mirror of
https://github.com/OneUptime/oneuptime
synced 2024-11-21 22:59:07 +00:00
28ea4d9b83
This commit updates the installation documentation and example configuration file to provide clear instructions on setting up TLS/SSL certificates for OneUptime. It emphasizes that OneUptime does not support setting up SSL/TLS certificates and provides steps for using a reverse proxy like Nginx or Caddy, along with Let's Encrypt, to provision the certificates. It also includes instructions for updating the necessary settings in the configuration file. This improvement ensures that users have the necessary information to secure their OneUptime installation with SSL/TLS certificates.
234 lines
8.5 KiB
Bash
234 lines
8.5 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
# Please change this to domain of the server where oneuptime is hosted on.
|
|
HOST=localhost
|
|
|
|
|
|
# ==============================================
|
|
# SETTING UP TLS/SSL CERTIFICATES
|
|
# ==============================================
|
|
# OneUptime DOES NOT support setting up SSL/TLS certificates. You need to setup SSL/TLS certificates on your own.
|
|
# If you need to use SSL/TLS certificates, then you need to use a reverse proxy like Nginx/Caddy and use LetsEncrypt to provision the certificates.
|
|
# You then need to point the reverse proxy to the OneUptime server.
|
|
# Once you have done that,
|
|
# - You can set the HTTP_PROTOCOL to https
|
|
# - Change the HOST to the domain name of the server where reverse proxy is hosted.
|
|
HTTP_PROTOCOL=http
|
|
|
|
# Secrets - PLEASE CHANGE THESE. Please change these to something random. All of these can be different values.
|
|
ONEUPTIME_SECRET=please-change-this-to-random-value
|
|
DATABASE_PASSWORD=please-change-this-to-random-value
|
|
CLICKHOUSE_PASSWORD=please-change-this-to-random-value
|
|
REDIS_PASSWORD=please-change-this-to-random-value
|
|
ENCRYPTION_SECRET=please-change-this-to-random-value
|
|
GLOBAL_PROBE_1_KEY=please-change-this-to-random-value
|
|
GLOBAL_PROBE_2_KEY=please-change-this-to-random-value
|
|
INTERNAL_SMTP_PASSWORD=please-change-this-to-random-value
|
|
|
|
|
|
# OneUptime Port. This is the port where OneUptime will be hosted on.
|
|
ONEUPTIME_HTTP_PORT=80
|
|
ONEUPTIME_HTTPS_PORT=443
|
|
|
|
|
|
# If you would like to attach status page to custom domains use this setting.
|
|
# For example, lets say you would like the status page to be hosted on status.yourcompany.com, then
|
|
# 1. Create a A record in your DNS provider with the name "oneuptime.yourcompany.com" and value to Public IP of the server oneuptime is deployed on.
|
|
# 2. Set the STATUS_PAGE_CNAME_RECORD to "oneuptime.yourcompany.com"
|
|
# 3. Create CNAME record in your DNS provider with the name "status.yourcompany.com" and value "oneuptime.yourcompany.com"
|
|
STATUS_PAGE_CNAME_RECORD=oneuptime.yourcompany.com
|
|
|
|
|
|
# --------------------------------------------- #
|
|
# You can safely ignore anything below this line. Keep them as default to make things work.
|
|
# --------------------------------------------- #
|
|
# This supports test | production | development | ci.
|
|
# Development is used for local development. Test is used for insider / beta / staging builds. Production is used for production ready app. ci is for testing in the CI/CD.
|
|
ENVIRONMENT=production
|
|
|
|
# What image should we pull from docker hub. This only applies when the ENVIRONMENT is production or test
|
|
APP_TAG=release
|
|
|
|
# What is the name of the docker-compose project. This is used to prefix the docker containers.
|
|
COMPOSE_PROJECT_NAME=oneuptime
|
|
|
|
# OTEL HOST - if you like the collector to be hosted on a different server then change this to the IP of the server.
|
|
OTEL_COLLECTOR_HOST=
|
|
|
|
# FLUENTD_HOST - if you like the fluentd to be hosted on a different server then change this to the IP of the server.
|
|
FLUENTD_HOST=
|
|
|
|
# Clickhouse Settings
|
|
CLICKHOUSE_USER=default
|
|
CLICKHOUSE_DATABASE=oneuptime
|
|
CLICKHOUSE_HOST=clickhouse
|
|
CLICKHOUSE_PORT=8123
|
|
|
|
|
|
# Postgres DB Settings.
|
|
DATABASE_PORT=5432
|
|
DATABASE_USERNAME=postgres
|
|
DATABASE_NAME=oneuptimedb
|
|
DATABASE_HOST=postgres
|
|
|
|
# Used to connect to managed postgres providers.
|
|
# Fill only what your provider needs.
|
|
DATABASE_SSL_REJECT_UNAUTHORIZED=false
|
|
DATABASE_SSL_CA=
|
|
DATABASE_SSL_KEY=
|
|
DATABASE_SSL_CERT=
|
|
|
|
# Redis DB Settings.
|
|
|
|
REDIS_HOST=redis
|
|
REDIS_PORT=6379
|
|
REDIS_DB=0
|
|
REDIS_USERNAME=default
|
|
REDIS_TLS_CA=
|
|
REDIS_TLS_SENTINEL_MODE=false
|
|
|
|
# Hostnames. Usually does not need to change.
|
|
INGESTOR_HOSTNAME=ingestor:3400
|
|
|
|
SERVER_ACCOUNTS_HOSTNAME=accounts
|
|
SERVER_REALTIME_HOSTNAME=realtime
|
|
SERVER_APP_HOSTNAME=app
|
|
SERVER_INGESTOR_HOSTNAME=ingestor
|
|
SERVER_TEST_SERVER_HOSTNAME=test-server
|
|
SERVER_STATUS_PAGE_HOSTNAME=status-page
|
|
SERVER_DASHBOARD_HOSTNAME=dashboard
|
|
SERVER_ADMIN_DASHBOARD_HOSTNAME=admin-dashboard
|
|
SERVER_OTEL_COLLECTOR_HOSTNAME=otel-collector
|
|
|
|
#Ports. Usually they don't need to change.
|
|
|
|
APP_PORT=3002
|
|
INGESTOR_PORT=3400
|
|
PROBE_PORT=3500
|
|
TEST_SERVER_PORT=3800
|
|
ACCOUNTS_PORT=3003
|
|
STATUS_PAGE_PORT=3105
|
|
DASHBOARD_PORT=3009
|
|
ADMIN_DASHBOARD_PORT=3158
|
|
OTEL_COLLECTOR_HTTP_PORT=4318
|
|
ISOLATED_VM_PORT=4572
|
|
|
|
|
|
# If USE_INTERNAL_SMTP is true then you need to fill these values.
|
|
INTERNAL_SMTP_FROM_NAME=OneUptime
|
|
INTERNAL_SMTP_DKIM_PRIVATE_KEY_AS_BASE64=
|
|
INTERNAL_SMTP_DKIM_PUBLIC_KEY_AS_BASE64=
|
|
INTERNAL_SMTP_EMAIL=test@yourcompany.com
|
|
INTERNAL_SMTP_SENDING_DOMAIN=yourcompany.com
|
|
|
|
# Plans
|
|
# This is in the format of PlanName,PlanIdFromBillingProvider,MonthlySubscriptionPlanAmountInUSD,YearlySubscriptionPlanAmountInUSD,Order,TrialPeriodInDays
|
|
# Enterprise plan will have -1 which means custom pricing.
|
|
SUBSCRIPTION_PLAN_BASIC=Basic,priceMonthlyId,priceYearlyId,0,0,1,0
|
|
SUBSCRIPTION_PLAN_GROWTH=Growth,priceMonthlyId,priceYearlyId,0,0,2,14
|
|
SUBSCRIPTION_PLAN_SCALE=Scale,priceMonthlyId,priceYearlyId,0,0,3,0
|
|
SUBSCRIPTION_PLAN_ENTERPRISE=Enterprise,priceMonthlyId,priceYearlyId,-1,-1,4,14
|
|
|
|
|
|
# If you want to run the backup script, then you need to fill these values.
|
|
DATABASE_BACKUP_DIRECTORY=/Backups
|
|
DATABASE_BACKUP_HOST=localhost
|
|
DATABASE_BACKUP_PORT=5400
|
|
DATABASE_BACKUP_NAME=oneuptimedb
|
|
DATABASE_BACKUP_USERNAME=postgres
|
|
DATABASE_BACKUP_PASSWORD=${DATABASE_PASSWORD}
|
|
|
|
|
|
# If you want to run the restore script, then you need to fill these values. Use host.docker.internal if you want to use the host machine's IP.
|
|
DATABASE_RESTORE_HOST=host.docker.internal
|
|
DATABASE_RESTORE_DIRECTORY=/Backups
|
|
DATABASE_RESTORE_PORT=5400
|
|
DATABASE_RESTORE_NAME=oneuptimedb
|
|
DATABASE_RESTORE_USERNAME=postgres
|
|
DATABASE_RESTORE_PASSWORD=${DATABASE_PASSWORD}
|
|
DATABASE_RESTORE_FILENAME=db-31.backup
|
|
|
|
ANALYTICS_KEY=
|
|
ANALYTICS_HOST=
|
|
|
|
DATABASE_MIGRATIONS_HOST=localhost
|
|
DATABASE_MIGRATIONS_PORT=5400
|
|
|
|
# Global Probes
|
|
# This is in the format of GLOBAL_PROBE_NAME=ProbeName,ProbeDescription,ProbeKey
|
|
GLOBAL_PROBE_1_NAME="Probe-1"
|
|
GLOBAL_PROBE_1_DESCRIPTION="Global probe to monitor oneuptime resources"
|
|
GLOBAL_PROBE_1_MONITORING_WORKERS=5
|
|
GLOBAL_PROBE_1_MONITOR_FETCH_LIMIT=10
|
|
GLOBAL_PROBE_1_ONEUPTIME_URL=http://ingestor:3400
|
|
GLOBAL_PROBE_1_SYNTHETIC_MONITOR_SCRIPT_TIMEOUT_IN_MS=60000
|
|
GLOBAL_PROBE_1_CUSTOM_CODE_MONITOR_SCRIPT_TIMEOUT_IN_MS=60000
|
|
|
|
|
|
GLOBAL_PROBE_2_NAME="Probe-2"
|
|
GLOBAL_PROBE_2_DESCRIPTION="Global probe to monitor oneuptime resources"
|
|
GLOBAL_PROBE_2_MONITORING_WORKERS=5
|
|
GLOBAL_PROBE_2_MONITOR_FETCH_LIMIT=10
|
|
GLOBAL_PROBE_2_ONEUPTIME_URL=http://ingestor:3400
|
|
GLOBAL_PROBE_2_SYNTHETIC_MONITOR_SCRIPT_TIMEOUT_IN_MS=60000
|
|
GLOBAL_PROBE_2_CUSTOM_CODE_MONITOR_SCRIPT_TIMEOUT_IN_MS=60000
|
|
|
|
SMS_DEFAULT_COST_IN_CENTS=
|
|
CALL_DEFAULT_COST_IN_CENTS_PER_MINUTE=
|
|
|
|
SMS_HIGH_RISK_COST_IN_CENTS=
|
|
CALL_HIGH_RISK_COST_IN_CENTS_PER_MINUTE=
|
|
|
|
# IS BILLING ENABLED for this installer.
|
|
BILLING_ENABLED=false
|
|
# Public and private key for billing provider, usually stripe.
|
|
BILLING_PUBLIC_KEY=
|
|
BILLING_PRIVATE_KEY=
|
|
|
|
# Use this when you want to disable incident creation.
|
|
DISABLE_AUTOMATIC_INCIDENT_CREATION=false
|
|
|
|
# If you're using an extrenal open telemetry collector, you can set the endpoint here - both server and client endpoint can be the same in this case.
|
|
|
|
# You can set the env var to http://otel-collector:4318 if you want instrumentation to be sent to otel collector.
|
|
SERVER_OPENTELEMETRY_EXPORTER_OTLP_ENDPOINT=
|
|
# You can set the env var to http://localhost/otlp if you want instrumentation to be sent to local otel collector.
|
|
CLIENT_OPENTELEMETRY_EXPORTER_OTLP_ENDPOINT=
|
|
|
|
# You can set the env var to "x-oneuptime-service-token=<YOUR_ONEUPTIME_SERVICE_TOKEN>"
|
|
APP_OPENTELEMETRY_EXPORTER_OTLP_HEADERS=
|
|
PROBE_OPENTELEMETRY_EXPORTER_OTLP_HEADERS=
|
|
DASHBOARD_OPENTELEMETRY_EXPORTER_OTLP_HEADERS=
|
|
STATUS_PAGE_OPENTELEMETRY_EXPORTER_OTLP_HEADERS=
|
|
ACCOUNTS_OPENTELEMETRY_EXPORTER_OTLP_HEADERS=
|
|
ADMIN_DASHBOARD_OPENTELEMETRY_EXPORTER_OTLP_HEADERS=
|
|
|
|
|
|
# This can be one of ERROR, WARN, INFO, DEBUG
|
|
LOG_LEVEL=ERROR
|
|
|
|
|
|
# Thse env vars are for E2E tests
|
|
E2E_TEST_IS_USER_REGISTERED=false
|
|
E2E_TEST_REGISTERED_USER_EMAIL=
|
|
E2E_TEST_REGISTERED_USER_PASSWORD=
|
|
# If you want to run the E2E tests on a status page, then you need to fill in the URL.
|
|
E2E_TEST_STATUS_PAGE_URL=
|
|
|
|
# This URL will be called when the E2E tests fail. This should be a GET endpoint.
|
|
E2E_TESTS_FAILED_WEBHOOK_URL=
|
|
|
|
|
|
# This is the timeout for the workflow script in milliseconds.
|
|
WORKFLOW_SCRIPT_TIMEOUT_IN_MS=5000
|
|
|
|
|
|
|
|
# Lets encrypt notification email. This email will be used when certs are about to expire
|
|
LETS_ENCRYPT_NOTIFICATION_EMAIL=
|
|
# Generate a private key via openssl, encode it to base64 and paste it here.
|
|
LETS_ENCRYPT_ACCOUNT_KEY=
|
|
|
|
# This is the number of active monitors allowed in the free plan.
|
|
ALLOWED_ACTIVE_MONITOR_COUNT_IN_FREE_PLAN=10
|