---
title: "Configure public Oakestra dashboard"
tags: wikidocs
teams:
- maintainers
participants:
- Giovanni (GB)
---
# How to setup a public Okaestra Dashboard
This guide provides you a setup that you can use to easily expose a public Oakestra dashboard on the internet.
### Requirements
- Machine with public IP Address
- (optional) Registered domain
- Certificates for TLS
### Architecture
This is the architecture used for this tutorial.
```
_________________
| |
Client ----INTERNET------- | AWS VM [nginx] |
|_________________|
||
|| tunneling
|| +
|| port-mapping
||
||
Private netwowrk boundary ________||______
||
______________________
| Oakestra Root VM |
| [dashboard] |
| [root orch] |
|____________________|
```
### Step 1: Config the AWS VM
First, install nginx and place your ssl certificates in the following directories:
```
/etc/nginx/sites-available/ca-cert.pem;
/etc/nginx/sites-available/ca-key.pem;
```
If the certificate is password protected, also provide a file containing the password.
```
/etc/nginx/sites-available/pass`
```
Now, create/update the file `/etc/nginx/nginx.conf` with the following content.
```
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#access_log logs/access.log main;
sendfile on;
keepalive_timeout 65;
# HTTPS server
#
server {
listen 443 ssl;
server_name ec2-3-70-228-52.eu-central-1.compute.amazonaws.com;
ssl_certificate /etc/nginx/sites-available/ca-cert.pem;
ssl_certificate_key /etc/nginx/sites-available/ca-key.pem;
ssl_password_file /etc/nginx/sites-available/pass;
location / {
proxy_pass http://0.0.0.0:8001;
}
}
server {
listen 10000 ssl;
server_name ec2-3-70-228-52.eu-central-1.compute.amazonaws.com;
ssl_certificate /etc/nginx/sites-available/ca-cert.pem;
ssl_certificate_key /etc/nginx/sites-available/ca-key.pem;
ssl_password_file /etc/nginx/sites-available/pass;
location / {
proxy_pass_header Server;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_connect_timeout 5;
proxy_read_timeout 240;
proxy_intercept_errors on;
proxy_pass http://0.0.0.0:10001;
}
}
server {
listen 8000 ssl;
server_name ec2-3-70-228-52.eu-central-1.compute.amazonaws.com;
ssl_certificate /etc/nginx/sites-available/ca-cert.pem;
ssl_certificate_key /etc/nginx/sites-available/ca-key.pem;
ssl_password_file /etc/nginx/sites-available/pass;
location / {
proxy_pass_header Server;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_connect_timeout 5;
proxy_read_timeout 240;
proxy_intercept_errors on;
proxy_pass http://0.0.0.0:9000;
}
}
}
```
This configuration will do the following:
- proxy port 443 with ssl to localhost:8001
- proxy port 8000 with ssl to localhost:9000
- proxy port 10000 with ssl to localhost:10001
save `nginx.conf` and restart nginx.
### Step 2: SSH tunneling & port forwarding
From your AWS cloud console, allow ingress traffic on ports: 22,443,8000 and 10000.
Then, from Oakestra Root machine, open an ssh tunnel with port forwarding, as follows:
```
ssh -R 10001:localhost:10000 -R 9000:localhost:3000 -R 8001:localhost:80 -i "<AWS SSH KAY FILE>" <AWS VM URL>
```
when this ssh session is active, it will map the ports as follows:
AWS_localhost:10001 <-> OakestraRoot:10000
AWS_localhost:8001<-> OakestraRoot:80
AWS_localhost:9000 <-> OakestraRoot:3000
N.b. If you fancy, it's better to use site-to-site VPN ofc ;)
### Step 3: Configure and startup Oakestra
Configure Oakestra Root machine.
3.1 Set up the Dashboard manually from [https://github.com/oakestra/dashboard](https://github.com/oakestra/dashboard) using its docker-compose file.
```
echo API_ADDRESS=<DOMAIN_ASSOCIATED_WITH_AWS_VM> > .env
sudo docker compose up
```
3.2 Startup the root using its compose file and overriding with the no-dashboard option (Do not use 1-DOC.yaml)
```
docker-compose -f docker-compose.yml -f override-no-dashboard.yml up --build
```
3.3 Startup your cluster orchestrator using the official procedure.
3.4 Startup your workers using the official procedure.
### Step4: Test connection
If your oakestra cluster is already running (remember to configure dashboard API vairable accordingly), you can try and check if the setup is working by accessing oakestra from your browser.
- Oakestra dashboard: `https://<AWS_VM_DOMAIN>`
- Oakestra api: `https://<AWS_VM_DOMAIN>:10000/api/docs`
- Grafana: `https://<AWS_VM_DOMAIN>:8000`
Sign in with Wallet
Connect another wallet