Deployn
SERVER

Guide for Shynet Analytics with Traefik

This guide shows how to set up Shynet Analytics behind a Traefik reverse proxy in just a few steps.

Guide for Shynet Analytics with Traefik-heroimage

Table of Contents

CAUTION

Please note that initially, I wrote this blog post in German. This translation is for your convenience. Although every effort has been made to ensure accuracy, there may be translation errors. I apologize for any discrepancies or misunderstandings resulting from the translation. I am grateful for any corrections in the comments or via mail.

Some time ago I already wrote how to get Plausible running on your server together with Traefik. This time itโ€™s about another analytics platform called Shynet.

Screenshot of milesmcc/shynet

Screenshot from milesmcc/shynet

Like Plausible, it does not use cookies or create a user profile to the same extent as Google Analytics. One advantage of Shynet is that it theoretically works when JavaScript is unavailable.

We use Traefik as a reverse proxy, as described here. We connect to our server and create a folder for Shynet.

cd ~/docker
mkdir shynet
cd shynet

For Shynet, we need two containers: the program itself, a database and a web server.

mkdir db
touch .env
touch docker-compose.yml
touch nginx.conf

First we fill the configuration file.

nano .env

# This file shows all of the environment variables you can
# set to configure Shynet, as well as information about their
# effects. Make a copy of this file to configure your deployment.

# Database settings (PostgreSQL)
DB_NAME=shynet_db
DB_USER=shynet_db_user
DB_PASSWORD=shynet_db_user_password
DB_HOST=db
DB_PORT=5432

# Email settings (optional)
EMAIL_HOST_USER=example
EMAIL_HOST_PASSWORD=example_password
EMAIL_HOST=smtp.example.com
EMAIL_PORT=465
EMAIL_USE_SSL=True
# Comment out EMAIL_USE_SSL & uncomment EMAIL_USE_TLS if your SMTP server uses TLS.
# EMAIL_USE_TLS=True
SERVER_EMAIL=Shynet <noreply@shynet.example.com>

# General Django settings
DJANGO_SECRET_KEY=random_string

# For better security, set this to your deployment's domain. Comma separated.
ALLOWED_HOSTS=*

# Set to True (capitalized) if you want people to be able to sign up for your Shynet instance (not recommended)
ACCOUNT_SIGNUPS_ENABLED=False

# Should user email addresses be verified? Only set this to `required` if you've setup the email settings and allow
# public sign-ups; otherwise, it's unnecessary.
ACCOUNT_EMAIL_VERIFICATION=none

# The timezone of the admin panel. Affects how dates are displayed.
TIME_ZONE=Europe/Berlin

# Set to "False" if you will not be serving content over HTTPS
SCRIPT_USE_HTTPS=True

# How frequently should the monitoring script "phone home" (in ms)?
SCRIPT_HEARTBEAT_FREQUENCY=5000

# How much time can elapse between requests from the same user before a new
# session is created, in seconds?
SESSION_MEMORY_TIMEOUT=1800

# Should only superusers (admins) be able to create services? This is helpful
# when you'd like to invite others to your Shynet instance but don't want
# them to be able to create services of their own.
ONLY_SUPERUSERS_CREATE=True

# Whether to perform checks and setup at startup, including applying unapplied
# migrations. For most setups, the recommended value is True. Defaults to True.
# Will skip only if value is False.
PERFORM_CHECKS_AND_SETUP=True

# The port that Shynet should bind to. Don't set this if you're deploying on Heroku.
PORT=8080

# Set to "False" if you do not want the version to be displayed on the frontend.
SHOW_SHYNET_VERSION=True

# Redis, queue, and parellization settings; not necessary for single-instance deployments.
# Don't uncomment these unless you know what you are doing!
# NUM_WORKERS=1
# Make sure you set a REDIS_CACHE_LOCATION if you have more than one frontend worker/instance.
# REDIS_CACHE_LOCATION=redis://redis.default.svc.cluster.local/0
# If CELERY_BROKER_URL is set, make sure CELERY_TASK_ALWAYS_EAGER is False and
# that you have a separate queue consumer running somewhere via `celeryworker.sh`.
# CELERY_TASK_ALWAYS_EAGER=False
# CELERY_BROKER_URL=redis://redis.default.svc.cluster.local/1

# Should Shynet show third-party icons in the dashboard?
SHOW_THIRD_PARTY_ICONS=True

# Should Shynet block collection of IP addresses globally?
BLOCK_ALL_IPS=True

# Should Shynet include the date and site ID when hashing users?
# This will prevent any possibility of cross-site tracking provided
# that IP collection is also disabled, and external keys (primary
# keys) aren't supplied. It will also prevent sessions from spanning
# one day to another.
AGGRESSIVE_HASH_SALTING=True

What do we have to change?

  • We enter a better password in DB_PASSWORD.
  • Data of a mail server can be entered in the email settings.
  • Under DJANGO_SECRET_KEY we enter a better password.
  • BLOCK_ALL_IPS must remain true; otherwise, all visitor IP addresses will be collected and saved, which would not be GDPR-compliant.

The rest can also be changed as desired. Next comes the Docker-Compose file.

nano docker-compose.yml

version: "3"

### NETWORKS ###
networks:
    web:
        external:
            name: web
    internal:
        external: false
    default:
        driver: bridge

### SERVICES ###
services:
    shynet:
        container_name: shynet_main
        image: milesmcc/shynet:latest
        restart: unless-stopped
        env_file:
            - .env
        environment:
            - DB_HOST=db
        networks:
            - internal
        depends_on:
            - db
        labels:
            - "traefik.enable=false"

    db:
        container_name: shynet_database
        image: postgres
        restart: always
        environment:
            - "POSTGRES_USER=${DB_USER}"
            - "POSTGRES_PASSWORD=${DB_PASSWORD}"
            - "POSTGRES_DB=${DB_NAME}"
        volumes:
            - ./db:/var/lib/postgresql/data
        networks:
            - internal
        labels:
            - "traefik.enable=false"

    webserver:
        container_name: shynet_webserver
        image: nginx
        restart: always
        volumes:
            - ./nginx.conf:/etc/nginx/conf.d/default.conf
        depends_on:
            - shynet
        networks:
            - internal
            - web
        labels:
            - "traefik.enable=true"
            - "traefik.http.routers.shynet-rtr.entrypoints=https"
            - "traefik.http.routers.shynet-rtr.rule=Host(`shynet.deployn.de`)"
            - "traefik.http.routers.shynet-rtr.tls=true"
            - "traefik.http.routers.shynet-rtr.service=shynet-svc"
            - "traefik.http.services.shynet-svc.loadbalancer.server.port=80"
            - "traefik.http.routers.shynet-rtr.middlewares=middlewares-rate-limit@file"

Your own domain must be entered. Thatโ€™s all there is to it. Now, we add the Nginx configuration to the file we created earlier.

nano nginx.conf

server {
server_name einedomain.de;
access_log /var/log/nginx/bin.access.log;
error_log /var/log/nginx/bin.error.log error;


location / {
proxy_pass http://shynet:8080;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Url-Scheme $scheme;
}
listen 80;

}

The domain must be changed in the second line.

docker-compose up -d
lazydocker

We see in the log that the domain still needs to be set.

Log from Shynet

We need to change the hostname and create an admin user:

docker exec -it shynet_main ./manage.py registeradmin username@gmail.com
# The password that appears should be saved.
docker exec -it shynet_main ./manage.py hostname shynet.somedomain.com

Now we call shynet.einedomain.de and can log in as admin. The rest should be self-explanatory.

#analytics #howto #docker #server #shynet #traefik
Back to all posts

This website uses cookies. These are necessary for the functionality of the website. You can find more information in the privacy policy