snarkipus/gcp-plausible

Self-Hosted Plausible Analytics

Plausibe Analytics hosted on the Google Cloud Platform
Report Bug · Request Feature

DISCLAIMER

This was a largely academic exercise intended to learn a about cloud technology and infrastructure. If you utilize this self-hosting solution for Plausible Analytics, PLEASE make an effort to support them by either using their hosted solution or contributing to their project.

About

Self-hosted, privacy focused web analytics deployed to Kubernetes on the Google Cloud Platform. Built using Pulumi (TypeScript), an open source Infrastructure as Code framework.

(back to top)

Features

Plausible Analytics: lightweight and open source web analytics (no cookies) and fully compliant with GDPR, CCPA and PECR
- NOTE:
  - SMTP server not configured
  - MaxMind IP Geolocation not configured (TODO)
Traefik Proxy: leading modern reverse proxy and load balancer that makes deploying microservices easy
- SSL Termination
- Cloudflare integration
Pulumi: build, deploy, and manage cloud applications and infrastructure using the power of familiar programming languages and tooling
Google Kubernetes Engine: automated and scalable managed Kubernetes platform
- Single-click clusters which can scale up to 15,000 nodes (four-way autoscaling)
- High-availability control plane including multi-zonal and regional clusters
- Secure: container image vulnerability scanning and data encryption
- Autopilot Mode: hands-off, fully managed solution that manages the entire cluster’s infrastructure without worrying about configuring and monitoring

Infrastructure Dashboards

(back to top)

Getting Started

Prerequisites

Pulumi
```
$ pulumi version
v3.34.1
```

Google Cloud SDK and Command Line Interface

$ gcloud --version
Google Cloud SDK 390.0.0
alpha 2022.06.10
beta 2022.06.10
bq 2.0.75
bundled-python3-unix 3.9.12
core 2022.06.10
gsutil 5.10

Configured Google Cloud Platform (GCP) project w/Google Kubernetes Engine (GKE) API enabled

$ gcloud config list
[compute]
region = us-central1
[core]
account = someone@someplace.com
disable_usage_reporting = True
project = project-name-here

$ gcloud services list | grep Kubernetes
container.googleapis.com            Kubernetes Engine API

Node and Node Package Management (yarn or npm)

$ node -v && npm -v && yarn -v
v16.14.0
8.12.1
1.22.19

(back to top)

Installation

Clone the repo

$ git clone https://github.com/snarkipus/gcp-plausible

Install the node package manager
```
$ cd gcp-plausible && yarn install
```

Build and Deploy the cluster (needs testing)

NOTE: This works for me - someone who is 'not' me might need to figure out how pulumi handles things like secrets. Hopefully somebody will let me know if my cloudflare credentials are exposed ...

Verify the pulumi configuration file

$ pulumi config --show-secrets
Please choose a stack, or create a new one: alpha
KEY                  VALUE
gcp:project          project-name-here
cfi-api-email        someone@someplace.com
cfi-api-key          U5Mb9IROTUJ0btByIsMlkIuTxZ7qdFh4T7Ov
clickhouse-password  anotherpassword
clickhouse-user      clickhouse
gke-min-version      1.22
postgres-password    somepassword
postgres-user        postgres

Ensure that project-name-here matches the gcloud configuration
cfi-api-email and cfi-api-key will need to be updated to match your cloudflare credentials

Comment out all lines except export * from './gcp/index'; in index.ts (we're only building the infrastructure) NOTE: I'm sure there's an intelligent way to do this in one step - feel free to do smart things.
Preview the configuration
```
$ pulumi preview
```
If everything looks good, build the cluster (takes ~5 minutes)
```
$ pulumi up
```

(back to top)

Deploy the applications

NOTE: I did this in steps which may not (and most likely shouldn't be) necessary

Get credentials to deploy the applications to the cluster NOTE: I'm sure there's a way to programmatically do this - I just don't know it.
```
 gcloud container clusters get-credentials primary-alpha --zone=us-central1
```
Uncomment export * from './app/plausible-db'; in index.ts
Deploy plausible-db (postgres)
```
$ pulumi update 
```
Once successful, uncomment export * from './app/plausible-events-db';
Deploy plausible-events-db (clickhouse) via pulumi update.

Create your plausible-conf.env file (full details here - Example here):

ADMIN_USER_EMAIL=your_email_here
ADMIN_USER_NAME=admin_username
ADMIN_USER_PWD=admin_password
BASE_URL=https://your_domain_here
SECRET_KEY_BASE=paste_your_random_characters_here

Create kubernetes secret from the plausible-conf.env file

$ kubectl create secret generic plausible-config --from-env-file=plausible-conf.env

Uncomment export * from './app/plausible'; in index.ts
Deploy the plausible application via pulumi update. NOTE: this defaults to ClusterIP since I used Traefik as a reverse proxy/load balancer. If that isn't required, then you can change the type to LoadBalancer in app/plausible.ts.

(Optional: Traefik w/Cloudflare Integration) Update the cfi-api-email and cfi-api-key to reflect your needs:

$ pulumi config set --secret cfi-api-email someone@somewhere.com
$ pulumi config set --secret cfi-api-key long-hex-string-goes-here

(Optional: Traefik w/Cloudflare Integration) uncomment export * from './app/traefik'; in index.ts
(Optional: Traefik w/Cloudflare Integration) deploy Traefik via pulumi update

(back to top)

Usage

If everything went well, then you should have the applications deployed and your plausible analytics interface should be available at whatever subdomain you specified in your DNS settings (e.g. plausible.example.com). Just copy the javascript snippet into the head of your site and metrics should begin populating.

(back to top)

Contributing

Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.

If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!