Self Hosted
This tutorial shows how to deploy self-hosted GitNotebooks to a GitHub Enterprise account
Before we start the tutorial
The tutorial is divided into several sections:
- Choosing an Endpoint
- Creating a GitHub App
- Creating a Database
- Reviewing the Environment Variables
- Deploy container
The goal is to create a set of environment variables that look like this:
BASE_URL=https://gitnotebooks.mycompany.com
GITHUB_BASE_URL=https://github.mycompany.com
GITHUB_APP_IDENTIFIER=499732
GITHUB_CLIENT_SECRET=0f2e9190d598624847d2b259b5b567cf981d5072
GITHUB_PRIVATE_KEY=LS0tLS12dJQkFNB2s3emt2dBS0nRzbXQzVCRUdJUUVBc2pzNFRSb0ErUVdWdMbFZUeklyQmtkYkZFURSBTXZiZnlqQW9FHU0EgUFJJVk1YWZWUGxaV1NOKUTiBSbNi9HOUTV0YLRVktLS0tLQpCg==
GITHUB_WEBHOOK_SECRET=d1ae70aaf90bd909ce44927350d9aba8c1136d34
GITHUB_APP_URL=https://github.mycompany.com/apps/gitnotebooks-self-hosted
GITHUB_BASE_URL=https://github.com
GITHUB_CLIENT_ID=Iv1.fed2b15afabbc1a6
DATABASE_URL=postgresql://postgres:somepassword@git-notebooks.database.url.rds.amazonaws.com:5432/postgres
AES_ENCRYPTION_KEY=X9CSf8y7Pw9dYSJNUwV4L7jUqH42/Mb27pHBRTUWceI=
ENTERPRISE=true
In this tutorial, we’ll note an environment variables with this notation: SOME_ENV_VAR
Prerequisites
We’ll assume that you have enough permission to create a new GitHub app and a Postgres database. We’ll also assume that you have access to the private GitNotebooks container image.
If you have not yet received the GitNotebooks container image, you can do so by filling out this form: Self-hosted signup
Choosing an Endpoint
Whether you’re hosting this service at a URL like gitnotebooks.yourcompanydomain.com
, or a private IP address, it’s helpful to decide what the endpoint will be up front. We will refer to this URL as the BASE_URL
.
# Example base URL
BASE_URL="https://gitnotebooks.yourcompanydomain.com"
Creating a GitHub App
First, click New GitHub App. If you need help finding this button, the GitHub docs can help: Registering a GitHub App Here’s how to fill out the form:
You should now have a GitHub App with the following settings:
- GitHub App Name:
GitNotebooks
- Homepage URL:
https://gitnotebook.com
- Callback URL:
https://gitnotebooks.your-domain.com/api/auth/callback/github
- Post installation:
https://gitnotebooks.your-domain.com/dashboard
- Webhook URL:
https://gitnotebooks.your-domain.com/api/event_handler
- Webhook secret: A custom webhook seceret
- Permissions
- Contents:
Read and write
- Pull requests:
Read and write
- Email address:
Read only
- Contents:
- Subscribe to events:
- Pull request
After creating the GitHub App
We'll need to collect some information for GitNotebooks to identify itself as the GitHub App.
Generate a new client secret GITHUB_CLIENT_SECRET
Generate a private key We will download the key, then convert it to base64.
Convert the key to base64.
cat path/to/your/key.pem | base64
Note the url of the public page GITHUB_APP_URL
This URL is used to direct users to add repos to the GitHub app installation.
Making it pretty (optional)
Finally, you can upload a logo which is used as the app's avatar.
Creating a database
Next, we need a Postgres database with the following specifications:
- 1GB RAM
- 20GiB storage
- PostgreSQL 9.4 or higher
- Username/Password authentication
We recommend that your database not be accessible to the internet, and restrict inbound connections to the web servers hosting the container over TCP port 5432.
Note the connection string, which is the DATABASE_URL
DATABASE_URL="postgresql://USER:PASSWORD@HOST:PORT/DATABASE"
Reviewing the Environment Variables
We should have all the environment variables we need:
# From `Choosing and Endpoint`
BASE_URL=https://gitnotebooks.mycompany.com
# Your comapany's GitHub Enterprise URL
GITHUB_BASE_URL=https://github.mycompany.com
# From `Creating a GitHub App`
GITHUB_APP_IDENTIFIER=499732
GITHUB_CLIENT_ID=Iv1.fed2b15afabbc1a6
GITHUB_CLIENT_SECRET=0f2e9190d598624847d2b259b5b567cf981d5072
GITHUB_PRIVATE_KEY=LS0tLS12dJQkFNB2s3emt2dBS0nRzbXQzVCRUdJUUVBc2pzNFRSb0ErUVdWdMbFZUeklyQmtkYkZFURSBTXZiZnlqQW9FHU0EgUFJJVk1YWZWUGxaV1NOKUTiBSbNi9HOUTV0YLRVktLS0tLQpCg==
GITHUB_WEBHOOK_SECRET=d1ae70aaf90bd909ce44927350d9aba8c1136d34
GITHUB_APP_URL=https://github.mycompany.com/apps/gitnotebooks-self-hosted
# Base URL of your GitHub instance, if using GitHub Enterprise Cloud, use the following example:
GITHUB_BASE_URL=https://github.com
# From `Creating a database`
DATABASE_URL=postgresql://postgres:somepassword@git-notebooks.database.url.rds.amazonaws.com:5432/postgres
# Generate this value using `openssl rand -base64 32`
AES_ENCRYPTION_KEY=X9CSf8y7Pw9dYSJNUwV4L7jUqH42/Mb27pHBRTUWceI=
ENTERPRISE=true
You are now ready to deploy GitNotebooks Self Hosted.
Deploying a container
The final step is to deploy the GitNotebooks container image with these environment variables. Whle GitNotebooks Self Hosted will not make any network requests apart from GitHub, we recommend the following security settings:
- Web application servers
- Container environment variables stored as secrets (e.g. AWS Secrets Manager)
- Outbound network traffic restrictred to GitHub and Database
- Inbound traffic restricted to corpotate VPN
- Database
- Encrypted at rest
- Require SSL connections from web server
- Inbound restricted to web servers via TCP port 5432
- No outbound network requests
- Application load balancer
- Restrict inbound requests to coroporate VPN and GitHub Webhooks
- Restrict outbound requests to web application