Setting up Gush!

Just get me going

Requirements

• An SSL certificate
• docker or compatible

Steps

1. Download and unpack Gush!
2. Edit the gush.env file, paying special attention to:
   • GUSH_JWT_SECRET
   • GUSH_HTTP_PORT/GUSH_HTTPS_PORT
3. Run docker compose up
   • The initial admin password will be printed in a block like the following. You should change it immediately after logging in the first time.

gush-gush-1      | ***********************
gush-gush-1      | *
gush-gush-1      | * The initial admin password is anK8CIurv+5SDz/SjuF7VjP5SJS6slg7QoKuSutVjXQ=
gush-gush-1      | *
gush-gush-1      | ***********************

• When you see a line like the following, your Gush! instance is ready for you to use!

gush-gush-1      | 2024-07-26 09:10:33.163 [DefaultDispatcher-worker-2] INFO  Application - Responding at http://0.0.0.0:80

Information

This configuration creates two containers: one for the database, and one for the gush application. The database will use the default postgres container image, and its raw files will be stored in the postgresql-data external directory. The gush application uses the openjdk:24-jdk-slim container image, and it will use the external directories attachments (for attachments) and dataCollection (for user "give me my data" requests). You can back up your instance by backing up the database and the attachments directory.

This ain't my first rodeo

Requirements

• java development kit 11+ (on the server, you only need the java runtime environment)
• database: Gush! is heavily tested with postgres and h2, but any database supported by exposed should work
• ssl certificate - if you already have one, you still need to convert it to a java keystore, unless you're using a reverse proxy to handle it

Steps

1. Download/unpack Gush!, either via a release or git
2. Edit the configuration in application.conf

• Note gush.database.url, gush.attachments.acceptedTypes, ktor.deployment, and potentially ktor.security.ssl
• If you're planning to run Gush! in a container, also edit/inspect gush.env - the variables here can override the values in application.conf (unless you remove the override lines)

1. Inspect/edit the default logging settings in src/main/resources/logback.xml
2. Run ./gradlew buildFatJar to build the release binary with embedded resources
3. Deploy build/libs/garden.taks.gush-all.jar to wherever you're planning to serve Gush! from
4. Run java -jar garden.taks.gush-all.jar
   • The initial admin password will be printed in a block like the following. You should change it immediately after logging in the first time.

 ***********************
 *
 * The initial admin password is anK8CIurv+5SDz/SjuF7VjP5SJS6slg7QoKuSutVjXQ=
 *
 ***********************

• When you see a line like the following, your Gush! instance is ready for you to use!

 2024-07-26 09:10:33.163 [DefaultDispatcher-worker-2] INFO  Application - Responding at http://0.0.0.0:80

Information

• Attachments and archives for user data collection requests are stored in gush.attachments.storage.prefix and gush.dataCollection.storage.prefix respectively (s3 (or whatever) support Coming Soon™️)
• There's a Dockerfile included for the Gush! app, or you can obviously write your own - once everything is configured, the jar is all you need to have inside the container
• There's an example nginx config in examples/nginx-site-gush.conf

SSL certificate

Easily the most annoying part of setting up a web presence is acquiring and configuring an SSL certificate. This isn't technically part of setting up Gush!, but everybody will need to do it, so 🤷

Get a certificate

If you already have one, or if you're hosting on an existing domain, skip this subsection. I recommend Let's Encrypt.

Convert your certificate

If you're going to have Gush! directly facing the internet (as opposed to being behind a reverse proxy), you'll need to convert your certificate.