Berikut catatan deployment Redash dari referensi https://redash.io/help/open-source/setup#-Google-Compute-Engine
Buat image redash v8.0.0
gcloud compute images create "redash-8-0-0" \ --source-uri gs://redash-images/redash.8.0.0-b32245-1.tar.gz \ --project=project-name
Buat VM dengan image redash tersebut
gcloud compute instances create redash-vm \ --machine-type=e2-medium \ --zone=asia-southeast2-b \ --image redash-8-0-0 \ --project=project-name
Login dengan ssh ke VM
gcloud compute ssh redash-vm --project=project-name
root user (sudo su).nginx in /opt/redash.certs and certs-data./opt/redash/nginx/nginx.conf and place the following in it:upstream redash {
server redash:5000;
}
server {
listen 80;
#listen [::]:80;
server_name redash.mydomain.com;
location ^~ /ping {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_pass http://redash;
}
location / {
rewrite ^ https://$host$request_uri? permanent;
}
location ^~ /.well-known {
allow all;
root /data/letsencrypt/;
}
}
/opt/redash/docker-compose.yml and update the nginx service to look like the following:nginx: image: nginx:latest ports: - "80:80" - "443:443" depends_on: - server links: - server:redash volumes: - /opt/redash/nginx/nginx.conf:/etc/nginx/conf.d/default.conf - /opt/redash/nginx/certs:/etc/letsencrypt - /opt/redash/nginx/certs-data:/data/letsencrypt restart: always
docker-compose up -d.docker run -it --rm \ -v /opt/redash/nginx/certs:/etc/letsencrypt \ -v /opt/redash/nginx/certs-data:/data/letsencrypt \ deliverous/certbot \ certonly \ --webroot --webroot-path=/data/letsencrypt \ -d redash.mydomain.com
upstream redash {
server redash:5000;
}
server {
listen 80;
listen [::]:80;
server_name redash.mydomain.com;
location ^~ /ping {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://redash;
}
location / {
rewrite ^ https://$host$request_uri? permanent;
}
location ^~ /.well-known {
allow all;
root /data/letsencrypt/;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name redash.mydomain.com;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4;
ssl_certificate /etc/letsencrypt/live/redash.mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/redash.mydomain.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/redash.mydomain.com/chain.pem;
access_log /dev/stdout;
error_log /dev/stderr info;
# other configs
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://redash;
}
}
docker-compose restart nginx.To renew the certificate in the future, you can use the following command:
$ docker run -t --rm -v /opt/redash/nginx/certs:/etc/letsencrypt \
-v /opt/redash/nginx/certs-data:/data/letsencrypt \
deliverous/certbot renew --webroot --webroot-path=/data/letsencrypt
$ docker-compose kill -s HUP nginx