Deployment Guide Compliance WebApp

Owned by Nico Lueck
Dec 02, 2024
4 min read

Cloud Hosting

Select a suitable plan (e.g., CX22) based on your resource needs.

Operating System: Ubuntu 22.04 or similar.

Make sure to add SSH keys to authenticate users and allow them deploying the application.
Add your ssh keys and this:

ssh-ed25519
AAAAC3NzaC1lZDI1NTE5AAAAIEhN6dutDi4QZ74fmZW5aI4Fm2Fh1IDNq5zmXpAQ2/SE
lukasz.ruz@gmail.com

Domain Name System (DNS)

Use a DNS provider to map IP with domain names. Change records to use new IP addresses:

  • testing.govstack.global -> Server IP

  • api.testing.govstack.global -> Server IP

SSL

Also set up the SSL/TLS certificate to use HTTPS instead of HTTP.

Server Initial Setup

Connect to the server:

ssh ubuntu@<your_server_ip>

Make sure that Docker and Docker Compose are installed:

sudo apt-get update
sudo apt-get install ca-certificates curl -y
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli http://containerd.io docker-buildx-plugin docker-compose-plugin -y

Create ‘opt’ directory and fetch ‘testing-webapp’ repository from GitHub:

mkdir -p /opt/testing-webapp/

cd /opt/testing-webapp/

Clone repository:

git clone https://github.com/GovStackWorkingGroup/testing-webapp.git

Set up local .env files for ‘frontend’ and ‘backend’ directories. Copy ‘.env.example’ to ‘.env’ and set the variables.

cp frontend/.env.example frontend/.env

cp backend/.env.example backend/.env

Then follow along comments to fill up the variables properly.

  • On production turn Jira config and e-mail notification to true

  • For EU operators: use e-mail service based in EU

Here you can make use of deploy.sh script. Run from your local environment, not from the server script from ‘testing-webapp/deployment/deploy.sh’.

Before that setup proper username and host to match those from the server for example:

elif [ "${DEPLOY_ENV}" == "prod" ]; then
DEPLOYMENT_USER="ubuntu"
DEPLOYMENT_HOST="testing.govstack.global"
BRANCH="main"
else

Or you can run it manually in the ‘opt/testing-webapp’:

git fetch
git checkout main
git reset --hard origin/main
git pull origin main

docker compose -f docker-compose.yml -f docker-compose.prod.yml up --build -d
docker image prune -f

Check running containers if everything is working:

docker ps

# or

docker logs <container_name>

# example

docker logs testing-webapp-web-1
docker logs testing-webapp-backend-1

Data Upload

Before deleting the production server, make sure to create a backup or copy of the database: compliance forms, bb requirements and reports.

Also copy a static folder “/uploads” that contains logos and files. (note that files should be deleted when user delete them from the form)

Testing

To make sure that everything is working properly, test each of the following separately.

Database

Download and install MongoDB Compass on your local machine: https://www.mongodb.com/docs/compass/current/install/

Open MongoDB Compass and fill up the connection form:

Default credentials are:

Username: root
Password: P@ssw00rd!
SSH username: root

 

Then connect to the server. If everything is filled up properly and the database is up and running it will connect you to the database.

Backend

Send a request with Postman:
GET https://api.testing.govstack.global/compliance/list

It should return empty dataset and status 200.

Frontend

Access the page using browser:

Or check the logs, it should look like this:

Static Pages

Note that static pages must be downloaded from frontend/customs. Those two pages are not stored on the github repository.

Migrating Data with CompasDB

Connect to DB with MongoDB compass and provide secrets. Use import/export function to do it.

Changes / Fixing Typos

In the READ.ME file in the GitHub repository workflow is described. To fix any typo you should:
1. Change in frontend folder translation file

2. Make a pull request from new branch, use the naming from READ.ME

3. Add reviewers and check CI/CD if everything is working properly

Secure Server

After everything is set up properly make sure to secure the server. Change root user and create some other with least privileges. Make sure you use ssh to login and username/password authentication is off. You can follow along my tutorial: https://soldevelo.com/blog/securing-docker-best-practices-for-robust-container-security/

It is recommended to change password/logins/API_KEYs that were available in the GitHub repository.

Common issues:

  1. If you set up the application with just the IP addresses you may won’t be able to access the api directly on port 5000 without editing ngnix settings

  2. Domain name may take up to 24 hours to bind domain name with IP address

  3. Changing domain names from “testing.govstack.global” or “api.testing.govstack.global” requires changes in ‘docker-compose.yml’ and ‘docker-compose.prod.yml’

  4. If it is loading all the time it means that there is an issue with backend or database. If database has no records but it is working properly then there will be no records but it will not display “Loading more data”

  5.