proxy_set_header Host $host;
65 |         proxy_set_header X-Real-IP $remote_addr;
66 |         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
67 |         proxy_set_header X-Forwarded-Proto $scheme;
68 |         
69 |         proxy_http_version 1.1;
70 |         proxy_set_header Upgrade $http_upgrade;
71 |         proxy_set_header Connection "upgrade";
72 |         proxy_pass http://transactor:3333;
73 |     }
74 | 
75 |     location /_rekoni {
76 |         proxy_set_header Host $host;
77 |         proxy_set_header X-Real-IP $remote_addr;
78 |         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
79 |         proxy_set_header X-Forwarded-Proto $scheme;
80 | 
81 |         rewrite ^/_rekoni(/.*)$ $1 break;
82 |         proxy_pass http://rekoni:4004/;
83 |     }
84 | 
85 |     location /_stats {
86 |         proxy_set_header Host $host;
87 |         proxy_set_header X-Real-IP $remote_addr;
88 |         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
89 |         proxy_set_header X-Forwarded-Proto $scheme;
90 | 
91 |         rewrite ^/_stats(/.*)$ $1 break;
92 |         proxy_pass http://stats:4900/;
93 |     }
94 | }


--------------------------------------------------------------------------------
/.template.huly.conf:
--------------------------------------------------------------------------------
 1 | HULY_VERSION=v0.6.501
 2 | DOCKER_NAME=huly
 3 | 
 4 | # The address of the host or server from which you will access your Huly instance.
 5 | # This can be a domain name (e.g., huly.example.com) or an IP address (e.g., 192.168.1.1).
 6 | HOST_ADDRESS=${HOST_ADDRESS}
 7 | 
 8 | # Set this variable to 'true' to enable SSL (HTTPS/WSS). 
 9 | # Leave it empty to use non-SSL (HTTP/WS).
10 | SECURE=${SECURE}
11 | 
12 | # Specify the IP address to bind to; leave blank to bind to all interfaces (0.0.0.0).
13 | # Do not use IP:PORT format in HTTP_BIND or HTTP_PORT.
14 | HTTP_PORT=${HTTP_PORT}
15 | HTTP_BIND=${HTTP_BIND}
16 | 
17 | # Huly specific variables
18 | TITLE=${TITLE}
19 | DEFAULT_LANGUAGE=${DEFAULT_LANGUAGE}
20 | LAST_NAME_FIRST=${LAST_NAME_FIRST}
21 | 
22 | # The following configs are auto-generated by the setup script. 
23 | # Please do not manually overwrite.
24 | 
25 | # Run with --secret to regenerate.
26 | SECRET=${HULY_SECRET}
27 | 


--------------------------------------------------------------------------------
/.template.nginx.conf:
--------------------------------------------------------------------------------
 1 | server {
 2 |     server_name ;
 3 |     listen ;
 4 |     location / {
 5 |       proxy_http_version 1.1;
 6 |       proxy_set_header Upgrade $http_upgrade;
 7 |       proxy_set_header Connection "upgrade";
 8 |       proxy_set_header Host $host;
 9 |       proxy_set_header X-Real-IP $remote_addr;
10 |       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
11 |       proxy_set_header X-Forwarded-Proto $scheme;
12 |       proxy_pass ;
13 |     }
14 | }
15 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 | Eclipse Public License - v 2.0
  2 | 
  3 |     THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS ECLIPSE
  4 |     PUBLIC LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION
  5 |     OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT.
  6 | 
  7 | 1. DEFINITIONS
  8 | 
  9 | "Contribution" means:
 10 | 
 11 |   a) in the case of the initial Contributor, the initial content
 12 |      Distributed under this Agreement, and
 13 | 
 14 |   b) in the case of each subsequent Contributor:
 15 |      i) changes to the Program, and
 16 |      ii) additions to the Program;
 17 |   where such changes and/or additions to the Program originate from
 18 |   and are Distributed by that particular Contributor. A Contribution
 19 |   "originates" from a Contributor if it was added to the Program by
 20 |   such Contributor itself or anyone acting on such Contributor's behalf.
 21 |   Contributions do not include changes or additions to the Program that
 22 |   are not Modified Works.
 23 | 
 24 | "Contributor" means any person or entity that Distributes the Program.
 25 | 
 26 | "Licensed Patents" mean patent claims licensable by a Contributor which
 27 | are necessarily infringed by the use or sale of its Contribution alone
 28 | or when combined with the Program.
 29 | 
 30 | "Program" means the Contributions Distributed in accordance with this
 31 | Agreement.
 32 | 
 33 | "Recipient" means anyone who receives the Program under this Agreement
 34 | or any Secondary License (as applicable), including Contributors.
 35 | 
 36 | "Derivative Works" shall mean any work, whether in Source Code or other
 37 | form, that is based on (or derived from) the Program and for which the
 38 | editorial revisions, annotations, elaborations, or other modifications
 39 | represent, as a whole, an original work of authorship.
 40 | 
 41 | "Modified Works" shall mean any work in Source Code or other form that
 42 | results from an addition to, deletion from, or modification of the
 43 | contents of the Program, including, for purposes of clarity any new file
 44 | in Source Code form that contains any contents of the Program. Modified
 45 | Works shall not include works that contain only declarations,
 46 | interfaces, types, classes, structures, or files of the Program solely
 47 | in each case in order to link to, bind by name, or subclass the Program
 48 | or Modified Works thereof.
 49 | 
 50 | "Distribute" means the acts of a) distributing or b) making available
 51 | in any manner that enables the transfer of a copy.
 52 | 
 53 | "Source Code" means the form of a Program preferred for making
 54 | modifications, including but not limited to software source code,
 55 | documentation source, and configuration files.
 56 | 
 57 | "Secondary License" means either the GNU General Public License,
 58 | Version 2.0, or any later versions of that license, including any
 59 | exceptions or additional permissions as identified by the initial
 60 | Contributor.
 61 | 
 62 | 2. GRANT OF RIGHTS
 63 | 
 64 |   a) Subject to the terms of this Agreement, each Contributor hereby
 65 |   grants Recipient a non-exclusive, worldwide, royalty-free copyright
 66 |   license to reproduce, prepare Derivative Works of, publicly display,
 67 |   publicly perform, Distribute and sublicense the Contribution of such
 68 |   Contributor, if any, and such Derivative Works.
 69 | 
 70 |   b) Subject to the terms of this Agreement, each Contributor hereby
 71 |   grants Recipient a non-exclusive, worldwide, royalty-free patent
 72 |   license under Licensed Patents to make, use, sell, offer to sell,
 73 |   import and otherwise transfer the Contribution of such Contributor,
 74 |   if any, in Source Code or other form. This patent license shall
 75 |   apply to the combination of the Contribution and the Program if, at
 76 |   the time the Contribution is added by the Contributor, such addition
 77 |   of the Contribution causes such combination to be covered by the
 78 |   Licensed Patents. The patent license shall not apply to any other
 79 |   combinations which include the Contribution. No hardware per se is
 80 |   licensed hereunder.
 81 | 
 82 |   c) Recipient understands that although each Contributor grants the
 83 |   licenses to its Contributions set forth herein, no assurances are
 84 |   provided by any Contributor that the Program does not infringe the
 85 |   patent or other intellectual property rights of any other entity.
 86 |   Each Contributor disclaims any liability to Recipient for claims
 87 |   brought by any other entity based on infringement of intellectual
 88 |   property rights or otherwise. As a condition to exercising the
 89 |   rights and licenses granted hereunder, each Recipient hereby
 90 |   assumes sole responsibility to secure any other intellectual
 91 |   property rights needed, if any. For example, if a third party
 92 |   patent license is required to allow Recipient to Distribute the
 93 |   Program, it is Recipient's responsibility to acquire that license
 94 |   before distributing the Program.
 95 | 
 96 |   d) Each Contributor represents that to its knowledge it has
 97 |   sufficient copyright rights in its Contribution, if any, to grant
 98 |   the copyright license set forth in this Agreement.
 99 | 
100 |   e) Notwithstanding the terms of any Secondary License, no
101 |   Contributor makes additional grants to any Recipient (other than
102 |   those set forth in this Agreement) as a result of such Recipient's
103 |   receipt of the Program under the terms of a Secondary License
104 |   (if permitted under the terms of Section 3).
105 | 
106 | 3. REQUIREMENTS
107 | 
108 | 3.1 If a Contributor Distributes the Program in any form, then:
109 | 
110 |   a) the Program must also be made available as Source Code, in
111 |   accordance with section 3.2, and the Contributor must accompany
112 |   the Program with a statement that the Source Code for the Program
113 |   is available under this Agreement, and informs Recipients how to
114 |   obtain it in a reasonable manner on or through a medium customarily
115 |   used for software exchange; and
116 | 
117 |   b) the Contributor may Distribute the Program under a license
118 |   different than this Agreement, provided that such license:
119 |      i) effectively disclaims on behalf of all other Contributors all
120 |      warranties and conditions, express and implied, including
121 |      warranties or conditions of title and non-infringement, and
122 |      implied warranties or conditions of merchantability and fitness
123 |      for a particular purpose;
124 | 
125 |      ii) effectively excludes on behalf of all other Contributors all
126 |      liability for damages, including direct, indirect, special,
127 |      incidental and consequential damages, such as lost profits;
128 | 
129 |      iii) does not attempt to limit or alter the recipients' rights
130 |      in the Source Code under section 3.2; and
131 | 
132 |      iv) requires any subsequent distribution of the Program by any
133 |      party to be under a license that satisfies the requirements
134 |      of this section 3.
135 | 
136 | 3.2 When the Program is Distributed as Source Code:
137 | 
138 |   a) it must be made available under this Agreement, or if the
139 |   Program (i) is combined with other material in a separate file or
140 |   files made available under a Secondary License, and (ii) the initial
141 |   Contributor attached to the Source Code the notice described in
142 |   Exhibit A of this Agreement, then the Program may be made available
143 |   under the terms of such Secondary Licenses, and
144 | 
145 |   b) a copy of this Agreement must be included with each copy of
146 |   the Program.
147 | 
148 | 3.3 Contributors may not remove or alter any copyright, patent,
149 | trademark, attribution notices, disclaimers of warranty, or limitations
150 | of liability ("notices") contained within the Program from any copy of
151 | the Program which they Distribute, provided that Contributors may add
152 | their own appropriate notices.
153 | 
154 | 4. COMMERCIAL DISTRIBUTION
155 | 
156 | Commercial distributors of software may accept certain responsibilities
157 | with respect to end users, business partners and the like. While this
158 | license is intended to facilitate the commercial use of the Program,
159 | the Contributor who includes the Program in a commercial product
160 | offering should do so in a manner which does not create potential
161 | liability for other Contributors. Therefore, if a Contributor includes
162 | the Program in a commercial product offering, such Contributor
163 | ("Commercial Contributor") hereby agrees to defend and indemnify every
164 | other Contributor ("Indemnified Contributor") against any losses,
165 | damages and costs (collectively "Losses") arising from claims, lawsuits
166 | and other legal actions brought by a third party against the Indemnified
167 | Contributor to the extent caused by the acts or omissions of such
168 | Commercial Contributor in connection with its distribution of the Program
169 | in a commercial product offering. The obligations in this section do not
170 | apply to any claims or Losses relating to any actual or alleged
171 | intellectual property infringement. In order to qualify, an Indemnified
172 | Contributor must: a) promptly notify the Commercial Contributor in
173 | writing of such claim, and b) allow the Commercial Contributor to control,
174 | and cooperate with the Commercial Contributor in, the defense and any
175 | related settlement negotiations. The Indemnified Contributor may
176 | participate in any such claim at its own expense.
177 | 
178 | For example, a Contributor might include the Program in a commercial
179 | product offering, Product X. That Contributor is then a Commercial
180 | Contributor. If that Commercial Contributor then makes performance
181 | claims, or offers warranties related to Product X, those performance
182 | claims and warranties are such Commercial Contributor's responsibility
183 | alone. Under this section, the Commercial Contributor would have to
184 | defend claims against the other Contributors related to those performance
185 | claims and warranties, and if a court requires any other Contributor to
186 | pay any damages as a result, the Commercial Contributor must pay
187 | those damages.
188 | 
189 | 5. NO WARRANTY
190 | 
191 | EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT
192 | PERMITTED BY APPLICABLE LAW, THE PROGRAM IS PROVIDED ON AN "AS IS"
193 | BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR
194 | IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF
195 | TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR
196 | PURPOSE. Each Recipient is solely responsible for determining the
197 | appropriateness of using and distributing the Program and assumes all
198 | risks associated with its exercise of rights under this Agreement,
199 | including but not limited to the risks and costs of program errors,
200 | compliance with applicable laws, damage to or loss of data, programs
201 | or equipment, and unavailability or interruption of operations.
202 | 
203 | 6. DISCLAIMER OF LIABILITY
204 | 
205 | EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT
206 | PERMITTED BY APPLICABLE LAW, NEITHER RECIPIENT NOR ANY CONTRIBUTORS
207 | SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
208 | EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST
209 | PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
210 | CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
211 | ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE
212 | EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE
213 | POSSIBILITY OF SUCH DAMAGES.
214 | 
215 | 7. GENERAL
216 | 
217 | If any provision of this Agreement is invalid or unenforceable under
218 | applicable law, it shall not affect the validity or enforceability of
219 | the remainder of the terms of this Agreement, and without further
220 | action by the parties hereto, such provision shall be reformed to the
221 | minimum extent necessary to make such provision valid and enforceable.
222 | 
223 | If Recipient institutes patent litigation against any entity
224 | (including a cross-claim or counterclaim in a lawsuit) alleging that the
225 | Program itself (excluding combinations of the Program with other software
226 | or hardware) infringes such Recipient's patent(s), then such Recipient's
227 | rights granted under Section 2(b) shall terminate as of the date such
228 | litigation is filed.
229 | 
230 | All Recipient's rights under this Agreement shall terminate if it
231 | fails to comply with any of the material terms or conditions of this
232 | Agreement and does not cure such failure in a reasonable period of
233 | time after becoming aware of such noncompliance. If all Recipient's
234 | rights under this Agreement terminate, Recipient agrees to cease use
235 | and distribution of the Program as soon as reasonably practicable.
236 | However, Recipient's obligations under this Agreement and any licenses
237 | granted by Recipient relating to the Program shall continue and survive.
238 | 
239 | Everyone is permitted to copy and distribute copies of this Agreement,
240 | but in order to avoid inconsistency the Agreement is copyrighted and
241 | may only be modified in the following manner. The Agreement Steward
242 | reserves the right to publish new versions (including revisions) of
243 | this Agreement from time to time. No one other than the Agreement
244 | Steward has the right to modify this Agreement. The Eclipse Foundation
245 | is the initial Agreement Steward. The Eclipse Foundation may assign the
246 | responsibility to serve as the Agreement Steward to a suitable separate
247 | entity. Each new version of the Agreement will be given a distinguishing
248 | version number. The Program (including Contributions) may always be
249 | Distributed subject to the version of the Agreement under which it was
250 | received. In addition, after a new version of the Agreement is published,
251 | Contributor may elect to Distribute the Program (including its
252 | Contributions) under the new version.
253 | 
254 | Except as expressly stated in Sections 2(a) and 2(b) above, Recipient
255 | receives no rights or licenses to the intellectual property of any
256 | Contributor under this Agreement, whether expressly, by implication,
257 | estoppel or otherwise. All rights in the Program not expressly granted
258 | under this Agreement are reserved. Nothing in this Agreement is intended
259 | to be enforceable by any entity that is not a Contributor or Recipient.
260 | No third-party beneficiary rights are created under this Agreement.
261 | 
262 | Exhibit A - Form of Secondary Licenses Notice
263 | 
264 | "This Source Code may also be made available under the following
265 | Secondary Licenses when the conditions for such availability set forth
266 | in the Eclipse Public License, v. 2.0 are satisfied: {name license(s),
267 | version(s), and exceptions or additional permissions here}."
268 | 
269 |   Simply including a copy of this Agreement, including this Exhibit A
270 |   is not sufficient to license the Source Code under Secondary Licenses.
271 | 
272 |   If it is not possible or desirable to put the notice in a particular
273 |   file, then You may include the notice in a location (such as a LICENSE
274 |   file in a relevant directory) where a recipient would be likely to
275 |   look for such a notice.
276 | 
277 |   You may add additional accurate notices of copyright ownership.
278 | 


--------------------------------------------------------------------------------
/MIGRATION.md:
--------------------------------------------------------------------------------
  1 | # Huly Migration
  2 | 
  3 | This document describes the changes required to update Huly from one version to another. Most of updates require updating Docker containers versions.
  4 | Though, some updates may require updating other configuration options. In this case, you should review the updated configuration options and update them accordingly.
  5 | 
  6 | ## v0.6.501
  7 | 
  8 | No changes required.
  9 | 
 10 | ## v0.6.499
 11 | 
 12 | No changes required.
 13 | 
 14 | ## v0.6.496
 15 | 
 16 | No changes required.
 17 | 
 18 | ## v0.6.482
 19 | 
 20 | No changes required.
 21 | 
 22 | ## v0.6.471
 23 | 
 24 | ### Overview
 25 | 
 26 | The new Mail Service, supporting both SMTP and Amazon SES, has been added. If your setup currently uses the `ses` service, you'll need to migrate to the `mail` service.
 27 | 
 28 | ### Key Changes
 29 | 
 30 | - **Unified Mail Service**: The `mail` service can be configured to send emails via SMTP or Amazon SES, but not both simultaneously.
 31 | - **Migration Requirement**: Transitioning from the `ses` service to the `mail` service requires updating your `docker-compose.yaml` file.
 32 | 
 33 | ### Migration Steps
 34 | 
 35 | 1. **Update Configuration**: Replace the `ses` service with the `mail` service in your `docker-compose.yaml` file. Configure the environment variables to match your chosen email service (SMTP or SES).
 36 | 
 37 | 2. **Rename Environment Variables**: If you're using SES, update your environment variables:
 38 |    - Change `ACCESS_KEY` to `SES_ACCESS_KEY`
 39 |    - Change `SECRET_KEY` to `SES_SECRET_KEY`
 40 |    - Change `REGION` to `SES_REGION`
 41 | 
 42 | 3. **Integrate the Mail Service**: Use `MAIL_URL` instead of `SES_URL` in `transactor` and `account` containers:
 43 | 
 44 |     ```yaml
 45 |     account:
 46 |       ...
 47 |       environment:
 48 |         - MAIL_URL=http://mail:8097
 49 |       ...
 50 |     transactor:
 51 |       ...
 52 |       environment:
 53 |         - MAIL_URL=http://mail:8097
 54 |       ...
 55 |     ```
 56 | 4. **Web Push Notifications**: Add `WEB_PUSH_URL` to `transactor` container if you want to use web push notifications:
 57 |     ```yaml
 58 |     transactor:
 59 |       ...
 60 |       environment:
 61 |         - MAIL_URL=http://mail:8097
 62 |         - WEB_PUSH_URL=http://ses:3335
 63 |       ...
 64 |     ```
 65 | 
 66 | 
 67 | ## v0.6.466
 68 | 
 69 | No changes required.
 70 | 
 71 | ## v0.6.429
 72 | 
 73 | No changes required.
 74 | 
 75 | ## v0.6.424
 76 | 
 77 | Web-push keys have been moved from the `front` service to the `ses` service. If you are using the `ses` service, you will need to update the configuration:
 78 | 
 79 | ```yaml
 80 |   front:
 81 |     ...
 82 |     environment:
 83 |       ...
 84 |       # Remove the following lines
 85 |       # - PUSH_PUBLIC_KEY=your public key
 86 |       # - PUSH_PRIVATE_KEY=your private key
 87 |   ses:
 88 |     ...
 89 |     environment:
 90 |       ...
 91 |       # Add the following lines
 92 |       - PUSH_PUBLIC_KEY=your public key
 93 |       - PUSH_PRIVATE_KEY=your private key
 94 | ```
 95 | 
 96 | ## v0.6.411
 97 | 
 98 | No changes required.
 99 | 
100 | ## v0.6.405
101 | 
102 | No changes required.
103 | 
104 | ## v0.6.377
105 | 
106 | ### Fulltext Service
107 | 
108 | Fulltext search functionality has been extracted into a separate `fulltext` service. This service is now required to be running in order to use the fulltext search functionality.
109 | 
110 | Configuration:
111 | 
112 | ```yaml
113 |   fulltext:
114 |     image: hardcoreeng/fulltext:${HULY_VERSION}
115 |     ports:
116 |       - 4700:4700
117 |     environment:
118 |       - SERVER_SECRET=${HULY_SECRET}
119 |       - DB_URL=mongodb://mongodb:27017
120 |       - FULLTEXT_DB_URL=http://elastic:9200
121 |       - ELASTIC_INDEX_NAME=huly_storage_index
122 |       - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
123 |       - REKONI_URL=http://rekoni:4004
124 |       - ACCOUNTS_URL=http://account:3000
125 |       - STATS_URL=http://stats:4900
126 |     restart: unless-stopped
127 | ```
128 | 
129 | Update the `transactor` service to use the new `fulltext` service:
130 | 
131 | ```yaml
132 |   transactor:
133 |     ...
134 |     environment:
135 |       ...
136 |       - FULLTEXT_URL=http://fulltext:4700
137 |       # Remove the following lines
138 |       # - ELASTIC_URL=http://elastic:9200
139 |       # - ELASTIC_INDEX_NAME=huly_storage_index
140 |       # - REKONI_URL=http://rekoni:4004
141 | ```
142 | 
143 | ### Statistics Service
144 | 
145 | New statistics service has been added. The serivce is responsible for collecting and storing statistics about the usage of the application.
146 | 
147 | Configuration:
148 | 
149 | ```yaml
150 |   stats:
151 |     image: hardcoreeng/stats:${HULY_VERSION}
152 |     ports:
153 |       - 4900:4900
154 |     environment:
155 |       - PORT=4900
156 |       - SERVER_SECRET=${HULY_SECRET}
157 |     restart: unless-stopped
158 | ```
159 | 
160 | Other Huly services have been updated to use the new statistics service:
161 | 
162 | ```yaml
163 |   ...
164 |     environment:
165 |       - STATS_URL=http://stats:4900
166 |       ...
167 | ```
168 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Huly Self-Hosted
  2 | 
  3 | Please use this README if you want to deploy Huly on your server with `docker compose`. I'm using a Basic Droplet on Digital Ocean with Ubuntu 24.04, but these instructions can be easily adapted for any Linux distribution.
  4 | 
  5 | > [!NOTE]
  6 | > Huly is quite resource-heavy, so I recommend using a Droplet with 2 vCPUs and 4GB of RAM. Droplets with less RAM may
  7 | > stop responding or fail.
  8 | 
  9 | If you prefer Kubernetes deployment, there is a sample Kubernetes configuration under [kube](kube) directory.
 10 | 
 11 | ## Installing `nginx` and `docker`
 12 | 
 13 | First, update repositories cache:
 14 | 
 15 | ```bash
 16 | sudo apt update
 17 | ```
 18 | 
 19 | Now, install `nginx`:
 20 | 
 21 | ```bash
 22 | sudo apt install nginx
 23 | ```
 24 | 
 25 | Install docker using the [recommended method](https://docs.docker.com/engine/install/ubuntu/) from docker website.
 26 | Afterwards perform [post-installation steps](https://docs.docker.com/engine/install/linux-postinstall/). Pay attention to 3rd step with `newgrp docker` command, it needed for correct execution in setup script.
 27 | 
 28 | ## Clone the `huly-selfhost` repository and configure `nginx`
 29 | 
 30 | Next, let's clone the `huly-selfhost` repository and configure Huly.
 31 | 
 32 | ```bash
 33 | git clone https://github.com/hcengineering/huly-selfhost.git
 34 | cd huly-selfhost
 35 | ./setup.sh
 36 | ```
 37 | 
 38 | This will generate a [huly.conf](./huly.conf) file with your chosen values and create your nginx config.
 39 | 
 40 | To add the generated configuration to your Nginx setup, run the following:
 41 | 
 42 | ```bash
 43 | sudo ln -s $(pwd)/nginx.conf /etc/nginx/sites-enabled/huly.conf
 44 | ```
 45 | 
 46 | > [!NOTE]
 47 | > If you change `HOST_ADDRESS`, `SECURE`, `HTTP_PORT` or `HTTP_BIND` be sure to update your [nginx.conf](./nginx.conf)
 48 | > by running:
 49 | > ```bash
 50 | > ./nginx.sh
 51 | > ```
 52 | >You can safely execute this script after adding your custom configurations like ssl. It will only overwrite the
 53 | > necessary settings.
 54 | 
 55 | Finally, let's reload `nginx` and start Huly with `docker compose`.
 56 | 
 57 | ```bash
 58 | sudo nginx -s reload
 59 | sudo docker compose up -d
 60 | ```
 61 | 
 62 | Now, launch your web browser and enjoy Huly!
 63 | 
 64 | ## Generating Public and Private VAPID keys for front-end
 65 | 
 66 | You'll need `Node.js` installed on your machine. Installing `npm` on Debian based distro:
 67 | 
 68 | ```
 69 | sudo apt-get install npm
 70 | ```
 71 | 
 72 | Install web-push using npm
 73 | 
 74 | ```bash
 75 | sudo npm install -g web-push
 76 | ```
 77 | 
 78 | Generate VAPID Keys. Run the following command to generate a VAPID key pair:
 79 | 
 80 | ```
 81 | web-push generate-vapid-keys
 82 | ```
 83 | 
 84 | It will generate both keys that looks like this:
 85 | 
 86 | ```bash
 87 | =======================================
 88 | 
 89 | Public Key:
 90 | sdfgsdgsdfgsdfggsdf
 91 | 
 92 | Private Key:
 93 | asdfsadfasdfsfd
 94 | 
 95 | =======================================
 96 | ```
 97 | 
 98 | Keep these keys secure, as you will need them to set up your push notification service on the server.
 99 | 
100 | Add these keys into `compose.yaml` in section `services:ses:environment`:
101 | 
102 | ```yaml
103 | - PUSH_PUBLIC_KEY=your public key
104 | - PUSH_PRIVATE_KEY=your private key
105 | ```
106 | 
107 | ## Mail Service
108 | 
109 | The Mail Service is responsible for sending email notifications and confirmation emails during user login or signup processes. It can be configured to send emails through either an SMTP server or Amazon SES (Simple Email Service), but not both at the same time.
110 | 
111 | ### General Configuration
112 | 
113 | 1. Add the `mail` container to the `docker-compose.yaml` file. Specify the email address you will use to send emails as "SOURCE":
114 | 
115 |     ```yaml
116 |     mail:
117 |       image: hardcoreeng/mail:v0.6.501
118 |       container_name: mail
119 |       ports:
120 |         - 8097:8097
121 |       environment:
122 |         - PORT=8097
123 |         - SOURCE=<EMAIL_FROM>
124 |       restart: unless-stopped
125 |     ```
126 | 
127 | 2. Add the mail container URL to the `transactor` and `account` containers:
128 | 
129 |     ```yaml
130 |     account:
131 |       ...
132 |       environment:
133 |         - MAIL_URL=http://mail:8097
134 |       ...
135 |     transactor:
136 |       ...
137 |       environment:
138 |         - MAIL_URL=http://mail:8097
139 |       ...
140 |     ```
141 | 
142 | 3. In `Settings -> Notifications`, set up email notifications for the events you want to be notified about. Note that this is a user-specific setting, not company-wide; each user must set up their own notification preferences.
143 | 
144 | ### SMTP Configuration
145 | 
146 | To integrate with an external SMTP server, update the `docker-compose.yaml` file with the following environment variables:
147 | 
148 | 1. Add SMTP configuration to the environment section:
149 | 
150 |     ```yaml
151 |     mail:
152 |       ...
153 |       environment:
154 |         ...
155 |         - SMTP_HOST=<SMTP_SERVER_URL>
156 |         - SMTP_PORT=<SMTP_SERVER_PORT>
157 |         - SMTP_USERNAME=<SMTP_USER>
158 |         - SMTP_PASSWORD=<SMTP_PASSWORD>
159 |     ```
160 | 
161 | 2. Replace `<SMTP_SERVER_URL>` and `<SMTP_SERVER_PORT>` with your SMTP server's hostname and port. It's recommended to use a secure port, such as `587`.
162 | 
163 | 3. Replace `<SMTP_USER>` and `<SMTP_PASSWORD>` with credentials for an account that can send emails via your SMTP server. If your service provider supports it, consider using an application API key as `<SMTP_USER>` and a token as `<SMTP_PASSWORD>` for enhanced security.
164 | 
165 | ### Amazon SES Configuration
166 | 
167 | 1. Set up Amazon Simple Email Service in AWS: [AWS SES Setup Guide](https://docs.aws.amazon.com/ses/latest/dg/setting-up.html)
168 | 
169 | 2. Create a new IAM policy with the following permissions:
170 | 
171 |     ```json
172 |     {
173 |       "Version": "2012-10-17",
174 |       "Statement": [
175 |         {
176 |           "Effect": "Allow",
177 |           "Action": [
178 |             "ses:SendEmail",
179 |             "ses:SendRawEmail"
180 |           ],
181 |           "Resource": "*"
182 |         }
183 |       ]
184 |     }
185 |     ```
186 | 
187 | 3. Create a separate IAM user for SES API access, assigning the newly created policy to this user.
188 | 
189 | 4. Configure SES environment variables in the `mail` container:
190 | 
191 |     ```yaml
192 |     mail:
193 |       ...
194 |       environment:
195 |         ...
196 |         - SES_ACCESS_KEY=<SES_ACCESS_KEY>
197 |         - SES_SECRET_KEY=<SES_SECRET_KEY>
198 |         - SES_REGION=<SES_REGION>
199 |     ```
200 | 
201 | ### Notes
202 | 
203 | 1. SMTP and SES configurations cannot be used simultaneously.
204 | 2. `SES_URL` is not supported in version v0.6.470 and later, please use `MAIL_URL` instead.
205 | 
206 | 
207 | ## Love Service (Audio & Video calls)
208 | 
209 | Huly audio and video calls are created on top of LiveKit insfrastructure. In order to use Love service in your
210 | self-hosted Huly, perform the following steps:
211 | 
212 | 1. Set up [LiveKit Cloud](https://cloud.livekit.io) account
213 | 2. Add `love` container to the docker-compose.yaml
214 | 
215 |     ```yaml
216 |       love:
217 |         image: hardcoreeng/love:v0.6.501
218 |         container_name: love
219 |         ports:
220 |           - 8096:8096
221 |         environment:
222 |           - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
223 |           - SECRET=secret
224 |           - ACCOUNTS_URL=http://account:3000
225 |           - DB_URL=mongodb://mongodb:27017
226 |           - MONGO_URL=mongodb://mongodb:27017
227 |           - STORAGE_PROVIDER_NAME=minio
228 |           - PORT=8096
229 |           - LIVEKIT_HOST=<LIVEKIT_HOST>
230 |           - LIVEKIT_API_KEY=<LIVEKIT_API_KEY>
231 |           - LIVEKIT_API_SECRET=<LIVEKIT_API_SECRET>
232 |         restart: unless-stopped
233 |     ```
234 | 
235 | 3. Configure `front` service:
236 | 
237 |     ```yaml
238 |       front:
239 |         ...
240 |         environment:
241 |           - LIVEKIT_WS=<LIVEKIT_HOST>
242 |           - LOVE_ENDPOINT=http://love:8096
243 |         ...
244 |     ```
245 | 
246 | ## AI Service
247 | 
248 | Huly provides AI-powered chatbot that provides several services:
249 | 
250 | - chat with AI
251 | - text message translations in the chat
252 | - live translations for virtual office voice and video chats
253 | 
254 | 1. Set up OpenAI account
255 | 2. Add `aibot` container to the docker-compose.yaml
256 | 
257 |     ```yaml
258 |       aibot:
259 |         image: hardcoreeng/ai-bot:v0.6.501
260 |         ports:
261 |           - 4010:4010
262 |         environment:
263 |           - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
264 |           - SERVER_SECRET=secret
265 |           - ACCOUNTS_URL=http://account:3000
266 |           - DB_URL=mongodb://mongodb:27017
267 |           - MONGO_URL=mongodb://mongodb:27017
268 |           - STATS_URL=http://stats:4900
269 |           - FIRST_NAME=Bot
270 |           - LAST_NAME=Huly AI
271 |           - PASSWORD=<PASSWORD>
272 |           - OPENAI_API_KEY=<OPENAI_API_KEY>
273 |           - OPENAI_BASE_URL=<OPENAI_BASE_URL>
274 |           # optional if you use love service
275 |           - LOVE_ENDPOINT=http://love:8096
276 |         restart: unless-stopped
277 |     ```
278 | 
279 | 3. Configure `front` service:
280 | 
281 |     ```yaml
282 |       front:
283 |         ...
284 |         environment:
285 |           # this should be available outside of the cluster
286 |           - AI_URL=http://aibot:4010
287 |         ...
288 |     ```
289 | 
290 | 4. Configure `transactor` service:
291 | 
292 |     ```yaml
293 |       transactor:
294 |         ...
295 |         environment:
296 |           # this should be available inside of the cluster
297 |           - AI_BOT_URL=http://aibot:4010
298 |         ...
299 |     ```
300 | 
301 | ## Configure OpenID Connect (OIDC)
302 | 
303 | You can configure a Huly instance to authorize users (sign-in/sign-up) using an OpenID Connect identity provider (IdP).
304 | 
305 | ### On the IdP side
306 | 1. Create a new OpenID application.
307 |    * Use `{huly_account_svc}/auth/openid/callback` as the sign-in redirect URI. The `huly_account_svc` is the hostname for the account service of the deployment, which should be accessible externally from the client/browser side. In the provided example setup, the account service runs on port 3000.
308 | 
309 |    **URI Example:**
310 |    - `http://huly.mydomain.com:3000/auth/openid/callback`
311 | 
312 | 2. Configure user access to the application as needed.
313 | 
314 | ### On the Huly side
315 | 
316 | For the account service, set the following environment variables as provided by the IdP:
317 | 
318 | * OPENID_CLIENT_ID
319 | * OPENID_CLIENT_SECRET
320 | * OPENID_ISSUER
321 | 
322 | Ensure you have configured or add the following environment variable to the front service:
323 | 
324 | * ACCOUNTS_URL (This should contain the URL of the account service, accessible from the client side.)
325 | 
326 | You will need to expose your account service port (e.g. 3000) in your nginx.conf.
327 | 
328 | Note: Once all the required environment variables are configured, you will see an additional button on the
329 | sign-in/sign-up pages.
330 | 
331 | ## Configure GitHub OAuth
332 | 
333 | You can also configure a Huly instance to use GitHub OAuth for user authorization (sign-in/sign-up).
334 | 
335 | ### On the GitHub side
336 | 1. Create a new GitHub OAuth application.
337 |    * Use `{huly_account_svc}/auth/github/callback` as the sign-in redirect URI. The `huly_account_svc` is the hostname for the account service of the deployment, which should be accessible externally from the client/browser side. In the provided example setup, the account service runs on port 3000.
338 | 
339 |    **URI Example:**
340 |    - `http://huly.mydomain.com:3000/auth/github/callback`
341 | 
342 | ### On the Huly side
343 | 
344 | Specify the following environment variables for the account service:
345 | 
346 | * `GITHUB_CLIENT_ID`
347 | * `GITHUB_CLIENT_SECRET`
348 | 
349 | Ensure you have configured or add the following environment variable to the front service:
350 | 
351 | * `ACCOUNTS_URL` (The URL of the account service, accessible from the client side.)
352 | 
353 | You will need to expose your account service port (e.g. 3000) in your nginx.conf.
354 | 
355 | Notes:
356 | 
357 | * The `ISSUER` environment variable is not required for GitHub OAuth.
358 | * Once all the required environment variables are configured, you will see an additional button on the sign-in/sign-up
359 |   pages.
360 | 
361 | ## Disable Sign-Up
362 | 
363 | You can disable public sign-ups for a deployment. When configured, sign-ups will only be permitted through an invite
364 | link to a specific workspace.
365 | 
366 | To implement this, set the following environment variable for both the front and account services:
367 | 
368 | ```yaml
369 |   account:
370 |     # ...
371 |     environment:
372 |       - DISABLE_SIGNUP=true
373 |     # ...
374 |   front:
375 |     # ...
376 |     environment:
377 |       - DISABLE_SIGNUP=true
378 |     # ...
379 | ```
380 | 
381 | _Note: When setting up a new deployment, either create the initial account before disabling sign-ups or use the
382 | development tool to create the first account._
383 | 


--------------------------------------------------------------------------------
/compose.yml:
--------------------------------------------------------------------------------
  1 | name: ${DOCKER_NAME}
  2 | version: "3"
  3 | services:
  4 |   nginx:
  5 |     image: "nginx:1.21.3"
  6 |     ports:
  7 |       - "${HTTP_BIND}:${HTTP_PORT}:80"
  8 |     volumes:
  9 |       - ./.huly.nginx:/etc/nginx/conf.d/default.conf
 10 |     restart: unless-stopped
 11 | 
 12 |   mongodb:
 13 |     image: "mongo:7-jammy"
 14 |     environment:
 15 |       - PUID=1000
 16 |       - PGID=1000
 17 |     volumes:
 18 |       - db:/data/db
 19 |     restart: unless-stopped
 20 | 
 21 |   minio:
 22 |     image: "minio/minio"
 23 |     command: server /data --address ":9000" --console-address ":9001"
 24 |     volumes:
 25 |       - files:/data
 26 |     restart: unless-stopped
 27 | 
 28 |   elastic:
 29 |     image: "elasticsearch:7.14.2"
 30 |     command: |
 31 |       /bin/sh -c "./bin/elasticsearch-plugin list | grep -q ingest-attachment || yes | ./bin/elasticsearch-plugin install --silent ingest-attachment;
 32 |       /usr/local/bin/docker-entrypoint.sh eswrapper"
 33 |     volumes:
 34 |       - elastic:/usr/share/elasticsearch/data
 35 |     environment:
 36 |       - ELASTICSEARCH_PORT_NUMBER=9200
 37 |       - BITNAMI_DEBUG=true
 38 |       - discovery.type=single-node
 39 |       - ES_JAVA_OPTS=-Xms1024m -Xmx1024m
 40 |       - http.cors.enabled=true
 41 |       - http.cors.allow-origin=http://localhost:8082
 42 |     healthcheck:
 43 |       interval: 20s
 44 |       retries: 10
 45 |       test: curl -s http://localhost:9200/_cluster/health | grep -vq '"status":"red"'
 46 |     restart: unless-stopped
 47 | 
 48 |   rekoni:
 49 |     image: hardcoreeng/rekoni-service:${HULY_VERSION}
 50 |     environment:
 51 |       - SECRET=${SECRET}
 52 |     deploy:
 53 |       resources:
 54 |         limits:
 55 |           memory: 500M
 56 |     restart: unless-stopped
 57 | 
 58 |   transactor:
 59 |     image: hardcoreeng/transactor:${HULY_VERSION}
 60 |     environment:
 61 |       - SERVER_PORT=3333
 62 |       - SERVER_SECRET=${SECRET}
 63 |       - SERVER_CURSOR_MAXTIMEMS=30000
 64 |       - DB_URL=mongodb://mongodb:27017
 65 |       - MONGO_URL=mongodb://mongodb:27017
 66 |       - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
 67 |       - FRONT_URL=http://localhost:8087
 68 |       - ACCOUNTS_URL=http://account:3000
 69 |       - FULLTEXT_URL=http://fulltext:4700
 70 |       - STATS_URL=http://stats:4900
 71 |       - LAST_NAME_FIRST=${LAST_NAME_FIRST:-true}
 72 |     restart: unless-stopped
 73 | 
 74 |   collaborator:
 75 |     image: hardcoreeng/collaborator:${HULY_VERSION}
 76 |     environment:
 77 |       - COLLABORATOR_PORT=3078
 78 |       - SECRET=${SECRET}
 79 |       - ACCOUNTS_URL=http://account:3000
 80 |       - DB_URL=mongodb://mongodb:27017
 81 |       - STATS_URL=http://stats:4900
 82 |       - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
 83 |     restart: unless-stopped
 84 | 
 85 |   account:
 86 |     image: hardcoreeng/account:${HULY_VERSION}
 87 |     environment:
 88 |       - SERVER_PORT=3000
 89 |       - SERVER_SECRET=${SECRET}
 90 |       - DB_URL=mongodb://mongodb:27017
 91 |       - MONGO_URL=mongodb://mongodb:27017
 92 |       - TRANSACTOR_URL=ws://transactor:3333;ws${SECURE:+s}://${HOST_ADDRESS}/_transactor
 93 |       - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
 94 |       - FRONT_URL=http://front:8080
 95 |       - STATS_URL=http://stats:4900
 96 |       - MODEL_ENABLED=*
 97 |       - ACCOUNTS_URL=http://localhost:3000
 98 |       - ACCOUNT_PORT=3000
 99 |     restart: unless-stopped
100 | 
101 |   workspace:
102 |     image: hardcoreeng/workspace:${HULY_VERSION}
103 |     environment:
104 |       - SERVER_SECRET=${SECRET}
105 |       - DB_URL=mongodb://mongodb:27017
106 |       - MONGO_URL=mongodb://mongodb:27017
107 |       - TRANSACTOR_URL=ws://transactor:3333;ws${SECURE:+s}://${HOST_ADDRESS}/_transactor
108 |       - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
109 |       - MODEL_ENABLED=*
110 |       - ACCOUNTS_URL=http://account:3000
111 |       - STATS_URL=http://stats:4900
112 |     restart: unless-stopped
113 | 
114 |   front:
115 |     image: hardcoreeng/front:${HULY_VERSION}
116 |     environment:
117 |       - SERVER_PORT=8080
118 |       - SERVER_SECRET=${SECRET}
119 |       - LOVE_ENDPOINT=http${SECURE:+s}://${HOST_ADDRESS}/_love
120 |       - ACCOUNTS_URL=http${SECURE:+s}://${HOST_ADDRESS}/_accounts
121 |       - REKONI_URL=http${SECURE:+s}://${HOST_ADDRESS}/_rekoni
122 |       - CALENDAR_URL=http${SECURE:+s}://${HOST_ADDRESS}/_calendar
123 |       - GMAIL_URL=http${SECURE:+s}://${HOST_ADDRESS}/_gmail
124 |       - TELEGRAM_URL=http${SECURE:+s}://${HOST_ADDRESS}/_telegram
125 |       - STATS_URL=http${SECURE:+s}://${HOST_ADDRESS}/_stats
126 |       - UPLOAD_URL=/files
127 |       - ELASTIC_URL=http://elastic:9200
128 |       - COLLABORATOR_URL=ws${SECURE:+s}://${HOST_ADDRESS}/_collaborator
129 |       - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
130 |       - DB_URL=mongodb://mongodb:27017
131 |       - MONGO_URL=mongodb://mongodb:27017
132 |       - TITLE=${TITLE:-Huly Self Host}
133 |       - DEFAULT_LANGUAGE=${DEFAULT_LANGUAGE:-en}
134 |       - LAST_NAME_FIRST=${LAST_NAME_FIRST:-true}
135 |       - DESKTOP_UPDATES_CHANNEL=selfhost
136 |     restart: unless-stopped
137 | 
138 |   fulltext:
139 |     image: hardcoreeng/fulltext:${HULY_VERSION}
140 |     environment:
141 |       - SERVER_SECRET=${SECRET}
142 |       - DB_URL=mongodb://mongodb:27017
143 |       - FULLTEXT_DB_URL=http://elastic:9200
144 |       - ELASTIC_INDEX_NAME=huly_storage_index
145 |       - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
146 |       - REKONI_URL=http://rekoni:4004
147 |       - ACCOUNTS_URL=http://account:3000
148 |       - STATS_URL=http://stats:4900
149 |     restart: unless-stopped
150 | 
151 |   stats:
152 |     image: hardcoreeng/stats:${HULY_VERSION}
153 |     environment:
154 |       - PORT=4900
155 |       - SERVER_SECRET=${SECRET}
156 |     restart: unless-stopped
157 | volumes:
158 |   db:
159 |   elastic:
160 |   files:


--------------------------------------------------------------------------------
/kube/QUICKSTART.md:
--------------------------------------------------------------------------------
 1 | # Quick Start with Kind
 2 | > [!NOTE]
 3 | > kind does not require kubectl, but you will not be able to perform some of the examples in our docs without it. To install kubectl see the upstream kubectl installation docs.
 4 | 
 5 | ## Install 
 6 | 
 7 | **macOS:**
 8 | ```bash
 9 | # For Intel Macs
10 | [ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.26.0/kind-darwin-amd64
11 | # For M1 / ARM Macs
12 | [ $(uname -m) = arm64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.26.0/kind-darwin-arm64
13 | chmod +x ./kind
14 | mv ./kind /some-dir-in-your-PATH/kind
15 | ```
16 | 
17 | **Linux:**
18 | ```bash
19 | # For AMD64 / x86_64
20 | [ $(uname -m) = x86_64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.26.0/kind-linux-amd64
21 | # For ARM64
22 | [ $(uname -m) = aarch64 ] && curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.26.0/kind-linux-arm64
23 | chmod +x ./kind
24 | sudo mv ./kind /usr/local/bin/kind
25 | ```
26 | 
27 | ## Setup cluster with port forwarding 
28 | 
29 | > [!NOTE]
30 | > On the host computer, `localhost:80` should be accessible.
31 | 
32 | ```bash
33 | cat <<EOF | kind create cluster --config=-
34 | kind: Cluster
35 | apiVersion: kind.x-k8s.io/v1alpha4
36 | nodes:
37 | - role: control-plane
38 |   extraPortMappings:
39 |   - containerPort: 80
40 |     hostPort: 80
41 |     protocol: TCP
42 |   - containerPort: 443
43 |     hostPort: 443
44 |     protocol: TCP
45 | EOF
46 | ```
47 | 
48 | Deploy the ingress nginx controller:
49 | ```bash
50 | kubectl apply -f https://kind.sigs.k8s.io/examples/ingress/deploy-ingress-nginx.yaml
51 | ```
52 | 
53 | Wait the nginx controller to be ready:
54 | ```bash
55 | kubectl wait --namespace ingress-nginx \
56 |   --for=condition=ready pod \
57 |   --selector=app.kubernetes.io/component=controller \
58 |   --timeout=90s
59 | ```
60 | 
61 | Add host entries to be able to work with ingresses from the host machine:
62 | ```bash
63 | sudo cp -p /etc/hosts /tmp/hosts
64 | echo "127.0.0.1       huly.example" | sudo tee -a /etc/hosts
65 | echo "127.0.0.1       account.huly.example" | sudo tee -a /etc/hosts
66 | ```
67 | 
68 | Deploy Huly with `kubectl`:
69 | 
70 | ```bash
71 | kubectl apply -R -f .
72 | ```
73 | 
74 | Wait until the front app is coming up:
75 | ```bash
76 | kubectl wait --for=condition=Avaiable deployment/front --timeout 3m
77 | ```
78 | 
79 | Now, launch your web and and (enjoy Huly!)[http://huly.example]!
80 | 
81 | 
82 | ## Cleanup
83 | 
84 | Restore hosts file:
85 | ```bash
86 | sudo mv /tmp/hosts /etc/hosts
87 | ```
88 | 
89 | Cleanup Huly:
90 | ```bash
91 | kubectl delete -R -f .
92 | ```
93 | 
94 | Delete kind cluster:
95 | ```bash
96 | kind delete cluster
97 | ```


--------------------------------------------------------------------------------
/kube/README.md:
--------------------------------------------------------------------------------
 1 | # Huly Kubernetes Deployment
 2 | 
 3 | This folder contains a sample configuration for Huly Kubernetes deployment.
 4 | 
 5 | ## Requires
 6 | 
 7 | Requires a working kubernetes cluster with min one node. Each node should have min 2 vCPUs and 4GB of RAM.
 8 | 
 9 | If you don't have any k8s cluster, consider using the [kind setup](QUICKSTART.md).
10 | 
11 | ## Check and update configuration
12 | 
13 | Huly deployment configuration is located in [config.yaml](config/config.yaml) and [secret.yaml](config/secret.yaml) files.
14 | The sample configuration assume that Huly is available on huly.example hostname with dedicated hostname per service.
15 | 
16 | ## Deploy Huly to Kubernetes
17 | 
18 | Deploy Huly with `kubectl`.
19 | 
20 | ```bash
21 | kubectl apply -R -f .
22 | ```
23 | 
24 | Now, launch your web browser and enjoy Huly!
25 | 


--------------------------------------------------------------------------------
/kube/account/account-deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   labels:
 5 |     app: account
 6 |   name: account
 7 | spec:
 8 |   replicas: 1
 9 |   selector:
10 |     matchLabels:
11 |       app: account
12 |   template:
13 |     metadata:
14 |       labels:
15 |         app: account
16 |     spec:
17 |       containers:
18 |         - env:
19 |             - name: ACCOUNTS_URL
20 |               valueFrom:
21 |                 configMapKeyRef:
22 |                   name: huly-config
23 |                   key: ACCOUNTS_URL
24 |             - name: ACCOUNT_PORT
25 |               value: '3000'
26 |             - name: FRONT_URL
27 |               valueFrom:
28 |                 configMapKeyRef:
29 |                   name: huly-config
30 |                   key: FRONT_URL
31 |             - name: STATS_URL
32 |               value: http://stats
33 |             - name: STORAGE_CONFIG
34 |               valueFrom:
35 |                 secretKeyRef:
36 |                   name: huly-secret
37 |                   key: STORAGE_CONFIG
38 |             - name: MODEL_ENABLED
39 |               value: '*'
40 |             - name: DB_URL
41 |               valueFrom:
42 |                 configMapKeyRef:
43 |                   name: huly-config
44 |                   key: MONGO_URL
45 |             - name: MONGO_URL
46 |               valueFrom:
47 |                 configMapKeyRef:
48 |                   name: huly-config
49 |                   key: MONGO_URL
50 |             - name: SERVER_SECRET
51 |               valueFrom:
52 |                 secretKeyRef:
53 |                   name: huly-secret
54 |                   key: SERVER_SECRET
55 |             - name: TRANSACTOR_URL
56 |               valueFrom:
57 |                 configMapKeyRef:
58 |                   name: huly-config
59 |                   key: TRANSACTOR_URL
60 |           image: hardcoreeng/account:v0.6.501
61 |           name: account
62 |           ports:
63 |             - containerPort: 3000
64 |           resources:
65 |             limits:
66 |               memory: "512M"
67 |       restartPolicy: Always
68 | 


--------------------------------------------------------------------------------
/kube/account/account-ingress.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1
 2 | kind: Ingress
 3 | metadata:
 4 |   annotations:
 5 |     kubernetes.io/ingress.class: nginx
 6 |   labels:
 7 |     app: account
 8 |   name: account
 9 | spec:
10 |   ingressClassName: nginx
11 |   rules:
12 |     - host: account.huly.example
13 |       http:
14 |         paths:
15 |           - backend:
16 |               service:
17 |                 name: account
18 |                 port:
19 |                   number: 80
20 |             path: /
21 |             pathType: Prefix
22 | 


--------------------------------------------------------------------------------
/kube/account/account-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   labels:
 5 |     app: account
 6 |   name: account
 7 | spec:
 8 |   ports:
 9 |     - port: 80
10 |       targetPort: 3000
11 |   selector:
12 |     app: account
13 | 


--------------------------------------------------------------------------------
/kube/collaborator/collaborator-deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   labels:
 5 |     app: collaborator
 6 |   name: collaborator
 7 | spec:
 8 |   replicas: 1
 9 |   selector:
10 |     matchLabels:
11 |       app: collaborator
12 |   template:
13 |     metadata:
14 |       labels:
15 |         app: collaborator
16 |     spec:
17 |       containers:
18 |         - env:
19 |             - name: ACCOUNTS_URL
20 |               value: http://account
21 |             - name: STATS_URL
22 |               value: http://stats
23 |             - name: COLLABORATOR_PORT
24 |               value: "3078"
25 |             - name: STORAGE_CONFIG
26 |               valueFrom:
27 |                 secretKeyRef:
28 |                   name: huly-secret
29 |                   key: STORAGE_CONFIG
30 |             - name: SECRET
31 |               valueFrom:
32 |                 secretKeyRef:
33 |                   name: huly-secret
34 |                   key: SERVER_SECRET
35 |           image: hardcoreeng/collaborator:v0.6.501
36 |           name: collaborator
37 |           ports:
38 |             - containerPort: 3078
39 |           resources:
40 |             limits:
41 |               memory: '512M'
42 |       restartPolicy: Always
43 | 


--------------------------------------------------------------------------------
/kube/collaborator/collaborator-ingress.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1
 2 | kind: Ingress
 3 | metadata:
 4 |   annotations:
 5 |     kubernetes.io/ingress.class: nginx
 6 |   labels:
 7 |     app: collaborator
 8 |   name: collaborator
 9 | spec:
10 |   ingressClassName: nginx
11 |   rules:
12 |     - host: collaborator.huly.example
13 |       http:
14 |         paths:
15 |           - backend:
16 |               service:
17 |                 name: collaborator
18 |                 port:
19 |                   number: 80
20 |             path: /
21 |             pathType: Prefix
22 | 


--------------------------------------------------------------------------------
/kube/collaborator/collaborator-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   labels:
 5 |     app: collaborator
 6 |   name: collaborator
 7 | spec:
 8 |   ports:
 9 |     - port: 80
10 |       targetPort: 3078
11 |   selector:
12 |     app: collaborator
13 | 


--------------------------------------------------------------------------------
/kube/config/config.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   name: huly-config
 5 | data:
 6 |   ACCOUNTS_URL: 'http://account.huly.example/'
 7 |   COLLABORATOR_URL: 'ws://collaborator.huly.example/'
 8 |   FRONT_URL: 'http://huly.example'
 9 |   REKONI_URL: 'http://rekoni.huly.example/'
10 |   STATS_URL: 'http://stats.huly.example/'
11 |   TRANSACTOR_URL: 'ws://transactor;ws://transactor.huly.example/'
12 |   MINIO_ENDPOINT: 'minio'
13 |   MONGO_URL: 'mongodb://mongodb:27017'
14 |   ELASTIC_URL: 'http://elastic:9200'
15 |   ELASTIC_INDEX_NAME: 'huly_storage_index'
16 | 


--------------------------------------------------------------------------------
/kube/config/secret.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Secret
3 | metadata:
4 |   name: huly-secret
5 | type: Opaque
6 | stringData:
7 |   SERVER_SECRET: secret
8 |   STORAGE_CONFIG: minio|minio?accessKey=minioadmin&secretKey=minioadmin
9 | 


--------------------------------------------------------------------------------
/kube/elastic/elastic-deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   labels:
 5 |     app: elastic
 6 |   name: elastic
 7 | spec:
 8 |   replicas: 1
 9 |   selector:
10 |     matchLabels:
11 |       app: elastic
12 |   strategy:
13 |     type: Recreate
14 |   template:
15 |     metadata:
16 |       labels:
17 |         app: elastic
18 |     spec:
19 |       securityContext:
20 |         runAsUser: 1000
21 |         runAsGroup: 1000
22 |         fsGroup: 1000
23 |       containers:
24 |         - args:
25 |             - /bin/sh
26 |             - -c
27 |             - |-
28 |               chown -R 1000:1000 /usr/share/elasticsearch/data;
29 |               apt-get update && apt-get install -y curl;
30 |               ./bin/elasticsearch-plugin list | grep -q ingest-attachment || yes | ./bin/elasticsearch-plugin install --silent ingest-attachment;
31 |               /usr/local/bin/docker-entrypoint.sh eswrapper
32 |           env:
33 |             - name: BITNAMI_DEBUG
34 |               value: "true"
35 |             - name: ELASTICSEARCH_PORT_NUMBER
36 |               value: "9200"
37 |             - name: ES_JAVA_OPTS
38 |               value: -Xms1024m -Xmx1024m
39 |             - name: discovery.type
40 |               value: single-node
41 |             - name: http.cors.allow-origin
42 |               value: http://localhost:8082
43 |             - name: http.cors.enabled
44 |               value: "true"
45 |           image: elasticsearch:7.14.2
46 |           livenessProbe:
47 |             exec:
48 |               command:
49 |                 - /bin/sh
50 |                 - -c
51 |                 - curl -s http://localhost:9200/_cluster/health | grep -vq '"status":"red"'
52 |             initialDelaySeconds: 60
53 |             periodSeconds: 20
54 |             failureThreshold: 10
55 |           name: elastic
56 |           ports:
57 |             - containerPort: 9200
58 |               hostPort: 9200
59 |               protocol: TCP
60 |           volumeMounts:
61 |             - mountPath: /usr/share/elasticsearch/data
62 |               name: elastic
63 |       restartPolicy: Always
64 |       volumes:
65 |         - name: elastic
66 |           persistentVolumeClaim:
67 |             claimName: elastic


--------------------------------------------------------------------------------
/kube/elastic/elastic-persistentvolumeclaim.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: PersistentVolumeClaim
 3 | metadata:
 4 |   labels:
 5 |     app: elastic
 6 |   name: elastic
 7 | spec:
 8 |   accessModes:
 9 |     - ReadWriteOnce
10 |   resources:
11 |     requests:
12 |       storage: 100Mi
13 | 


--------------------------------------------------------------------------------
/kube/elastic/elastic-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   annotations:
 5 |   labels:
 6 |     app: elastic
 7 |   name: elastic
 8 | spec:
 9 |   ports:
10 |     - name: "9200"
11 |       port: 9200
12 |       targetPort: 9200
13 |   selector:
14 |     app: elastic
15 | 


--------------------------------------------------------------------------------
/kube/front/front-deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   labels:
 5 |     app: front
 6 |   name: front
 7 | spec:
 8 |   replicas: 1
 9 |   selector:
10 |     matchLabels:
11 |       app: front
12 |   template:
13 |     metadata:
14 |       labels:
15 |         app: front
16 |     spec:
17 |       containers:
18 |         - env:
19 |             - name: ACCOUNTS_URL
20 |               valueFrom:
21 |                 configMapKeyRef:
22 |                   name: huly-config
23 |                   key: ACCOUNTS_URL
24 |             - name: CALENDAR_URL
25 |               value: http://calendar
26 |             - name: COLLABORATOR_URL
27 |               valueFrom:
28 |                 configMapKeyRef:
29 |                   name: huly-config
30 |                   key: COLLABORATOR_URL
31 |             - name: DEFAULT_LANGUAGE
32 |               value: en
33 |             - name: ELASTIC_URL
34 |               valueFrom:
35 |                 configMapKeyRef:
36 |                   name: huly-config
37 |                   key: ELASTIC_URL
38 |             - name: GMAIL_URL
39 |               value: http://gmail:8088
40 |             - name: STORAGE_CONFIG
41 |               valueFrom:
42 |                 secretKeyRef:
43 |                   name: huly-secret
44 |                   key: STORAGE_CONFIG
45 |             - name: MONGO_URL
46 |               valueFrom:
47 |                 configMapKeyRef:
48 |                   name: huly-config
49 |                   key: MONGO_URL
50 |             - name: REKONI_URL
51 |               valueFrom:
52 |                 configMapKeyRef:
53 |                   name: huly-config
54 |                   key: REKONI_URL
55 |             - name: SERVER_PORT
56 |               value: "8080"
57 |             - name: SERVER_SECRET
58 |               valueFrom:
59 |                 secretKeyRef:
60 |                   name: huly-secret
61 |                   key: SERVER_SECRET
62 |             - name: TELEGRAM_URL
63 |               value: http://telegram:8086
64 |             - name: TITLE
65 |               value: Huly Self Hosted
66 |             - name: UPLOAD_URL
67 |               value: /files
68 |             - name: STATS_URL
69 |               value: http://stats
70 |             - name: DESKTOP_UPDATES_CHANNEL
71 |               value: selfhost
72 |           image: hardcoreeng/front:v0.6.501
73 |           name: front
74 |           ports:
75 |             - containerPort: 8080
76 |       restartPolicy: Always
77 | 


--------------------------------------------------------------------------------
/kube/front/front-ingress.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1
 2 | kind: Ingress
 3 | metadata:
 4 |   annotations:
 5 |     kubernetes.io/ingress.class: nginx
 6 |   labels:
 7 |     app: front
 8 |   name: front
 9 | spec:
10 |   ingressClassName: nginx
11 |   rules:
12 |     - host: huly.example
13 |       http:
14 |         paths:
15 |           - backend:
16 |               service:
17 |                 name: front
18 |                 port:
19 |                   number: 80
20 |             path: /
21 |             pathType: Prefix
22 | 


--------------------------------------------------------------------------------
/kube/front/front-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   labels:
 5 |     app: front
 6 |   name: front
 7 | spec:
 8 |   ports:
 9 |     - port: 80
10 |       targetPort: 8080
11 |   selector:
12 |     app: front
13 | 


--------------------------------------------------------------------------------
/kube/fulltext/fulltext-deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   labels:
 5 |     app: fulltext
 6 |   name: fulltext
 7 | spec:
 8 |   replicas: 1
 9 |   selector:
10 |     matchLabels:
11 |       app: fulltext
12 |   template:
13 |     metadata:
14 |       labels:
15 |         app: fulltext
16 |     spec:
17 |       containers:
18 |         - env:
19 |             - name: SERVER_SECRET
20 |               valueFrom:
21 |                 secretKeyRef:
22 |                   name: huly-secret
23 |                   key: SERVER_SECRET
24 |             - name: DB_URL
25 |               valueFrom:
26 |                 configMapKeyRef:
27 |                   name: huly-config
28 |                   key: MONGO_URL
29 |             - name: FULLTEXT_DB_URL
30 |               valueFrom:
31 |                 configMapKeyRef:
32 |                   name: huly-config
33 |                   key: ELASTIC_URL
34 |             - name: ELASTIC_INDEX_NAME
35 |               valueFrom:
36 |                 configMapKeyRef:
37 |                   name: huly-config
38 |                   key: ELASTIC_INDEX_NAME
39 |             - name: STORAGE_CONFIG
40 |               valueFrom:
41 |                 secretKeyRef:
42 |                   name: huly-secret
43 |                   key: STORAGE_CONFIG
44 |             - name: REKONI_URL
45 |               value: http://rekoni
46 |             - name: ACCOUNTS_URL
47 |               value: http://account
48 |             - name: STATS_URL
49 |               value: http://stats
50 |           image: hardcoreeng/fulltext:v0.6.501
51 |           name: fulltext
52 |           ports:
53 |             - containerPort: 4700
54 |               hostPort: 4700
55 |               protocol: TCP
56 |           resources:
57 |             limits:
58 |               memory: "512M"
59 |       restartPolicy: Always
60 | 


--------------------------------------------------------------------------------
/kube/fulltext/fulltext-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   labels:
 5 |     app: fulltext
 6 |   name: fulltext
 7 | spec:
 8 |   ports:
 9 |     - port: 80
10 |       targetPort: 4700
11 |   selector:
12 |     app: fulltext
13 | 


--------------------------------------------------------------------------------
/kube/minio/files-persistentvolumeclaim.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: PersistentVolumeClaim
 3 | metadata:
 4 |   labels:
 5 |     app: files
 6 |   name: files
 7 | spec:
 8 |   accessModes:
 9 |     - ReadWriteOnce
10 |   resources:
11 |     requests:
12 |       storage: 100Mi
13 | 


--------------------------------------------------------------------------------
/kube/minio/minio-deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   labels:
 5 |     app: minio
 6 |   name: minio
 7 | spec:
 8 |   replicas: 1
 9 |   selector:
10 |     matchLabels:
11 |       app: minio
12 |   strategy:
13 |     type: Recreate
14 |   template:
15 |     metadata:
16 |       labels:
17 |         app: minio
18 |     spec:
19 |       containers:
20 |         - args:
21 |             - server
22 |             - /data
23 |             - --address
24 |             - :9000
25 |             - --console-address
26 |             - :9001
27 |           image: minio/minio
28 |           name: minio
29 |           ports:
30 |             - containerPort: 9000
31 |               hostPort: 9000
32 |               protocol: TCP
33 |             - containerPort: 9001
34 |               hostPort: 9001
35 |               protocol: TCP
36 |           volumeMounts:
37 |             - mountPath: /data
38 |               name: files
39 |       restartPolicy: Always
40 |       volumes:
41 |         - name: files
42 |           persistentVolumeClaim:
43 |             claimName: files
44 | 


--------------------------------------------------------------------------------
/kube/minio/minio-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   labels:
 5 |     app: minio
 6 |   name: minio
 7 | spec:
 8 |   ports:
 9 |     - name: "9000"
10 |       port: 9000
11 |       targetPort: 9000
12 |     - name: "9001"
13 |       port: 9001
14 |       targetPort: 9001
15 |   selector:
16 |     app: minio
17 | 


--------------------------------------------------------------------------------
/kube/mongodb/mongodb-deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   labels:
 5 |     app: mongodb
 6 |   name: mongodb
 7 | spec:
 8 |   replicas: 1
 9 |   selector:
10 |     matchLabels:
11 |       app: mongodb
12 |   strategy:
13 |     type: Recreate
14 |   template:
15 |     metadata:
16 |       labels:
17 |         app: mongodb
18 |     spec:
19 |       containers:
20 |         - env:
21 |             - name: PGID
22 |               value: "1000"
23 |             - name: PUID
24 |               value: "1000"
25 |           image: mongo:7-jammy
26 |           name: mongodb
27 |           ports:
28 |             - containerPort: 27017
29 |               protocol: TCP
30 |           volumeMounts:
31 |             - mountPath: /data/db
32 |               name: db
33 |       restartPolicy: Always
34 |       volumes:
35 |         - name: db
36 |           persistentVolumeClaim:
37 |             claimName: db
38 | 


--------------------------------------------------------------------------------
/kube/mongodb/mongodb-persistentvolumeclaim.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: PersistentVolumeClaim
 3 | metadata:
 4 |   name: db 
 5 | spec:
 6 |   accessModes:
 7 |     - ReadWriteOnce
 8 |   resources:
 9 |     requests:
10 |       storage: 100Mi


--------------------------------------------------------------------------------
/kube/mongodb/mongodb-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   labels:
 5 |     app: mongodb
 6 |   name: mongodb
 7 | spec:
 8 |   ports:
 9 |     - port: 27017
10 |       targetPort: 27017
11 |       protocol: TCP
12 |   selector:
13 |     app: mongodb
14 | 


--------------------------------------------------------------------------------
/kube/rekoni/rekoni-deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   labels:
 5 |     app: rekoni
 6 |   name: rekoni
 7 | spec:
 8 |   replicas: 1
 9 |   selector:
10 |     matchLabels:
11 |       app: rekoni
12 |   template:
13 |     metadata:
14 |       labels:
15 |         app: rekoni
16 |     spec:
17 |       containers:
18 |         - image: hardcoreeng/rekoni-service:v0.6.501
19 |           name: rekoni
20 |           env:
21 |             - name: SECRET
22 |               valueFrom:
23 |                 secretKeyRef:
24 |                   name: huly-secret
25 |                   key: SERVER_SECRET
26 |           ports:
27 |             - containerPort: 4004
28 |               hostPort: 4004
29 |               protocol: TCP
30 |           resources:
31 |             limits:
32 |               memory: "500M"
33 |       restartPolicy: Always
34 | 


--------------------------------------------------------------------------------
/kube/rekoni/rekoni-ingress.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1
 2 | kind: Ingress
 3 | metadata:
 4 |   annotations:
 5 |     kubernetes.io/ingress.class: nginx
 6 |   labels:
 7 |     app: rekoni
 8 |   name: rekoni
 9 | spec:
10 |   ingressClassName: nginx
11 |   rules:
12 |     - host: rekoni.huly.example
13 |       http:
14 |         paths:
15 |           - backend:
16 |               service:
17 |                 name: rekoni
18 |                 port:
19 |                   number: 80
20 |             path: /
21 |             pathType: Prefix
22 | 


--------------------------------------------------------------------------------
/kube/rekoni/rekoni-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   labels:
 5 |     app: rekoni
 6 |   name: rekoni
 7 | spec:
 8 |   ports:
 9 |     - port: 80
10 |       targetPort: 4004
11 |   selector:
12 |     app: rekoni
13 | 


--------------------------------------------------------------------------------
/kube/stats/stats-deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   labels:
 5 |     app: stats
 6 |   name: stats
 7 | spec:
 8 |   replicas: 1
 9 |   selector:
10 |     matchLabels:
11 |       app: stats
12 |   template:
13 |     metadata:
14 |       labels:
15 |         app: stats
16 |     spec:
17 |       containers:
18 |         - image: hardcoreeng/stats:v0.6.501
19 |           name: stats
20 |           env:
21 |             - name: PORT
22 |               value: "4900"
23 |             - name: SERVER_SECRET
24 |               valueFrom:
25 |                 secretKeyRef:
26 |                   name: huly-secret
27 |                   key: SERVER_SECRET
28 |           ports:
29 |             - containerPort: 4900
30 |               hostPort: 4900
31 |               protocol: TCP
32 |           resources:
33 |             limits:
34 |               memory: "500M"
35 |       restartPolicy: Always
36 | 


--------------------------------------------------------------------------------
/kube/stats/stats-ingress.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1
 2 | kind: Ingress
 3 | metadata:
 4 |   annotations:
 5 |     kubernetes.io/ingress.class: nginx
 6 |   labels:
 7 |     app: stats
 8 |   name: stats
 9 | spec:
10 |   ingressClassName: nginx
11 |   rules:
12 |     - host: stats.huly.example
13 |       http:
14 |         paths:
15 |           - backend:
16 |               service:
17 |                 name: stats
18 |                 port:
19 |                   number: 80
20 |             path: /
21 |             pathType: Prefix
22 | 


--------------------------------------------------------------------------------
/kube/stats/stats-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   labels:
 5 |     app: stats
 6 |   name: stats
 7 | spec:
 8 |   ports:
 9 |     - port: 80
10 |       targetPort: 4900
11 |   selector:
12 |     app: stats
13 | 


--------------------------------------------------------------------------------
/kube/transactor/transactor-deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   labels:
 5 |     app: transactor
 6 |   name: transactor
 7 | spec:
 8 |   replicas: 1
 9 |   selector:
10 |     matchLabels:
11 |       app: transactor
12 |   template:
13 |     metadata:
14 |       labels:
15 |         app: transactor
16 |     spec:
17 |       containers:
18 |         - env:
19 |             - name: ACCOUNTS_URL
20 |               value: http://account
21 |             - name: FULLTEXT_URL
22 |               value: http://fulltext
23 |             - name: FRONT_URL
24 |               valueFrom:
25 |                 configMapKeyRef:
26 |                   name: huly-config
27 |                   key: FRONT_URL
28 |             - name: STATS_URL
29 |               value: http://stats
30 |             - name: STORAGE_CONFIG
31 |               valueFrom:
32 |                 secretKeyRef:
33 |                   name: huly-secret
34 |                   key: STORAGE_CONFIG
35 |             - name: MONGO_URL
36 |               valueFrom:
37 |                 configMapKeyRef:
38 |                   name: huly-config
39 |                   key: MONGO_URL
40 |             - name: DB_URL
41 |               valueFrom:
42 |                 configMapKeyRef:
43 |                   name: huly-config
44 |                   key: MONGO_URL
45 |             - name: SERVER_CURSOR_MAXTIMEMS
46 |               value: "30000"
47 |             - name: SERVER_PORT
48 |               value: "3333"
49 |             - name: SERVER_SECRET
50 |               valueFrom:
51 |                 secretKeyRef:
52 |                   name: huly-secret
53 |                   key: SERVER_SECRET
54 |           image: hardcoreeng/transactor:v0.6.501
55 |           name: transactor
56 |           ports:
57 |             - containerPort: 3333
58 |               hostPort: 3333
59 |               protocol: TCP
60 |       restartPolicy: Always
61 | 


--------------------------------------------------------------------------------
/kube/transactor/transactor-ingress.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1
 2 | kind: Ingress
 3 | metadata:
 4 |   annotations:
 5 |     kubernetes.io/ingress.class: nginx
 6 |   labels:
 7 |     app: transactor
 8 |   name: transactor
 9 | spec:
10 |   ingressClassName: nginx
11 |   rules:
12 |     - host: transactor.huly.example
13 |       http:
14 |         paths:
15 |           - backend:
16 |               service:
17 |                 name: transactor
18 |                 port:
19 |                   number: 80
20 |             path: /
21 |             pathType: Prefix
22 | 


--------------------------------------------------------------------------------
/kube/transactor/transactor-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   labels:
 5 |     app: transactor
 6 |   name: transactor
 7 | spec:
 8 |   ports:
 9 |     - port: 80
10 |       protocol: TCP
11 |       targetPort: 3333
12 |   selector:
13 |     app: transactor
14 | 


--------------------------------------------------------------------------------
/kube/workspace/workspace-deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   labels:
 5 |     app: workspace
 6 |   name: workspace
 7 | spec:
 8 |   replicas: 1
 9 |   selector:
10 |     matchLabels:
11 |       app: workspace
12 |   template:
13 |     metadata:
14 |       labels:
15 |         app: workspace
16 |     spec:
17 |       containers:
18 |         - env:
19 |             - name: ACCOUNTS_URL
20 |               value: http://account
21 |             - name: STATS_URL
22 |               value: http://stats
23 |             - name: TRANSACTOR_URL
24 |               valueFrom:
25 |                 configMapKeyRef:
26 |                   name: huly-config
27 |                   key: TRANSACTOR_URL
28 |             - name: STORAGE_CONFIG
29 |               valueFrom:
30 |                 secretKeyRef:
31 |                   name: huly-secret
32 |                   key: STORAGE_CONFIG
33 |             - name: MODEL_ENABLED
34 |               value: '*'
35 |             - name: DB_URL
36 |               valueFrom:
37 |                 configMapKeyRef:
38 |                   name: huly-config
39 |                   key: MONGO_URL
40 |             - name: MONGO_URL
41 |               valueFrom:
42 |                 configMapKeyRef:
43 |                   name: huly-config
44 |                   key: MONGO_URL
45 |             - name: SERVER_SECRET
46 |               valueFrom:
47 |                 secretKeyRef:
48 |                   name: huly-secret
49 |                   key: SERVER_SECRET
50 |           image: hardcoreeng/workspace:v0.6.501
51 |           name: workspace
52 |           resources:
53 |             limits:
54 |               memory: "512M"
55 |       restartPolicy: Always
56 | 


--------------------------------------------------------------------------------
/nginx.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | if [ -f "huly.conf" ]; then
 4 |     source "huly.conf"
 5 | fi
 6 | 
 7 | # Check for --recreate flag
 8 | RECREATE=false
 9 | if [ "$1" == "--recreate" ]; then
10 |     RECREATE=true
11 | fi
12 | 
13 | # Handle nginx.conf recreation or updating
14 | if [ "$RECREATE" == true ]; then
15 |     cp .template.nginx.conf nginx.conf
16 |     echo "nginx.conf has been recreated from the template."
17 | else
18 |     if [ ! -f "nginx.conf" ]; then
19 |         echo "nginx.conf not found, creating from template."
20 |         cp .template.nginx.conf nginx.conf
21 |     else
22 |         echo "nginx.conf already exists. Only updating server_name, listen, and proxy_pass."
23 |         echo "Run with --recreate to fully overwrite nginx.conf."
24 |     fi
25 | fi
26 | 
27 | # Update server_name and proxy_pass using sed
28 | sed -i.bak "s|server_name .*;|server_name ${HOST_ADDRESS};|" ./nginx.conf
29 | sed -i.bak "s|proxy_pass .*;|proxy_pass http://${HTTP_BIND:-127.0.0.1}:${HTTP_PORT};|" ./nginx.conf
30 | 
31 | # Update listen directive to either port 80 or 443, while preserving IP address
32 | if [[ -n "$SECURE" ]]; then
33 |     # Secure (use port 443 and add 'ssl')
34 |     sed -i.bak -E 's|(listen )(.*:)?([0-9]+)?;|\1443 ssl;|' ./nginx.conf
35 |     echo "Serving over SSL. Make sure to add your SSL certificates."
36 | else
37 |     # Non-secure (use port 80 and remove 'ssl')
38 |     sed -i.bak -E "s|(listen )(.*:)?[0-9]+ ssl;|\1\280;|" ./nginx.conf
39 |     sed -i.bak -E "s|(listen )(.*:)?([0-9]+)?;|\1\280;|" ./nginx.conf
40 | fi
41 | 
42 | # Extract IP address for redirect configuration
43 | IP_ADDRESS=$(grep -oE 'listen \K[^:]+(?=:[0-9]+ ssl;)' nginx.conf)
44 | 
45 | # Remove HTTP to HTTPS redirect server block if SSL is enabled
46 | if [[ -z "$SECURE" ]]; then
47 |     echo "Enabling SSL; removing HTTP to HTTPS redirect block..."
48 |     # Remove the entire server block for port 80
49 |     if grep -q 'return 301 https://\$host\$request_uri;' nginx.conf; then
50 |         sed -i.bak '/# !/,/!/d' nginx.conf
51 |     fi
52 | else
53 |     # Check if the HTTP to HTTPS redirect block already exists
54 |     if grep -q 'return 301 https://\$host\$request_uri;' nginx.conf; then
55 |         sed -i.bak '/# !/,/!/d' nginx.conf
56 |     fi
57 | 
58 |     echo "Creating HTTP to HTTPS redirect..."
59 |     echo -e "# ! DO NOT REMOVE COMMENT
60 | # DO NOT MODIFY, CHANGES WILL BE OVERWRITTEN
61 | server {
62 |     listen ${IP_ADDRESS:+${IP_ADDRESS}:}80;
63 |     server_name ${HOST_ADDRESS};
64 |     return 301 https://\$host\$request_uri;
65 | }
66 | # DO NOT REMOVE COMMENT !" >> ./nginx.conf
67 | fi
68 | 
69 | read -p "Do you want to run 'nginx -s reload' now to load your updated Huly config? (Y/n): " RUN_NGINX
70 | case "${RUN_NGINX:-Y}" in  
71 |     [Yy]* )  
72 |         echo -e "\033[1;32mRunning 'nginx -s reload' now...\033[0m"
73 |         sudo nginx -s reload
74 |         ;;
75 |     [Nn]* )
76 |         echo "You can run 'nginx -s reload' later to load your updated Huly config."
77 |         ;;
78 | esac


--------------------------------------------------------------------------------
/setup.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | 
  3 | HULY_VERSION="v0.6.501"
  4 | DOCKER_NAME="huly"
  5 | CONFIG_FILE="huly.conf"
  6 | 
  7 | if [ -f "$CONFIG_FILE" ]; then
  8 |     source "$CONFIG_FILE"
  9 | fi
 10 | 
 11 | while true; do
 12 |     if [[ -n "$HOST_ADDRESS" ]]; then
 13 |         prompt_type="current"
 14 |         prompt_value="${HOST_ADDRESS}"
 15 |     else
 16 |         prompt_type="default"
 17 |         prompt_value="localhost"
 18 |     fi
 19 |     read -p "Enter the host address (domain name or IP) [${prompt_type}: ${prompt_value}]: " input
 20 |     _HOST_ADDRESS="${input:-${HOST_ADDRESS:-localhost}}"
 21 |     break
 22 | done
 23 | 
 24 | while true; do
 25 |     if [[ -n "$HTTP_PORT" ]]; then
 26 |         prompt_type="current"
 27 |         prompt_value="${HTTP_PORT}"
 28 |     else
 29 |         prompt_type="default"
 30 |         prompt_value="80"
 31 |     fi
 32 |     read -p "Enter the port for HTTP [${prompt_type}: ${prompt_value}]: " input
 33 |     _HTTP_PORT="${input:-${HTTP_PORT:-80}}"
 34 |     if [[ "$_HTTP_PORT" =~ ^[0-9]+$ && "$_HTTP_PORT" -ge 1 && "$_HTTP_PORT" -le 65535 ]]; then
 35 |         break
 36 |     else
 37 |         echo "Invalid port. Please enter a number between 1 and 65535."
 38 |     fi
 39 | done
 40 | 
 41 | echo "$_HOST_ADDRESS $HOST_ADDRESS $_HTTP_PORT $HTTP_PORT"
 42 | 
 43 | if [[ "$_HOST_ADDRESS" == "localhost" || "$_HOST_ADDRESS" == "127.0.0.1" || "$_HOST_ADDRESS" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}:?$ ]]; then
 44 |     _HOST_ADDRESS="${_HOST_ADDRESS%:}:${_HTTP_PORT}"
 45 |     SECURE=""
 46 | else
 47 |     while true; do
 48 |         if [[ -n "$SECURE" ]]; then
 49 |             prompt_type="current"
 50 |             prompt_value="Yes"
 51 |         else
 52 |             prompt_type="default"
 53 |             prompt_value="No"
 54 |         fi
 55 |         read -p "Will you serve Huly over SSL? (y/n) [${prompt_type}: ${prompt_value}]: " input
 56 |         case "${input}" in
 57 |             [Yy]* )
 58 |                 _SECURE="true"; break;;
 59 |             [Nn]* )
 60 |                 _SECURE=""; break;;
 61 |             "" )
 62 |                 _SECURE="${SECURE:+true}"; break;;
 63 |             * )
 64 |                 echo "Invalid input. Please enter Y or N.";;
 65 |         esac
 66 |     done
 67 | fi
 68 | 
 69 | SECRET=false
 70 | if [ "$1" == "--secret" ]; then
 71 |   SECRET=true
 72 | fi
 73 | 
 74 | if [ ! -f .huly.secret ] || [ "$SECRET" == true ]; then
 75 |   openssl rand -hex 32 > .huly.secret
 76 |   echo "Secret generated and stored in .huly.secret"
 77 | else
 78 |   echo -e "\033[33m.huly.secret already exists, not overwriting."
 79 |   echo "Run this script with --secret to generate a new secret."
 80 | fi
 81 | 
 82 | export HOST_ADDRESS=$_HOST_ADDRESS
 83 | export SECURE=$_SECURE
 84 | export HTTP_PORT=$_HTTP_PORT
 85 | export HTTP_BIND=$HTTP_BIND
 86 | export TITLE=${TITLE:-Huly}
 87 | export DEFAULT_LANGUAGE=${DEFAULT_LANGUAGE:-en}
 88 | export LAST_NAME_FIRST=${LAST_NAME_FIRST:-true}
 89 | export HULY_SECRET=$(cat .huly.secret)
 90 | 
 91 | envsubst < .template.huly.conf > $CONFIG_FILE
 92 | 
 93 | echo -e "\n\033[1;34mConfiguration Summary:\033[0m"
 94 | echo -e "Host Address: \033[1;32m$_HOST_ADDRESS\033[0m"
 95 | echo -e "HTTP Port: \033[1;32m$_HTTP_PORT\033[0m"
 96 | if [[ -n "$SECURE" ]]; then
 97 |     echo -e "SSL Enabled: \033[1;32mYes\033[0m"
 98 | else
 99 |     echo -e "SSL Enabled: \033[1;31mNo\033[0m"
100 | fi
101 | 
102 | read -p "Do you want to run 'docker compose up -d' now to start Huly? (Y/n): " RUN_DOCKER
103 | case "${RUN_DOCKER:-Y}" in
104 |     [Yy]* )
105 |          echo -e "\033[1;32mRunning 'docker compose up -d' now...\033[0m"
106 |          docker compose up -d
107 |          ;;
108 |     [Nn]* )
109 |         echo "You can run 'docker compose up -d' later to start Huly."
110 |         ;;
111 | esac
112 | 
113 | echo -e "\033[1;32mSetup is complete!\n Generating nginx.conf...\033[0m"
114 | ./nginx.sh
115 | 


--------------------------------------------------------------------------------
/traefik/README.md:
--------------------------------------------------------------------------------
 1 | # Instructions to deploy Huly on a `self-hosted` server with SSL using `Traefik`
 2 | 
 3 | ### Prerequisites
 4 | 
 5 | - A domain name pointing to the server
 6 | - A server with Docker and Docker Compose installed
 7 | 
 8 | ### Steps
 9 | 
10 | 1. Clone the repository
11 | 
12 |    ```bash
13 |    git clone https://github.com/hcengineering/huly-selfhost.git
14 |    cd huly-selfhost/traefik
15 |    ```
16 | 
17 | 2. Run setup.sh
18 | 
19 |    ```bash
20 |    chmod +x setup.sh
21 |    ./setup.sh
22 |    ```
23 | 
24 | 3. Follow the instructions in the setup script to configure your domain name and email address
25 | 
26 |    ```bash
27 |    $ ./setup.sh
28 |    Enter the domain name: example.com
29 |    Enter the email address: admin@example.com
30 |    Setup is complete. Run 'docker compose up -d' to start the services.
31 |    ```
32 | 
33 | 4. Modify the `docker-compose.yaml` file to customize any settings
34 | 
35 | 5. Start the services
36 | 
37 |    ```bash
38 |    docker compose up -d
39 |    ```
40 | 
41 | 6. Access Huly at `https://example.com`
42 | 


--------------------------------------------------------------------------------
/traefik/setup.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Ask for the domain name
 4 | read -p "Enter the domain name: " DOMAIN_NAME
 5 | if [ -z "$DOMAIN_NAME" ]; then
 6 |   echo "DOMAIN_NAME is required"
 7 |   exit 1
 8 | fi
 9 | 
10 | # Ask for the email address
11 | read -p "Enter the email address: " LETSENCRYPT_EMAIL
12 | if [ -z "$LETSENCRYPT_EMAIL" ]; then
13 |   echo "LETSENCRYPT_EMAIL address is required"
14 |   exit 1
15 | fi
16 | 
17 | export HULY_VERSION="v0.6.501"
18 | export HULY_SECRET="secret"
19 | export SERVER_ADDRESS=$DOMAIN_NAME
20 | export LETSENCRYPT_EMAIL=$LETSENCRYPT_EMAIL
21 | 
22 | # replace the domain name and email address in the docker-compose file
23 | envsubst < template-compose.yaml > docker-compose.yaml
24 | 
25 | echo -e "\033[1;32mSetup is complete. Run 'docker compose up -d' to start the services.\033[0m"
26 | 


--------------------------------------------------------------------------------
/traefik/template-compose.yaml:
--------------------------------------------------------------------------------
  1 | x-common-env: &common-env
  2 |   SERVER_SECRET: ${HULY_SECRET}
  3 |   SECRET: ${HULY_SECRET}
  4 |   STORAGE_CONFIG: minio|minio?accessKey=minioadmin&secretKey=minioadmin
  5 |   MONGO_URL: mongodb://mongodb:27017
  6 |   DB_URL: mongodb://mongodb:27017
  7 |   ACCOUNTS_URL: http://account:3000
  8 |   STATS_URL: http://stats:4900
  9 | 
 10 | services:
 11 |   traefik:
 12 |     restart: unless-stopped
 13 |     image: "traefik:v2.10"
 14 |     container_name: "traefik"
 15 |     ports:
 16 |       - "80:80"
 17 |       - "443:443"
 18 |     volumes:
 19 |       - "/var/run/docker.sock:/var/run/docker.sock:ro"
 20 |       - ./letsencrypt:/letsencrypt
 21 |     networks:
 22 |       - traefik-public
 23 |     command:
 24 |       - "--log.level=DEBUG" # set to INFO for production
 25 |       - "--api.insecure=false"
 26 |       - "--api.dashboard=true"
 27 |       - "--global.sendAnonymousUsage=false"
 28 |       - "--global.checkNewVersion=false"
 29 |       - "--providers.docker=true"
 30 |       - "--providers.docker.exposedbydefault=false"
 31 |       - "--providers.docker.network=traefik-public"
 32 |       - "--entrypoints.web.address=:80"
 33 |       - "--entrypoints.websecure.address=:443"
 34 |       - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
 35 |       - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
 36 |       - "--certificatesresolvers.myresolver.acme.email=${LETSENCRYPT_EMAIL}"
 37 |       - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
 38 |       - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
 39 |       - "--certificatesresolvers.myresolver.acme.caserver=http://acme-staging-v02.api.letsencrypt.org/directory" # For testing, comment out for production
 40 |     labels:
 41 |       - "traefik.enable=true"
 42 |       - "traefik.http.routers.traefik.rule=Host(`${SERVER_ADDRESS}`) && (PathPrefix(`/api`) || PathPrefix(`/traefik`))"
 43 |       - "traefik.http.routers.traefik.service=api@internal"
 44 |       - "traefik.http.routers.traefik.entrypoints=websecure"
 45 |       # strip prefix for traefik dashboard
 46 |       - "traefik.http.routers.traefik.middlewares=strip-prefix-traefik"
 47 |       - "traefik.http.middlewares.strip-prefix-traefik.stripprefix.prefixes=/traefik"
 48 |       - "traefik.http.routers.traefik.tls=true"
 49 |       - "traefik.http.routers.traefik.tls.certresolver=myresolver"
 50 | 
 51 |   mongodb:
 52 |     image: mongo:7-jammy
 53 |     container_name: mongodb
 54 |     restart: unless-stopped
 55 |     environment:
 56 |       - PUID=1000
 57 |       - PGID=1000
 58 |     volumes:
 59 |       - db:/data/db
 60 |     networks:
 61 |       - internal-services
 62 | 
 63 |   minio:
 64 |     image: minio/minio
 65 |     restart: unless-stopped
 66 |     command: server /data --address ":9000" --console-address ":9001"
 67 |     volumes:
 68 |       - files:/data
 69 |     networks:
 70 |       - internal-services
 71 | 
 72 |   elastic:
 73 |     image: elasticsearch:7.14.2
 74 |     restart: unless-stopped
 75 |     command: |
 76 |       /bin/sh -c "./bin/elasticsearch-plugin list | grep -q ingest-attachment || yes | ./bin/elasticsearch-plugin install --silent ingest-attachment;
 77 |       /usr/local/bin/docker-entrypoint.sh eswrapper"
 78 |     volumes:
 79 |       - elastic:/usr/share/elasticsearch/data
 80 |     environment:
 81 |       - ELASTICSEARCH_PORT_NUMBER=9200
 82 |       - BITNAMI_DEBUG=true
 83 |       - discovery.type=single-node
 84 |       - ES_JAVA_OPTS=-Xms1024m -Xmx1024m
 85 |       - http.cors.enabled=true
 86 |       - http.cors.allow-origin=http://localhost:8082
 87 |     healthcheck:
 88 |       interval: 20s
 89 |       retries: 10
 90 |       test: curl -s http://localhost:9200/_cluster/health | grep -vq '"status":"red"'
 91 |     networks:
 92 |       - internal-services
 93 | 
 94 |   rekoni:
 95 |     image: hardcoreeng/rekoni-service:${HULY_VERSION}
 96 |     restart: unless-stopped
 97 |     environment:
 98 |       <<: *common-env
 99 |     deploy:
100 |       resources:
101 |         limits:
102 |           memory: 500M
103 |     networks:
104 |       - internal-services
105 |       - traefik-public
106 |     labels:
107 |       - "traefik.enable=true"
108 |       - "traefik.http.routers.rekoni.entrypoints=websecure"
109 |       - "traefik.http.services.rekoni.loadbalancer.server.port=4004"
110 |       - "traefik.http.routers.rekoni.rule=Host(`${SERVER_ADDRESS}`) && PathPrefix(`/rekoni`)"
111 |       - "traefik.http.routers.rekoni.middlewares=rekoni-stripprefix"
112 |       - "traefik.http.middlewares.rekoni-stripprefix.stripprefix.prefixes=/rekoni"
113 |       - "traefik.http.routers.rekoni.tls=true"
114 |       - "traefik.http.routers.rekoni.tls.certresolver=myresolver"
115 | 
116 |   transactor:
117 |     image: hardcoreeng/transactor:${HULY_VERSION}
118 |     restart: unless-stopped
119 |     environment:
120 |       <<: *common-env
121 |       SERVER_PORT: 3333
122 |       SERVER_CURSOR_MAXTIMEMS: 30000
123 |       FRONT_URL: http://localhost:8087
124 |       FULLTEXT_URL: http://fulltext:4700
125 |       LAST_NAME_FIRST: true
126 |     networks:
127 |       - internal-services
128 |       - traefik-public
129 |     labels:
130 |       - "traefik.enable=true"
131 |       # WebSocket route
132 |       - "traefik.http.routers.transactor-ws.entrypoints=websecure"
133 |       - "traefik.http.routers.transactor-ws.rule=Host(`${SERVER_ADDRESS}`) && PathPrefix(`/ws/transactor`)"
134 |       - "traefik.http.routers.transactor-ws.tls=true"
135 |       - "traefik.http.routers.transactor-ws.tls.certresolver=myresolver"
136 |       - "traefik.http.services.transactor-ws.loadbalancer.server.port=3333"
137 |       - "traefik.http.routers.transactor-ws.service=transactor-ws"
138 | 
139 |       # Strip WebSocket prefix
140 |       - "traefik.http.routers.transactor-ws.middlewares=strip-transactor-ws-prefix"
141 |       - "traefik.http.middlewares.strip-transactor-ws-prefix.stripprefix.prefixes=/ws/transactor"
142 | 
143 |       # HTTP route for non-WebSocket traffic
144 |       - "traefik.http.routers.transactor.entrypoints=websecure"
145 |       - "traefik.http.routers.transactor.rule=Host(`${SERVER_ADDRESS}`) && PathPrefix(`/transactor`)"
146 |       - "traefik.http.routers.transactor.tls=true"
147 |       - "traefik.http.routers.transactor.tls.certresolver=myresolver"
148 |       - "traefik.http.services.transactor.loadbalancer.server.port=3333"
149 |       - "traefik.http.routers.transactor.service=transactor"
150 |       # Strip HTTP prefix
151 |       - "traefik.http.routers.transactor.middlewares=strip-transactor-prefix"
152 |       - "traefik.http.middlewares.strip-transactor-prefix.stripprefix.prefixes=/transactor"
153 | 
154 |   collaborator:
155 |     image: hardcoreeng/collaborator:${HULY_VERSION}
156 |     restart: unless-stopped
157 |     environment:
158 |       <<: *common-env
159 |       COLLABORATOR_PORT: 3078
160 |     networks:
161 |       - internal-services
162 |       - traefik-public
163 |     labels:
164 |       - "traefik.enable=true"
165 |       # WebSocket route
166 |       - "traefik.http.routers.collaborator-ws.entrypoints=websecure"
167 |       - "traefik.http.routers.collaborator-ws.rule=Host(`${SERVER_ADDRESS}`) && PathPrefix(`/ws/collaborator`)"
168 |       - "traefik.http.routers.collaborator-ws.tls=true"
169 |       - "traefik.http.routers.collaborator-ws.tls.certresolver=myresolver"
170 |       - "traefik.http.services.collaborator-ws.loadbalancer.server.port=3078"
171 |       - "traefik.http.routers.collaborator-ws.service=collaborator-ws"
172 | 
173 |       # Strip WebSocket prefix
174 |       - "traefik.http.routers.collaborator-ws.middlewares=strip-collaborator-ws-prefix"
175 |       - "traefik.http.middlewares.strip-collaborator-ws-prefix.stripprefix.prefixes=/ws/collaborator"
176 |       # HTTP route for non-WebSocket traffic
177 |       - "traefik.http.routers.collaborator.entrypoints=websecure"
178 |       - "traefik.http.routers.collaborator.rule=Host(`${SERVER_ADDRESS}`) && PathPrefix(`/collaborator`)"
179 |       - "traefik.http.routers.collaborator.tls=true"
180 |       - "traefik.http.routers.collaborator.tls.certresolver=myresolver"
181 |       - "traefik.http.services.collaborator.loadbalancer.server.port=3078"
182 | 
183 |       # Strip HTTP prefix
184 |       - "traefik.http.routers.collaborator.middlewares=strip-collaborator-prefix"
185 |       - "traefik.http.middlewares.strip-collaborator-prefix.stripprefix.prefixes=/collaborator"
186 | 
187 |   account:
188 |     image: hardcoreeng/account:${HULY_VERSION}
189 |     restart: unless-stopped
190 |     environment:
191 |       <<: *common-env
192 |       SERVER_PORT: 3000
193 |       TRANSACTOR_URL: ws://transactor:3333;wss://${SERVER_ADDRESS}/ws/transactor
194 |       FRONT_URL: http://front:8080
195 |       MODEL_ENABLED: "*"
196 |       ACCOUNT_PORT: 3000
197 |     networks:
198 |       - internal-services
199 |       - traefik-public
200 |     labels:
201 |       - "traefik.enable=true"
202 |       - "traefik.http.routers.account.entrypoints=websecure"
203 |       - "traefik.http.services.account.loadbalancer.server.port=3000"
204 |       - "traefik.http.routers.account.rule=Host(`${SERVER_ADDRESS}`) && PathPrefix(`/accounts`)"
205 |       - "traefik.http.routers.account.middlewares=account-stripprefix"
206 |       - "traefik.http.middlewares.account-stripprefix.stripprefix.prefixes=/accounts"
207 |       - "traefik.http.routers.account.tls=true"
208 |       - "traefik.http.routers.account.tls.certresolver=myresolver"
209 | 
210 |   workspace:
211 |     image: hardcoreeng/workspace:${HULY_VERSION}
212 |     restart: unless-stopped
213 |     environment:
214 |       <<: *common-env
215 |       TRANSACTOR_URL: ws://transactor:3333;wss://${SERVER_ADDRESS}/ws/transactor
216 |       MODEL_ENABLED: "*"
217 |     networks:
218 |       - internal-services
219 | 
220 |   front:
221 |     image: hardcoreeng/front:${HULY_VERSION}
222 |     restart: unless-stopped
223 |     environment:
224 |       <<: *common-env
225 |       SERVER_PORT: 8080
226 |       ACCOUNTS_URL: https://${SERVER_ADDRESS}/accounts
227 |       REKONI_URL: https://${SERVER_ADDRESS}/rekoni
228 |       CALENDAR_URL: https://${SERVER_ADDRESS}:8095
229 |       GMAIL_URL: https://${SERVER_ADDRESS}:8088
230 |       TELEGRAM_URL: https://${SERVER_ADDRESS}:8086
231 |       STATS_URL: https://${SERVER_ADDRESS}/stats
232 |       UPLOAD_URL: /files
233 |       ELASTIC_URL: http://elastic:9200
234 |       COLLABORATOR_URL: wss://${SERVER_ADDRESS}/ws/collaborator
235 |       TITLE: Huly Self Host
236 |       DEFAULT_LANGUAGE: en
237 |       LAST_NAME_FIRST: true
238 |       DESKTOP_UPDATES_CHANNEL: selfhost
239 |     networks:
240 |       - internal-services
241 |       - traefik-public
242 |     labels:
243 |       - "traefik.enable=true"
244 |       - "traefik.http.routers.front.entrypoints=websecure"
245 |       - "traefik.http.services.front.loadbalancer.server.port=8080"
246 |       - "traefik.http.routers.front.rule=Host(`${SERVER_ADDRESS}`)"
247 |       - "traefik.http.routers.front.tls=true"
248 |       - "traefik.http.routers.front.tls.certresolver=myresolver"
249 | 
250 |   fulltext:
251 |     image: hardcoreeng/fulltext:${HULY_VERSION}
252 |     restart: unless-stopped
253 |     environment:
254 |       <<: *common-env
255 |       FULLTEXT_DB_URL: http://elastic:9200
256 |       ELASTIC_INDEX_NAME: huly_storage_index
257 |       REKONI_URL: http://rekoni:4004
258 |     networks:
259 |       - internal-services
260 | 
261 |   stats:
262 |     image: hardcoreeng/stats:${HULY_VERSION}
263 |     restart: unless-stopped
264 |     environment:
265 |       <<: *common-env
266 |       PORT: 4900
267 |     networks:
268 |       - internal-services
269 |       - traefik-public
270 |     labels:
271 |       - "traefik.enable=true"
272 |       - "traefik.http.routers.stats.entrypoints=websecure"
273 |       - "traefik.http.services.stats.loadbalancer.server.port=4900"
274 |       - "traefik.http.routers.stats.rule=Host(`${SERVER_ADDRESS}`) && PathPrefix(`/stats`)"
275 |       - "traefik.http.routers.stats.middlewares=stats-stripprefix"
276 |       - "traefik.http.middlewares.stats-stripprefix.stripprefix.prefixes=/stats"
277 |       - "traefik.http.routers.stats.tls=true"
278 |       - "traefik.http.routers.stats.tls.certresolver=myresolver"
279 | 
280 | networks:
281 |   traefik-public:
282 |     name: traefik-public
283 |   internal-services:
284 |     name: internal-services
285 | 
286 | volumes:
287 |   db:
288 |   elastic:
289 |   files:
290 |   letsencrypt:
291 | 


--------------------------------------------------------------------------------