DEV Community: Turbo Plebeian The latest articles on DEV Community by Turbo Plebeian (@turboplebeian). https://dev.to/turboplebeian https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F949637%2Ff71c25ae-90de-449e-90b7-a0cdbcfc8722.jpg DEV Community: Turbo Plebeian https://dev.to/turboplebeian en Deploying a Medusa + Minio + MeiliSearch stack with Docker and Traefik Turbo Plebeian Sun, 05 Mar 2023 19:26:02 +0000 https://dev.to/turboplebeian/deploying-a-medusa-minio-meilisearch-stack-with-docker-and-traefik-2mgj https://dev.to/turboplebeian/deploying-a-medusa-minio-meilisearch-stack-with-docker-and-traefik-2mgj <p>Deploying a production-ready Medusa stack with a proper search engine and a cloud storage can be quite challenging, especially for beginners. However, with a few simple steps, you can deploy your own stack and have it up and running in no time. In this blog post, I will guide you through the process and provide you with some tips for troubleshooting.</p> <h2> Table of contents </h2> <ul> <li>Components of the stack</li> <li>Requirements</li> <li>Setup your hosting and (sub)domains</li> <li>Setup Medusa stack</li> <li>Troubleshooting</li> </ul> <h2> Components of the stack </h2> <ul> <li><a href="https://github.com/medusajs/medusa-starter-default" rel="noopener noreferrer">Medusa Starter Default</a></li> <li><a href="https://docs.medusajs.com/add-plugins/minio" rel="noopener noreferrer">Minio Cloud Storage</a></li> <li><a href="https://docs.medusajs.com/add-plugins/meilisearch/" rel="noopener noreferrer">MeiliSearch</a></li> <li><a href="https://docs.medusajs.com/add-plugins/stripe" rel="noopener noreferrer">Stripe</a></li> <li>✨ SSL certificate via CloudFlare + LetsEncrypt</li> </ul> <h2> Requirements </h2> <ul> <li>A VPS with at least 1GB of RAM. </li> <li>Docker and Docker Compose.</li> <li>A custom domain pointing to CloudFlare.</li> <li>A CloudFlare account.</li> </ul> <h2> Setup your hosting and (sub)domains </h2> <p>After getting access to your VPS you need to install and configure Docker and Docker compose. </p> <p>Once you configure your server we are going to setup our domain. We will use CloudFlare to manage our domain's DNS records and handle the validation of a free SSL LetsEncrypt certificate <a href="https://doc.traefik.io/traefik/v1.6/configuration/acme/" rel="noopener noreferrer">in a easy way</a>.</p> <ol> <li>Follow the instructions to <a href="https://developers.cloudflare.com/fundamentals/get-started/setup/add-site/" rel="noopener noreferrer">add your site</a> to your CloudFlare's account.</li> <li>Setup each A record to point your VPS IP address. <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsy18ywuqh3wy59ven8x1.png" alt="DNS A Records"> </li> <li>Set your SSL/TLS encryption mode to "Full (strict)". <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8xp16xicsd22w2200vwd.png" alt="SSL/TLS encryption mode"> </li> <li>Obtain your <a href="https://dash.cloudflare.com/profile/api-tokens" rel="noopener noreferrer">CloudFlare's API tokens</a>.</li> </ol> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk7ksk8uxorh2xghh56kr.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk7ksk8uxorh2xghh56kr.png" alt="CloudFlare API tokens"></a></p> <p>Write down those codes, we are going to use them in following steps.</p> <blockquote> <p>NOTE: Free TLDs like <strong>.ga</strong>, <strong>.ml</strong> or <strong>.tk</strong> <a href="https://community.cloudflare.com/t/unable-to-add-free-domains-to-cloudflare-tk-ml-ga-cf-gq/303502/2" rel="noopener noreferrer">won't work with the automatic DNS validation</a>.</p> </blockquote> <h2> Setup Medusa stack </h2> <p>Once you installed Docker and secure your VPS, is time to set up the Medusa stack:</p> <h3>  Step 1: Clone the Github repository. </h3> <p>You can clone the Github repository using the following command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git clone https://github.com/beakman/medusa-stack-dockerized.git </code></pre> </div> <h3> Step 2: Edit the <code>.env</code> file. </h3> <p>In the root directory of the cloned repository, you will find a file named <code>.env.example</code>. You should copy this file and rename it to <code>.env</code>. Open the <code>.env</code> file and edit the values to suit your environment.</p> <h4> CloudFlare configuration </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># LetsEncrypt CloudFlare verification</span> <span class="nv">EMAIL</span><span class="o">=</span>user@example.com <span class="nv">CERT_RESOLVER</span><span class="o">=</span>letsencrypt <span class="nv">CLOUDFLARE_EMAIL</span><span class="o">=</span> <span class="nv">CLOUDFLARE_API_KEY</span><span class="o">=</span> <span class="nv">CLOUDFLARE_DNS_API_TOKEN</span><span class="o">=</span> </code></pre> </div> <p>Here you should provide the previously generated API token and your CloudFlare's email.</p> <h4> Medusa server </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">MEDUSA_DOMAIN</span><span class="o">=</span>example.com <span class="nv">MEDUSA_CERT_RESOLVER</span><span class="o">=</span>letsencrypt <span class="nv">ADMIN_CORS</span><span class="o">=</span>https://admin.example.com <span class="nv">STORE_CORS</span><span class="o">=</span>https://store.example.com <span class="nv">JWT_SECRET</span><span class="o">=</span> <span class="nv">COOKIE_SECRET</span><span class="o">=</span> </code></pre> </div> <p>The admin and the store urls are not available yet. We are going to deploy them in another platform as it would be explained in another post.</p> <p>The <code>MEDUSA_DOMAIN</code> will be the address of our backend. We could use something like <code>api.example.com</code>.</p> <h4> Traefik and dashboard </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">TRAEFIK_DOMAIN</span><span class="o">=</span>traefik.example.com <span class="nv">TRAEFIK_CERT_RESOLVER</span><span class="o">=</span>letsencrypt <span class="nv">TRAEFIK_USER</span><span class="o">=</span>admin <span class="nv">TRAEFIK_PASSWORD_HASH</span><span class="o">=</span> <span class="c"># echo $(htpasswd -nB user) | sed -e s/\\$/\\$\\$/g% </span> </code></pre> </div> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbjdzppcwwrohkqqunhta.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbjdzppcwwrohkqqunhta.png" alt="Traefik Dashboard"></a></p> <p>We will configure the rest of the variables in a second phase, since we will need to generate the api keys of some of the services.</p> <h3> Step 3: Start the containers. </h3> <p>The stack is composed of different docker-compose files to deploy each part of the stack. To start the containers, simply run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>sh start.sh </code></pre> </div> <p>or more explicitly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker compose <span class="se">\</span> <span class="nt">-f</span> docker-compose.medusa.yml <span class="se">\</span> <span class="nt">-f</span> docker-compose.minio.yml <span class="se">\</span> <span class="nt">-f</span> docker-compose.search.yml <span class="se">\</span> <span class="nt">-f</span> docker-compose.traefik.yml <span class="se">\</span> up <span class="nt">-d</span> </code></pre> </div> <h3> Step 4: Access the Medusa stack. </h3> <p>If everything goes well, you could access the different components of your stack:</p> <ul> <li>Traefik dashboard: <a href="https://traefik.example.com" rel="noopener noreferrer">https://traefik.example.com</a> </li> <li>Medusa server: <a href="https://api.example.com" rel="noopener noreferrer">https://api.example.com</a> </li> <li>MeiliSearch: <a href="https://search.example.com" rel="noopener noreferrer">https://search.example.com</a> </li> <li>Minio cloud storage: <a href="https://minio-console.example.com" rel="noopener noreferrer">https://minio-console.example.com</a> </li> </ul> <p>You can check also the health of the containers by running:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>turbo@test-medusa:~<span class="nv">$ </span><span class="nb">cd </span>medusa-stack-dockerized/ turbo@test-medusa:~/medusa-stack-dockerized<span class="nv">$ </span>docker compose ps NAME COMMAND SERVICE STATUS PORTS medusa-server-default <span class="s2">"./develop.sh"</span> backend running <span class="o">(</span>healthy<span class="o">)</span> 0.0.0.0:9000-&gt;9000/tcp, :::9000-&gt;9000/tcp medusa-stack-dockerized-meilisearch-1 <span class="s2">"tini -- /bin/sh -c …"</span> meilisearch running 0.0.0.0:7700-&gt;7700/tcp, :::7700-&gt;7700/tcp medusa-stack-dockerized-postgres-1 <span class="s2">"docker-entrypoint.s…"</span> postgres running <span class="o">(</span>healthy<span class="o">)</span> medusa-stack-dockerized-redis-1 <span class="s2">"docker-entrypoint.s…"</span> redis running service-storage <span class="s2">"/usr/bin/docker-ent…"</span> storage running <span class="o">(</span>healthy<span class="o">)</span> 9000/tcp traefik <span class="s2">"/entrypoint.sh --pr…"</span> traefik running 0.0.0.0:80-&gt;80/tcp, 0.0.0.0:443-&gt;443/tcp, :::80-&gt;80/tcp, :::443-&gt;443/tcp </code></pre> </div> <p>If any of the services is unhealthy you can debug it running:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker-compose logs <span class="nt">-f</span> &lt;service-name&gt; In the above <span class="nb">command</span>, replace &lt;service-name&gt; with the name of the service you want to debug. </code></pre> </div> <p><strong>Example:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>turbo@test-medusa:~/medusa-stack-dockerized<span class="nv">$ </span>docker compose logs traefik traefik | <span class="nb">time</span><span class="o">=</span><span class="s2">"2023-03-02T22:47:26Z"</span> <span class="nv">level</span><span class="o">=</span>info <span class="nv">msg</span><span class="o">=</span><span class="s2">"Configuration loaded from flags."</span> traefik | <span class="nb">time</span><span class="o">=</span><span class="s2">"2023-03-02T22:47:26Z"</span> <span class="nv">level</span><span class="o">=</span>info <span class="nv">msg</span><span class="o">=</span><span class="s2">"Traefik version 2.9.8 built on 2023-02-15T15:23:25Z"</span> traefik | <span class="nb">time</span><span class="o">=</span><span class="s2">"2023-03-02T22:47:26Z"</span> <span class="nv">level</span><span class="o">=</span>info <span class="nv">msg</span><span class="o">=</span><span class="s2">"</span><span class="se">\n</span><span class="s2">Stats collection is disabled.</span><span class="se">\n</span><span class="s2">Help us improve Traefik by turning this feature on :)</span><span class="se">\n</span><span class="s2">More details on: https://doc.traefik.io/traefik/contributing/data-collection/</span><span class="se">\n</span><span class="s2">"</span> traefik | <span class="nb">time</span><span class="o">=</span><span class="s2">"2023-03-02T22:47:26Z"</span> <span class="nv">level</span><span class="o">=</span>info <span class="nv">msg</span><span class="o">=</span><span class="s2">"Starting provider aggregator aggregator.ProviderAggregator"</span> traefik | <span class="nb">time</span><span class="o">=</span><span class="s2">"2023-03-02T22:47:26Z"</span> <span class="nv">level</span><span class="o">=</span>info <span class="nv">msg</span><span class="o">=</span><span class="s2">"Starting provider *traefik.Provider"</span> traefik | <span class="nb">time</span><span class="o">=</span><span class="s2">"2023-03-02T22:47:26Z"</span> <span class="nv">level</span><span class="o">=</span>info <span class="nv">msg</span><span class="o">=</span><span class="s2">"Starting provider *docker.Provider"</span> traefik | <span class="nb">time</span><span class="o">=</span><span class="s2">"2023-03-02T22:47:26Z"</span> <span class="nv">level</span><span class="o">=</span>info <span class="nv">msg</span><span class="o">=</span><span class="s2">"Starting provider *acme.ChallengeTLSALPN"</span> traefik | <span class="nb">time</span><span class="o">=</span><span class="s2">"2023-03-02T22:47:26Z"</span> <span class="nv">level</span><span class="o">=</span>info <span class="nv">msg</span><span class="o">=</span><span class="s2">"Starting provider *acme.Provider"</span> traefik | <span class="nb">time</span><span class="o">=</span><span class="s2">"2023-03-02T22:47:26Z"</span> <span class="nv">level</span><span class="o">=</span>info <span class="nv">msg</span><span class="o">=</span><span class="s2">"Testing certificate renew..."</span> <span class="nv">providerName</span><span class="o">=</span>letsencrypt.acme ACME <span class="nv">CA</span><span class="o">=</span><span class="s2">"https://acme-v02.api.letsencrypt.org/directory"</span> traefik | <span class="nb">time</span><span class="o">=</span><span class="s2">"2023-03-03T22:47:26Z"</span> <span class="nv">level</span><span class="o">=</span>info <span class="nv">msg</span><span class="o">=</span><span class="s2">"Testing certificate renew..."</span> <span class="nv">providerName</span><span class="o">=</span>letsencrypt.acme ACME <span class="nv">CA</span><span class="o">=</span><span class="s2">"https://acme-v02.api.letsencrypt.org/directory"</span> traefik | <span class="nb">time</span><span class="o">=</span><span class="s2">"2023-03-04T12:20:26Z"</span> <span class="nv">level</span><span class="o">=</span>error <span class="nv">msg</span><span class="o">=</span><span class="s2">"Error while Peeking first byte: read tcp 172.18.0.4:80-&gt;151.235.195.76:33779: read: connection timed out"</span> traefik | <span class="nb">time</span><span class="o">=</span><span class="s2">"2023-03-04T22:47:26Z"</span> <span class="nv">level</span><span class="o">=</span>info <span class="nv">msg</span><span class="o">=</span><span class="s2">"Testing certificate renew..."</span> <span class="nv">providerName</span><span class="o">=</span>letsencrypt.acme ACME <span class="nv">CA</span><span class="o">=</span><span class="s2">"https://acme-v02.api.letsencrypt.org/directory"</span> </code></pre> </div> <h3> Configure Minio cloud storage </h3> <ol> <li>Access your Minio console and create a new bucket.</li> <li>Set the policy of the bucket to "Public".</li> <li>Go to "Access keys" and generate the access key and the secret key.</li> <li>Set the variables in <code>.env</code> accordingly. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">MINIO_ENDPOINT</span><span class="o">=</span>https://minio.example.com <span class="nv">MINIO_BUCKET</span><span class="o">=</span>medusa-test <span class="nv">MINIO_ACCESS_KEY</span><span class="o">=</span>supers3cr3t <span class="nv">MINIO_SECRET_KEY</span><span class="o">=</span>v3rystr0ngpassw0rd <span class="nv">MINIO_ROOT_USER</span><span class="o">=</span>admin <span class="nv">MINIO_ROOT_PASS</span><span class="o">=</span>changeme1234 <span class="nv">MINIO_DOMAIN</span><span class="o">=</span>minio.example.com <span class="nv">MINIO_CONSOLE_DOMAIN</span><span class="o">=</span>minio-console.example.com <span class="nv">MINIO_CERT_RESOLVER</span><span class="o">=</span>letsencrypt </code></pre> </div> <h3> Configure MeiliSearch variables </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">MEILI_DOMAIN</span><span class="o">=</span>search.example.com <span class="nv">MEILI_CERT_RESOLVER</span><span class="o">=</span>letsencrypt <span class="nv">MEILISEARCH_HOST</span><span class="o">=</span>https://search.example.com <span class="nv">MEILISEARCH_API_KEY</span><span class="o">=</span> <span class="nv">MEILI_MASTER_KEY</span><span class="o">=</span> </code></pre> </div> <p><a href="https://docs.meilisearch.com/learn/security/master_api_keys.html#protecting-a-meilisearch-instance" rel="noopener noreferrer">Secure your MeiliSearch instance.</a></p> <p>Once you set the master key and restart the container your request will be protected. Check the endpoint <a href="https://search.example.com/keys" rel="noopener noreferrer">https://search.example.com/keys</a>, it should show a message informing you the request is not authorized.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3ievu9puznhjwfji10j2.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3ievu9puznhjwfji10j2.png" alt="MeiliSearch not authorized request"></a></p> <h2> Troubleshooting </h2> <p>P: Docker containers don't finish getting up<br> S: Check that your VPS has at least 1GB of RAM available.</p> <p>P: Errors requesting the SSL LetsEncrypt certificates.<br> S: Don't use free TLDs like .ga, .ml, .tk, etc. Ensure you wait enough time to propagate the DNS changes.</p> <p>P: Can't login to Traefik dashboard.<br> S: Ensure you generate a correct<a href="https://doc.traefik.io/traefik/middlewares/http/basicauth/" rel="noopener noreferrer"> user and hashed password</a>.</p> <p>I hope you found my post useful! If you did, please consider giving it <a href="https://github.com/beakman/medusa-stack-dockerized" rel="noopener noreferrer">a star on Github</a>. It will help others find and benefit from the post as well.</p> <p>Thank you for your support!</p> <p><a href="https://github.com/beakman/medusa-stack-dockerized" rel="noopener noreferrer">https://github.com/beakman/medusa-stack-dockerized</a>.</p> medusa traefik meilisearch minio