Self-hosting

Self-hosting

Self-hosting

Have full control of your data by self-hosting Basedash on your own servers.

Enterprise users may choose to run a self-hosted version of Basedash for privacy and security reasons.

GitHub repository

There is a GitHub repository that contains all of the setup code. This code will be copied into a server using a git clone command and then you will be able to run scripts that will help setup the server to run Basedash.

Setup instructions

We have detailed setup instructions for AWS and GCP. However, it should be possible to host Basedash on any hosting provider that supports Docker.

AWS EC2

AWS EC2

  1. Launch a new instance of EC2 in the AWS console
  2. Select an Ubuntu server
  3. Select a t3.medium or higher and click Next
  4. Select the VPC under Network that contains any database and/or APIs the Basedash server should be able to connect to and click Next
  5. Increase your storage size to 40 GB or higher and click Next
  6. Optionally add some Tags (e.g. app = basedash) and click Next. This makes it easier to find if you have a lot of instances.
  7. Set the network security groups for ports 8044322 and 5000, with sources set to Anywhere 0.0.0.0/0 and ::/0), and click Review and Launch. We need to open ports 80 (http) and 443 (https) so you can connect to the server from a browser, as well as port 22 (ssh) so that you can ssh into the instance to configure it and run Basedash. By default on a vanilla EC2, Basedash will run on port 5000.
  8. image
  9. On the Review Instance Launch screen, click Launch to start your instance.
  10. Create a new SSH key pair (or use an existing one), and download the it. This will be used to SSH into the EC2 instance.
  11. If you're connecting to internal databases, whitelist the VPS's IP address in your database.
  12. From your command line tool, SSH into your EC2 instance. You'll need to use the SSH .pem file you've downloaded. See screenshot for instructions.
  13. image

    You might have a different mechanism for passing your SSH keys (e.g. a jump proxy) or you might re-use a key pair that you've already created for your VPC.

  14. SSH into your instance.
  15. Clone the basedash/self-hosted repo: git clone https://github.com/Basedash/self-hosted.git. Make sure your instance can connect to the internet (e.g. might need to hook up public IP address to your instance with Elastic IP).
  16. Run the install scripts: cd ./self-hosted && ./install.sh
  17. Replace basedash.fm in the docker_compose.yml file and in the nginx/app.conf file. Also, make sure to use your valid email address for the certbot command.
  18. Make sure to create an A record for your basedash subdomain pointing towards you basedash server's IP address. This is required in order for Let's Encrypt to issue SSL certificates.
  19. Run migrations using sudo docker-compose run app yarn prisma migrate deploy
  20. Start the app with docker-compose: sudo docker-compose up. Make sure the logs show that the SSL certificates have been generated.
  21. Stop the docker-compose process and modify the docker-compose.yml file to replace --staging with --force-renewal. In the nginx/app.conf file, remove the proxy_pass location block in the first server block and uncomment out the SSL related configuration.
  22. Start the app again using sudo docker-compose up -d

Creating an S3 bucket

Next, create an S3 bucket.

Make sure the bucket has public access unblocked. Basedash sets the ACL permissions on a per-asset basis to ensure that sensitive files like keys are private.

Google Cloud Platform

Google Cloud Platform

  1. Navigate to the Compute Engine VM instances page.
image
  1. Create a new instance
    1. Set a name
    2. Choose a region
    3. Select an e2-medium machine
    4. Change the boot disk to use an Ubuntu server an set the size to 40 GB
    5. image
    6. Allow HTTP and HTTPS traffic in the firewall settings
    7. image
  2. SSH into server
  3. Clone the basedash/self-hosted repo: git clone https://github.com/Basedash/self-hosted.git
  4. Run the install scripts: cd ./self-hosted && ./install.sh
  5. Populate the docker.env file with all required environment variables.
  6. Replace basedash.fm in the docker-compose.yml file (1 case) and in the nginx/app.conf file (4 cases). Also, make sure to use your valid email address for the certbot command.
  7. Make sure to create an A record for your basedash subdomain pointing towards you basedash server's IP address. This is required in order for Let's Encrypt to issue SSL certificates.
  8. Run migrations using sudo docker-compose up -d db && sudo docker-compose run app yarn prisma migrate deploy
  9. Start the app with docker-compose: sudo docker-compose up. Make sure the logs show that the SSL certificates have been generated.
  10. Stop the docker-compose process and modify the docker-compose.yml file to replace --staging with --force-renewal. In the nginx/app.conf file, remove the proxy_pass location block in the first server block and uncomment out the SSL related configuration.
  11. Start the app again using sudo docker-compose up -d

Renewing SSL certificates

You can manually update the certificates by running the following commands from the self-hosted directory:

docker-compose run certbot
docker-compose restart nginx

Read this article on how to use cron jobs with certbot to automatically renew SSL certificates.

Upgrading Basedash versions

Simply run the update.sh script from the self-hosted directory.

Database

The current self-hosted setup creates a local postgres database using docker on the self-hosted server. The database data is persisted to the server through a docker volume. If you'd like to use a database hosted elsewhere, you should be able to do an SQL dump of the docker database, import the SQL dump to another database, and change the environment variables related to the database credentials. Restart the server using docker-compose up -d --force-recreate and then the app should be using the new database.

📢

Remember to whitelist the Basedash server's IP on your database host so your database allows connections from the Basedash app.

Environment variables

The following are all the available environment variables that can be used to configure Basedash. The values can be added and modified in the docker.env file.

AWS_ACCESS_KEY_ID

AWS access key. See AWS documentation on how to retrieve this value.

We recommend creating a new IAM user with All S3 action enabled for the S3 bucket.

AWS_SECRET_ACCESS_KEY

AWS secret access key. See AWS documentation on how to retrieve this value.

BUCKET_ENDPOINT

S3 (or digital ocean) bucket endpoint

BUCKET_NAME

The name of your S3 storage bucket.

BUCKET_NAME_IMAGES

This should be equal to your value for BUCKET_NAME. This environment variable won't be required in a future release.

BUCKET_NAME_KEYS

This should be equal to your value for BUCKET_NAME. This environment variable won't be required in a future release.

AUTHY_API_KEY - we will generate this key and we send it along with Basedash license key

Authy is the two factor authentication provider use for the Basedash app. Read the authy documentation on how to get an API key. You will have to create an Authy/Twilio account in order to create an authy app and generate an API key.

image

BASE_URL

The domain of the web application. Used for the links in Slack notifications and login magic links.

CRYPTO_KEY

A random string of characters used when hashing passwords for storage in the database. Randomly generated from the self-hosted setup script.

example: eake23i1ij82ajhdbe965

DATABASE_HOST

Host for postgres database.

default: localhost

DATABASE_NAME

Postgres database name

default: basedash

DATABASE_PASSWORD

Postgres database password

DATABASE_PORT

Postgres database port

default: 5432

DATABASE_USERNAME

Postgres database username

default: postgres

JWT_KEY

A random string of characters used for signing JWTs

example: eake23i1ij82ajhdbe965

NODE_ENV

Should be set to production.

SENDGRID_API_KEY

Used for all emails in the app, including the email verification during signup.

This value should be given to you by a Basedash team member.

Instructions on how to retrieve this:

image

Create a new API key, set Restricted Access, and make sure the following permissions are enabled.

image

SLACK_CLIENT_ID

Only required if you'd like to use the slack alerts feature in basedash.

SLACK_CLIENT_SECRET

Only required if you'd like to use the Slack alerts feature in Basedash.

GOOGLE_OAUTH_CLIENT_ID

Used for “Sign in with Google”

💠

https://www.basedash.com

© BaseDash Inc.