Common Voice Deployment Guide

# Guide Repo: https://github.com/vramana/common-voice Branch: [auth0](https://github.com/vramana/common-voice/tree/auth0) ## NGINX Add the following configuration to nginx config to proxy request from domain to storage server ```nginx location /storage { proxy_pass http://localhost:8080/storage; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-Proto $scheme; } ``` Add following headers in NGINX config. Otherwise the session is treated as insecure and login will not work. This is caused by `express-session`. This only happens if `CV_PROD` is `true` ```nginx location { # .... proxy_set_header X-Forwarded-Proto $scheme; underscores_in_headers on; } ``` Confirm that configuration is correct ```sh sudo nginx -t ``` Once it's correct ```sh sudo systemctl reload nginx ``` ## Docker Wrote separate bundler and web dockerfiles stripping all the work around restricted permissions from the original file. Also I wrote a different docker-compose file ``` docker/Dockerfile.prod bundler/Dockerfile.prod compose-production.yaml ``` ## Commands To start the application ``` docker compose -f compose-production.yaml up -d ``` To stop the application ``` docker compose down ``` MySQL credentials need to be removed from docker-compose file and moved into .env file ## Environment Variables `CV_ENVIRONMENT` will be `local` since there is not Google Cloud Storage bucket `CV_PROD` will be `true` `CV_SECRET` has to be set to a random string. You can use `openssl rand -hex 100` to generate it. This is used to encrypt and decrypt session data `CV_STORAGE_EXTERNAL_URL` set this to domain hosting the instance. This is needed to listen/review to clips. For example if instance is hosted voice.swecha.org. The env var should be `https://voice.swecha.org` ## Authentication Create Gitlab OAuth Client ID and Client Secret. Set the scopes as `read_user`, `openid`, `profile`, `email` Redirect URL will be `https://{domain}/callback` ## Storage GCS is used for storage but local docker volume can be used as well via fake gcs server ## Emails Production build uses AWS SES. It would be simple to hook it to smtp mail box. For now it's send email to test email service. ## Sentences Telugu language is not contributable by default. `sentences` table is empty. We need to add sentences. Connect to MySQL instance and run these SQL commands. ```sql SELECT * FROM locales WHERE name = "te"; UPDATE locales SET is_contributable = 1, target_sentence_count = 200 WHERE name = "te" ``` Run ``` docker compose exec -it web bash ``` and then run ``` node server/js/lib/model/db/import-sentences.js ``` I have also added [this line](https://github.com/vramana/common-voice/blob/gitlab/server/src/lib/model/db/import-sentences.ts#L158) ## Content-Security-Policy I have currently put CSP header in report only mode. Probably this needs to be turned on. ## Set Production URL Update the production url in `web/src/urls.ts`