VYou documentation

# Deploying VYou server

You can check how to start a local Vyou server in the section The Cli, but you probably want to deploy a production VYou server in a cloud environment, for example. Well, let's describe the VYou server layout. There are three containers you can pull from a public AWS repository: vyou-backend, vyou-proxy and vyou-db.

  • Vyou-backend is the backend VYou API container. Inside it reside all the endpoints that you can invoke from your clients.
  • Vyou-proxy contains the VYou backoffice and the proxy server configuration (redirections, security, cookie management, etc...).
  • Vyou-db is the PostgreSQL database.

# vyou-backend

  • Last version: 2.0.3
  • How to pull image: docker pull public.ecr.aws/vyou-public/vyou-backend:2.0.3
  • Supported architectures: arm64, amd64

# Environment variables

The vyou-backend image uses several environment variables that are easy to overlook.

  • DB_NAME: Set a name for the database used in the backend.
  • DB_URL: URI to the database. (Ej: jdbc:postgresql://localhost:3306/)
  • WEB_USER / WEB_PASSWORD: Credentials for application user to connect to database.
  • MIGRATION_USER / MIGRATION_PASSWORD: Credentials for the migration user to connect to the database.
  • ISS: Backend API URL base.
  • AUTH_SERVER: Authorization server URL.
  • EMAIL_ACTIVATED: "true" or "false". Depends on whether you want to send emails or not.
  • EMAIL_SENDGRID_KEY: Key for Sendgrid integration.
  • ALLOWED_ORIGINS: URLs that are allowed to use backend endpoints.
  • TENANT_GOD / TENANT_GOD_PASSWORD: Credentials for the backoffice superuser.
  • LICENSE_URL: License server URL. It is provided when purchasing the product.
  • LICENSE_KEY / LICENSE_SECRET: Licence credentials. Provided when purchasing the product.
  • VYOU_LIQUIBASE_ENABLED: true or false. Depends on whether you want to apply database migrations when you run the container.
  • STRIPE_HOOK_SECRET: Secret used to deal with stripe hooks. See how to obtain this value at Stripe test webhook page (opens new window)
  • STRIPE_ENABLE_ALIPAY: Flag to activate Alipay as payment method.

# How to use this image

  • Start an instance of vyou-backend. Be sure to provide all environment variables:
docker run --name vyou-backend -e VYOU_LIQUIBASE_ENABLED=true public.ecr.aws/vyou-public/vyou-backend:2.0.2
  • It starts as part of docker-compose:
version: '3.7'
services:
  backend:
    image: public.ecr.aws/vyou-public/vyou-backend:2.0.2
    container_name: vyou-backend
    environment:
      - DB_NAME=vyou
      - DB_URL=jdbc:postgresql://postgres.service:5432/
      - WEB_USER=liamweb
      - WEB_PASSWORD=liamweb
      - MIGRATION_USER=liammig
      - MIGRATION_PASSWORD=liammig
      - ISS=https://test.vyou-app.com:6120
      - ALLOWED_ORIGINS=https://myvyou-app.com:6120
      - AUTH_SERVER=http://backend:8080
      - EMAIL_ACTIVATED=true
      - EMAIL_SENDGRID_KEY=SG.rIf1eoCyTFWHCdd747a88485895294985729874_ow4qL6fKQ
      - TENANT_GOD=liam@oasis.com
      - TENANT_GOD_PASSWORD=admin123
      - LICENSE_URL=https://license.vyou-app.com
      - LICENSE_KEY=0zRUCXUwaLZv5nnK9Zfw0VkrAPaQhV58r8d8f939503
      - LICENSE_SECRET=Ukyh9wqJjwSRHfDgIjdbXwabxhZIcAd9s987sFGG4359d987fgDFGDFG4534
      - VYOU_LIQUIBASE_ENABLED: true
      - STRIPE_HOOK_SECRET: whsec_5d97a709809e8rt3485uer98tuer0g9er0t93840593uetoierjt30495830r
      - STRIPE_ENABLE_ALIPAY: false
    restart: always
    ports:
      - 8080:8080
    networks:
      default:
        aliases:
          - backend.service

# vyou-proxy

  • Last version: 0.5.4
  • How to pull image: docker pull public.ecr.aws/vyou-public/vyou-proxy:0.5.4
  • Supported architectures: arm64, amd64

# Environment variables

WARNING

vyou-proxyuses a software called docker-compose-wait (opens new window), a small command-line utility to wait for other docker images to start while using docker-compose or any orchestration method.

# How to use this image

  • Start a vyou-proxy instance. Be sure to provide all the environment variables:
docker run --name vyou-proxy -p 6120:6120 -e WAIT_LOGGER_LEVEL=off 
         -v ./nginx.json:/etc/vyou/nginx.json  
         -v ./vyou_fullchain.pem:/etc/vyou/fullchain.pem:ro
         -v ./vyou_chain.pem:/etc/vyou/chain.pem:ro
         -v ./vyou_privkey.pem:/etc/vyou/privkey.pem:ro
         -e WAIT_HOSTS=backend:8080 public.ecr.aws/vyou-public/vyou-proxy:0.5.4
  • Start as part of docker-compose:
version: '3.7'
services:
  proxy:
    image: public.ecr.aws/vyou-public/vyou-proxy:latest
    container_name: vyou-proxy
    volumes:
      - ./nginx.json:/etc/vyou/nginx.json  
      - /root/ssl/vyou_chain.pem:/etc/nginx/chain.pem:ro
      - /root/ssl/vyou_fullchain.pem:/etc/nginx/cert.pem:ro
      - /root/ssl/vyou_privkey.pem:/etc/nginx/key.pem:ro
    ports:
      - "6120:6120"
    environment:
      - WAIT_LOGGER_LEVEL=off
      - WAIT_HOSTS=backend:8080

# Volumes

There are some mappings than vyou-proxy requires in volumes section:

  • HTTPS certificate files (*.pem) of the domain where all the containers are located.
  • Nginx.json configuration file.

# Nginx.json

This file is used to configure the proxy. It has different sections:

{
  "backend": {
    "proxyPass": "http://backend:8080",
    "gatewayProxyPass": "http://backend.mmr:8081"
  },
  "backoffice": {
    "listen": 443,
    "serverName": "vyou.vyou-dev.com",
    "ssl": {
      "fullchain": "/etc/vyou/fullchain.pem",
      "chain": "/etc/vyou/chain.pem",
      "privkey": "/etc/vyou/privkey.pem"
    },
    "frameAncestors": ["https://vyou-dev.com"]
  },
  "front": [
    {
      "listen": 443,
      "serverName": "vyou-dev.com",
      "ssl": {
        "fullchain": "/etc/vyou/fullchain.pem",
        "chain": "/etc/vyou/chain.pem",
        "privkey": "/etc/vyou/privkey.pem"
      },
      "proxyPass": "http://frontend.mmr:80"
    }
  ]
}

# backend section

In this section is where the url of the vyou backend and the url of the client's own backend are configured.

  • proxyPass: vyou backend server url.
  • gatewayProxyPass: client's own backend url.

# backoffice section

In this section is where Vyou public backoffice configuration occurs.

  • listen: backoffice public port.
  • serverName: backoffice public url.
  • ssl: certificates configuration (location of three .pem files).

⚠️ Always must be this value:

{
    "fullchain": "/etc/vyou/fullchain.pem",
    "chain": "/etc/vyou/chain.pem",
    "privkey": "/etc/vyou/privkey.pem"
}
  • frameAncestors: which urls can load the login iframe (usually public vyou-proxy url).

# front section

In this section is where client's own frontend is configured.

  • listen: frontend public port.
  • serverName: frontend public url.
  • ssl: certificates configuration (location of three .pem files)

⚠️ Always must be this value:

{
    "fullchain": "/etc/vyou/fullchain.pem",
    "chain": "/etc/vyou/chain.pem",
    "privkey": "/etc/vyou/privkey.pem"
}
  • proxyPass: frontend internal url.

This example is suitable for the following scenario:

  • Backoffice with this url: https://vyou.vyou-dev.com
  • Vyou proxy connected to this url: https://vyou-dev.com

Note that you can link https://vyou-dev.com to a load balancer (for example, an ALB load balancer), and this load balancer distribute queries between one or more vyou-proxycontainers.

# vyou-db

This is a PostgreSql database with pgaudit configured to allow log and some predefined users.

  • Latest version: latest
  • How to pull the image: docker pull public.ecr.aws/vyou-public/vyou-db:latest
  • Supported architectures: arm64, amd64

# Predefined users in the docker image

There are users initially defined when the image starts running. Each user has their own privileges with respect to database objects:

  • POSTGRES_USER: This is a root user, with full privileges. Do not use this user in the backend or in another container.
  • MIGRATION_USER: This is a user created with SELECT, INSERT, UPDATE, DELETE privileges.
  • DEVELOPER_USER: This is a user with SELECT privileges. It is used to connect to the database console and view the rows to debug possible errors.
  • WEB_USER: This is a user with SELECT, INSERT, UPDATE, DELETE privileges. It is perfect to use for the backend <-> database connection.

# Environment variables

  • POSTGRES_DB: Database name.
  • DEVELOPER_USER / DEVELOPER_PASSWORD: Credentials of the developer user to connect to the database.
  • MIGRATION_USER / MIGRATION_PASSWORD: Credentials for the migration user to connect to the database.
  • POSTGRES_USER / POSTGRES_PASSWORD: Credentials for the database root user.
  • WEB_USER / WEB_PASSWORD: Credentials for the application user to connect to the database.

# How to use this image

  • Start a vyou-db instance. You have to provide all the environment variables:
 docker run --name vyou-db -e POSTGRES_USER=test -e POSTGRES_PASSWORD=lalalala
                           -e ... -e ... public.ecr.aws/vyou-public/vyou-db:latest
  • Start as part of docker-compose:
version: '3.7'
services:
  db:
    image: public.ecr.aws/vyou-public/vyou-db:latest
    container_name: vyou-db
    ports:
      - 5432:5432
    environment:
      - POSTGRES_PASSWORD=liam
      - POSTGRES_USER=liam
      - POSTGRES_DB=vyou
      - DEVELOPER_USER=liamdev
      - DEVELOPER_PASSWORD=liamdev
      - MIGRATION_USER=liammig
      - MIGRATION_PASSWORD=liammig
      - WEB_USER=liamweb
      - WEB_PASSWORD=liamweb
    volumes:
      - pgdata:/var/lib/postgresql/data
    networks:
      default:
        aliases:
          - postgres.service
volumes:
  pgdata:
    driver: local

# Other ways to orchestate these containers