Skip to content
GitHub

Docker Compose

This is an example deployment of Rafiki on a Linux virtual machine using nginx as a reverse proxy. You must change the values in the examples appropriate for your environment.

Virtual Machine preparation

Deploy the virutal machine:

Terminal window
sudo apt update && sudo apt install nginx certbot python3-certbot-nginx

Domain preparation

Generate the Let’s encrypt certificates:

Terminal window
certbot certonly --manual --preferred-challenges=dns --email EMAIL --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d DOMAIN

As Let’s encrypt certificates are valid for 90 days, you must set up a cron process to renew the certificate on a regular schedule:

Terminal window
crontab -e
0 3 * * * crontab renew

Update DNS records

Next update the DNS records to point to the static external IP address of the volumes:

serviceURLexample
adminadmin.DOMAINadmin.myrafiki.com
authauth.DOMAINauth.myrafiki.com
connectorconnector.DOMAINconnector.myrafiki.com
ilpilp.DOMAINilp.myrafiki.com

Server preparation

Create nginx configuration files for every exposed domain:

Admin

Terminal window
server_name admin.myrafiki.com;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/admin.myrafiki.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/admin.myrafiki.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade "";
proxy_set_header Connection "";
proxy_set_header Host $server_name;
proxy_set_header Accept-Encoding "";
proxy_cache_bypass $http_upgrade;
proxy_pass_request_headers on;
proxy_pass http://localhost:4010;
}
}
server {
server_name admin.myrafiki.com;
listen 80;
if ($host = admin.myrafiki.com) {
return 301 https://$host$request_uri;
}
return 404;
}

Auth

Terminal window
server {
server_name auth.myrafiki.com;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/auth.myrafiki.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/auth.myrafiki.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade "";
proxy_set_header Connection "";
proxy_set_header Host $server_name;
proxy_set_header Accept-Encoding "";
proxy_cache_bypass $http_upgrade;
proxy_pass_request_headers on;
proxy_pass http://localhost:3002;
}
}
server {
server_name auth.myrafiki.com;
listen 80;
if ($host = auth.myrafiki.com) {
return 301 https://$host$request_uri;
}
return 404;
}

Connector

Terminal window
server {
server_name connector.myrafiki.com;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/connector.myrafiki.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/connector.myrafiki.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade "";
proxy_set_header Connection "";
proxy_set_header Host $server_name;
proxy_set_header Accept-Encoding "";
proxy_cache_bypass $http_upgrade;
proxy_pass_request_headers on;
proxy_pass http://localhost:3002;
}
}
server {
server_name connector.myrafiki.com;
listen 80;
if ($host = connector.myrafiki.com) {
return 301 https://$host$request_uri;
}
return 404;
}

ILP

Terminal window
server {
server_name ilp.myrafiki.com;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/ilp.myrafiki.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ilp.myrafiki.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade "";
proxy_set_header Connection "";
proxy_set_header Host $server_name;
proxy_set_header Accept-Encoding "";
proxy_cache_bypass $http_upgrade;
proxy_pass_request_headers on;
proxy_pass http://localhost:4000;
}
}
server {
server_name ilp.myrafiki.com;
listen 80;
if ($host = ilp.myrafiki.com) {
return 301 https://$host$request_uri;
}
return 404;
}