Configure Space for Docker Compose Production Environment
Enable customization of your Space On-Premises instance
The Docker Compose installation of Space On-Premises comes with a predefined configuration that works out of the box. However, for Space On-Premises to work in a production environment, you should perform some additional configuration.
Space On-Premises configuration is a set of conf files stored in the Space application container. To configure Space On-Premises, you should copy the files to the host machine, modify them, and then point Space to the new file location.
Open the
{space_install_dir/config}directory (e.g.,space-on-premises/config) and run:docker cp {space_container_id}:/home/space/circlet-server-onprem/config .The following configuration files will be copied to the
{space_install_dir/config}directory on the host machine:langservice.on-premises.confpackages.on-premises.confspace.on-premises.confvcs.on-premises.properties
Edit the configuration files according to your needs.
Stop your Space instance:
docker-compose -p space-on-premises down docker-compose -p space-on-premises rm -fOpen the
docker-compose.ymlfile located in the Space installation directory.Change the default location of the Space configuration files. To do this, edit the
docker-compose.ymlfile:Comment out the
config:{}line:... # config:{} ...Change every reference to the docker volume configuration from
configto./config. Namely, from:... volumes: - config:/home/init-config/config ... volumes: - config:/home/space/circlet-server-onprem/config ... volumes: - config:/home/space/git/vcs-hosting/config ... volumes: - config:/home/space/packages-server/config ... volumes: - config:/home/space/langservice-server/config ...to:
... volumes: - ./config:/home/init-config/config ... volumes: - ./config:/home/space/circlet-server-onprem/config ... volumes: - ./config:/home/space/git/vcs-hosting/config ... volumes: - ./config:/home/space/packages-server/config ... volumes: - ./config:/home/space/langservice-server/config ...
Start Space On-Premises with the updated configuration:
docker-compose -p space-on-premises up -d
Make your Space On-Premises instance network-accessible
By default, Docker Compose installation of Space On-Premises uses 127.0.0.1 and localhost as the base URLs. This configuration works well only in the proof-of-concept scenario when you run Space locally. If you want to run Space on a separate machine and make it network-accessible, you must use the nginx web server. It will work as a reverse proxy and redirect requests to Space.
Prerequisites:
The domain names for Space components are already registered and resolved to the IP address of the host machine. Space components include: Space application, VCS, and Packages server. In our example, we will use the following names:
space.example.com,git.example.com, andpackages.example.com.The corresponding TLS certificates are installed on the host machine. You can obtain the certificates from a trusted certificate authority (e.g., Let's Encrypt).
The host machine has the nginx web server installed. You can find the installation instructions on the official website.
On the host machine, create the
space.confNGINX configuration file in the/etc/nginx/conf.ddirectory. For example:server { client_max_body_size 0; server_name space.example.com; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://127.0.0.1:8084/; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } listen 443 ssl; ssl_certificate /path_to_certs/space.example.com/fullchain.pem; ssl_certificate_key /path_to_certs/space.example.com/privkey.pem; } server { client_max_body_size 0; server_name git.example.com; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://127.0.0.1:8080/; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } listen 443 ssl; ssl_certificate /path_to_certs/git.example.com/fullchain.pem; ssl_certificate_key /path_to_certs/git.example.com/privkey.pem; } server { client_max_body_size 0; server_name packages.example.com; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://127.0.0.1:8390/; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } listen 443 ssl; ssl_certificate /path_to_certs/packages.example.com/fullchain.pem; ssl_certificate_key /path_to_certs/packages.example.com/privkey.pem; } server { client_max_body_size 0; server_name minio.example.com; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://127.0.0.1:9000/; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } listen 443 ssl; ssl_certificate /path_to_certs/packages.example.com/fullchain.pem; ssl_certificate_key /path_to_certs/packages.example.com/privkey.pem; } # configuring HTTP redirects server { if ($host = space.example.com) { return 301 https://$host$request_uri; } server_name space.example.com; listen 80; return 404; } server { if ($host = git.example.com) { return 301 https://$host$request_uri; } server_name git.example.com; listen 80; return 404; } server { if ($host = packages.example.com) { return 301 https://$host$request_uri; } server_name packages.example.com; listen 80; return 404; } server { if ($host = minio.example.com) { return 301 https://$host$request_uri; } server_name minio.example.com; listen 80; return 404; }In the example above, change:
All
ssl_certificateandssl_certificate_keypaths to the real paths to your certificates.All
server_namevalues (space.example.com,git.example.com, andpackages.example.com) to the real domain names.
Save the changes and apply the configuration:
sudo nginx -s reloadStop your Space instance if it is running.
Open the Space installation directory.
In the
space.on-premises.conffile, update allurlandaltUrlsparameters with new URL values. For example:circlet { frontend { url = "https://space.example.com" internalUrl = "http://space:9084" } packages { notifications { enabled = true } types { maven { url = "https://packages.example.com" } nuget { url = "https://packages.example.com" } npm { url = "https://packages.example.com" } container { url = "https://packages.example.com" } pypi { url = "https://packages.example.com" } composer { url = "https://packages.example.com" } dart { url = "https://packages.example.com" } files { url = "https://packages.example.com" } crates { url = "https://packages.example.com" } } } }In the
packages.on-premises.conffile, update allurlandinternalUrlparameters with new URL values. For example:circlet { packages { url = "https://packages.example.com" internalUrl = "http://packages:9390" } space { url = "https://space.example.com" internalUrl = "http://space:9084" } storage { aws { publicUrl = "https://minio.example.com" } } }In the
vcs.on-premises.propertiesfile, update tehbase.urlandcirclet.url.extparameters with new URL values. For example:base.url=https://git.example.com circlet.url.int=http://space:9084 circlet.url.ext=https://space.example.comStart Space On-Premises with the updated configuration:
docker-compose up -d
Enable mail server
The Docker Compose installation comes without a preconfigured mail server. The instructions below show how you can create a MailHog mail server and register it in Space.
Stop your Space instance if it is running.
Open the Space installation directory.
In the
docker-compose.ymlfile, add the mail server configuration:services: mailhog: image: mailhog/mailhog ports: - 1025:1025 # SMTP server port - 8025:8025 # UI port networks: - "frontend"Provide the mail server settings to Space. You can do this in two different ways: using the Space administration UI or using the Space configuration file.
Start Space On-Premises with the updated configuration:
docker-compose up -dOpen your Space instance in the browser and specify mail settings as shown on this page.
Open the
space.on-premises.conffile and modify the mail configuration according to your requirements:mail { outgoing { enabled = true // protocol settings fromAddress = "space@space.example.com" host = "mailhog" port = 1025 protocol = "SMTP" // "SSL" and "TLS" are also supported login = "space" password = "space" messageQueuePrefix = "mailQueue" // handling properties aggregationDelaySecs = 900 rateLimitPerSecond = 3 } }Start Space On-Premises with the updated configuration:
docker-compose up -d
(Case-specific) Enable manual downloads in Space Packages
If you use a custom object storage for your Space instance, you must configure its CORS policy to allow receiving GET requests from any origin:
Otherwise, users will not be able to manually download packages from the repository page in Space. Clicking the Download button will result in an error.
Sign in to the AWS Management Console and open the Amazon S3 console.
Open the S3 bucket used for Space Packages.
Open the Permissions tab and add the following configuration to the CORS section:
[ { "AllowedHeaders": [ "*" ], "AllowedMethods": [ "GET" ], "AllowedOrigins": [ "*" ], "ExposeHeaders": [] } ]Save the changes.