mleku/next.orly.dev
1
0
Fork 1
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f8a321eaee4fc8519969a159b92ba740f7c0a016
next.orly.dev/DOCKER.md
Silberengel 42273ab2fa Add Docker deployment and Apache reverse proxy setup 
🐳 Docker Implementation:
- Add Dockerfile with Alpine Linux (46MB image)
- Add docker-compose.yml with production-ready config
- Add manage-relay.sh for easy local management
- Add stella-relay.service for systemd auto-start
- Published images: silberengel/orly-relay:latest, :v1, :v2

🔧 Apache Reverse Proxy:
- Add comprehensive Apache proxy guide for Plesk and standard Apache
- Add working WebSocket proxy configuration (ws:// not http://)
- Add troubleshooting guide based on real deployment experience
- Add debug-websocket.sh script for systematic diagnosis
2025-09-21 08:57:27 +02:00

4.7 KiB
Raw Blame History

Docker Deployment Guide

Quick Start

1. Basic Relay Setup

# Build and start the relay
docker-compose up -d

# View logs
docker-compose logs -f stella-relay

# Stop the relay
docker-compose down

2. With Nginx Proxy (for SSL/domain setup)

# Start relay with nginx proxy
docker-compose --profile proxy up -d

# Configure SSL certificates in nginx/ssl/
# Then update nginx/nginx.conf to enable HTTPS

Configuration

Environment Variables

Copy env.example to .env and customize:

cp env.example .env
# Edit .env with your settings

Key settings:

  • ORLY_OWNERS: Owner npubs (comma-separated, full control)
  • ORLY_ADMINS: Admin npubs (comma-separated, deletion permissions)
  • ORLY_PORT: Port to listen on (default: 7777)
  • ORLY_MAX_CONNECTIONS: Max concurrent connections
  • ORLY_CONCURRENT_WORKERS: CPU cores for concurrent processing (0 = auto)

Data Persistence

The relay data is stored in ./data directory which is mounted as a volume.

Performance Tuning

Based on the v0.4.8 optimizations:

  • Concurrent event publishing using all CPU cores
  • Optimized BadgerDB access patterns
  • Configurable batch sizes and cache settings

Development

Local Build

# Pull the latest image (recommended)
docker pull silberengel/orly-relay:latest

# Or build locally if needed
docker build -t silberengel/orly-relay:latest .

# Run with custom settings
docker run -p 7777:7777 -v $(pwd)/data:/data silberengel/orly-relay:latest

Testing

# Test WebSocket connection
websocat ws://localhost:7777

# Run stress tests (if available in cmd/stresstest)
go run ./cmd/stresstest -relay ws://localhost:7777

Production Deployment

SSL Setup

  1. Get SSL certificates (Let's Encrypt recommended)
  2. Place certificates in nginx/ssl/
  3. Update nginx/nginx.conf to enable HTTPS
  4. Start with proxy profile: docker-compose --profile proxy up -d

Monitoring

  • Health checks are configured for both services
  • Logs are rotated (max 10MB, 3 files)
  • Resource limits are set to prevent runaway processes

Security

  • Runs as non-root user (uid 1000)
  • Rate limiting configured in nginx
  • Configurable authentication and event size limits

Troubleshooting

Common Issues (Real-World Experience)

Container Issues:

  1. Port already in use: Change ORLY_PORT in docker-compose.yml
  2. Permission denied: Ensure ./data directory is writable
  3. Container won't start: Check logs with docker logs container-name

WebSocket Issues:

  1. HTTP 426 instead of WebSocket upgrade:
    • Use ws://127.0.0.1:7777 in proxy config, not http://
    • Ensure proxy_wstunnel module is enabled
  2. Connection refused in browser but works with websocat:
    • Clear browser cache and service workers
    • Try incognito mode
    • Add CORS headers to Apache/nginx config

Plesk-Specific Issues:

  1. Plesk not applying Apache directives:
    • Check if config appears in /etc/apache2/plesk.conf.d/vhosts/domain.conf
    • Use direct Apache override if Plesk interface fails
  2. Virtual host conflicts:
    • Check precedence with apache2ctl -S
    • Remove conflicting Plesk configs if needed

SSL Certificate Issues:

  1. Self-signed certificate after Let's Encrypt:
    • Plesk might not be using the correct certificate
    • Import Let's Encrypt certs into Plesk or use direct Apache config

Debug Commands

# Container debugging
docker ps | grep relay
docker logs stella-relay
curl -I http://127.0.0.1:7777  # Should return HTTP 426

# WebSocket testing
echo '["REQ","test",{}]' | websocat wss://domain.com/
echo '["REQ","test",{}]' | websocat wss://domain.com/ws/

# Apache debugging (for reverse proxy issues)
apache2ctl -S | grep domain.com
apache2ctl -M | grep -E "(proxy|rewrite)"
grep ProxyPass /etc/apache2/plesk.conf.d/vhosts/domain.conf

Logs

# View relay logs
docker-compose logs -f stella-relay

# View nginx logs (if using proxy)
docker-compose logs -f nginx

# Apache logs (for reverse proxy debugging)
sudo tail -f /var/log/apache2/error.log
sudo tail -f /var/log/apache2/domain-error.log

Working Reverse Proxy Config

For Apache (direct config file):

<VirtualHost SERVER_IP:443>
    ServerName domain.com
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
    
    # Direct WebSocket proxy for Nostr relay
    ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass / ws://127.0.0.1:7777/
    ProxyPassReverse / ws://127.0.0.1:7777/
    
    Header always set Access-Control-Allow-Origin "*"
</VirtualHost>

Crafted for Stella's digital forest 🌲

Reference in New Issue View Git Blame Copy Permalink