Deploying to Digital Ocean

Why Digital Ocean

Digital Ocean is one of the most well-established Cloud Providers. Compared to AWS, where the amount of options and configuration can be overwhelming, Digital Ocean is generally simpler to use and faster to get running.

Deploying to Digital Ocean

To deploy on Digital Ocean, our suggested method is deploying with Docker, which we'll explain in detail on this page. If you would rather not use Docker, you can consider deploying from source, as well as other providers with one-click installs, like Heroku or AWS.

Docker Install: Droplet Setup

The first thing you'll need is a Digital Ocean account. Once you have that up and running, you're good to go!

Quick Start

When logged in, click 'Create Docker Droplet' on this page and follow the steps to create a droplet.

Step-By-Step Without Quick Start

If quick start did not work for you, do the following after logging in:

1. Create a new project using the left-hand sidebar on your dashboard
2. Give the project any name you prefer
3. Navigate to your project and click on 'Create Droplet'
4. Look for a Select the 'Marketplace' option on the top right
5. Select the 'Docker' option

6. Follow the steps and define the settings to create the droplet

   • The $20.00 droplet configuration should be good for most purposes. It has 4GB of RAM, 2 CPUs, 80GB of storage, and 4TB of transfer. However, if your volume is expected to be low, you should be able to safely pick to a lighter option. Alternatively, if you know your volume will be extremely high out of the gate, you might want to consider a more expensive option.

Note: You may also create your droplet with a plain Ubuntu distribution (or any other distro) without a one-click app. However, the 'Docker' app ships with the Docker engine and Docker Compose by default on Ubuntu 18.04, which can save you a lot of time when setting up.

Docker Install: Server Setup

Once your droplet is up and running, SSH into it using the IP provided in your dashboard, like so:

ssh root@<YOUR-IP>

Unlike AWS, in Digital Ocean your first SSH will be to the root user.

With access to your server, you should then consider a few things to make it more secure:

Create a New User

To create a new user, just run (substituting "<username>" for the name you want to create):

adduser <username>

Then, give it the ability to run commands with sudo:

usermod -aG sudo <username>

Now, switch into the new user and see if you can actually use sudo by listing the contents of the /root directory:

su - <username>

sudo ls -la /root

You're all set!

Running Docker Without Root Priviledges (Sudo)

As it currently stands, we can only run Docker on the new user by using sudo. This is not necessarily a good idea. To allow Docker to run without sudo on a non-root user, check out this tutorial by Docker.

Deploying PostHog

Once you're done with any additional config you may wish to setup, you can then go on to installing and deploying PostHog. With Docker, this should be quite easy.

Here's a step-by-step tutorial:

0. You should have git installed by default. If you do not, run:

   sudo apt-get update && sudo apt-get install git

1. To clone the PostHog repository and enter the new directory, run:

   git clone https://github.com/posthog/posthog.git && cd posthog

2. You'll then need to generate a SECRET_KEY that is unique to your instance.

   ⚠️ Note: Do not use our placeholder key! Read more about the importance of this key here.

   First, run: openssl rand -hex 32. This will generate a new key for you. You'll need this in the next step.

   Then, open the docker-compose.yml file with the command: nano docker-compose.yml

   Lastly, substitute "<randomly generated secret key>" for the key you got from the key generation command.

   This means the SECRET_KEY: "<randomly generated secret key>" line will end up looking something like this (with your key, of course):

   SECRET_KEY: "cd8a182315defa70d995452d9258908ef502da512f52c20eeaa7951d0bb96e75"

3. Then, to run PostHog, do:

   docker-compose up -d

4. You're good to go! PostHog should be accessible on the domain you set up or the IP of your instance.

   Important: If you do not have a TLS/SSL certificate set up for your domain/IP, accessing the address of your PostHog instance will not work. To get around this, you need to edit the docker-compose.yml file manually and add the environment variable DISABLE_SECURE_SSL_REDIRECT: 'true' under services > web > environment. This is a manual process because PostHog should not be run without a certificate (i.e. over HTTP).

   Doing this and restarting the service will allow you to access PostHog over HTTP, but might require configuring browser settings to allow HTTP traffic depending on what browser you use.

Important Points

⚠️ Never, Ever, Run PostHog Without TLS/SSL

PostHog needs to run on HTTPS because:

a) It will fail
b) It is a grave security concern and potentially illegal

Check Your Firewall if You Cannot Connect to a Port

If you are unable to connect to a certain port, this might be due to the firewall settings for your droplet. Generally, this is a matter of running:

sudo ufw allow <PORT> && sudo ufw reload

To check that the changes were applied, run:

sudo ufw status

You can read this tutorial for more information.

Upgrading Docker on Digital Ocean

See this PostHog tutorial about upgrading your PostHog version with Docker.

Useful Tutorials

- Setting Up SSL on Digital Ocean with NGINX or Apache

- How to Add Domains to Digital Ocean Projects

- Suggested NGINX Configuration for PostHog

- Securing PostHog

- Scaling PostHog