Self-hosting

Self-hosting

Self-hosting

Have full control of your data by self-hosting Basedash on your own servers.
image

Enterprise users may choose to run a self-hosted version of Basedash for privacy and security reasons.

GitHub repository

There is a GitHub repository that contains all of the setup code. This code will be copied into a server using a git clone command and then you will be able to run scripts that will help setup the server to run Basedash.

Setup instructions

We have detailed setup instructions for AWS and GCP. However, it should be possible to host Basedash on any hosting provider that supports Docker images.

AWS EC2
  1. Launch a new instance of EC2 in the AWS dashboard
  2. Select an Ubuntu server
  3. Select a t3.medium or higher and click Next
  4. Select the VPC under Network that contains any database and/or APIs the Basedash server should be able to connect to and click Next
  5. Increase your storage size to 40 GB or higher and click Next
  6. Optionally add some Tags (e.g. app = basedash) and click Next. This makes it easier to find if you have a lot of instances.
  7. Set the network security groups for ports 8044322 and 5000, with sources set to Anywhere 0.0.0.0/0 and ::/0), and click Review and Launch. We need to open ports 80 (http) and 443 (https) so you can connect to the server from a browser, as well as port 22 (ssh) so that you can ssh into the instance to configure it and run Basedash. By default on a vanilla EC2, Basedash will run on port 5000.
  8. image
  9. On the Review Instance Launch screen, click Launch to start your instance.
  10. Create a new SSH key pair (or use an existing one), and download the it. This will be used to SSH into the EC2 instance.
  11. If you're connecting to internal databases, whitelist the VPS's IP address in your database.
  12. From your command line tool, SSH into your EC2 instance. You'll need to use the SSH .pem file you've downloaded. See screenshot for instructions.
  13. image

    You might have a different mechanism for passing your SSH keys (e.g. a jump proxy) or you might re-use a key pair that you've already created for your VPC.

  14. SSH into your instance.
  15. Clone the basedash/self-hosted repo: git clone https://github.com/Basedash/self-hosted.git. Make sure your instance can connect to the internet (e.g. might need to hook up public IP address to your instance with Elastic IP).
  16. Run the install scripts: cd ./self-hosted && ./install.sh
  17. Replace basedash.fm in the docker_compose.yml file and in the nginx/app.conf file. Also, make sure to use your valid email address for the certbot command.
  18. Make sure to create an A record for your basedash subdomain pointing towards you basedash server's IP address. This is required in order for Let's Encrypt to issue SSL certificates.
  19. Run migrations using sudo docker-compose run --workdir /app/packages/prisma app yarn prisma migrate deploy
  20. Start the app with docker-compose: sudo docker-compose up. Make sure the logs show that the SSL certificates have been generated.
  21. Stop the docker-compose process and modify the docker-compose.yml file to replace --staging with --force-renewal. In the nginx/app.conf file, remove the proxy_pass location block in the first server block and uncomment out the SSL related configuration.
  22. Start the app again using sudo docker-compose up -d

Creating an S3 bucket

Next, create an S3 bucket with public access unblocked. The S3 bucket will be used to store images and connection files.

AWS ECS
  1. Create a new ECS cluster in the AWS dashboard.
  2. Select EC2 Linux + Network
  3. Instance configuration:
    1. On-demand instance
    2. t3.medium EC2 instances
    3. Desired number of instances
    4. Default EC2 AMI ID
    5. Default EBS volume size
    6. Select a key pair if you want to be able to SSH to instances
  4. Networking configuration:
    1. Select an existing VPC or create a new one.
    2. Select a public subnet (Public subnets have a default route (0.0.0.0/0) pointing to an internet gateway)
    3. Use subnet settings to auto assign public IP
    4. Select a security group that has the same rules described in the AWS EC2 setup instructions.
  5. Enable cloudwatch logs
  6. Download the cloudformation template in the cloned repo (basedash.yml)
  7. Go to the cloudformation dashboard and create a new stack from new ressources and upload the cloudformation template
  8. Input the parameters required for the cloudformation template and then finalize the creation of the stack.
Google Cloud Platform
  1. Navigate to the Compute Engine VM instances page.
image
  1. Create a new instance
    1. Set a name
    2. Choose a region
    3. Select an e2-medium machine
    4. Change the boot disk to use an Ubuntu server an set the size to 40 GB
    5. image
    6. Allow HTTP and HTTPS traffic in the firewall settings
    7. image
  2. SSH into server
  3. Clone the basedash/self-hosted repo: git clone https://github.com/Basedash/self-hosted.git
  4. Run the install scripts: cd ./self-hosted && ./install.sh
  5. Populate the docker.env file with all required environment variables.
  6. Replace basedash.fm in the docker-compose.yml file (1 case) and in the nginx/app.conf file (4 cases). Also, make sure to use your valid email address for the certbot command.
  7. Make sure to create an A record for your basedash subdomain pointing towards you basedash server's IP address. This is required in order for Let's Encrypt to issue SSL certificates.
  8. Run migrations using sudo docker-compose up -d db && sudo docker-compose run --workdir /app/packages/prisma app yarn prisma migrate deploy
  9. Start the app with docker-compose: sudo docker-compose up. Make sure the logs show that the SSL certificates have been generated.
  10. Stop the docker-compose process and modify the docker-compose.yml file to replace --staging with --force-renewal. In the nginx/app.conf file, remove the proxy_pass location block in the first server block and uncomment out the SSL related configuration.
  11. Start the app again using sudo docker-compose up -d

Slack notifications

You’ll need to create a new Slack app, provide the chat:write scope to the bot, and then use the provided client ID and client secret as environment variables to the Docker image.

image

You’ll also need to add a Redirect URL to your slack app config that corresponds with the URL of your self-hosted basedash app. Note, your app must be hosted on HTTPS for this to work.

image

Renewing SSL certificates

You can manually update the certificates by running the following commands from the self-hosted directory:

docker-compose run certbot
docker-compose restart nginx

Read this article on how to use cron jobs with certbot to automatically renew SSL certificates.

Upgrading Basedash versions

Simply run the update.sh script from the self-hosted directory.

Database

The current self-hosted setup creates a local postgres database using docker on the self-hosted server. The database data is persisted to the server through a docker volume. If you'd like to use a database hosted elsewhere, you should be able to do an SQL dump of the docker database, import the SQL dump to another database, and change the environment variables related to the database credentials. Restart the server using docker-compose up -d --force-recreate and then the app should be using the new database.

📢
Remember to whitelist the Basedash server's IP on your database host so your database allows connections from the Basedash app.

Environment variables

The following are all the available environment variables that can be used to configure Basedash. The values can be added and modified in the docker.env file.

BASEDASH_LICENSE_KEY

Required to run the app. Provided by the Basedash team.

Required

AWS_ACCESS_KEY_ID

AWS access key used by the AWS JS SDK to authenticate requests to S3. See AWS documentation on how to retrieve this value. We recommend creating a new IAM user with All S3 actions enabled for the S3 bucket.

This environment variable is optional since you can also assign an IAM role to the EC2 instance that is running your self-hosted Basedash instance and the SDK will be able to automatically pickup the IAM credentials on your instance.

AWS_SECRET_ACCESS_KEY

AWS secret access key. See AWS documentation on how to retrieve this value.

Optional since you may be relying on IAM roles associated with the EC2 instance assigned to your Basedash server.

AWS_REGION

Region used for your AWS S3 bucket, e.g. us-east-1.

BUCKET_ENDPOINT

S3 (or digital ocean) bucket endpoint, e.g. https://3.us-east-1.amazonaws.com

Required

BUCKET_NAME_IMAGES

This should be equal to your value for BUCKET_NAME. This environment variable won't be required in a future release.

Required

BUCKET_NAME_KEYS

This should be equal to your value for BUCKET_NAME. This environment variable won't be required in a future release.

Required

BASE_URL

The domain of the web application. Used for the links in Slack notifications and login magic links.

Required

CRYPTO_KEY

A random string of characters used when hashing passwords for storage in the database. Randomly generated from the self-hosted setup script. Needs to be 32 characters in length.

example: &E(H+MbQeThWmZq4t7w!z%C*F-J@NcRf

Required

POSTGRES_HOST

Host for postgres database.

Required

POSTGRES_DB

Postgres database name

Required

POSTGRES_PASSWORD

Postgres database password

Required

POSTGRES_PORT

Postgres database port

Required

POSTGRES_USER

Postgres database username

Required

POSTGRES_SSL_CA_CERT

Certificate authority (CA) certificate associated with postgres database. Used for SSL database connections and only necessary for apps that want to enable SSO and have their database SSL protected.

RESEND_API_KEY

Used for transactional emails in the app, including email verification during signup.

Required

TWILIO_ACCOUNT_SID TWILIO_AUTH_TOKEN TWILIO_VERIFY_SERVICE_SID

Twilio is the SMS two factor authentication provider used for the Basedash app.

If this is not setup, you will not be able to have two-factor authentication in Basedash. The Basedash team can provide you with a Twilio API key.

SLACK_CLIENT_ID

Used to enable Slack notifications on views. Note that your app must be accessible via HTTPS in order for this to work.

If this is not setup, you will not be able to enable Slack notifications.

SLACK_CLIENT_SECRET

Used to enable Slack notifications on views. Note that your app must be accessible via HTTPS in order for this to work.

If this is not setup, you will not be able to enable Slack notifications.

GOOGLE_OAUTH_CLIENT_ID

Used for “Sign in with Google”. Note that your app must be accessible via HTTPS in order for this to work.

If this is not setup, you will not be able to login/signup with Google.

OPENAI_API_KEY

Used for various AI features across the app, such as generated values and “Ask AI”.

The Basedash team can provide you with an OpenAI API key if you do not have one.

INTERCOM_APP_ID

Used to have intercom chat support with the Basedash team.

LOG_LEVEL

Controls the minimum level of logs outputted to the console. Can be one of 'error', 'warn', 'info', 'http', 'verbose', 'debug', or 'silly'.

default: info

ENABLE_HTTP_LOGS

Used if you'd like to get logs for every HTTP request made to the server.

default: false

DEBUG_SQL

Outputs SQL errors to the console. Useful for debugging SQL errors, even when in production.

default: false

ENABLE_SQL_LOGGING

Will log out all SQL queries made to databases connected to Basedash.

default: false

RABBITMQ_URL

URL of the RabbitMQ service. Defaults to URL of a RabbitMQ service running via docker-compose.

default: amqp://localhost:5672

Version number

You can identify the version number of your self-hosted Basedash instance by inspecting the HTML of your Basedash app and looking for the <meta name="version" content="XXX"> tag.

image

This version should correspond with a docker image tag found on docker hub (https://hub.docker.com/repository/docker/basedash/basedash/tags?page=1&ordering=last_updated).

image
💠
https://www.basedash.com

© BaseDash Inc.