Cloud Deployment
Deploy rtCloud to major cloud providers with automated one-click scripts for DigitalOcean, AWS EC2, Google Cloud, and Linode.
The deployment repository includes automated provisioning scripts for the four major cloud providers. Each script runs on first boot of a fresh Ubuntu 22.04 LTS server and performs a fully unattended setup:
- Installs Docker and Docker Compose
- Generates secure random passwords (or uses values you supply)
- Creates the
docker-compose.production.ymlfile - Configures Nginx as a reverse proxy (when a domain is provided)
- Obtains a TLS certificate from Let’s Encrypt (when a domain is provided)
- Configures the UFW firewall
- Optionally deploys the embedded Keycloak SSO server
- Outputs a deployment summary with all credentials
Setup completes in 5–10 minutes on a standard instance. Progress is written to a log file on the server.
Server Sizing Guide
| Use Case | RAM | Disk | Recommended Instance |
|---|---|---|---|
| Development / evaluation | 2 GB | 25 GB | DigitalOcean Basic $18/mo, AWS t3.small, GCP e2-small |
| Small team (< 50 users) | 4 GB | 40 GB | DigitalOcean Basic $24/mo, AWS t3.medium, GCP e2-medium |
| Production (> 50 users) | 8 GB | 80 GB | DigitalOcean General Purpose $48/mo, AWS t3.large, GCP n2-standard-2 |
DigitalOcean
Use digitalocean-droplet.sh as the user-data script when creating a Droplet.
Steps
Open the script and fill in the
CONFIGURATIONblock at the top with your passwords, image tag, and optional domain.In the DigitalOcean control panel, create a new Droplet:
- Image: Ubuntu 22.04 LTS
- Size: Basic, 2 GB RAM / 2 vCPUs or larger
- Advanced Options → Add Initialization scripts → paste the full script content
Create the Droplet. The script runs automatically on first boot.
Monitor progress over SSH:
ssh root@<droplet-ip> tail -f /var/log/rtcloud-setup.logAccess the app at
http://<droplet-ip>:<APP_PORT>when setup completes.
After Deployment
If you assign a custom domain to the Droplet after it is running, update PROJECT_URL in /opt/rtcloud/.env and recreate the app container:
docker compose -f /opt/rtcloud/docker-compose.production.yml up -d --force-recreate rtcloud
AWS EC2
Use aws-ec2.sh as the user data script when launching an EC2 instance.
Steps
Open the script and fill in the
CONFIGURATIONblock at the top.In the AWS EC2 console, launch a new instance:
- AMI: Ubuntu Server 22.04 LTS
- Instance type:
t3.small(2 GB RAM) or larger - Advanced Details → User data → paste the full script content
Launch the instance. The script runs on first boot.
Monitor progress over SSH:
ssh ubuntu@<instance-ip> tail -f /var/log/rtcloud-setup.logOpen port
8080(or your configuredAPP_PORT) in the instance’s Security Group if you are not using a domain with Nginx.Access the app when setup completes.
Security Group Rules
| Port | Protocol | Source | Purpose |
|---|---|---|---|
| 22 | TCP | Your IP | SSH access |
| 80 | TCP | 0.0.0.0/0 | HTTP (redirected to HTTPS by Nginx) |
| 443 | TCP | 0.0.0.0/0 | HTTPS (when using a domain) |
| 8080 | TCP | 0.0.0.0/0 | Direct app access (when not using a domain) |
Google Cloud (GCP)
Use gcp-compute.sh as the startup script when creating a Compute Engine instance.
Steps
Open the script and fill in the
CONFIGURATIONblock at the top.In the Google Cloud Console, create a new VM instance:
- Machine type:
e2-small(2 GB RAM) or larger - Boot disk: Ubuntu 22.04 LTS, 30 GB or more
- Management → Automation → Startup script → paste the full script content
- Networking → enable Allow HTTP traffic and Allow HTTPS traffic
- Machine type:
Create the VM. The startup script runs on first boot.
Monitor progress:
gcloud compute ssh <instance-name> -- tail -f /var/log/rtcloud-setup.logAccess the app when setup completes.
Linode (Akamai Cloud)
Use linode-stackscript.sh as a StackScript when creating a Linode.
Steps
In the Linode Manager, go to StackScripts → Create StackScript.
Paste the full contents of
linode-stackscript.shand save it.Create a new Linode:
- Image: Ubuntu 22.04 LTS
- StackScript: select the script you just created
- Fill in the UDF fields shown in the UI (passwords, image tag, ports, domain)
- Plan: Shared CPU 2 GB or larger
Create the Linode. The script runs on first boot.
Monitor progress:
ssh root@<linode-ip> tail -f /var/log/stackscript.log
SSL / HTTPS Configuration
All four cloud scripts support two HTTPS modes:
Mode 1 — Let’s Encrypt (Recommended)
Provide a domain name in the script configuration. The script will:
- Install Nginx as a reverse proxy
- Obtain a free TLS certificate from Let’s Encrypt via Certbot
- Configure automatic certificate renewal every 60 days
- Redirect all HTTP traffic to HTTPS
Requirements:
- A domain name with an A record pointing to your server’s public IP
- Port 80 and 443 open to the internet (needed for the ACME challenge)
The Nginx reverse proxy forwards requests to the application on 127.0.0.1:8080, so the application port is not exposed directly.
Mode 2 — Custom Certificate
Provide base64-encoded PEM certificate and key in the script configuration. The script will:
- Install Nginx with your supplied certificate
- Configure HTTPS without contacting Let’s Encrypt
Use this when:
- Your server cannot reach the internet
- You have an internal CA or wildcard certificate
- You are in a corporate environment with a managed PKI
Mode 3 — HTTP Only (No Domain)
Leave the domain field empty. The script will:
- Skip Nginx and Let’s Encrypt entirely
- Expose the application directly on
APP_PORT(default8080) - Use HTTP only
Use this for:
- Internal network deployments where HTTPS is handled upstream
- Development and evaluation environments
- Air-gapped networks
Post-Deployment Checklist
After your server is up and running, complete these steps:
- Log in to the web UI and change the
adminpassword - Confirm all containers are healthy (
docker compose ps) - Verify you can submit a test form from the mobile app
- Set up a daily database backup cron job (see Maintenance)
- Review firewall rules — MySQL port (3306) should never be exposed
- If using Let’s Encrypt, verify auto-renewal:
certbot renew --dry-run