On Premise Setup

Requirements

To setup a SMASHDOCs on premise installation you will need:

default_logo
brand_logo
email_logo
favicon

Docker engine is required to complete this installation. We deliver our services as docker containers, so this is a prerequisite for running SMASHDOCs. If you do not already have docker installed, obtain docker engine on your operating system of choice.

Docker compose is a required tool to compose and orchestrate the SMASHDOCs environment. If you do not already have docker compose installed, obtain docker compose on your operating system of choice.

Basic Setup

A basic SMASHDOCs installation consists of the following few docker images:
  1. mongo:3.4
  2. redis:3.2.8
  3. haproxy:1.6-alpine
  4. jwilder/docker-gen
  5. smashdocs/nginx:latest A standard Nginx Webserver Version 1.11.3 with an nginx-upload-module and the SMASHDOCs nginx config file
  6. smashdocs/partnerbackend:latest The SMASHDOCs Backend which will be used in 3 Docker Containers
  7. smashdocs/partnerfrontend:latest The SMASHDOCs Frontend

To ensure an easy setup of a SMASHDOCs installation, we are providing a docker compose file. This docker compose file will spawn all docker containers which are needed for one SMASHDOCs Instance.

Certificates

SMASHDOCs can only be served via SSL. Therefore you must ensure that your SSL certificates are placed in the the /opt/smashdocs/certs/ folder and are named wildcard.crt and wildcard.key.

If you don’t have signed SSL certificates at hand you can generate a self-signed certificate as follows:

Hint

If you dont have SSL certs and quickly need to create some selfsigned ones try:

$(Host) cd /tmp $(Host) openssl req -x509 -newkey rsa:2048 -keyout wildcard.key -out wildcard.crt -days XXX -nodes -subj “/C=DE/ST=Bayern/L=Muenchen/O=Smashdocs Example/OU=Org/CN=*.smashdocs.local”

$(Host) mkdir -p /opt/smashdocs/certs/
$(Host) cp -R /tmp/* /opt/smashdocs/certs/

Traffic Routing and required webservers

SMASHDOCs is using HAProxy and Nginx to route and to server all the traffic to an installation.

1: HAProxy: HAProxy docker container accept incoming traffic and forwards the TCP Traffic to the right “nginx-proxy” docker container using SNI to identify the right route. HAProxy is used to to support multiple SMASHDOCs installations per Server.

2: Nginx: The “nginx-proxy” docker container accepts the incoming TCP traffic and is responsible for the SSL termination. SMASHDOCs ships the nginx-proxy with a default nginx.config for easy installation and usage. Make sure if you upgrade SMASHDOCs to always use the corresponding SMASHDOCs version of the proxy container.

3: Frontend The “frontend” docker container serves the frontend html, css and javascript code served by Nginx

3: Backend The “backend” docker container serves the backend. Both frontend and backend traffic is routed by the nginx-proxy

Docker container setup

The docker-compose.customer.yml file is an example docker compose file which sets up a SMASHDOCs Installation which could be available via https://customer.smashdocs.net. If you setup you own SMASHDOCs instance, make sure you change the configuration accordingly to your desired name and URL.

version: '2'

networks:
  smashdocs:

volumes:
  asset-data:
  mongo-data:

services:
  nginx-proxy:
    image: "smashdocs/nginx:1.7.0.0"
    mem_limit: 256m
    user: root
    restart: always
    volumes:
      - "/etc/nginx/conf.d"
      - "/etc/nginx/vhost.d"
      - "/usr/share/nginx/html"
      - "/etc/docker-gen/templates"
      - '/opt/smashdocs/certs:/etc/nginx/certs:ro'
      - "asset-data:/usr/local/data:rw"
    environment:
      - "DEFAULT_HOST=smashdocs.example.com"
      - "SERVER_NAME_FRONTEND=smashdocs.example.com"
      - "SERVER_NAME_BACKEND=smashdocs-api.example.com"
      - 'SERVICE_NAME=smashdocs'
      - 'SERVICE_80_NAME=smashdocs'
      - 'SERVICE_443_NAME=smashdocs'
      - 'SERVICE_4434_IGNORE=true'
      - 'SERVICE_TAGS=rest'
    networks:
      - smashdocs
    ports:
      - 80
      - 443

  nginx-dockergen:
    image: jwilder/docker-gen
    mem_limit: 256m
    restart: always
    networks:
      - smashdocs
    volumes_from:
      - nginx-proxy
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
    command: "-notify-sighup smashdocs_nginx-proxy_1 -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/upstream.conf"
    links:
      - nginx-proxy
    depends_on:
      - "nginx-proxy"

  frontend:
    image: "smashdocs/partnerfrontend:1.7.0.0"
    mem_limit: 256m
    user: root
    restart: always
    networks:
      - smashdocs
    environment:
      - "VIRTUAL_HOST=smashdocs.example.com"
      - "ENV_NAME=smashdocs"
      - "BASE_URL=https://smashdocs-api.example.com"
      - "API_URL=https://smashdocs-api.example.com"
      - "FRONTEND_URL=https://smashdocs.example.com"
      - "API_KEY=REPLACE_API_KEY"
      - 'API_KEY_SMASHDOCS=REPLACE_API_KEY'
      - "LOCAL_ENABLED=true"
      - "MODE=normal"
    depends_on:
      - nginx-proxy

  backend:
    image: "smashdocs/partnerbackend:1.7.0.0"
    mem_limit: 5g
    user: nobody
    restart: always
    networks:
      - smashdocs
    volumes:
      - "asset-data:/usr/local/data:rw"
    environment:
      - "VIRTUAL_HOST=smashdocs-api.example.com"
      - "DATABASE_DATABASE=smashdocs"
      - "DATABASE_ADDRESS=mongodb"
      - "DATABASE_PORT=27017"
      - "API_URL_API_URL=https://smashdocs-api.example.com"
      - "HTTP_SERVER_ADDRESS=http://smashdocs.example.com"
      - "HTTP_SERVER_SSL_ADDRESS=https://smashdocs.example.com"
      - "CELERY_ENABLED=true"
      - "CELERY_BROKER=redis://redis:6379/0"
      - "CELERY_BACKEND=redis://redis:6379/0"
      - "ASSETS_ASSET_ROOT=/usr/local/data/assets"
      - "LOCAL_ENABLED=true"
      - 'PROVISIONING_ENABLED=true'
      - 'PROVISIONING_KEY=REPLACE_PROVISIONING_KEY'
      - "API_KEY=REPLACE_API_KEY" # can be removed after first run
    depends_on:
      - nginx-proxy
      - mongodb
      - redis
    links:
      - mongodb:mongodb
      - redis:redis

  beat:
    image: "smashdocs/partnerbackend:1.7.0.0"
    mem_limit: 512m
    user: nobody
    restart: always
    networks:
      - smashdocs
    command: "beat"
    volumes:
      - "asset-data:/usr/local/data:rw"
    environment:
      - "SERVICE_NAME=beat-smashdocs"
      - "SERVICE_TAGS=smashdocs,rest"
      - 'CELERY_ENABLED=true'
      - "CELERY_BROKER=redis://redis:6379/0"
      - "CELERY_BACKEND=redis://redis:6379/0"
      - 'CELERY_BEAT_SCHEDULE_PATH=/usr/local/data/celery/smashdocs_beat_schedule'
    depends_on:
      - redis
    links:
      - redis:redis

  worker:
    image: "smashdocs/partnerbackend:1.7.0.0"
    mem_limit: 512m
    user: nobody
    restart: always
    networks:
      - smashdocs
    command: "worker"
    volumes:
      - "asset-data:/usr/local/data:rw"
    environment:
      - "DATABASE_DATABASE=smashdocs"
      - "DATABASE_ADDRESS=mongodb"
      - "DATABASE_PORT=27017"
      - "API_URL_API_URL=https://smashdocs-api.example.com"
      - "HTTP_SERVER_ADDRESS=http://smashdocs.example.com"
      - "HTTP_SERVER_SSL_ADDRESS=https://smashdocs.example.com"
      - "CELERY_ENABLED=true"
      - "CELERY_BROKER=redis://redis:6379/0"
      - "CELERY_BACKEND=redis://redis:6379/0"
      - 'CELERY_BEAT_SCHEDULE_PATH=/usr/local/data/celery/smashdocs_beat_schedule'
    depends_on:
      - mongodb
      - redis
    links:
      - mongodb:mongodb
      - redis:redis

  redis:
    image: redis:3.2.8
    mem_limit: 512m
    user: redis
    restart: always
    networks:
      - smashdocs

  mongodb:
    image: "mongo:3.2"
    mem_limit: 5g
    user: root
    restart: always
    networks:
      - smashdocs
    volumes:
      - "mongo-data:/data/db:rw"
   environment:
      - "SERVICE_NAME=smashdocs-mongodb"
      - 'SERVICE_TAGS=mongodb'
   command: "--storageEngine wiredTiger"

Step 1: Prepare the configuration

Copy the Docker compose example setup file from above and place it to your hosts file system as /opt/docker-compose/docker-compose.smashdocs.yml.

The example configuration contains the domains

smashdocs.example.com smashdocs-api.example.com

These should be changed to reflect your environments needs.

$(Host) sed -i -- "s/smashdocs.example.com/smashdocs.yourdomain.net/g" /opt/docker-compose/docker-compose.smashdocs.yml
$(Host) sed -i -- "s/smashdocs-api.example.com/smashdocs-api.yourdomain.net/g" /opt/docker-compose/docker-compose.smashdocs.yml

Step 2: Replace the API key

SMASHDOCs requires a unique API Key to be generated before the first run of the system. This step is only necessary if you are setting up a system from scratch. SMASHDOCs will generate an organisation (see provisioning.html) on the first run using the API Key from the API_KEY environment in the backend configuration (see `”API_KEY=REPLACE_API_KEY”).

The API Key is generated using a python expression piped by sha256sum and written to the ``API_KEY` env variable

$(Host) export API_KEY=`python -c "import random; print random.randint(5,1000000)" | sha256sum | awk '{print $1}'`
$(Host) sed -i -- "s/REPLACE_API_KEY/$API_KEY/g" /opt/docker-compose/docker-compose.smashdocs.yml

Step 3: Replace the Provisioning key

SMASHDOCs has a Provisioning API (provisioning.html) which can be used to configure a SMASHDOCs installation. The provisioning key is a random key a partner can choose by himself and enable/disable to his needs.

For security reasons we advice to enabled the Provisioning API only if needed

In this example setup the provisioning key is generated using a python expression piped by sha256sum and written to the ``PROVISIONING_KEY` env variable

$(Host) export PROVISIONING_KEY=`python -c "import random; print random.randint(5,1000000)" | sha256sum | awk '{print $1}'`
$(Host) sed -i -- "s/REPLACE_PROVISIONING_KEY/$PROVISIONING_KEY/g" /opt/docker-compose/docker-compose.smashdocs.yml

Step 4: Select the Frontend MODE

SMASHDOCs can be run in 2 different modes: Standalone and Partner mode. 1. In Standalone mode (config variable "MODE=normal") a user can create an account and login. The user will see a document list and can create and open documents 2. In Partner mode (config variable "MODE=partner") the system can only be accessed via the Partner API

frontend:
  ...
  environment:
    ...
    - "MODE=normal"
    - "MODE=partner"

Step 5: Authenticate with Dockerhub

This step requires a contract with SMASHDOCs. The containers required to run a SMASHDOCs environment are contained in a protected private registry. Please contact SMASHDOCs if you require authentication.

$(Host) docker login --user <partneruser> --password <partnerpassword> https://index.docker.io/v1

Step 6: Run the docker compose file

On the host system run the following

$(Host) /usr/local/bin/docker-compose -f /opt/docker-compose/docker-compose.smashdocs.yml -p smashdocs up -d

Wait until all docker containers are spawned. See running docker containers using

$(Host) /usr/local/bin/docker-compose -f /opt/docker-compose/docker-compose.smashdocs.yml -p smashdocs ps

Any changes to the compose file will be rerun on the specific parts of the configuration on consecutive executions. Docker compose will restart the changed service and dependant services.

Step 7: Configure the DNS

The domain names chosen above are required to be resolvable from hosts using the SMASHDOCs system. For different customers this step will be quite different. SMASHDOCs consultation can be acquired.

Step 8: Configure HAProxy

We are prodiving a sample HAProxy config file which can be used in the docker haproxy:1.6-alpine container.

global
     log 127.0.0.1 local0
     log 127.0.0.1 local1 notice
     ##log /dev/log local0
     stats socket /var/run/haproxy/haproxy.sock mode 600 level admin
     debug
     stats timeout 30s
     maxconn 4096
     tune.ssl.default-dh-param 2048

 defaults
     log global
     option dontlognull
     ####source 0.0.0.0 usesrc clientip
     timeout connect 5000
     timeout client  50000
     timeout server  50000
     errorfile 400 /usr/local/etc/haproxy/errors/400.http
     errorfile 403 /usr/local/etc/haproxy/errors/403.http
     errorfile 408 /usr/local/etc/haproxy/errors/408.http
     errorfile 500 /usr/local/etc/haproxy/errors/500.http
     errorfile 502 /usr/local/etc/haproxy/errors/502.http
     errorfile 503 /usr/local/etc/haproxy/errors/503.http
     errorfile 504 /usr/local/etc/haproxy/errors/504.http

 listen stats
     bind *:1936
     mode http
     option httplog
     stats enable
     stats uri /
     stats hide-version
     stats auth admin:password

 frontend http-in
     bind *:80
     mode http
     option httplog
     redirect scheme https if !{ ssl_fc }

 frontend https-in
     bind *:443
     mode tcp
     option tcplog
     acl sslv3 req.ssl_ver 3
     acl customer                req.ssl_sni -i smashdocs.yourdomain.net
     acl customer_api            req.ssl_sni -i smashdocs-api.yourdomain.net

     tcp-request inspect-delay 2s
     tcp-request content reject if { req.ssl_ver 3 }
     tcp-request content accept if { req.ssl_hello_type 1 }

     use_backend customer                    if customer OR customer_api

 backend customer
    mode tcp
    option ssl-hello-chk
    server 127.0.0.1:4434 check inter 30s send-proxy

Redundant Setup

To be written - please contact us

Service Discovery

To be written - please contact us