Customize docker compose config

fixed incorrect selector for SMTP service

.github/ISSUE_TEMPLATE/best-place-for-self-hosting-issues-is-the-community-forum.md

@@ -0,0 +1,10 @@
+---
+name: Best place for self-hosting issues is the community forum
+about: Please do not submit issues here
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+Please do not submit issues here. Best place for self-hosting issues, questions and ideas is [the community forum here on GitHub](https://github.com/plausible/analytics/discussions/categories/self-hosted-support). Thanks!

.gitignore

@@ -1,8 +1,2 @@
-*
-!compose.yml
-!clickhouse/logs.xml
-!clickhouse/ipv4-only.xml
-!clickhouse/low-resources.xml
-!README.md
-!LICENSE
-!.gitignore
+plausible-conf.env
+data/

LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2024 Plausible Analytics
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

README.md

@@ -1,93 +1,12 @@
-<p align="center">
-    <picture>
-        <source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/plausible/community-edition/refs/heads/v2.1.1/images/logo_dark.svg" width="300">
-        <source media="(prefers-color-scheme: light)" srcset="https://raw.githubusercontent.com/plausible/community-edition/refs/heads/v2.1.1/images/logo_light.svg" width="300">
-        <img src="https://raw.githubusercontent.com/plausible/community-edition/refs/heads/v2.1.1/images/logo_light.svg" width="300">
-    </picture>
-</p>
+# Plausible Analytics setup examples
 
-<p align="center">
-    A getting started guide to self-hosting <a href="https://plausible.io/blog/community-edition">Plausible Community Edition</a>
-</p>
+This repository acts as a a template to get up and running with [Plausible Analytics](https://github.com/plausible/analytics).
 
----
+### How to use
 
-### Prerequisites
+Find instructions on how to run Plausible Analytics Self Hosted [in our docs](https://docs.plausible.io/self-hosting).
 
-- **[Docker](https://docs.docker.com/engine/install/)** and **[Docker Compose](https://docs.docker.com/compose/install/)** must be installed on your machine.
-- **CPU** must support **SSE 4.2** or **NEON** instruction set or higher (required by ClickHouse).
-- At least **2 GB of RAM** is recommended for running ClickHouse and Plausible without fear of OOMs.
+### Contributing
 
-### Quick start
-
-1. Clone this repository:
-
-    ```console
-    $ git clone -b v2.1.5 --single-branch https://github.com/plausible/community-edition plausible-ce
-    Cloning into 'plausible-ce'...
-    remote: Enumerating objects: 13, done.
-    remote: Counting objects: 100% (10/10), done.
-    remote: Compressing objects: 100% (9/9), done.
-    remote: Total 13 (delta 0), reused 7 (delta 0), pack-reused 3 (from 1)
-    Receiving objects: 100% (13/13), done.
-
-    $ cd plausible-ce
-
-    $ ls -1
-    README.md
-    clickhouse/
-    compose.yml
-    ```
-
-1. Create and configure your [environment](https://docs.docker.com/compose/environment-variables/) file:
-
-    ```console
-    $ touch .env
-    $ echo "BASE_URL=https://plausible.example.com" >> .env
-    $ echo "SECRET_KEY_BASE=$(openssl rand -base64 48)" >> .env
-    
-    $ cat .env
-    BASE_URL=https://plausible.example.com
-    SECRET_KEY_BASE=As0fZsJlUpuFYSthRjT5Yflg/NlxkFKPRro72xMLXF8yInZ60s6xGGXYVqml+XN1
-    ```
-
-    Make sure `$BASE_URL` is set to the actual domain where you plan to host the service. The domain must have a DNS entry pointing to your server for proper resolution and automatic Let's Encrypt TLS certificate issuance. More on that in the next step.
-
-1. Expose Plausible server to the web with a [compose override file:](https://github.com/plausible/community-edition/wiki/compose-override)
-
-    ```sh
-    $ echo "HTTP_PORT=80" >> .env
-    $ echo "HTTPS_PORT=443" >> .env
-
-    $ cat > compose.override.yml << EOF
-    services:
-      plausible:
-        ports:
-          - 80:80
-          - 443:443
-    EOF 
-    ```
-
-    Setting `HTTP_PORT=80` and `HTTPS_PORT=443` enables automatic Let's Encrypt TLS certificate issuance. You might want to choose different values if, for example, you plan to run Plausible behind [a reverse proxy.](https://github.com/plausible/community-edition/wiki/reverse-proxy)
-
-1. Start the services with Docker Compose:
-
-    ```console
-    $ docker compose up -d
-    ```
-
-1. Visit your instance at `$BASE_URL` and create the first user.
-
-> [!NOTE]
-> Plausible CE is funded by our cloud subscribers.
->
-> If you know someone who might [find Plausible useful](https://plausible.io/?utm_medium=Social&utm_source=GitHub&utm_campaign=readme), we'd appreciate if you'd let them know.
-
-### Wiki
-
-For more information on installation, upgrades, configuration, and integrations please see our [wiki.](https://github.com/plausible/community-edition/wiki)
-
-### Contact
-
-- For release announcements please go to [GitHub releases.](https://github.com/plausible/analytics/releases)
-- For a question or advice please go to [GitHub discussions.](https://github.com/plausible/analytics/discussions/categories/self-hosted-support)
+We are always looking to expand on the options and setups provided here. Feel free to open an issue or PR if you feel
+something could be improved.

clickhouse/clickhouse-config.xml

@@ -0,0 +1,14 @@
+<yandex>
+    <logger>
+        <level>warning</level>
+        <console>true</console>
+    </logger>
+
+    <!-- Stop all the unnecessary logging -->
+    <query_thread_log remove="remove"/>
+    <query_log remove="remove"/>
+    <text_log remove="remove"/>
+    <trace_log remove="remove"/>
+    <metric_log remove="remove"/>
+    <asynchronous_metric_log remove="remove"/>
+</yandex>

clickhouse/clickhouse-user-config.xml

@@ -0,0 +1,8 @@
+<yandex>
+    <profiles>
+        <default>
+            <log_queries>0</log_queries>
+            <log_query_threads>0</log_query_threads>
+        </default>
+    </profiles>
+</yandex>

clickhouse/ipv4-only.xml

@@ -1,3 +0,0 @@
-<clickhouse>
-    <listen_host>0.0.0.0</listen_host>
-</clickhouse>

clickhouse/logs.xml

@@ -1,28 +0,0 @@
-<clickhouse>
-    <logger>
-        <level>warning</level>
-        <console>true</console>
-    </logger>
-
-    <query_log replace="1">
-        <database>system</database>
-        <table>query_log</table>
-        <flush_interval_milliseconds>7500</flush_interval_milliseconds>
-        <engine>
-            ENGINE = MergeTree
-            PARTITION BY event_date
-            ORDER BY (event_time)
-            TTL event_date + interval 30 day
-            SETTINGS ttl_only_drop_parts=1
-        </engine>
-    </query_log>
-
-    <!-- Stops unnecessary logging -->
-    <metric_log remove="remove" />
-    <asynchronous_metric_log remove="remove" />
-    <query_thread_log remove="remove" />
-    <text_log remove="remove" />
-    <trace_log remove="remove" />
-    <session_log remove="remove" />
-    <part_log remove="remove" />
-</clickhouse>

clickhouse/low-resources.xml

@@ -1,23 +0,0 @@
-<!-- https://clickhouse.com/docs/en/operations/tips#using-less-than-16gb-of-ram -->
-<clickhouse>
-    <!--
-    https://clickhouse.com/docs/en/operations/server-configuration-parameters/settings#mark_cache_size -->
-    <mark_cache_size>524288000</mark_cache_size>
-
-    <profile>
-        <default>
-            <!-- https://clickhouse.com/docs/en/operations/settings/settings#max_threads -->
-            <max_threads>1</max_threads>
-            <!-- https://clickhouse.com/docs/en/operations/settings/settings#max_block_size -->
-            <max_block_size>8192</max_block_size>
-            <!-- https://clickhouse.com/docs/en/operations/settings/settings#max_download_threads -->
-            <max_download_threads>1</max_download_threads>
-            <!--
-            https://clickhouse.com/docs/en/operations/settings/settings#input_format_parallel_parsing -->
-            <input_format_parallel_parsing>0</input_format_parallel_parsing>
-            <!--
-            https://clickhouse.com/docs/en/operations/settings/settings#output_format_parallel_formatting -->
-            <output_format_parallel_formatting>0</output_format_parallel_formatting>
-        </default>
-    </profile>
-</clickhouse>

compose.override.yml

@@ -1,4 +0,0 @@
-services:
-  plausible:
-    ports:
-      - 127.0.0.1:84:80

compose.yml

@@ -1,90 +0,0 @@
-services:
-  plausible_db:
-    image: postgres:16-alpine
-    stop_grace_period: 60s
-    restart: always
-    volumes:
-      - ./data/postgres:/var/lib/postgresql/data
-    environment:
-      - POSTGRES_PASSWORD=postgres
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U postgres"]
-      start_period: 1m
-
-  plausible_events_db:
-    image: clickhouse/clickhouse-server:24.3.3.102-alpine
-    stop_grace_period: 60s
-    restart: always
-    volumes:
-      - ./data/clickhouse:/var/lib/clickhouse
-      - ./data/clickhouse-logs:/var/log/clickhouse-server
-      - ./clickhouse/logs.xml:/etc/clickhouse-server/config.d/logs.xml:ro
-      # This makes ClickHouse bind to IPv4 only, since Docker doesn't enable IPv6 in bridge networks by default.
-      # Fixes "Listen [::]:9000 failed: Address family for hostname not supported" warnings.
-      - ./clickhouse/ipv4-only.xml:/etc/clickhouse-server/config.d/ipv4-only.xml:ro
-      # This makes ClickHouse consume less resources, which is useful for small setups.
-      # https://clickhouse.com/docs/en/operations/tips#using-less-than-16gb-of-ram
-      - ./clickhouse/low-resources.xml:/etc/clickhouse-server/config.d/low-resources.xml:ro
-    ulimits:
-      nofile:
-        soft: 262144
-        hard: 262144
-    healthcheck:
-      test: ["CMD-SHELL", "wget --no-verbose --tries=1 -O - http://127.0.0.1:8123/ping || exit 1"]
-      start_period: 1m
-
-  plausible:
-    image: ghcr.io/plausible/community-edition:v2.1.5
-    stop_grace_period: 60s
-    restart: always
-    command: sh -c "/entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh run"
-    depends_on:
-      plausible_db:
-        condition: service_healthy
-      plausible_events_db:
-        condition: service_healthy
-    volumes:
-      - ./data/plausible:/var/lib/plausible
-    ulimits:
-      nofile:
-        soft: 65535
-        hard: 65535
-    environment:
-      - TMPDIR=/var/lib/plausible/tmp
-      # required: https://github.com/plausible/community-edition/wiki/configuration#required
-      - BASE_URL=${BASE_URL}
-      - SECRET_KEY_BASE=${SECRET_KEY_BASE}
-      # optional: https://github.com/plausible/community-edition/wiki/configuration#optional
-      # registration: https://github.com/plausible/community-edition/wiki/configuration#registration
-      - TOTP_VAULT_KEY
-      - DISABLE_REGISTRATION
-      - ENABLE_EMAIL_VERIFICATION
-      # web: https://github.com/plausible/community-edition/wiki/configuration#web
-      - HTTP_PORT
-      - HTTPS_PORT
-      # databases: https://github.com/plausible/community-edition/wiki/configuration#database
-      - DATABASE_URL
-      - CLICKHOUSE_DATABASE_URL
-      # Google: https://github.com/plausible/community-edition/wiki/configuration#google
-      - GOOGLE_CLIENT_ID
-      - GOOGLE_CLIENT_SECRET
-      # geolocation: https://github.com/plausible/community-edition/wiki/configuration#ip-geolocation
-      - IP_GEOLOCATION_DB
-      - GEONAMES_SOURCE_FILE
-      - MAXMIND_LICENSE_KEY
-      - MAXMIND_EDITION
-      # email: https://github.com/plausible/community-edition/wiki/configuration#email
-      - MAILER_ADAPTER
-      - MAILER_EMAIL
-      - MAILER_NAME
-      - SMTP_HOST_ADDR
-      - SMTP_HOST_PORT
-      - SMTP_USER_NAME
-      - SMTP_USER_PWD
-      - SMTP_HOST_SSL_ENABLED
-      - POSTMARK_API_KEY
-      - MAILGUN_API_KEY
-      - MAILGUN_DOMAIN
-      - MAILGUN_BASE_URI
-      - MANDRILL_API_KEY
-      - SENDGRID_API_KEY

docker-compose.yml

@@ -0,0 +1,33 @@
+version: "3.3"
+services:
+  plausible_db:
+    image: postgres:12
+    restart: always
+    volumes:
+      - ./data/postgres:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD=postgres
+
+  plausible_events_db:
+    image: yandex/clickhouse-server:21.3.2.5
+    restart: always
+    volumes:
+      - ./data/clickhouse:/var/lib/clickhouse
+      - ./clickhouse/clickhouse-config.xml:/etc/clickhouse-server/config.d/logging.xml:ro
+      - ./clickhouse/clickhouse-user-config.xml:/etc/clickhouse-server/users.d/logging.xml:ro
+    ulimits:
+      nofile:
+        soft: 262144
+        hard: 262144
+
+  plausible:
+    image: plausible/analytics:latest
+    restart: always
+    command: sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh db init-admin && /entrypoint.sh run"
+    depends_on:
+      - plausible_db
+      - plausible_events_db
+    ports:
+      - 127.0.0.1:84:8000
+    env_file:
+      - plausible-conf.env

geoip/docker-compose.geoip.yml

@@ -0,0 +1,24 @@
+version: "3.3"
+services:
+  plausible:
+    depends_on:
+      - geoip
+    environment:
+      - GEOLITE2_COUNTRY_DB=/geoip/GeoLite2-Country.mmdb
+    volumes:
+      - geoip:/geoip:ro
+
+  geoip:
+    image: maxmindinc/geoipupdate
+    restart: always
+    environment:
+      - GEOIPUPDATE_EDITION_IDS=GeoLite2-Country
+      - GEOIPUPDATE_FREQUENCY=168 # update every 7 days
+    env_file:
+      geoip/geoip.conf
+    volumes:
+      - geoip:/usr/share/GeoIP
+
+volumes:
+  geoip:
+    driver: local

geoip/geoip.conf

@@ -0,0 +1,2 @@
+GEOIPUPDATE_ACCOUNT_ID=<your-account-id>
+GEOIPUPDATE_LICENSE_KEY=<your-license-key>

kubernetes/README.md

@@ -0,0 +1,38 @@
+# Plausible Analytics in Kubernetes
+
+This guide is designed to extend the [normal self-hosting guide](https://plausible.io/docs/self-hosting), please refer to it before following this guide.
+
+## 1. Clone the hosting repo
+
+To deploy Plausible Analytics into Kubernetes first download the [plausible/hosting](https://github.com/plausible/hosting) repo.
+
+```bash
+git clone https://github.com/plausible/hosting
+cd hosting
+```
+
+## 2. Add required configuration
+
+Like the original self hosting guide configure your server in the `plausible-conf.env` file.
+
+## 3. Deploy the server
+
+Once you've entered your secret key base, base url and admin credentials, you're ready to deploy the server:
+
+```bash
+kubectl create namespace plausible # Create a new namespace for all resources
+kubectl -n plausible create secret generic plausible-config --from-env-file=plausible-conf.env # Create a configmap from the plausible-conf.env file
+# Please change the Postgres and Clickhouse passwords to something more secure here!
+kubectl -n plausible create secret generic plausible-db-user --from-literal='username=postgres' --from-literal='password=postgres' # Create the Postgres user
+kubectl -n plausible create secret generic plausible-events-db-user --from-literal='username=clickhouse' --from-literal='password=clickhouse' # Create the Clickhouse user
+kubectl -n plausible apply -f ./kubernetes
+```
+
+You can now navigate to http://{hostname}:8000 and see the login screen.
+
+When you first log in with your admin credentials, you will be prompted to enter a verification code which has been sent to your email. Please configure your server for SMTP to receive this email. [Here are Plausible's SMTP configuration options](https://plausible.io/docs/self-hosting-configuration#mailersmtp-setup).
+Otherwise, run this command to verify all users in the database:
+
+```bash
+kubectl -n plausible exec statefulset/plausible-db -- /bin/bash -c 'psql -U $POSTGRES_USER -d $POSTGRES_DB -c "UPDATE users SET email_verified = true;"'
+```

kubernetes/plausible-db.yaml

@@ -0,0 +1,114 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: plausible-db
+  labels:
+    app.kubernetes.io/name: postgres
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: plausible
+spec:
+  type: ClusterIP
+  ports:
+    - name: db
+      port: 5432
+      targetPort: 5432
+      protocol: TCP
+  selector:
+    app.kubernetes.io/name: postgres
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: plausible
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: plausible-db
+  labels:
+    app.kubernetes.io/name: postgres
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: plausible
+spec:
+  replicas: 1
+  serviceName: plausible-db
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: postgres
+      app.kubernetes.io/component: database
+      app.kubernetes.io/part-of: plausible
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: postgres
+        app.kubernetes.io/component: database
+        app.kubernetes.io/part-of: plausible
+    spec:
+      restartPolicy: Always
+      # see https://github.com/docker-library/postgres/blob/6bbf1c7b308d1c4288251d73c37f6caf75f8a3d4/14/buster/Dockerfile
+      securityContext:
+        runAsUser: 999
+        runAsGroup: 999
+        fsGroup: 999
+      containers:
+        - name: plausible-db
+          image: postgres:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 5432
+          volumeMounts:
+            - name: data
+              mountPath: /var/lib/postgresql/data
+          env:
+            - name: POSTGRES_DB
+              value: plausible
+            - name: PGDATA
+              value: /var/lib/postgresql/data/pgdata
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: plausible-db-user
+                  key: username
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: plausible-db-user
+                  key: password
+          securityContext:
+            allowPrivilegeEscalation: false
+          resources:
+            limits:
+              memory: 2Gi
+              cpu: 1500m
+            requests:
+              memory: 65Mi
+              cpu: 15m
+          readinessProbe:
+            exec:
+              command:
+                - /bin/sh
+                - -c
+                - pg_isready -U postgres
+            initialDelaySeconds: 20
+            failureThreshold: 6
+            periodSeconds: 10
+          livenessProbe:
+            exec:
+              command:
+                - /bin/sh
+                - -c
+                - pg_isready -U postgres
+            initialDelaySeconds: 30
+            failureThreshold: 3
+            periodSeconds: 10
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+        labels:
+          app.kubernetes.io/name: postgres
+          app.kubernetes.io/component: database
+          app.kubernetes.io/part-of: plausible
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: 128Mi
+          limits:
+            storage: 15Gi

kubernetes/plausible-events-db.yaml

@@ -0,0 +1,150 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: plausible-events-db
+  labels:
+    app.kubernetes.io/name: clickhouse
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: plausible
+spec:
+  type: ClusterIP
+  ports:
+    - name: db
+      port: 8123
+      targetPort: 8123
+      protocol: TCP
+  selector:
+    app.kubernetes.io/name: clickhouse
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: plausible
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: plausible-events-db-config
+data:
+  clickhouse-config.xml: |
+    <yandex>
+        <logger>
+            <level>warning</level>
+            <console>true</console>
+        </logger>
+
+        <!-- Stop all the unnecessary logging -->
+        <query_thread_log remove="remove"/>
+        <query_log remove="remove"/>
+        <text_log remove="remove"/>
+        <trace_log remove="remove"/>
+        <metric_log remove="remove"/>
+        <asynchronous_metric_log remove="remove"/>
+    </yandex>
+  clickhouse-user-config.xml: |
+    <yandex>
+        <profiles>
+            <default>
+                <log_queries>0</log_queries>
+                <log_query_threads>0</log_query_threads>
+            </default>
+        </profiles>
+    </yandex>
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: plausible-events-db
+  labels:
+    app.kubernetes.io/name: clickhouse
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: plausible
+spec:
+  replicas: 1
+  serviceName: plausible-events-db
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: clickhouse
+      app.kubernetes.io/component: database
+      app.kubernetes.io/part-of: plausible
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: clickhouse
+        app.kubernetes.io/component: database
+        app.kubernetes.io/part-of: plausible
+    spec:
+      restartPolicy: Always
+      # see https://github.com/ClickHouse/ClickHouse/blob/master/docker/server/Dockerfile
+      securityContext:
+        runAsUser: 101
+        runAsGroup: 101
+        fsGroup: 101
+      containers:
+        - name: plausible-events-db
+          image: yandex/clickhouse-server:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8123
+          volumeMounts:
+            - name: data
+              mountPath: /var/lib/clickhouse
+            - name: config
+              mountPath: /etc/clickhouse-server/config.d/logging.xml
+              subPath: clickhouse-config.xml
+              readOnly: true
+            - name: config
+              mountPath: /etc/clickhouse-server/users.d/logging.xml"
+              subPath: clickhouse-user-config.xml
+              readOnly: true
+          env:
+            - name: CLICKHOUSE_DB
+              value: plausible
+            - name: CLICKHOUSE_USER
+              valueFrom:
+                secretKeyRef:
+                  name: plausible-events-db-user
+                  key: username
+            - name: CLICKHOUSE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: plausible-events-db-user
+                  key: password
+          securityContext:
+            allowPrivilegeEscalation: false
+          resources:
+            limits:
+              memory: 2Gi
+              cpu: 1500m
+            requests:
+              memory: 80Mi
+              cpu: 10m
+          readinessProbe:
+            httpGet:
+              path: /ping
+              port: 8123
+            initialDelaySeconds: 20
+            failureThreshold: 6
+            periodSeconds: 10
+          livenessProbe:
+            httpGet:
+              path: /ping
+              port: 8123
+            initialDelaySeconds: 30
+            failureThreshold: 3
+            periodSeconds: 10
+      volumes:
+        - name: config
+          configMap:
+            name: plausible-events-db-config
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+        labels:
+          app.kubernetes.io/name: clickhouse
+          app.kubernetes.io/component: database
+          app.kubernetes.io/part-of: plausible
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: 128Mi
+          limits:
+            storage: 20Gi

kubernetes/plausible-mail.yaml

@@ -0,0 +1,70 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: plausible-smtp
+  labels:
+    app.kubernetes.io/name: smtp
+    app.kubernetes.io/component: email
+    app.kubernetes.io/part-of: plausible
+spec:
+  type: ClusterIP
+  ports:
+    - name: smtp
+      port: 25
+      targetPort: 25
+      protocol: TCP
+  selector:
+    app.kubernetes.io/name: smtp
+    app.kubernetes.io/component: email
+    app.kubernetes.io/part-of: plausible
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: plausible-smtp
+  labels:
+    app.kubernetes.io/name: smtp
+    app.kubernetes.io/component: email
+    app.kubernetes.io/part-of: plausible
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: smtp
+      app.kubernetes.io/component: email
+      app.kubernetes.io/part-of: plausible
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: smtp
+        app.kubernetes.io/component: email
+        app.kubernetes.io/part-of: plausible
+    spec:
+      restartPolicy: Always
+      containers:
+        - name: plausible-smtp
+          image: bytemark/smtp:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 25
+          securityContext:
+            allowPrivilegeEscalation: false
+          resources:
+            limits:
+              memory: 512Mi
+              cpu: 500m
+            requests:
+              memory: 5Mi
+              cpu: 1m
+          readinessProbe:
+            tcpSocket:
+              port: 25
+            initialDelaySeconds: 20
+            failureThreshold: 6
+            periodSeconds: 10
+          livenessProbe:
+            tcpSocket:
+              port: 25
+            initialDelaySeconds: 30
+            failureThreshold: 3
+            periodSeconds: 10

kubernetes/plausible.yaml

@@ -0,0 +1,150 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: plausible
+  labels:
+    app.kubernetes.io/name: plausible
+    app.kubernetes.io/component: server
+spec:
+  type: LoadBalancer
+  ports:
+    - name: http
+      port: 8000
+      targetPort: 8000
+      protocol: TCP
+  selector:
+    app.kubernetes.io/name: plausible
+    app.kubernetes.io/component: server
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: plausible
+  labels:
+    app.kubernetes.io/name: plausible
+    app.kubernetes.io/component: server
+spec:
+  # Plausible is not currently designed to run in a clustered scenario. Increasing the replicas of this deployment is highly NOT recommended!
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: plausible
+      app.kubernetes.io/component: server
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: plausible
+        app.kubernetes.io/component: server
+    spec:
+      restartPolicy: Always
+      # see https://github.com/plausible/analytics/blob/master/Dockerfile
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
+      initContainers:
+        - name: plausible-init
+          image: plausible/analytics:latest
+          command:
+            - "/bin/sh"
+            - "-c"
+          args:
+            - sleep 30 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh db init-admin
+          envFrom:
+            - secretRef:
+                name: plausible-config
+          env:
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: plausible-db-user
+                  key: username
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: plausible-db-user
+                  key: password
+            - name: CLICKHOUSE_USER
+              valueFrom:
+                secretKeyRef:
+                  name: plausible-events-db-user
+                  key: username
+            - name: CLICKHOUSE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: plausible-events-db-user
+                  key: password
+            - name: DATABASE_URL
+              value: postgres://$(POSTGRES_USER):$(POSTGRES_PASSWORD)@$(PLAUSIBLE_DB_SERVICE_HOST):$(PLAUSIBLE_DB_SERVICE_PORT)/plausible
+            - name: CLICKHOUSE_DATABASE_URL
+              value: http://$(CLICKHOUSE_USER):$(CLICKHOUSE_PASSWORD)@$(PLAUSIBLE_EVENTS_DB_SERVICE_HOST):$(PLAUSIBLE_EVENTS_DB_SERVICE_PORT)/plausible
+            - name: SMTP_HOST_ADDR
+              value: $(PLAUSIBLE_SMTP_SERVICE_HOST)
+          securityContext:
+            allowPrivilegeEscalation: false
+          resources:
+            limits:
+              memory: 2Gi
+              cpu: 1500m
+            requests:
+              memory: 50Mi
+              cpu: 10m
+      containers:
+        - name: plausible
+          image: plausible/analytics:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8000
+          envFrom:
+            - secretRef:
+                name: plausible-config
+          env:
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: plausible-db-user
+                  key: username
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: plausible-db-user
+                  key: password
+            - name: CLICKHOUSE_USER
+              valueFrom:
+                secretKeyRef:
+                  name: plausible-events-db-user
+                  key: username
+            - name: CLICKHOUSE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: plausible-events-db-user
+                  key: password
+            - name: DATABASE_URL
+              value: postgres://$(POSTGRES_USER):$(POSTGRES_PASSWORD)@$(PLAUSIBLE_DB_SERVICE_HOST):$(PLAUSIBLE_DB_SERVICE_PORT)/plausible
+            - name: CLICKHOUSE_DATABASE_URL
+              value: http://$(CLICKHOUSE_USER):$(CLICKHOUSE_PASSWORD)@$(PLAUSIBLE_EVENTS_DB_SERVICE_HOST):$(PLAUSIBLE_EVENTS_DB_SERVICE_PORT)/plausible
+            - name: SMTP_HOST_ADDR
+              value: $(PLAUSIBLE_SMTP_SERVICE_HOST)
+          securityContext:
+            allowPrivilegeEscalation: false
+          resources:
+            limits:
+              memory: 2Gi
+              cpu: 1500m
+            requests:
+              memory: 140Mi
+              cpu: 10m
+          readinessProbe:
+            httpGet:
+              path: /api/health
+              port: 8000
+            initialDelaySeconds: 35
+            failureThreshold: 6
+            periodSeconds: 10
+          livenessProbe:
+            httpGet:
+              path: /api/health
+              port: 8000
+            initialDelaySeconds: 45
+            failureThreshold: 3
+            periodSeconds: 10

reverse-proxy/README.md

@@ -0,0 +1,47 @@
+This directory contains pre-made configurations for various reverse proxies. Which flavor you should choose depends on your setup.
+
+## No existing reverse proxy
+
+If you aren't running an existing reverse proxy, then you can use the [`caddy-gen`](https://github.com/wemake-services/caddy-gen) based docker-compose file. Update it to include the domain name you use for your server, then combine it with the existing docker-compose files:
+
+```shell
+$ docker-compose -f docker-compose.yml -f reverse-proxy/docker-compose.caddy-gen.yml up
+```
+
+## Existing reverse proxy
+
+If you are already running a reverse proxy, then the above will not work as it will clash with the existing port bindings. You should instead use one of the available configuration files:
+
+### NGINX
+
+If you already have NGINX running as a system service, use the configuration file in the `nginx` directory.
+
+Edit the file `reverse-proxy/nginx/plausible` to contain the domain name you use for your server, then copy it into NGINX's configuration folder. Enable it by creating a symlink in NGINX's enabled sites folder. Finally use Certbot to create a TLS certificate for your site:
+
+```shell
+$ sudo cp reverse-proxy/nginx/plausible /etc/nginx/sites-available
+$ sudo ln -s /etc/nginx/sites-available/plausible /etc/nginx/sites-enabled/plausible
+$ sudo certbot --nginx
+```
+
+### Traefik 2
+
+If you already have a Traefik container running on Docker, use the docker-compose file in the `traefik` directory. Note that it assumes that your Traefik container is set up to support certificate generation.
+
+Edit the file `reverse-proxy/traefik/docker-compose.traefik.yml` to contain the domain name you use for your server, then combine it with the existing docker-compose files:
+
+```shell
+$ docker-compose -f docker-compose.yml -f reverse-proxy/traefik/docker-compose.traefik.yml up
+```
+
+### Apache2
+Install the necessary Apache modules and restart Apache. Edit the file `reverse-proxy/apache2/plausible.conf` to contain the domain name you use for your server, then copy it into Apache's configuration folder. Enable it by creating a symlink in Apache's enabled sites folder with `a2ensite` command. Finally use Certbot to create a TLS certificate for your site:
+
+```shell
+$ sudo a2enmod proxy proxy_http proxy_ajp remoteip headers
+$ sudo systemctl restart apache2
+$ sudo cp reverse-proxy/apache2/plausible.conf /etc/apache2/sites-available/
+$ sudo a2ensite plausible.conf
+$ sudo systemctl restart apache2
+$ sudo certbot --apache
+```

reverse-proxy/apache2/plausible.conf

@@ -0,0 +1,18 @@
+<VirtualHost *:80>
+
+ ServerAdmin admin@example.com
+ ServerName example.com
+
+ ProxyPreserveHost On
+ ProxyPass / http://localhost:8000/
+ ProxyPassReverse / http://localhost:8000/
+
+ SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+ LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" forwarded
+
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined env=!forwarded
+ CustomLog ${APACHE_LOG_DIR}/access.log forwarded env=forwarded
+    
+</VirtualHost>

reverse-proxy/docker-compose.caddy-gen.yml

@@ -0,0 +1,24 @@
+version: "3.3"
+services:
+  caddy-gen:
+    container_name: caddy-gen
+    image: "wemakeservices/caddy-gen:latest"
+    restart: always
+    volumes:
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+      - caddy-certificates:/data/caddy
+    ports:
+      - "80:80"
+      - "443:443"
+    depends_on:
+      - plausible
+
+  plausible:
+    labels:
+      virtual.host: "example.com" # change to your domain name
+      virtual.port: "8000"
+      virtual.tls-email: "admin@example.com" # change to your email
+        
+volumes:
+    caddy-certificates:
+        driver: local

reverse-proxy/nginx/plausible

@@ -0,0 +1,12 @@
+server {
+	# replace example.com with your domain name
+	server_name example.com;
+	
+	listen 80;
+	listen [::]:80;
+
+	location / {
+		proxy_pass http://127.0.0.1:8000;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	}
+}

reverse-proxy/traefik/docker-compose.traefik.yml

@@ -0,0 +1,8 @@
+version: "3.3"
+services:
+  plausible:
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.plausible.rule: "Host(`example.com`)" # change to your domain name
+      traefik.http.routers.plausible.entrypoints: "websecure"
+      traefik.http.services.plausible.loadbalancer.server.port: "8000"