Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deployment on Heroku #1253

Closed
woutor opened this issue Jan 5, 2019 · 10 comments
Closed

Deployment on Heroku #1253

woutor opened this issue Jan 5, 2019 · 10 comments

Comments

@woutor
Copy link

woutor commented Jan 5, 2019

Hydra advertises that it is able to be deployed on Heroku, however, after #904, it is not anymore. To deploy an app on Heroku, it has to listen to the (one) $PORT environment variable. Hydra only listens to the ADMIN_PORT and PUBLIC_PORT variables now.

To be able to deploy Hydra on Heroku, it should listen to a single port which is configurable with the environment variable PORT. Is it possible that such logic can be (re)implemented?

Now, the only alternative to use Hydra with my Heroku powered apps is to host it on a different provider, or stick with version 0.11 that does listen to a single port.

Are there any other option to run Hydra on Heroku which I have missed?

Thanks in advance,
Wouter
@aeneasr
Copy link
Member

aeneasr commented Jan 5, 2019

Use Docker or rebind the environment variable. Please check the Heroku documentation for more specific help.

@woutor
Copy link
Author

woutor commented Jan 5, 2019

Hi @aeneasr, thank you for your reply. I am using docker on Heroku and was able to migrate the Hydra database. However the application exits with the following log messages:

2019-01-05T17:46:57.100170+00:00 app[web.1]: time="2019-01-05T17:46:57Z" level=info msg="Setting up http server on :4445"
2019-01-05T17:46:57.104093+00:00 app[web.1]: time="2019-01-05T17:46:57Z" level=info msg="Setting up http server on :4444"
2019-01-05T17:47:03.183184+00:00 heroku[web.1]: Error R10 (Boot timeout) -> Web process failed to bind to $PORT within 60 seconds of launch

@aeneasr
Copy link
Member

aeneasr commented Jan 5, 2019

Again, just rebind the environment variables. There is plenty of information on how to do that but here's for a starter:

FROM oryd/hydra:vX.Y.Z

CMD export PUBLIC_PORT=$PORT; hydra serve public´

Something similar will probably work with buildpack-based builds too.

@aeneasr aeneasr closed this as completed Jan 5, 2019
@pmn4
Copy link

pmn4 commented Mar 1, 2019

@woutor would you mind providing a sample Dockerfile? I am new to a project that uses Hyrda and I'd like to deploy on Heroku (also new to docker... the struggle is real).
...
(sorry to make noise on a closed issue, but maybe this will help others googling for help with hydra on heroku)

@woutor
Copy link
Author

woutor commented Mar 4, 2019
edited
Loading

Hi @pmn4, I also needed a nudge ;)

This is my Dockerfile:

FROM oryd/hydra:v1.0.0-rc.6_oryOS.10-alpine

COPY run.sh /
RUN chmod a+x /run.sh

ENTRYPOINT ["/bin/sh"]

CMD ["/run.sh"]

With the following run.sh file

#!/bin/sh
export PUBLIC_PORT=$PORT; 
hydra serve public

Use this file to build a docker image, then tag and push it to Heroku. Also set the correct environment variables. For the admin server the process is similar, with a different run.sh file.

@pmn4
Copy link

pmn4 commented Mar 4, 2019

thank you @woutor!

2019-03-04T20:42:39.665958+00:00 app[web.1]: time="2019-03-04T20:42:39Z" level=info msg="Setting up http server on :59072"

@pmn4
Copy link

pmn4 commented Mar 19, 2019

@woutor did you have any trouble with TLS handshakes when you deployed to heroku?
I can curl and see that heroku responds with an appropriate handshake

$ curl -kvI https://secure.brewline.io/
*   Trying 52.2.175.150...
* TCP_NODELAY set
* Connected to secure.brewline.io (52.2.175.150) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
...

the secure connection from the client to heroku server looks good, however, something is lost before the request gets to the go layer:

app[web.1]: 2019/03/19 10:06:15 http: TLS handshake error from 172.17.68.89:43517: EOF

@woutor
Copy link
Author

woutor commented Mar 21, 2019

Hi @pmn4, I have set the following environment variable: HTTPS_ALLOW_TERMINATION_FROM to 0.0.0.0/0. However, this might make the instance insecure.

@brentjanderson
Copy link

A little late to the party, @woutor I'm under the impression that while 0.0.0.0/0 would make the instance insecure in general, Heroku doesn't allow direct instance access. Because all access must go through the Heroku router, then while technically insecure it's not a problem in this instance.

@lazycipher
Copy link

@woutor, I'm new to the docker thing.
Can you explain how to set it up?
How does your heroku.yml look?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@brentjanderson @pmn4 @woutor @aeneasr @lazycipher