Compare commits
8 Commits
178ce3581c
...
f043c58744
Author | SHA1 | Date |
---|---|---|
ruslandoga | f043c58744 | |
ruslandoga | 06f122fde5 | |
ruslandoga | 3ea11aad26 | |
ruslandoga | 4ebc0f6631 | |
ruslandoga | 9c5b0c9be9 | |
ruslandoga | 565906e9f5 | |
onzecki | b6d9eac722 | |
ruslandoga | 0a9c71320a |
20
README.md
20
README.md
|
@ -88,8 +88,6 @@ $ openssl rand -base64 32
|
|||
dsxvbn3jxDd16az2QpsX5B8O+llxjQ2SJE2i5Bzx38I=
|
||||
```
|
||||
|
||||
> ⚠️ [`SECRET_KEY_BASE`](#secret_key_base) needs to be Base64 encoded 32 (or more) bytes and [`TOTP_VAULT_KEY`](#totp_vault_key) needs to be Base64 encoded 32 bytes.
|
||||
|
||||
And then we decide on the [`BASE_URL`](#base_url) where the instance would be accessible. Let's assume we choose `http://plausible.example.com`
|
||||
|
||||
<sub><kbd>plausible-conf.env</kbd></sub>
|
||||
|
@ -104,6 +102,20 @@ And then we decide on the [`BASE_URL`](#base_url) where the instance would be ac
|
|||
|
||||
We can start our instance now but the requests would be served over HTTP. Not cool! Let's configure [Caddy](https://caddyserver.com) to enable HTTPS.
|
||||
|
||||
<details><summary>Don't need reverse proxy?</summary>
|
||||
|
||||
If you're **opting out** of a reverse proxy and HTTPS, you'll need to adjust the Plausible service [configuration](https://github.com/plausible/community-edition/blob/v2.0.0/docker-compose.yml#L38) to ensure it's not limited to localhost (127.0.0.1). This change allows the service to be accessible from any network interface:
|
||||
|
||||
<sub><kbd>[docker-compose.yml](https://github.com/plausible/community-edition/blob/v2.0.0/docker-compose.yml#L38)</kbd></sub>
|
||||
```diff
|
||||
plausible:
|
||||
ports:
|
||||
- - 127.0.0.1:8000:8000
|
||||
+ - 8000:8000
|
||||
```
|
||||
|
||||
</details>
|
||||
|
||||
<!-- TODO note about CloudFlare -->
|
||||
|
||||
> For other reverse-proxy setups please see [reverse-proxy](https://github.com/plausible/community-edition/tree/master/reverse-proxy) docs.
|
||||
|
@ -278,8 +290,6 @@ SECRET_KEY_BASE=GLVzDZW04FzuS1gMcmBRVhwgd4Gu9YmSl/k/TqfTUXti7FLBd7aflXeQDdwCj6Cz
|
|||
|
||||
> ⚠️ Don't use this exact value or someone would be able to sign a cookie with `user_id=1` and log in as the admin!
|
||||
|
||||
> ⚠️ [`SECRET_KEY_BASE`](#secret_key_base) needs to be either Bsde16 or Base64 encoded 32 (or more) bytes.
|
||||
|
||||
#### `TOTP_VAULT_KEY`
|
||||
|
||||
Configures the secret used for encrypting TOTP secrets at rest, doesn't have any defaults and needs to be provided in the ENV vars, can be generated with `openssl rand -base64 32`
|
||||
|
@ -295,8 +305,6 @@ dsxvbn3jxDd16az2QpsX5B8O+llxjQ2SJE2i5Bzx38I=
|
|||
TOTP_VAULT_KEY=dsxvbn3jxDd16az2QpsX5B8O+llxjQ2SJE2i5Bzx38I=
|
||||
``````
|
||||
|
||||
> [`TOTP_VAULT_KEY`](#totp_vault_key) needs to be Base64 encoded 32 bytes.
|
||||
|
||||
### Optional
|
||||
|
||||
<details>
|
||||
|
|
|
@ -5,7 +5,8 @@ services:
|
|||
restart: always
|
||||
|
||||
plausible_db:
|
||||
# supported versions are 13, 14, and 15
|
||||
# Plausible v2.0.0 was tested against PostgreSQL versions 12, 13, and 14
|
||||
# https://github.com/plausible/analytics/blob/v2.0.0/.github/workflows/elixir.yml#L16
|
||||
image: postgres:14-alpine
|
||||
restart: always
|
||||
volumes:
|
||||
|
@ -18,6 +19,7 @@ services:
|
|||
restart: always
|
||||
volumes:
|
||||
- event-data:/var/lib/clickhouse
|
||||
- event-logs:/var/log/clickhouse-server
|
||||
- ./clickhouse/clickhouse-config.xml:/etc/clickhouse-server/config.d/logging.xml:ro
|
||||
- ./clickhouse/clickhouse-user-config.xml:/etc/clickhouse-server/users.d/logging.xml:ro
|
||||
ulimits:
|
||||
|
@ -43,3 +45,6 @@ volumes:
|
|||
driver: local
|
||||
event-data:
|
||||
driver: local
|
||||
event-logs:
|
||||
driver: local
|
||||
|
||||
|
|
|
@ -38,10 +38,10 @@ $ docker-compose -f docker-compose.yml -f reverse-proxy/traefik/docker-compose.t
|
|||
Install the necessary Apache modules and restart Apache. Edit the file `reverse-proxy/apache2/plausible.conf` to contain the domain name you use for your server, then copy it into Apache's configuration folder. Enable it by creating a symlink in Apache's enabled sites folder with `a2ensite` command. Finally use Certbot to create a TLS certificate for your site:
|
||||
|
||||
```shell
|
||||
$ sudo a2enmod proxy proxy_http proxy_ajp remoteip headers
|
||||
$ sudo a2enmod proxy proxy_http proxy_ajp remoteip headers proxy_wstunnel
|
||||
$ sudo systemctl restart apache2
|
||||
$ sudo cp reverse-proxy/apache2/plausible.conf /etc/apache2/sites-available/
|
||||
$ sudo a2ensite plausible.conf
|
||||
$ sudo systemctl restart apache2
|
||||
$ sudo certbot --apache
|
||||
```
|
||||
```
|
||||
|
|
Loading…
Reference in New Issue