Prerequisites

You need a running Linux Server with Docker installed (Sizing). To install Docker, please follow the official documentation for your distribution, e. g.:

- Ubuntu: https://docs.docker.com/engine/install/ubuntu/
- Red Hat Enterprise Linux: https://docs.docker.com/engine/install/rhel/
- Docker Compose Plugin is installed
- Docker Version at least 20.10.17
- Valid TLS Certificate (including Chain) for HTTPS

To avoid problems especially with the whole variety of mobile devices, we strongly recommend to use TLS Certificates that includes the complete chain. To build the chain by yourself normally it is sufficent to copy the chain elements in the right order:

cat mysimplifierdomain.com.crt chainfromtlsvendor.pem > usethiscertficate.crt

Some of the commands are necessary to be executed as root. Since it depends on the system configuration, e. g. in which groups your user is, all commands are written without sudo. Please use sudo if necessary.

Step 1 – Install docker compose plugin (optional)

If you cannot execute the following command

docker compose

your Installation is too old or the compose plugin is missing. The official documentation to install docker including compose plugin is https://docs.docker.com/engine/install/

You can also check your distribution-specific repositories. For ubuntu, docker compose is part of the docker repository, which is, in most cases, enabled by default. You can install it with:

apt install docker-compose-plugin

If your distribution doesn’t provide a package, you can download the docker engine via script.

Step 2 – Prepare your host system

Create the folders necessary for permanent storage:

mkdir -p /var/lib/simplifier/mysql
mkdir -p /var/lib/simplifier/simplifier
mkdir -p /var/lib/simplifier/traefik
mkdir -p /var/lib/simplifier/bin 
mkdir -p /var/lib/simplifier/launchpad 
mkdir -p /var/lib/simplifier/workflowRuntime 
mkdir -p /var/lib/simplifier/workflowDesigntime
mkdir -p /var/lib/simplifier/shared

chown 1000:1000 /var/lib/simplifier/workflowDesigntime

Remark: these are the important folders to include in your backup.

Step 3 – Get Simplifier setup files

First you need to install git

apt install git

Clone the setup repository

cd /var/lib/simplifier/bin
git clone --branch release/MC https://github.com/simplifier-ag/docker-compose.git

Change into the new directory and check its content

cd docker-compose
ls -a

You should see at least the following entries:

.env.template
security.toml.template
docker-compose.yml
mysql folder

.env.template file defines the environment in terms of variable values. This files needs to be copied as .env and changed.

cp .env.template .env

security.toml.template defines security settings, especially TLS certificates. It is optional, but in most cases you want to use it. For that, copy it as security.toml and change that copy as described later.

cp security.toml.template security.toml

docker-compose.yml is the docker-compose file, which defines the necessary services. It defines the following 8 services:

mysql: database backend for Simplifier
traefik: reverse proxy server
simplifier: application server
launchpad: Simplifier launchpad
workflow-runtime: Runtime module for the workflow engine
workflow-designtime: Designtime module for the workflow engine
watchtower: automated updates
mysqlinit: initial database configuration.

In most cases, you can leave this file unchanged.

Step 4 – Prepare the environment

Edit the Environment file

nano .env

It defines variables, with which you are able to customize your Simplifier installation.

It is mandatory that you adjust the first 3 entries to your needs:

# these 3 variables need to be changed
SIMPLIFIER_HOSTNAME=example.simplifier.cloud
DB_PASSWORD=MySecret123
DB_ROOT_PASSWORD=MySuperSecret

Change the value of SIMPLIFIER_HOSTNAME to the hostname of the server (without https://).

Set DB_PASSWORD and DB_ROOT_PASSWORD to two different values according to your internal password policies.

The other variables have default values, which give you a running Simplifier instance. You can change them if needed.

Now you can save and close the .env file.

Optional: a list of all env variables with a short description:

DYNAMIC_TAB_TITLES_ENABLED

Should the dynamic tab icons and tab titles be activated? (Read more)

SIMPLIFIER_HOSTNAME	Simplifier Hostname, FQDN, without protocoll. To access Simplifer, https://${SIMPLIFIER_HOSTNAME} needs to be used
DB_PASSWORD	MySQL Database Password
DB_ROOT_PASSWORD	Password for the MySQL root user
DB_NAME	Database name for the Simplifier database. Used as prefix for all plugin/module databases.
SIMPLIFIER_VERSION	Version of Simplifier you want to install. You should not change this. If you want to have another Simplifier version, please check out the appropriate branch instead
HOST_DATA_PATH	Path were all data is stored in the host.
PLUGINLIST	List of all plugins which should be started. Technically, the Workflow Engine is not a plugin, so it is not mentioned here
SIMPLIFIER_JVM_HEAP_GB	How much heap space for Simplier App Server in GB
TZ	Timezone. Only used in Workflow Context
WF_RT_JVM_HEAP_GB	How much heap space for Workflow Runtime in GB
WF_ARCHIVE_ENABLED	For archive related settings, please refer to this documentation.
WF_ARCHIVE_INTERVAL
WF_ARCHIVE_MAX_AGE_COMPLETED
WF_ARCHIVE_TIME
WF_DT_JVM_HEAP_GB	How much heap space for Workflow Designtime in GB
LAUNCHPAD_JVM_HEAP_GB	How much heap space for Launchpad in GB
FEATURE_SSBO_JS_DEBUGGING	Should the experimental feature “Debugging of Server Side Business Objects” be enabled? (Read more)
DEBUG_CHROME_DEV_TOOLS_EXPOSED_PORT	Port used to connect to the debugger. This port needs to be open in your firewall setup. (Read more)
PDFPLUGIN_SECURITY_ALLOW_JAVASCRIPT	Should Javascript execution be allowed in PDF templates? (Read more)
DYNAMIC_TAB_TITLES_ENABLED	Should the dynamic tab icons and tab titles be activated? (Read more)

Make sure that the values given in the .env file do not contain a dollar sign $, hash tag # or ampersand &.

Step 5 – Setting up TLS (commonly referred to as SSL)

The given docker compose file configures the traefik proxy to use HTTPS only. Without further changes, a self signed default certificate will be used, which causes warnings in all major browsers. To avoid this, you need to provide your own certificates. You need the private key as well as the public key. Usually they come in form of a pair of .crt and .key files.

If you got a .pfx file, please follow this guide to get .key and .crt: https://www.informaticar.net/convert-pfx-certificate-to-key-and-crt

If you got a .pem file, please follow this Stackoverflow answer to get .key and .crt: https://stackoverflow.com/a/60315721/8247892

cat mysimplifierdomain.com.crt chainfromtlsvendor.pem > usethiscertficate.crt

Edit the security.toml file.

nano security.toml

The first two sections handle the certificates and the certificates store:

[[tls.certificates]]
  certFile = "/configuration/my.custom.hostname.crt"
  keyFile = "/configuration/my.custom.hostname.key"

[tls.stores]
  [tls.stores.default]
    [tls.stores.default.defaultCertificate]
      certFile = "/configuration/my.custom.hostname.crt"
      keyFile = "/configuration/my.custom.hostname.key"

Replace “my.custom.hostname.crt” and “my.custom.hostname.key” with file names of your cert and key files.

IMPORTANT: keep the path /configuration/ unchanged. This is the path within the container, not on the host system. It is defined in the traefik service definition of the docker compose file in the section volumes.

Place all three files in /var/lib/simplifier/traefik.

cp myKeyFile.key myCertFile.crt /var/lib/simplifier/traefik
cp security.toml /var/lib/simplifier/traefik

Step 6 – OPTIONAL Configure Cipher Suites and TLS versions

Cyper security is a changing field. Algorithms which were thought to be secure may get compromised. Sometimes support for older software clients has a higher priority then state of the art security settings. This is why usually older algorithms and protocolls are supported, but can be disabled via configuration.

The prepared example file disables some older protocols and algorithms. It does only allow those, which were considered as secure at the time this article was written. This configuration is done with this part of the security.toml file:

[tls.options]
  # Valid constants: https://pkg.go.dev/crypto/tls#pkg-constants
  [tls.options.default]
    minVersion = "VersionTLS12"
     cipherSuites = [
      "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
      "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
      "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
    ]
  [tls.options.mintls12]
    minVersion = "VersionTLS12"

If you have trouble in connecting with older browsers (which you shouldn’t use) or other (propriatary) clients, try to remove this part of the configuration. Instead of deleting these lines, you can place a # at the beginning of each line to mark it as a comment.

Step 7 – Starting Simplifier

So far everything is prepared and Simplifier can be started.

Change back to the folder where you stored the simplifer-standalone.yml file. To start all services which are defined in the file run:

docker compose up -d

Now, from your desktop computer, open a new browser tab and navigate to the server. You should see a simple website which asks you to insert a Simplifer license. Copy the whole content of the licence file you received from the Simplifier Customer Success Team and paste it into the web form. Press Save. The browser now redirects you to the Simplifier login page. Log in with the default credentials admin/admin.