# Deploying VYou server
You can check how to start a local Vyou server in the section The Cli, but you probably want to deploy a production VYou server in a cloud environment, for example. Well, let's describe the VYou server layout.
There are three containers you can pull from a public AWS repository: vyou-backend
, vyou-proxy
and vyou-db
.
Vyou-backend
is the backend VYou API container. Inside it reside all the endpoints that you can invoke from your clients.Vyou-proxy
contains the VYou backoffice and the proxy server configuration (redirections, security, cookie management, etc...).Vyou-db
is the PostgreSQL database.
# vyou-backend
- Last version:
2.0.3
- How to pull image:
docker pull public.ecr.aws/vyou-public/vyou-backend:2.0.3
- Supported architectures:
arm64
,amd64
# Environment variables
The vyou-backend
image uses several environment variables that are easy to overlook.
DB_NAME
: Set a name for the database used in the backend.DB_URL
: URI to the database. (Ej:jdbc:postgresql://localhost:3306/
)WEB_USER
/WEB_PASSWORD
: Credentials for application user to connect to database.MIGRATION_USER
/MIGRATION_PASSWORD
: Credentials for the migration user to connect to the database.ISS
: Backend API URL base.AUTH_SERVER
: Authorization server URL.EMAIL_ACTIVATED
: "true" or "false". Depends on whether you want to send emails or not.EMAIL_SENDGRID_KEY
: Key for Sendgrid integration.ALLOWED_ORIGINS
: URLs that are allowed to use backend endpoints.TENANT_GOD
/TENANT_GOD_PASSWORD
: Credentials for the backoffice superuser.LICENSE_URL
: License server URL. It is provided when purchasing the product.LICENSE_KEY
/LICENSE_SECRET
: Licence credentials. Provided when purchasing the product.VYOU_LIQUIBASE_ENABLED
: true or false. Depends on whether you want to apply database migrations when you run the container.STRIPE_HOOK_SECRET
: Secret used to deal with stripe hooks. See how to obtain this value at Stripe test webhook page (opens new window)STRIPE_ENABLE_ALIPAY
: Flag to activate Alipay as payment method.
# How to use this image
- Start an instance of vyou-backend. Be sure to provide all environment variables:
docker run --name vyou-backend -e VYOU_LIQUIBASE_ENABLED=true public.ecr.aws/vyou-public/vyou-backend:2.0.2
- It starts as part of docker-compose:
version: '3.7'
services:
backend:
image: public.ecr.aws/vyou-public/vyou-backend:2.0.2
container_name: vyou-backend
environment:
- DB_NAME=vyou
- DB_URL=jdbc:postgresql://postgres.service:5432/
- WEB_USER=liamweb
- WEB_PASSWORD=liamweb
- MIGRATION_USER=liammig
- MIGRATION_PASSWORD=liammig
- ISS=https://test.vyou-app.com:6120
- ALLOWED_ORIGINS=https://myvyou-app.com:6120
- AUTH_SERVER=http://backend:8080
- EMAIL_ACTIVATED=true
- EMAIL_SENDGRID_KEY=SG.rIf1eoCyTFWHCdd747a88485895294985729874_ow4qL6fKQ
- TENANT_GOD=liam@oasis.com
- TENANT_GOD_PASSWORD=admin123
- LICENSE_URL=https://license.vyou-app.com
- LICENSE_KEY=0zRUCXUwaLZv5nnK9Zfw0VkrAPaQhV58r8d8f939503
- LICENSE_SECRET=Ukyh9wqJjwSRHfDgIjdbXwabxhZIcAd9s987sFGG4359d987fgDFGDFG4534
- VYOU_LIQUIBASE_ENABLED: true
- STRIPE_HOOK_SECRET: whsec_5d97a709809e8rt3485uer98tuer0g9er0t93840593uetoierjt30495830r
- STRIPE_ENABLE_ALIPAY: false
restart: always
ports:
- 8080:8080
networks:
default:
aliases:
- backend.service
# vyou-proxy
- Last version:
0.5.4
- How to pull image:
docker pull public.ecr.aws/vyou-public/vyou-proxy:0.5.4
- Supported architectures:
arm64
,amd64
# Environment variables
WARNING
vyou-proxy
uses a software called docker-compose-wait (opens new window), a small command-line utility to wait for other docker images to start while using docker-compose or any orchestration method.
WAIT_LOGGER_LEVEL
: see docker-compose-wait config options (opens new window)WAIT_HOSTS
: see docker-compose-wait config options (opens new window)
# How to use this image
- Start a vyou-proxy instance. Be sure to provide all the environment variables:
docker run --name vyou-proxy -p 6120:6120 -e WAIT_LOGGER_LEVEL=off
-v ./nginx.json:/etc/vyou/nginx.json
-v ./vyou_fullchain.pem:/etc/vyou/fullchain.pem:ro
-v ./vyou_chain.pem:/etc/vyou/chain.pem:ro
-v ./vyou_privkey.pem:/etc/vyou/privkey.pem:ro
-e WAIT_HOSTS=backend:8080 public.ecr.aws/vyou-public/vyou-proxy:0.5.4
- Start as part of docker-compose:
version: '3.7'
services:
proxy:
image: public.ecr.aws/vyou-public/vyou-proxy:latest
container_name: vyou-proxy
volumes:
- ./nginx.json:/etc/vyou/nginx.json
- /root/ssl/vyou_chain.pem:/etc/nginx/chain.pem:ro
- /root/ssl/vyou_fullchain.pem:/etc/nginx/cert.pem:ro
- /root/ssl/vyou_privkey.pem:/etc/nginx/key.pem:ro
ports:
- "6120:6120"
environment:
- WAIT_LOGGER_LEVEL=off
- WAIT_HOSTS=backend:8080
# Volumes
There are some mappings than vyou-proxy
requires in volumes
section:
- HTTPS certificate files (*.pem) of the domain where all the containers are located.
- Nginx.json configuration file.
# Nginx.json
This file is used to configure the proxy. It has different sections:
{
"backend": {
"proxyPass": "http://backend:8080",
"gatewayProxyPass": "http://backend.mmr:8081"
},
"backoffice": {
"listen": 443,
"serverName": "vyou.vyou-dev.com",
"ssl": {
"fullchain": "/etc/vyou/fullchain.pem",
"chain": "/etc/vyou/chain.pem",
"privkey": "/etc/vyou/privkey.pem"
},
"frameAncestors": ["https://vyou-dev.com"]
},
"front": [
{
"listen": 443,
"serverName": "vyou-dev.com",
"ssl": {
"fullchain": "/etc/vyou/fullchain.pem",
"chain": "/etc/vyou/chain.pem",
"privkey": "/etc/vyou/privkey.pem"
},
"proxyPass": "http://frontend.mmr:80"
}
]
}
# backend section
In this section is where the url of the vyou backend and the url of the client's own backend are configured.
proxyPass
: vyou backend server url.gatewayProxyPass
: client's own backend url.
# backoffice section
In this section is where Vyou public backoffice configuration occurs.
listen
: backoffice public port.serverName
: backoffice public url.ssl
: certificates configuration (location of three .pem files).
⚠️ Always must be this value:
{
"fullchain": "/etc/vyou/fullchain.pem",
"chain": "/etc/vyou/chain.pem",
"privkey": "/etc/vyou/privkey.pem"
}
frameAncestors
: which urls can load the login iframe (usually public vyou-proxy url).
# front section
In this section is where client's own frontend is configured.
listen
: frontend public port.serverName
: frontend public url.ssl
: certificates configuration (location of three .pem files)
⚠️ Always must be this value:
{
"fullchain": "/etc/vyou/fullchain.pem",
"chain": "/etc/vyou/chain.pem",
"privkey": "/etc/vyou/privkey.pem"
}
proxyPass
: frontend internal url.
This example is suitable for the following scenario:
- Backoffice with this url: https://vyou.vyou-dev.com
- Vyou proxy connected to this url: https://vyou-dev.com
Note that you can link https://vyou-dev.com to a load balancer (for example, an ALB load balancer), and this load balancer distribute queries between one or more vyou-proxy
containers.
# vyou-db
This is a PostgreSql database with pgaudit configured to allow log and some predefined users.
- Latest version:
latest
- How to pull the image:
docker pull public.ecr.aws/vyou-public/vyou-db:latest
- Supported architectures:
arm64
,amd64
# Predefined users in the docker image
There are users initially defined when the image starts running. Each user has their own privileges with respect to database objects:
- POSTGRES_USER: This is a root user, with full privileges. Do not use this user in the backend or in another container.
- MIGRATION_USER: This is a user created with SELECT, INSERT, UPDATE, DELETE privileges.
- DEVELOPER_USER: This is a user with SELECT privileges. It is used to connect to the database console and view the rows to debug possible errors.
- WEB_USER: This is a user with SELECT, INSERT, UPDATE, DELETE privileges. It is perfect to use for the backend <-> database connection.
# Environment variables
POSTGRES_DB
: Database name.DEVELOPER_USER
/DEVELOPER_PASSWORD
: Credentials of the developer user to connect to the database.MIGRATION_USER
/MIGRATION_PASSWORD
: Credentials for the migration user to connect to the database.POSTGRES_USER
/POSTGRES_PASSWORD
: Credentials for the database root user.WEB_USER
/WEB_PASSWORD
: Credentials for the application user to connect to the database.
# How to use this image
- Start a vyou-db instance. You have to provide all the environment variables:
docker run --name vyou-db -e POSTGRES_USER=test -e POSTGRES_PASSWORD=lalalala
-e ... -e ... public.ecr.aws/vyou-public/vyou-db:latest
- Start as part of docker-compose:
version: '3.7'
services:
db:
image: public.ecr.aws/vyou-public/vyou-db:latest
container_name: vyou-db
ports:
- 5432:5432
environment:
- POSTGRES_PASSWORD=liam
- POSTGRES_USER=liam
- POSTGRES_DB=vyou
- DEVELOPER_USER=liamdev
- DEVELOPER_PASSWORD=liamdev
- MIGRATION_USER=liammig
- MIGRATION_PASSWORD=liammig
- WEB_USER=liamweb
- WEB_PASSWORD=liamweb
volumes:
- pgdata:/var/lib/postgresql/data
networks:
default:
aliases:
- postgres.service
volumes:
pgdata:
driver: local