-
Notifications
You must be signed in to change notification settings - Fork 338
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Improved docs, configs and Dockerfiles for production usage
- Loading branch information
Showing
44 changed files
with
654 additions
and
97 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| # Deployment | ||
|
|
||
| The recommended way to deploy OpenMU is through Docker. Depending on the scale you need, we provide multiple ways to do that. | ||
|
|
||
| This describes a deployment of a test environment. A production environment might need additional steps, such as adding a ssl certificate to nginx. | ||
|
|
||
| ## All-in-one | ||
|
|
||
| The [all-in-one deployment](/all-in-one/) is recommended, if you want to host on a small machine with a low amount of players. | ||
| In this case, all kinds of OpenMU subsystems (ConnectServer, GameServer, LoginServer, AdminPanel, ...) are running in one process. | ||
|
|
||
| #### Pros | ||
| * No communication overhead between subsystems, therefore slightly faster | ||
| * Simpler deployment | ||
| * Smaller memory footprint. Since we run all in one process, we don't have the overhead of multiple processes, runtimes and can share data. | ||
| * Easier to observe and debug, no additional tools required | ||
|
|
||
| #### Cons | ||
| * Harder to scale - only by scaling up your single machine | ||
| * Lower resiliency. If one subsystem crashes the process, the whole thing goes down | ||
| * It's a more or less self-contained system which is harder to extend | ||
|
|
||
| ## Distributed | ||
|
|
||
| It's also possible to host OpenMU in a [distributed](/distributed/) way. However, this introduces a lot more complexity. | ||
| The communication between the subsystems is handled with Dapr. | ||
|
|
||
| #### Pros | ||
| * Easier to scale. For example, if you need additional game servers you simply add more containers. | ||
| * Higher resiliency. If one subsystem crashes, the others are not affected. | ||
| * It's easier to add more subsystems, even custom ones. | ||
| For example, one could subscribe on already published events like guild messages or letters. | ||
| Such a subsystem could forward messages to other systems (E-Mail, Discord, etc.). | ||
|
|
||
| #### Cons | ||
| * Communication overhead between subsystems. | ||
| * Higher memory footprint, since we run multiple docker containers | ||
| (each with their own .net runtime) which can't share some data. | ||
| * Harder to observe and debug. We added some stuff to compensate that (Loki, Grafana, Prometheus, Zipkin), but they require additional resources, too. | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,62 @@ | ||
| # All-in-one deployment | ||
|
|
||
| The all in one deployment is recommended, if you want to host on a small machine with a low amount of players. | ||
| In this case, all kinds of OpenMU subsystems (ConnectServer, GameServer, LoginServer, AdminPanel, ...) are running in one process. | ||
|
|
||
| ## Deployment with docker-compose | ||
|
|
||
| ### Install GIT | ||
|
|
||
| See https://github.com/git-guides/install-git | ||
|
|
||
| ### Clone the repository | ||
|
|
||
| > git clone https://github.com/MUnique/OpenMU.git | ||
| ### Navigate to the docker-compose files | ||
|
|
||
| Navigate to the folder deploy/all-in-one | ||
|
|
||
| ### Option A - for local testing | ||
|
|
||
| > docker-compose up -d | ||
| And that's it ;-) | ||
|
|
||
| However, if you want to make it available through the internet, you should choose Option B: | ||
|
|
||
| ### Option B - with HTTPS | ||
|
|
||
| If you want to share your server with the world, it's recommended to set up HTTPS for nginx. | ||
| Otherwise, traffic from and to the admin panel is not encrypted. | ||
|
|
||
| #### Adapt the config | ||
|
|
||
| In the nginx.prod.conf, change "example.org" to your domain name. | ||
|
|
||
| #### Run it | ||
|
|
||
| > docker-compose up -f docker-compose.yml docker-compose.prod.yml -d | ||
| #### Run certbot explicitly | ||
|
|
||
| Hint: replace "example.org" with your domain. | ||
|
|
||
| > docker compose run --rm certbot certonly --webroot --webroot-path /var/www/certbot/ -d example.org | ||
| #### Set up certificate renewal | ||
| Because your certificates expire after 3 months, it's recommended to renew them regularly. | ||
| To renew it, run this command: | ||
|
|
||
| > docker compose run --rm certbot renew | ||
| Of course, it would make sense to add a cron job (e.g. once a week) on your host machine for that. | ||
|
|
||
| ## What's next | ||
|
|
||
| Now, when you have deployed OpenMU, it's time to discover the AdminPanel. | ||
| If your containers run on docker at your local machine, you can simply go to http://localhost/ | ||
|
|
||
| There you'll find a setup in the navigation menu, where you can select your desired game version, number of game servers (just the data of it), and if test accounts should be created. | ||
|
|
||
| Click on 'Install', wait a bit until the database is set up and filled with the data and voila, OpenMU is ready to use. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| version: '3.4' | ||
|
|
||
| services: | ||
| openmu-startup: | ||
| restart: "unless-stopped" | ||
| environment: | ||
| ASPNETCORE_ENVIRONMENT: Production | ||
|
|
||
| database: | ||
| restart: "unless-stopped" | ||
|
|
||
| nginx: | ||
| restart: "unless-stopped" | ||
| ports: | ||
| - "80:80" | ||
| - "443:443" | ||
| volumes: | ||
| - ./nginx.prod.conf:/etc/nginx/nginx.conf:ro | ||
| - ./.htpasswd:/etc/nginx/.htpasswd | ||
| - ./certbot/www:/var/www/certbot/:ro | ||
| - ./certbot/conf/:/etc/nginx/ssl/:ro | ||
| certbot: | ||
| image: certbot/certbot:latest | ||
| volumes: | ||
| - ./certbot/www/:/var/www/certbot/:rw | ||
| - ./certbot/conf/:/etc/letsencrypt/:rw |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| events { | ||
| } | ||
|
|
||
| http { | ||
| # this is required to proxy Grafana Live WebSocket connections. | ||
| map $http_upgrade $connection_upgrade { | ||
| default upgrade; | ||
| '' close; | ||
| } | ||
|
|
||
| server { | ||
| listen 80; | ||
| listen [::]:80; | ||
|
|
||
| server_name example.org www.example.org; | ||
| server_tokens off; | ||
|
|
||
| location /.well-known/acme-challenge/ { | ||
| root /var/www/certbot; | ||
| } | ||
|
|
||
| location / { | ||
| return 301 https://example.org$request_uri; | ||
| } | ||
| } | ||
|
|
||
| server { | ||
| listen 443 default_server ssl http2; | ||
| listen [::]:443 ssl http2; | ||
|
|
||
| server_name example.org; | ||
|
|
||
| ssl_certificate /etc/nginx/ssl/live/example.org/fullchain.pem; | ||
| ssl_certificate_key /etc/nginx/ssl/live/example.org/privkey.pem; | ||
|
|
||
| auth_basic "Protected Site"; | ||
| auth_basic_user_file /etc/nginx/.htpasswd; | ||
|
|
||
| listen 80; | ||
| proxy_http_version 1.1; | ||
| proxy_set_header Upgrade $http_upgrade; | ||
| proxy_set_header Connection "upgrade"; | ||
|
|
||
| resolver 127.0.0.11 ipv6=off; | ||
|
|
||
| location / { | ||
| proxy_pass http://openmu-startup; | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,69 @@ | ||
| # Distributed | ||
|
|
||
| ## Deployment with docker-compose | ||
|
|
||
| Currently, we just have a docker-compose file for the deployment. | ||
| docker-compose has the limitation, that all runs on the same physical machine. | ||
|
|
||
| For an even more distributed environment, with more machines, kubernetes can be used. | ||
| However, we don't have a finished configuration for kubernetes, yet. If you are familiar with kubernetes, | ||
| all contributions are welcome for kubernetes configuration files. | ||
|
|
||
| So, these are the steps, if you want to deploy it with docker-compose: | ||
|
|
||
| ### Install GIT | ||
|
|
||
| See https://github.com/git-guides/install-git | ||
|
|
||
| ### Clone the repository | ||
|
|
||
| > git clone https://github.com/MUnique/OpenMU.git | ||
| ### Navigate to the docker-compose files | ||
|
|
||
| Navigate to the folder deploy/distributed | ||
|
|
||
| ### Option A - for local testing | ||
|
|
||
| > docker-compose up -d | ||
| And that's it ;-) | ||
|
|
||
| However, if you want to make it available through the internet, you should choose Option B: | ||
|
|
||
| ### Option B - with HTTPS | ||
|
|
||
| If you want to share your server with the world, it's recommended to set up HTTPS for nginx. | ||
| Otherwise, traffic from and to the admin panel is not encrypted. | ||
|
|
||
| #### Adapt the config | ||
|
|
||
| In the nginx.prod.conf, change "example.org" to your domain name. | ||
|
|
||
| #### Run it | ||
|
|
||
| > docker-compose up -f docker-compose.yml docker-compose.prod.yml -d | ||
| #### Run certbot explicitly | ||
|
|
||
| Hint: replace "example.org" with your domain. | ||
|
|
||
| > docker compose run --rm certbot certonly --webroot --webroot-path /var/www/certbot/ -d example.org | ||
| #### Set up certificate renewal | ||
| Because your certificates expire after 3 months, it's recommended to renew them regularly. | ||
| To renew it, run this command: | ||
|
|
||
| > docker compose run --rm certbot renew | ||
| Of course, it would make sense to add a cron job (e.g. once a week) on your host machine for that. | ||
|
|
||
| ## What's next | ||
|
|
||
| Now, when you have deployed OpenMU, it's time to discover the AdminPanel. | ||
|
|
||
| If your containers run on docker at your local machine, you can simply go to http://localhost/admin | ||
|
|
||
| There you'll find a setup in the navigation menu, where you can select your desired game version, number of game servers (just the data of it), and if test accounts should be created. | ||
|
|
||
| Click on 'Install', wait a bit until the database is set up and filled with the data and voila, OpenMU is ready to use. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.