Steps to host your own ttl.sh

[milindchawre]

I was trying to setup ttl.sh on my own system, but got stuck since there are no clear steps documented to do so.

This is what I tried.

• Manually build the docker image, from registry folder.
• After the build, tried to run the image, using different possible combinations of docker run:
  • docker run -itd ttlsh:v1 -> got this error Set GCS_KEY_ENCODED variable configuration error: error parsing /etc/docker/registry/config.yml: yaml: line 16: mapping values are not allowed in this context
  • docker run -itd -e PORT=5000 -e GCS_KEY_ENCODED=Z2NzCg== -e REPLREG_HOST=0.0.0.0 -e REPLREG_SECRET=secret ttlsh:v1 -> got error panic: invalid character 'g' looking for beginning of value

What is the correct way to run it. There are lot of env variables defined in entrypoint.sh, what those each variables means?
variables: PORT,HOOK_TOKEN, HOOK_URI, REPLREG_HOST, REPLREG_SECRET, GCS_KEY_ENCODED.

[marccampbell]

@milindchawre Our GitHub Actions is still the old HCL format, quite old.

Our current hosting is pretty specific, evident from the env vars. We are hosting this service on Heroku today, but there's nothing too proprietary here. It should be possible to adapt and run elsewhere.

A quick first pass to explain the vars. This is running the common (unmodified) docker distribution registry. The config file is here: https://github.com/replicatedhq/ttl.sh/blob/master/registry/config.yml. Most of those variables are subst'ed using sed into that file at build time. So these are documented in the docker/distribution docs for the version we have.

The ephemeral parts of TTL.sh are implemented via a separate app ("reaper", in the repo). When an image is pushed to the main distribution, a web hook is fired to a trivial process where we write the image name/expiration to a redis database. The "reaper" process just reads from the redis database, and removes the image from the registry.

The HOOK_TOKEN, and HOOK_URI are specific to your reaper. The token is a random string for security (you don't want anyone deleting images). And the HOOK_URI defines where docker distribution will fire the messages to.

Sorry there aren't better docs on self hosting this yet!

[milindchawre]

@marccampbell
No issues. So in nutshell, if I use docker registry (without authentication) - hosted it somewhere along with separate tool (like reaper) to delete expired images. Then that should be enough.

[marccampbell]

Yes. This sounds right. TTL.sh is a pretty simple tool!

[waveywaves]

@marccampbell What do y'all set for REPLREG_HOST, REPLREG_SECRET ? I am using the same hosting method as yours right now for the sake of simplicity and understand that replreg is also the name of the bucket. Is the REPLREG_HOST the url to the GCS bucket ? How do I generate the REPLREG_SECRET ?

[waveywaves]

I am getting the following error on the hooks server as well

2022-09-27T11:54:48.875437+00:00 app[web.1]: Error: Redis connection to 127.0.0.1:6379 failed - connect ECONNREFUSED 127.0.0.1:6379

What is the redis setup and configuration you are using on heroku over here ? Where do you have your redis instance deployed ? I understand that's what the REDIS_CLOUD env var is for.

[spkane]

It would be really nice if there was a docker-compose.yaml in this repo that could be used to stand up the registry and whatever open-source web service might be needed to get the basic functionality wired up. This could both act as some basic documentation of how things work, and provide people with a nice way to experiment with this service.

[waveywaves]

@spkane my team uses ttl.sh and have created a docker-compose at our org level fork https://github.com/UffizziCloud/ttl.sh/blob/main/docker-compose.yaml

[spkane]

@spkane my team uses ttl.sh and have created a docker-compose at our org level fork https://github.com/UffizziCloud/ttl.sh/blob/main/docker-compose.yaml

Thanks! I'll take a look.