Configure SpaceCode for Docker Compose Production Environment
Enable customization of your SpaceCode On-Premises instance
The Docker Compose installation of SpaceCode On-Premises comes with a predefined configuration that works out of the box. However, for SpaceCode On-Premises to work in a production environment, you should perform some additional configuration.
SpaceCode On-Premises configuration is a set of conf files stored in the SpaceCode application container. To configure SpaceCode On-Premises, you should copy the files to the host machine, modify them, and then point SpaceCode to the new file location.
Open the
{space_install_dir/config}directory (e.g.,space-on-premises/config) and run:docker cp {space_container_id}:/home/space/circlet-server-onprem/config .The following configuration files will be copied to the
{space_install_dir/config}directory on the host machine:langservice.on-premises.confspace.on-premises.confvcs.on-premises.properties
Edit the configuration files according to your needs.
Stop your SpaceCode instance:
docker-compose -p space-on-premises down docker-compose -p space-on-premises rm -fOpen the
docker-compose.ymlfile located in the SpaceCode installation directory.Change the default location of the SpaceCode configuration files. To do this, edit the
docker-compose.ymlfile:Comment out the
config:{}line:... # config:{} ...Change every reference to the docker volume configuration from
configto./config. Namely, from:... volumes: - config:/home/init-config/config ... volumes: - config:/home/space/circlet-server-onprem/config ... volumes: - config:/home/space/git/vcs-hosting/config ... volumes: - config:/home/space/packages-server/config ... volumes: - config:/home/space/langservice-server/config ...to:
... volumes: - ./config:/home/init-config/config ... volumes: - ./config:/home/space/circlet-server-onprem/config ... volumes: - ./config:/home/space/git/vcs-hosting/config ... volumes: - ./config:/home/space/packages-server/config ... volumes: - ./config:/home/space/langservice-server/config ...
Start SpaceCode On-Premises with the updated configuration:
docker-compose -p space-on-premises up -d
Make your SpaceCode On-Premises instance network-accessible
By default, Docker Compose installation of SpaceCode On-Premises uses 127.0.0.1 and localhost as the base URLs. This configuration works well only in the proof-of-concept scenario when you run SpaceCode locally. If you want to run SpaceCode on a separate machine and make it network-accessible, you must use the nginx web server. It will work as a reverse proxy and redirect requests to SpaceCode.
Prerequisites:
The domain names for SpaceCode components are already registered and resolved to the IP address of the host machine. SpaceCode components include: SpaceCode application, VCS, and Packages server. In our example, we will use the following names:
space.example.com,git.example.com, andpackages.example.com.The corresponding TLS certificates are installed on the host machine. You can obtain the certificates from a trusted certificate authority (e.g., Let's Encrypt).
The host machine has the nginx web server installed. You can find the installation instructions on the official website.
On the host machine, create the
space.confNGINX configuration file in the/etc/nginx/conf.ddirectory. For example:server { client_max_body_size 0; server_name space.example.com; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://127.0.0.1:8084/; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } listen 443 ssl; ssl_certificate /path_to_certs/space.example.com/fullchain.pem; ssl_certificate_key /path_to_certs/space.example.com/privkey.pem; } server { client_max_body_size 0; server_name git.example.com; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://127.0.0.1:8080/; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } listen 443 ssl; ssl_certificate /path_to_certs/git.example.com/fullchain.pem; ssl_certificate_key /path_to_certs/git.example.com/privkey.pem; } server { client_max_body_size 0; server_name packages.example.com; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://127.0.0.1:8390/; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } listen 443 ssl; ssl_certificate /path_to_certs/packages.example.com/fullchain.pem; ssl_certificate_key /path_to_certs/packages.example.com/privkey.pem; } server { client_max_body_size 0; server_name minio.example.com; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://127.0.0.1:9000/; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } listen 443 ssl; ssl_certificate /path_to_certs/packages.example.com/fullchain.pem; ssl_certificate_key /path_to_certs/packages.example.com/privkey.pem; } # configuring HTTP redirects server { if ($host = space.example.com) { return 301 https://$host$request_uri; } server_name space.example.com; listen 80; return 404; } server { if ($host = git.example.com) { return 301 https://$host$request_uri; } server_name git.example.com; listen 80; return 404; } server { if ($host = packages.example.com) { return 301 https://$host$request_uri; } server_name packages.example.com; listen 80; return 404; } server { if ($host = minio.example.com) { return 301 https://$host$request_uri; } server_name minio.example.com; listen 80; return 404; }In the example above, change:
All
ssl_certificateandssl_certificate_keypaths to the real paths to your certificates.All
server_namevalues (space.example.com,git.example.com, andpackages.example.com) to the real domain names.
Save the changes and apply the configuration:
sudo nginx -s reloadStop your SpaceCode instance if it is running.
Open the SpaceCode installation directory.
In the
space.on-premises.conffile, update allurlandaltUrlsparameters with new URL values. For example:circlet { frontend { url = "https://space.example.com" internalUrl = "http://space:9084" } packages { notifications { enabled = true } types { maven { url = "https://packages.example.com" } nuget { url = "https://packages.example.com" } npm { url = "https://packages.example.com" } container { url = "https://packages.example.com" } pypi { url = "https://packages.example.com" } composer { url = "https://packages.example.com" } dart { url = "https://packages.example.com" } files { url = "https://packages.example.com" } crates { url = "https://packages.example.com" } } } }In the
packages.on-premises.conffile, update allurlandinternalUrlparameters with new URL values. For example:circlet { packages { url = "https://packages.example.com" internalUrl = "http://packages:9390" } space { url = "https://space.example.com" internalUrl = "http://space:9084" } storage { aws { publicUrl = "https://minio.example.com" } } }In the
vcs.on-premises.propertiesfile, update tehbase.urlandcirclet.url.extparameters with new URL values. For example:base.url=https://git.example.com circlet.url.int=http://space:9084 circlet.url.ext=https://space.example.comStart SpaceCode On-Premises with the updated configuration:
docker-compose up -d
Enable mail server
The Docker Compose installation comes without a preconfigured mail server. The instructions below show how you can create a MailHog mail server and register it in SpaceCode.
Stop your SpaceCode instance if it is running.
Open the SpaceCode installation directory.
In the
docker-compose.ymlfile, add the mail server configuration:services: mailhog: image: mailhog/mailhog ports: - 1025:1025 # SMTP server port - 8025:8025 # UI port networks: - "frontend"Provide the mail server settings to SpaceCode. You can do this in two different ways: using the SpaceCode administration UI or using the SpaceCode configuration file.
Start SpaceCode On-Premises with the updated configuration:
docker-compose up -dOpen your SpaceCode instance in the browser and specify mail settings as shown on this page.
Open the
space.on-premises.conffile and modify the mail configuration according to your requirements:mail { outgoing { enabled = true // protocol settings fromAddress = "space@space.example.com" host = "mailhog" port = 1025 protocol = "SMTP" // "SSL" and "TLS" are also supported login = "space" password = "space" messageQueuePrefix = "mailQueue" // handling properties aggregationDelaySecs = 900 rateLimitPerSecond = 3 } }Start SpaceCode On-Premises with the updated configuration:
docker-compose up -d
(Case-specific) Enable manual downloads in SpaceCode Packages
If you use a custom object storage for your SpaceCode instance, you must configure its CORS policy to allow receiving GET requests from any origin:
Otherwise, users will not be able to manually download packages from the repository page in SpaceCode. Clicking the Download button will result in an error.
Sign in to the AWS Management Console and open the Amazon S3 console.
Open the S3 bucket used for SpaceCode Packages.
Open the Permissions tab and add the following configuration to the CORS section:
[ { "AllowedHeaders": [ "*" ], "AllowedMethods": [ "GET" ], "AllowedOrigins": [ "*" ], "ExposeHeaders": [] } ]Save the changes.