{"_id":"57d93f81ed63190e0022d2ad","category":{"_id":"57d556a2496a3117004d70cf","__v":0,"project":"552829408962f339009a678d","version":"552829408962f339009a6790","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2016-09-11T13:05:38.479Z","from_sync":false,"order":1,"slug":"docker","title":"Quick Start (Docker)"},"user":"55282916d9e1db2d00cd923c","__v":0,"parentDoc":null,"project":"552829408962f339009a678d","version":{"_id":"552829408962f339009a6790","project":"552829408962f339009a678d","__v":26,"createdAt":"2015-04-10T19:49:20.516Z","releaseDate":"2015-04-10T19:49:20.516Z","categories":["552829418962f339009a6791","55284ed68962f339009a67e1","55286c73391a362500d9b3f4","552918f6b316811900149f59","5529b255d739240d00a3483e","553287590a578a0d008d4ff5","55329385e7d1fa0d003fc946","5550b55200420e0d00d1312f","55525fca953c9c0d00f507d7","559199695631432f002d358a","559d8d96980b801700d5ec7e","55c5e833cccdeb2d004e24b9","55d76504f662951900fc0e7d","55ea213cc62aa02f008229cd","56157b750f5ed00d00483dd8","561981fbac0924170069f4e8","561b8b1ea430930d0037ea67","563417428b86331700b488ca","56cd785bface161300dae0ec","56cdcc6e70db8a15006395f4","56cdf1b749abf10b0036a34a","56cedc8ce50c9c1b00830423","56e97ba8d825061900d1ac83","570d505228e6900e00477229","573614ca2ab52e1700c8e851","57d556a2496a3117004d70cf"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"updates":[],"next":{"pages":[],"description":""},"createdAt":"2016-09-14T12:16:01.887Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":1,"body":"Having Docker-based installation we can connect to server, signup, send messages, create groups and do other fancy stuff, but we are only people who can access our server. In this guide we will made Actor available to anyone on the internet (or your local network). We will add just one important part to our setup - encryption proxy that routes data to our server and encrypting everything via TLS.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/9cb64ea-Simple-TLS.png\",\n        \"Simple-TLS.png\",\n        433,\n        438,\n        \"#6b84b4\"\n      ]\n    }\n  ]\n}\n[/block]\n\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Step 0: Have a Domain Name and Public IP Address\"\n}\n[/block]\nBefore you can spin up your real world server you need to have Public IP address for your server and DNS name.\n\nWe assume that your server IP will be `5.5.5.5` and domain name `example.com`.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Step 1: Setting up DNS names\"\n}\n[/block]\nFirst of all you need to add A-recrods for your new Actor Server, they all point to same Public IP, but it is much better to have distinct records for each feature.\n[block:parameters]\n{\n  \"data\": {\n    \"h-0\": \"Record Name\",\n    \"h-1\": \"Example\",\n    \"1-0\": \"api\",\n    \"1-1\": \"api.example.com\",\n    \"h-2\": \"Description\",\n    \"1-2\": \"HTTP API endpoint\",\n    \"2-0\": \"api-ws\",\n    \"2-1\": \"api-ws.example.com\",\n    \"2-2\": \"Web Socket API for Web App\",\n    \"3-0\": \"api-mtproto\",\n    \"3-1\": \"api-mtproto.example.com\",\n    \"3-2\": \"MTProto Endpoint for Mobile Apps\",\n    \"0-0\": \"app\",\n    \"0-1\": \"app.example.com\",\n    \"0-2\": \"Web App hosting Endpoint\"\n  },\n  \"cols\": 3,\n  \"rows\": 4\n}\n[/block]\n## How To Check\nDNS records can take time to be updated and you need to wait until all they are set.\nFor checking you can use next commands: \n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"nslookup app.example.com\\nnslookup api.example.com\\nnslookup api-ws.example.com\\nnslookup api-mtproto.example.com\",\n      \"language\": \"shell\"\n    }\n  ]\n}\n[/block]\nIf you can see your public IP in responses then everything is done, if not try to wait more time or check settings in your registrar.\n\n## Results\n* We have ready to use DNS names that points to your server\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Step 2: Installing Encryption Proxy\"\n}\n[/block]\nThis proxy will hide your server behind proxy and encrypts all traffic. We are prepared special Docker image for this.\n[block:callout]\n{\n  \"type\": \"warning\",\n  \"title\": \"Works only when Server, Web and proxy on the same machine\",\n  \"body\": \"This docker image works only with actor setup on single server!\"\n}\n[/block]\n\n[block:callout]\n{\n  \"type\": \"info\",\n  \"title\": \"Be careful with links\",\n  \"body\": \"`--link` arguments can be different on your machine, you can find names of your containers via `docker ps` command and adjust our example for your needs. Keep right part of `--link` argument the same.\"\n}\n[/block]\n\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"docker run \\\\\\n  --name server-tls \\\\\\n  --link actor-web:actor-web \\\\\\n  --link actor:actor-server \\\\\\n  -e ACTOR_WEB_HOST=app.example.com \\\\\\n  -e ACTOR_API_HOST=api.example.com \\\\\\n  -e ACTOR_WS_HOST=api-ws.example.com \\\\\\n  -e ACTOR_MT_HOST=api-mtproto.example.com \\\\\\n  -e EMAIL=steve:::at:::actor.im \\\\\\n  -p 80:80 -p 443:443 \\\\\\n  -v /data/certs:/etc/letsencrypt \\\\\\n  -d \\\\\\n  actor/server-tls\",\n      \"language\": \"shell\"\n    }\n  ]\n}\n[/block]\n## How To Check\n* Try to open http://api.example.com/v1/status in your browser. It should redirect you to https url and show:\n\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"{\\n  \\\"status\\\" : \\\"Ok\\\"\\n}\",\n      \"language\": \"json\"\n    }\n  ]\n}\n[/block]\n## Results\n* We are put our server behind nice-looking domain and encrypted everything!\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Step 3: Re-deploy Server\"\n}\n[/block]\nAfter working encryption proxy we need to redeploy our server and tell about our external api endpoint - this is required for working file transfer. For this we add new Environment Variable ACTOR_API_ENDPOINT with 'https://api.example.com' value.\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"docker rm -f actor\\ndocker run \\\\\\n\\t--name actor \\\\\\n\\t--link actor-postgres:postgres \\\\\\n  -e ACTOR_SECRET=<YOUR_SHARED_SECRET> \\\\\\n  -e ACTOR_DB_PASSWORD=<YOUR_POSTGRES_PASSWORD> \\\\\\n  -e ACTOR_GATE_TOKEN=<YOUR_ACTIVATION_GATE_TOKEN> \\\\\\n  -e ACTOR_API_ENDPOINT=https://api.example.com \\\\\\n  -v /data/files:/files \\\\\\n  -v /data/keys:/keys:ro \\\\\\n  -d \\\\\\n  -p 9070:9070 \\\\\\n  -p 9080:9080 \\\\\\n  -p 9090:9090 \\\\\\n  actor/server\",\n      \"language\": \"shell\"\n    }\n  ]\n}\n[/block]\n\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Step 4: Re-deploy WebApp\"\n}\n[/block]\nNow we need to change settings of our WebApp to point to new secure endpoints. First of all, you need to remove running container:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"docker rm -f actor-web\",\n      \"language\": \"shell\"\n    }\n  ]\n}\n[/block]\nAfter this you need to start new container with new settings:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"docker run \\\\\\n  --name actor-web \\\\\\n  -p 3000:3000 \\\\\\n  -e ACTOR_ENDPOINT=wss://api-ws.example.com/ \\\\\\n  -d \\\\\\n  actor/web\",\n      \"language\": \"shell\"\n    }\n  ]\n}\n[/block]\n\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Step 5: Redeploy proxy\"\n}\n[/block]\nUnfortunately docker doesn't restore links between containers when they are restarted, so you need to restart proxy again:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"docker rm -f server-tls\\ndocker run \\\\\\n  --name server-tls \\\\\\n  --link actor-web:actor-web \\\\\\n  --link actor:actor-server \\\\\\n  -e ACTOR_WEB_HOST=app.example.com \\\\\\n  -e ACTOR_API_HOST=api.example.com \\\\\\n  -e ACTOR_WS_HOST=api-ws.example.com \\\\\\n  -e ACTOR_MT_HOST=api-mtproto.example.com \\\\\\n  -e EMAIL=steve@actor.im \\\\\\n  -p 80:80 -p 443:443 \\\\\\n  -v /data/certs:/etc/letsencrypt \\\\\\n  -d \\\\\\n  actor/server-tls\",\n      \"language\": \"shell\"\n    }\n  ]\n}\n[/block]\n\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Result\"\n}\n[/block]\nNow you can open your fresh secured WebApp: [https://app.example.com](https://app.example.com)!\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/293d160-Screen_Shot_2016-09-14_at_8.13.04_PM.png\",\n        \"Screen Shot 2016-09-14 at 8.13.04 PM.png\",\n        984,\n        348,\n        \"#445c84\"\n      ]\n    }\n  ]\n}\n[/block]\n\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Next Steps: Mobile Apps\"\n}\n[/block]\nNow we have working web application, but we don't have mobile apps and Actor is almost useless without Mobile Apps and Bots!","excerpt":"Real World deployment of a small Actor Server","slug":"deployment-real","type":"basic","title":"Deployment: Real World"}

Deployment: Real World

Real World deployment of a small Actor Server

Having Docker-based installation we can connect to server, signup, send messages, create groups and do other fancy stuff, but we are only people who can access our server. In this guide we will made Actor available to anyone on the internet (or your local network). We will add just one important part to our setup - encryption proxy that routes data to our server and encrypting everything via TLS. [block:image] { "images": [ { "image": [ "https://files.readme.io/9cb64ea-Simple-TLS.png", "Simple-TLS.png", 433, 438, "#6b84b4" ] } ] } [/block] [block:api-header] { "type": "basic", "title": "Step 0: Have a Domain Name and Public IP Address" } [/block] Before you can spin up your real world server you need to have Public IP address for your server and DNS name. We assume that your server IP will be `5.5.5.5` and domain name `example.com`. [block:api-header] { "type": "basic", "title": "Step 1: Setting up DNS names" } [/block] First of all you need to add A-recrods for your new Actor Server, they all point to same Public IP, but it is much better to have distinct records for each feature. [block:parameters] { "data": { "h-0": "Record Name", "h-1": "Example", "1-0": "api", "1-1": "api.example.com", "h-2": "Description", "1-2": "HTTP API endpoint", "2-0": "api-ws", "2-1": "api-ws.example.com", "2-2": "Web Socket API for Web App", "3-0": "api-mtproto", "3-1": "api-mtproto.example.com", "3-2": "MTProto Endpoint for Mobile Apps", "0-0": "app", "0-1": "app.example.com", "0-2": "Web App hosting Endpoint" }, "cols": 3, "rows": 4 } [/block] ## How To Check DNS records can take time to be updated and you need to wait until all they are set. For checking you can use next commands: [block:code] { "codes": [ { "code": "nslookup app.example.com\nnslookup api.example.com\nnslookup api-ws.example.com\nnslookup api-mtproto.example.com", "language": "shell" } ] } [/block] If you can see your public IP in responses then everything is done, if not try to wait more time or check settings in your registrar. ## Results * We have ready to use DNS names that points to your server [block:api-header] { "type": "basic", "title": "Step 2: Installing Encryption Proxy" } [/block] This proxy will hide your server behind proxy and encrypts all traffic. We are prepared special Docker image for this. [block:callout] { "type": "warning", "title": "Works only when Server, Web and proxy on the same machine", "body": "This docker image works only with actor setup on single server!" } [/block] [block:callout] { "type": "info", "title": "Be careful with links", "body": "`--link` arguments can be different on your machine, you can find names of your containers via `docker ps` command and adjust our example for your needs. Keep right part of `--link` argument the same." } [/block] [block:code] { "codes": [ { "code": "docker run \\\n --name server-tls \\\n --link actor-web:actor-web \\\n --link actor:actor-server \\\n -e ACTOR_WEB_HOST=app.example.com \\\n -e ACTOR_API_HOST=api.example.com \\\n -e ACTOR_WS_HOST=api-ws.example.com \\\n -e ACTOR_MT_HOST=api-mtproto.example.com \\\n -e EMAIL=steve@actor.im \\\n -p 80:80 -p 443:443 \\\n -v /data/certs:/etc/letsencrypt \\\n -d \\\n actor/server-tls", "language": "shell" } ] } [/block] ## How To Check * Try to open http://api.example.com/v1/status in your browser. It should redirect you to https url and show: [block:code] { "codes": [ { "code": "{\n \"status\" : \"Ok\"\n}", "language": "json" } ] } [/block] ## Results * We are put our server behind nice-looking domain and encrypted everything! [block:api-header] { "type": "basic", "title": "Step 3: Re-deploy Server" } [/block] After working encryption proxy we need to redeploy our server and tell about our external api endpoint - this is required for working file transfer. For this we add new Environment Variable ACTOR_API_ENDPOINT with 'https://api.example.com' value. [block:code] { "codes": [ { "code": "docker rm -f actor\ndocker run \\\n\t--name actor \\\n\t--link actor-postgres:postgres \\\n -e ACTOR_SECRET=<YOUR_SHARED_SECRET> \\\n -e ACTOR_DB_PASSWORD=<YOUR_POSTGRES_PASSWORD> \\\n -e ACTOR_GATE_TOKEN=<YOUR_ACTIVATION_GATE_TOKEN> \\\n -e ACTOR_API_ENDPOINT=https://api.example.com \\\n -v /data/files:/files \\\n -v /data/keys:/keys:ro \\\n -d \\\n -p 9070:9070 \\\n -p 9080:9080 \\\n -p 9090:9090 \\\n actor/server", "language": "shell" } ] } [/block] [block:api-header] { "type": "basic", "title": "Step 4: Re-deploy WebApp" } [/block] Now we need to change settings of our WebApp to point to new secure endpoints. First of all, you need to remove running container: [block:code] { "codes": [ { "code": "docker rm -f actor-web", "language": "shell" } ] } [/block] After this you need to start new container with new settings: [block:code] { "codes": [ { "code": "docker run \\\n --name actor-web \\\n -p 3000:3000 \\\n -e ACTOR_ENDPOINT=wss://api-ws.example.com/ \\\n -d \\\n actor/web", "language": "shell" } ] } [/block] [block:api-header] { "type": "basic", "title": "Step 5: Redeploy proxy" } [/block] Unfortunately docker doesn't restore links between containers when they are restarted, so you need to restart proxy again: [block:code] { "codes": [ { "code": "docker rm -f server-tls\ndocker run \\\n --name server-tls \\\n --link actor-web:actor-web \\\n --link actor:actor-server \\\n -e ACTOR_WEB_HOST=app.example.com \\\n -e ACTOR_API_HOST=api.example.com \\\n -e ACTOR_WS_HOST=api-ws.example.com \\\n -e ACTOR_MT_HOST=api-mtproto.example.com \\\n -e EMAIL=steve@actor.im \\\n -p 80:80 -p 443:443 \\\n -v /data/certs:/etc/letsencrypt \\\n -d \\\n actor/server-tls", "language": "shell" } ] } [/block] [block:api-header] { "type": "basic", "title": "Result" } [/block] Now you can open your fresh secured WebApp: [https://app.example.com](https://app.example.com)! [block:image] { "images": [ { "image": [ "https://files.readme.io/293d160-Screen_Shot_2016-09-14_at_8.13.04_PM.png", "Screen Shot 2016-09-14 at 8.13.04 PM.png", 984, 348, "#445c84" ] } ] } [/block] [block:api-header] { "type": "basic", "title": "Next Steps: Mobile Apps" } [/block] Now we have working web application, but we don't have mobile apps and Actor is almost useless without Mobile Apps and Bots!