Skip to main content

AI Deployment (Elest)

Leveraging Elest.io to Deploy a Secure RAG Chatbot (Dify.ai) and Ghost CMS on a Cost-Effective Hetzner Cloud Server (HE-LARGE-4C-8G-CAX Plan)

This guide provides detailed instructions to self-host a Retrieval-Augmented Generation (RAG) chatbot using Dify.ai and a Ghost CMS website. Both applications will be deployed on a single Hetzner Cloud server, specifically the HE-LARGE-4C-8G-CAX plan (4 vCPU, 8GB RAM, 80GB Storage), provisioned and managed through the Elest.io platform. The chatbot will utilize models via OpenRouter AI and be securely embedded into the Ghost website.

Why Elest.io with Hetzner for this Scenario? Elest.io simplifies the deployment and management of open-source applications on dedicated cloud servers. By choosing Hetzner Cloud via Elest.io, you benefit from Hetzner's excellent price-to-performance ratio for server resources. Elest.io provides a user-friendly interface to deploy complex applications like Dify (which involves multiple components: API, Web, Worker, PostgreSQL, Redis, and a Vector Store like Weaviate) and Ghost, handling much of the initial setup. The HE-LARGE-4C-8G-CAX plan offers a good balance of resources for running both Dify and Ghost effectively.

Assumed Chatbot Purpose: Knowledge Base Q&A for a technical product, embedded in a Ghost blog/website.

Prerequisites

Before you begin, ensure you have:

  1. Elest.io Account: An account with Elest.io.
  2. Domain Names:
    • A domain for your Ghost CMS website (e.g., your-ghost-domain.com).
    • A domain (or subdomains) for Dify's services (e.g., dify-console.your-main-domain.com, dify-app.your-main-domain.com). Elest.io can often provide temporary .elestio.app subdomains, or you can configure custom domains.
  3. OpenRouter AI Account: An account with OpenRouter AI and an API key.
  4. Basic Understanding: Familiarity with web applications and domain management will be helpful. Elest.io aims to simplify the technical deployment aspects.

Part 1: Provisioning Your Server and Core Services on Elest.io

1.1. Create an Elest.io Account and Add Funds/Payment Method

Sign up or log in to your Elest.io dashboard. Ensure you have a valid payment method or sufficient credits.

1.2. Deploy Your Hetzner Server via Elest.io

  1. In the Elest.io dashboard, navigate to "Deploy Service" or a similar option.
  2. You might first need to select a "Project."
  3. When choosing the service or server:
    • Provider: Select Hetzner.
    • Region: Choose a suitable Hetzner region (e.g., Europe - Finland - hel1).
    • Server Plan: Select the HE-LARGE-4C-8G-CAX plan (4 CPUs, 8 GB RAM, 80 GB Storage, approx. $26/month). This will be the server that hosts all your applications.
  4. Give your server deployment a name if prompted.
  5. Proceed with the server creation. Elest.io will provision the server on Hetzner Cloud. This may take a few minutes. You don't need to interact with the Hetzner Cloud console directly; Elest.io manages this.

1.3. Deploy PostgreSQL Database Service

Dify requires a PostgreSQL database.

  1. Once your server is active, go to deploy a new service onto this server.
  2. From Elest.io's service catalog, select PostgreSQL.
  3. Configure the PostgreSQL service:
    • Give it a name (e.g., dify-postgres).
    • Ensure it's targeted to deploy on your newly created HE-LARGE-4C-8G-CAX server.
    • Choose a version (Dify generally supports recent PostgreSQL versions like 14, 15, or 16).
    • Elest.io will typically pre-fill database name, user, and generate a password. Note these down securely.
  4. Deploy the PostgreSQL service. Once deployed, Elest.io will provide connection details (host, port, database name, user, password). The host will likely be the service name (dify-postgres) for internal connections from other apps on the same server.

1.4. Deploy Redis Cache Service

Dify also uses Redis.

  1. Deploy another new service onto your server.
  2. Select Redis from Elest.io's catalog.
  3. Configure the Redis service:
    • Name (e.g., dify-redis).
    • Target your HE-LARGE-4C-8G-CAX server.
    • Choose a Redis version.
    • Note down connection details (host dify-redis, port, password if any).
  4. Deploy the Redis service.

1.5. Deploy Weaviate Vector Database Service

Dify uses a vector store for RAG. Weaviate is a common choice.

  1. Deploy another new service onto your server.
  2. Select Weaviate from Elest.io's catalog (if available as a distinct pre-configured service).
    • If Weaviate isn't a specific service: You may need to deploy it as a "Custom Docker App" using the official semitechnologies/weaviate image. Check Elest.io documentation for deploying custom Docker images and ensure you configure persistence.
  3. Configure the Weaviate service:
    • Name (e.g., dify-weaviate).
    • Target your HE-LARGE-4C-8G-CAX server.
    • Environment Variables (critical for Weaviate):
      • AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: true (for simplicity; for production, consider API key auth if Dify supports it easily).
      • PERSISTENCE_DATA_PATH: /var/lib/weaviate (ensure Elest.io maps a persistent volume to this path).
      • DEFAULT_VECTORIZER_MODULE: none (Dify handles embeddings).
      • ENABLE_MODULES: text2vec-openai,text2vec-cohere,text2vec-huggingface,generative-openai (or a minimal set if Dify doesn't require these modules in Weaviate, but enabling some common ones is often safe).
      • CLUSTER_HOSTNAME: node1
    • Ensure persistent storage is configured for Weaviate's data path (/var/lib/weaviate). Elest.io should handle this if deploying from their catalog or allow volume mapping for custom Docker apps.
  4. Deploy the Weaviate service. The internal URL will likely be http://dify-weaviate:8080.

Part 2: Deploying Dify.ai on Elest.io

2.1. Gather Dify Configuration / Environment Variables

Before deploying Dify, prepare its environment variables. Replace placeholders with your actual values. Elest.io will have a section to input these when you deploy Dify.

  • EDITION: SELF_HOSTED
  • CONSOLE_URL: https://dify-console.your-chosen-domain.com (or your *.elestio.app subdomain)
  • APP_URL: https://dify-app.your-chosen-domain.com (or your *.elestio.app subdomain for Dify's app/API)
  • API_URL: ${APP_URL}/v1
  • DB_USERNAME: (from Elest.io PostgreSQL service, e.g., elestio_user_xyz)
  • DB_PASSWORD: (from Elest.io PostgreSQL service)
  • DB_HOST: dify-postgres (internal Elest.io service name)
  • DB_PORT: 5432
  • DB_DATABASE: (from Elest.io PostgreSQL service, e.g., elestio_db_xyz)
  • REDIS_HOST: dify-redis (internal Elest.io service name)
  • REDIS_PORT: 6379
  • REDIS_PASSWORD: (from Elest.io Redis service, if any)
  • REDIS_DB: 0
  • FILES_STORAGE_TYPE: local (Elest.io should manage persistent volumes for Dify's components)
    • The Dify API container expects uploads at /app/storage. Ensure Elest.io's Dify deployment maps a volume here.
  • VECTOR_STORE: weaviate
  • WEAVIATE_ENDPOINT: http://dify-weaviate:8080 (internal Elest.io service URL)
  • WEAVIATE_API_KEY: (leave blank if anonymous access is enabled for Weaviate)
  • CONSOLE_CORS_ALLOW_ORIGINS: ${CONSOLE_URL}
  • WEB_API_CORS_ALLOW_ORIGINS: https://your-ghost-domain.com (Crucial! Your Ghost site's domain)
  • OPENAI_API_KEY: YOUR_OPENROUTER_API_KEY
  • OPENAI_API_BASE: https://openrouter.ai/api/v1
  • ENCRYPTION_KEY: (Generate a 64-char hex string, e.g., openssl rand -hex 32)
  • SECRET_KEY: (Generate a 64-char hex string)

2.2. Deploy Dify Service from Elest.io Catalog

Elest.io offers Dify as a deployable service, which should simplify deploying its multiple components (API, Web, Worker).

  1. Deploy another new service onto your server.
  2. Select Dify from Elest.io's catalog.
  3. Configure the Dify service:
    • Name (e.g., dify-ai-app).
    • Target your HE-LARGE-4C-8G-CAX server.
    • Domains/FQDNs:
      • Configure the public domain for the Dify Console (matching CONSOLE_URL).
      • Configure the public domain for the Dify App/API (matching APP_URL). Elest.io will handle SSL.
    • Environment Variables: Input all the variables gathered in Part 2.1. Elest.io's UI for Dify should allow you to set these.
    • Persistent Storage: Confirm that Elest.io's Dify deployment automatically configures persistent storage for /app/storage (for file uploads to Dify API) and any other necessary paths for Dify's components.
    • Version: Choose a recent, stable Dify version tag (e.g., 0.6.1). Avoid :latest for production.
  4. Deploy the Dify service. Elest.io will pull the necessary Dify images (API, Web, Worker) and run them, connecting them to the PostgreSQL, Redis, and Weaviate services you deployed earlier.
  5. Monitor the deployment logs in Elest.io.

Part 3: Deploying Ghost CMS on Elest.io

3.1. Deploy Ghost Service from Elest.io Catalog

  1. Deploy another new service onto your server.
  2. Select Ghost from Elest.io's catalog.
  3. Configure the Ghost service:
    • Name (e.g., my-ghost-blog).
    • Target your HE-LARGE-4C-8G-CAX server.
    • Domain/FQDN: Configure your public domain for Ghost (e.g., your-ghost-domain.com). Elest.io will handle SSL.
    • Database: Ghost typically uses MySQL or SQLite. Elest.io's managed Ghost service will likely provision a suitable database backend for it automatically or guide you.
    • Email Configuration: Configure Ghost's email settings (for transactional emails, newsletters) as per Ghost and Elest.io documentation.
    • Version: Choose a recent Ghost version.
  4. Deploy the Ghost service.
  5. Once deployed, access your Ghost admin panel via the URL Elest.io provides (e.g., https://your-ghost-domain.com/ghost) and complete the Ghost setup (create admin user, site settings).

Part 4: Configuring Dify.ai and Your Chatbot

This part follows the same logic as your other guides (Parts 4 & 5 of the Railway/Hetzner-Coolify guides).

4.1. Initial Dify.ai Setup

  1. Access your Dify Console URL (CONSOLE_URL).
  2. Create your Dify administrator account.

4.2. Configure OpenRouter in Dify

  1. In Dify, go to Settings -> Model Providers.
  2. Verify OpenRouter is configured (using OPENAI_API_KEY and OPENAI_API_BASE env vars). Add it manually if needed.

4.3. Build Your RAG Chatbot in Dify

  1. Go to Studio -> Create App (Chatbot type).
  2. Go to Knowledge -> Create Knowledge. Upload your documents. Configure indexing.
    • Ensure file uploads work correctly, relying on Elest.io's persistent volume for /app/storage in the Dify API.
  3. Link the Knowledge Base to your Chatbot App's context/retrieval settings.
  4. Configure Prompt Eng. and select your OpenRouter model.
  5. Test in Dify's preview.

Part 5: Embedding the Chatbot in Ghost CMS with Security

This also follows the same logic (Part 6 of your other guides).

5.1. Configure Embed Security in Dify

  1. In your Dify Chatbot App settings, go to Publish / Embed.
  2. Set "Allowed Domains" to https://your-ghost-domain.com. This is critical for security.

5.2. Get Embed Code from Dify

Copy the <iframe> or <script> embed code provided by Dify. The src URLs will use your APP_URL.

5.3. Add Chatbot to Ghost

  1. In Ghost Admin, edit a post/page.
  2. Add an HTML card.
  3. Paste the Dify embed code. Save/Publish.

5.4. (Recommended) Content Security Policy (CSP) in Ghost

  1. Since Ghost is also hosted via Elest.io (on your Hetzner server), Elest.io might provide a way to add custom HTTP headers for your Ghost service (e.g., via a reverse proxy they manage for it).

  2. Alternatively, use Ghost's Code Injection feature (Settings -> Code Injection -> Site Header) to add a CSP meta tag:

    <meta http-equiv="Content-Security-Policy" content="frame-src 'self' https://dify-app.your-chosen-domain.com; script-src 'self' 'unsafe-inline' https://dify-app.your-chosen-domain.com; connect-src 'self' https://dify-app.your-chosen-domain.com wss://dify-app.your-chosen-domain.com;">

    (Adjust domains. 'unsafe-inline' might be needed for script-based embeds; try to avoid if possible.) Test thoroughly.

Part 6: Verification and Testing

Follow Part 7 of your other guides:

  1. Test chatbot on your Ghost site (allowed domain).
  2. Test embedding on a disallowed domain (local HTML file) – it should fail.
  3. Check browser console for errors (especially CORS on disallowed domains).

Part 7: Maintenance and Operations on Elest.io

7.1. Updating Applications (Dify, Ghost, Databases)

  • Elest.io aims to simplify updates for the open-source applications it manages. Check their dashboard or documentation for how to update Dify, Ghost, PostgreSQL, Redis, and Weaviate to newer versions. They might offer one-click updates or guidance.
  • Always read Dify's release notes before updating Dify for breaking changes.

7.2. Backups

  • Elest.io Server Backups: Elest.io typically provides backup solutions for the servers and services deployed through them. Configure and verify scheduled backups for your entire server instance or for individual services (PostgreSQL, Redis, Weaviate data, Dify file storage volumes, Ghost content volume).
  • Ensure PostgreSQL (Dify data) and Weaviate data volumes are backed up regularly.
  • Ghost content is also critical to back up.

7.3. Monitoring Resources

  • Use the Elest.io dashboard to monitor the resource usage (CPU, RAM, Disk) of your HE-LARGE-4C-8G-CAX server.
  • Since all apps share these resources, identify if any particular app (Dify, Weaviate, Ghost) is consuming disproportionate resources. The 8GB RAM and 4vCPU should provide a good buffer, but monitoring is key.
  • Check individual application logs accessible via Elest.io.

Troubleshooting & Further Considerations (Elest.io)

  • CORS Issues: Double-check CONSOLE_CORS_ALLOW_ORIGINS and WEB_API_CORS_ALLOW_ORIGINS in your Dify service configuration on Elest.io.
  • Chatbot Not Loading: Check Dify service logs (API, Web, Worker), Weaviate logs, and browser console. Ensure internal service names (dify-postgres, dify-redis, dify-weaviate) are resolving correctly within Elest.io's managed server environment.
  • Persistent Storage: Verify that Elest.io has correctly configured persistent volumes for Dify API (/app/storage), Weaviate (/var/lib/weaviate), PostgreSQL data, Redis data, and Ghost content. Data loss on restart indicates a volume misconfiguration.
  • Resource Limits: If performance is poor, your $26 server plan might be hitting its limits. Consider upgrading to a higher Elest.io server plan (e.g., their $31 or $51 Hetzner options) if necessary.
  • Elest.io Support: Utilize Elest.io's support channels if you encounter platform-specific issues.