docker swarm deployment and dns documentation (#167)

this changeset addresses the need for a simple docker swarm deployment and setup of dns records on cloudflare.

Co-authored-by: m u t e f a l l <mutefall@noreply.mills.io>
Reviewed-on: https://git.mills.io/saltyim/saltyim/pulls/167
Reviewed-by: James Mills <james@mills.io>
Co-authored-by: m u t e f a l l <mutefall@noreply@mills.io>
Co-committed-by: m u t e f a l l <mutefall@noreply@mills.io>

README.md

@@ -16,6 +16,10 @@ Coming soon™ -- See also the [Old Readme](./OLDREADME.md) for how this
 implementation started out as a simple shell script which you can still
 find at [salty-chat.sh](./bin/salty-chat.sh).
 
+### Deploy With Docker Swarm and Cloudflare
+
+Visit: [deployment](./deployment/)
+
 ## Roadmap
 
 Please refer to the [Roadmap](./Roadmap.md) document.

deployment/README.MD

@@ -0,0 +1,53 @@
+#### Deployment
+
+This deployment guide assumes you are using Docker with Swarm mode.  There are many other ways to deploy this which we will cover eventually, but for now Docker Swarm is fairly simple.
+
+
+#### Requirements
+
+- A VPS or VM publically accessible
+- A domain name
+- DNS hosted on Cloudflare
+- A cup of coffee
+
+#### DNS Setup
+
+- Update and configure your VPS/VM how you prefer.  Hardening and configuration is out of scope for this guide
+- Ensure ports 80/443(tcp) are open via IPTables or UFW, however you choose to open them
+- Visit cloudflare and point `yoursalty.domain.com` to the public-routable IP address of your system, ensure proxy is checked
+- Grab your API key from the Cloudflare interface, you'll need this shortly.
+- Add an SRV records for Salty service discovery: 
+    - Type: `SRV`
+    - Name: `yourdomain.com`
+    - Service: `_salty`
+    - Protocol: `TCP`
+    - TTL: `3600`
+    - Priority: `0`
+    - Weight: `0`
+    - Port: `443`
+    - Target: `yoursalty.domain.com`
+- Add an SRV records for Salty avatar discovery: 
+    - Type: `SRV`
+    - Name: `yourdomain.com`
+    - Service: `_avatars`
+    - Protocol: `TCP`
+    - TTL: `3600`
+    - Priority: `0`
+    - Weight: `0`
+    - Port: `443`
+    - Target: `yoursalty.domain.com`
+- Grab a coffee and wait a few minutes as DNS can take a bit.
+
+#### Infrastructure Setup
+
+- Install docker on your VPS/VM
+- Create an operator user with `wheel` or `sudo` group as well as `docker` group
+- Execute: `docker swarm init`, you've now created a single node Docker Swarm Cluster
+- Execute: `docker network create -d overlay traefik` this will create the network needed for Traefik and Salty to communicate
+- Execute: `docker stack deploy -c traefik.yml traefik` this will deploy the traefik stack
+- Give Traefik a few minutes to warm up.  Tail the logs with `docker logs -f traefik_traefik.1.someid` to ensure there are no errors
+- Execute: `docker stack deploy -c salty.yml salty`
+- Execute `watch docker stack ps salty --no-trunc` to ensure the stack comes up and reaches running state
+- Execute: `docker logs -f salty_salty.1.someid` to verify the service is up
+- If there are no issues, you should be able to visit: `https://yoursalty.domain.com` and view the PWA
+- Grab another coffee

deployment/salty.yml

@@ -0,0 +1,39 @@
+---
+version: "3.8"
+services:
+  saltyd:
+    image: prologic/saltyim:latest
+    environment:
+      - DEBUG=true
+      #This is your server that hosts salty
+      - BASE_URL=https://yoursalty.domain.com
+      #This is the domain you want to use ie: user@domain.com will point to the above URL
+      - PRIMARY_DOMAIN=domain.com
+    volumes:
+      - saltyim:/data
+    networks:
+      - traefik
+    deploy:
+      replicas: 1 #do not change this, salty can't horizontal scale
+      labels:
+        - "traefik.enable=true"
+        - "traefik.docker.network=traefik"
+        - "traefik.http.routers.saltyim.entrypoints=https"
+        - "traefik.http.services.saltyim.loadbalancer.server.port=8000"
+        - "traefik.http.routers.saltyim.rule=Host(`yoursalty.domain.com`)"
+      resources:
+        reservations:
+          cpus: "0.1"
+          memory: 64M
+        limits:
+          cpus: "0.2"
+          memory: 128M
+      restart_policy:
+        condition: any
+networks:
+  traefik:
+    external: true
+volumes:
+  saltyim:
+    driver: local
+

deployment/traefik.yml

@@ -0,0 +1,56 @@
+---
+version: "3.8"
+
+services:
+  traefik:
+    image: traefik:latest
+    ports:
+      - target: 80
+        published: 80
+        protocol: tcp
+        mode: host
+      - target: 443
+        published: 443
+        protocol: tcp
+        mode: host
+    networks:
+      - traefik
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - traefik:/data
+    command:
+      - --accesslog
+      - --api
+      - --certificatesResolvers.acme.acme.dnschallenge=true
+      - --certificatesResolvers.acme.acme.dnschallenge.provider=cloudflare
+      - --certificatesResolvers.acme.acme.email=youraddress@email.com
+      - --certificatesResolvers.acme.acme.storage=/data/acme.json
+      - --entrypoints.http.address=:80
+      - --entrypoints.http.http.redirections.entryPoint.to=https
+      - --entrypoints.http.http.redirections.entryPoint.scheme=https
+      - --entrypoints.https.address=:443
+      - --entrypoints.https.http.tls=true
+      - --entrypoints.https.http.tls.certresolver=acme
+      - --entrypoints.https.http.tls.domains[0].main=*.yoursalty.domain.com
+      - --entrypoints.https.http.tls.domains[0].sans=yoursalty.domain.com
+      - --providers.docker=true
+      - --providers.docker.exposedbydefault=false
+      - --providers.docker.network=traefik
+      - --providers.docker.swarmmode=true
+      - --providers.docker.watch=true
+      - --providers.file.directory=/data/rules
+      - --providers.file.watch=true
+    environment:
+      - CLOUDFLARE_EMAIL=yourcloudflare@email.com
+      - CLOUDFLARE_API_KEY=your-cloudflare-api-key
+    deploy:
+      endpoint_mode: dnsrr
+      replicas: 1
+
+networks:
+  traefik:
+    external: true
+
+volumes:
+  traefik:
+    driver: local