Deploy to VPS
This guide will walk you through deploying your PrivMX Bridge instance to a Virtual Private Server (VPS), and generating certificates for HTTPS connection.
Prerequisites
You need access to a VPS server. Any linux-based server with ability to run Docker will do. You can choose any provider, e.g.:
- AWS EC2
- Google Cloud Compute Engine
- Digital Ocean Droplets
- Azure Virtual Machine
We recommend choosing an option with at least 1 CPU and 500MB of RAM for PrivMX Bridge itself. If you decide to host your MongoDB instance on the same machine, increase RAM to 4GB.
You also need a domain name for your server.
Setup Environment
Info
This guides requires access to your server with sudo privileges.
Installing Docker
- Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc - Add the repository to APT sources:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update - Install Docker:
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
Setup nginx
-
Install nginx and certbot:
sudo apt-get update
sudo apt install certbot python3-certbot-nginx nginx -
Create site config:
Create files in
/etc/nginx/sites-available/YOUR_DOMAIN_NAMEtouch /etc/nginx/sites-available/YOUR_DOMAIN_NAMEopen it in your favorite text editor and add the following configuration:
server {
listen 80;
server_name YOUR_DOMAIN_NAME;
location / {
proxy_pass http://localhost:9111;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
} -
Create a link to
sites-enabled:sudo ln -s /etc/nginx/sites-available/YOUR_DOMAIN_NAME /etc/nginx/sites-enabled/YOUR_DOMAIN_NAME
PrivMX Bridge Setup
PrivMX Bridge requires a MongoDB instance. You can host it alongside PrivMX Bridge using our Docker Compose file, or provide connection string to an external MongoDB instance, for example from MongoDB Atlas.
Info
PrivMX Bridge requires MongoDB instance with an initialized replica set.
./setup.sh script takes care of initializing a replica set for local MongoDB instance in Docker Compose.
-
Start by cloning PrivMX Bridge Docker repo containing setup scripts:
git clone https://github.com/simplito/privmx-bridge-docker.git privmx-bridge
cd privmx-bridge -
Run setup script:
sudo ./setup.shThis script will pull all necessary Docker images, and setup your first Solution and Context. After setting up PrivMX Bridge, you will be prompted with variables required for connection.
By default, new instance will be available on http://localhost:9111
Exposing Application
-
Check nginx config:
sudo nginx -t -
Restart nginx:
sudo systemctl restart nginx -
Generate certificates using certbot:
sudo certbot --nginx -d YOUR_DOMAIN -
In your firewall settings, expose port
80and443. Please refer to your VPS provider documentation on how to do it. During certificate generation, certbot adds redirects from HTTP connections to HTTPS.You can now open domain URL in your browser. PrivMX Bridge instance should return the starting page.
Next Steps
Checkout Tools documentation for guides on how you can use your PrivMX Bridge for E2E encrypted communication.
Learn how to use: