Simplifer setup with recommended environment using docker-compose

248 views 0

Written by Verena
December 2, 2021

Prerequisites

You need a running Linux Server with Docker installed. To install Docker, please follow the official documentation for your distribution, e. g.:

Step 1 – Install docker-compose

The official documentation to install docker-compose is: https://docs.docker.com/compose/install/

You can also check your distribution-specific repositories. For ubuntu, docker-compose is part of the universe repository, which is, in most cases, enabled by default. You can install it with:

sudo apt install docker-compose

If your distribution doesn’t provide a package, the main steps from the official documentation are:

Download the script:

sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

Make it executable:

sudo chmod +x /usr/local/bin/docker-compose

If you do not have /usr/local/bin as part of you $PATH variable, either add it to $PATH or link the script to /usr/bin

sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose

This installs docker-compose with the latest 1.x version. docker-compose 2.x needs to be installed as a plugin  for docker-cli. For more information, look at the official documentation: https://docs.docker.com/compose/cli-command/.

Step 2 – Prepare your host system

Create the folders neccessary for permanent storage:

mkdir -p /var/lib/simplifier/mysql
mkdir -p /var/lib/simplifier/data
mkdir -p /etc/simplifier/traefik

Remark: these are the important folders to include in your backup.

Step 3 – Get Simplifier setup files

First you need to install git

sudo apt install git

Clone the setup repository

git clone https://github.com/simplifier-ag/docker-compose.git

Change into the new directory and check its content

cd docker-compose
ls -a

You should see at least the following entries:

  • .env
  • security.toml
  • simplifier-standalone.yml

.env file defines the environment in terms of variable values. This files needs to be changed.

security.toml defines security settings, especially TLS certificates. It is optional, but in most cases you want to use it.

simplifier-standalone.yml is the docker-compose file, which defines the necessary services. It defines the following 4 services:

  • mysql: database backend for Simplifier
  • traefik: proxy server
  • simplifier: application server
  • watchtower: automated updates

In most cases, you can leave this file unchanged.

Step 4 – Prepare the environment

Edit the environmet file

nano .env

It defines 5 varibale values

HOSTNAME=example.simplifier.cloud
DB_PASSWORD=MySecret123
DB_NAME=simplifier
DB_ROOT_PASSWORD=MySuperSecret
SIMPLIFIER_VERSION=6.5

Change the value of HOSTNAME to the hostname of the server (without https://).

Set DB_PASSWORD and DB_ROOT_PASSWORD to two different values according to your internal password policies.

Set SIMPLIFIER_VERSION to the major releaes of Simplifier you want to have installed. As the time of writing, this is 6.5. In most cases, if you just cloned the repository, the matching value should already be there and you do not need to change it.

Also, DB_NAME won’t need to be changed in most cases.

Now you can save and close the .env file.

Step 5 – Setting up TLS (commonly referred to as SSL)

The given docker compose file configures the traefik proxy to use HTTPS only. Without further changes, a self signed default certificate will be used, which causes warnings in all major browsers. To avoid this, you need to provide your own certificates. You need the private key as well as the public key. Usually they come in form of a pair of .crt and .key files.

If you got a .pfx file, please follow this guide to get .key and .crt: https://bobcares.com/blog/convert-pfx-to-crt-key-files/

If you got a .pem file, please follow this Stackoverflow answer to get .key and .crt: https://stackoverflow.com/a/60315721/8247892

Edit the security.toml file.

nano security.toml

The first two sections handle the certificates and the certificates store:

[[tls.certificates]]
  certFile = "/configuration/my.custom.hostname.crt"
  keyFile = "/configuration/my.custom.hostname.key"

[tls.stores]
  [tls.stores.default]
    [tls.stores.default.defaultCertificate]
      certFile = "/configuration/my.custom.hostname.crt"
      keyFile = "/configuration/my.custom.hostname.key"

Replace “my.custom.hostname.crt” and “my.custom.hostname.key” with file names of your cert and key files.

IMPORTANT: keep the path /configuration/ unchanged. This is the path within the container, not on the host system. It is defined in the traefik service definition of the docker compose file in the section volumes.

Place all three files in /etc/simplifier/traefik.

cp myKeyFile.key myCertFile.crt /etc/simplifier/traefik
cp security.toml /etc/simplifier/traefik

Step 6 – OPTIONAL Configure Cipher Suites and TLS versions

Cyper security is a changing field. Algorithms which were thought to be secure may get compromised. Sometimes support for older software clients has a higher priority then state of the art security settings. This is why usually older algorithms and protocolls are supported, but can be disabled via configuration.

The prepared example file disables some older protocols and algorithms. It does only allow those, which were considered as secure at the time this article was written. This configuration is done with this part of the security.toml file:

[tls.options]
  # Valid constants: https://pkg.go.dev/crypto/tls#pkg-constants
  [tls.options.default]
    minVersion = "VersionTLS12"
    cipherSuites = [
      "TLS_RSA_WITH_AES_128_CBC_SHA",
      "TLS_RSA_WITH_AES_256_CBC_SHA",
      "TLS_RSA_WITH_AES_128_CBC_SHA256",
      "TLS_RSA_WITH_AES_128_GCM_SHA256",
      "TLS_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_AES_128_GCM_SHA256",
      "TLS_AES_256_GCM_SHA384",
      "TLS_CHACHA20_POLY1305_SHA256"
    ]
  [tls.options.mintls12]
    minVersion = "VersionTLS12"

If you have trouble in connecting with older browsers (which you shouldn’t use) or other (propriatary) clients, try to remove this part of the configuration. Instead of deleting these lines, you can place a # at the beginning of each line to mark it as a comment.

Step 7 – Starting Simplifier

So far everything is prepared and Simplifier can be started.

Change back to the folder where you stored the simplifer-standalone.yml file. To start all services which are defined in the file run:

docker-compose -f simplifer-standalone.yml up -d

Now, from your desktop computer, open a new browser tab and navigate to the server. You should see a simple website which asks you to insert a Simplifer license. Copy the whole content of the licence file you received from the Simplifier Customer Success Team and paste it into the web form. Press Save. The browser now redirects you to the Simplifier login page. Log in with the default credentials admin/admin.

Step 8 – Basic Simplifier Setup

Some basic setup steps need to be done in the Simplifer UI.

User Management

Change the password of the admin and the guest user (Documentation).

Standard Content

Download the current standard content here and import it (Documentation).

Learn

Start the Basic Course and build your first App here.

Was this article helpful?

 
Related Articles