Standalone - Virtual Machine Backend server installation

Support DQE
Support DQE
  • Updated

1. Architecture

Once your dedicated DQE One Standalone server instance is up and running, you can launch and expose the backend application from your virtual machine.

This document describes an example configuration to set up the Standalone backend server instance on an Ubuntu virtual machine. This document does not cover the full security layer of your own environment.

The backend application is deployed with Docker Compose and is usually exposed through NGINX over HTTPS.

Internet
   |
HTTPS:443
   |
NGINX
   |
http://127.0.0.1:8000
   |
DQE One Standalone backend

Security measures

  • Protocols and ports: expose the application publicly through HTTPS on port 443. The Docker application itself listens on port 8000 and should preferably remain behind NGINX.
  • IP filtering: depending on your architecture, restrict inbound access to trusted IP addresses only.
  • SSL certificate: if the VM is directly exposed to the internet, it must have a DNS entry and an associated SSL certificate.

Recommendation

  • Server configuration:
    • Type: Unix, for example Ubuntu
    • RAM: 3 to 5 GB
    • Disk space: 10 GB minimum
    • CPU: 1 vCPU minimum

2. Installation

2.1. Prerequisites

Docker installation

$ sudo apt update
$ sudo apt install apt-transport-https ca-certificates curl software-properties-common
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"
$ sudo apt update
$ sudo apt install docker-ce
$ docker --version

Note: on recent Ubuntu versions, the apt-key command may display a deprecation warning. This warning is expected and does not prevent Docker from being installed if the command returns OK.

Docker Compose

Recent Docker versions include Docker Compose V2 by default. This guide uses the Compose plugin command:

$ docker compose

Verify that Docker Compose is available:

$ docker compose version

If a version number is returned, no additional Docker Compose installation is required.

NGINX installation

$ sudo apt update
$ sudo apt install nginx

Configuration example:

server {
    listen 443 ssl;
    server_name myserver.example.com;

    ssl_certificate /etc/nginx/ssl/[MY_CERTIFICATE].pem;
    ssl_certificate_key /etc/nginx/ssl/[MY_PRIVATE_KEY].key;

    ssl_protocols TLSv1.2 TLSv1.3;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header Cookie $http_cookie;
        proxy_set_header Referer $http_referer;

        proxy_pass http://127.0.0.1:8000;
    }

    access_log /var/log/nginx/dqeone-standalone.log;
    error_log /var/log/nginx/dqeone-standalone-error.log error;
}

After updating the NGINX configuration, restart NGINX:

$ sudo systemctl restart nginx

2.2. Docker Compose file

Create a docker-compose.yml file with the following content:

services:

  redis:
    container_name: redis
    image: dqeone.azurecr.io/dqe-one-redis:v1.0
    hostname: redis
    logging:
      driver: none
    ports:
      - "6379:6379"
    volumes:
      - redis_data:/data

  rabbitmq:
    image: dqeone.azurecr.io/dqe-one-rabbitmq:v1.0
    container_name: rabbitmq
    hostname: rabbitmq
    logging:
      driver: none
    depends_on:
      - redis
    environment:
      RABBITMQ_DEFAULT_PASS: guest
      RABBITMQ_DEFAULT_USER: guest
      RABBITMQ_DEFAULT_VHOST: admin
    volumes:
      - rabbitmq_data:/var/lib/rabbitmq/
      - rabbitmq_log:/var/log/rabbitmq/
    ports:
      - "15672:15672"

  dqeone:
    container_name: dqeone
    image: dqeone.azurecr.io/standalone:v1.4.0
    hostname: dqeone
    expose:
      - "8000"
    ports:
      - "8000:8000"
    depends_on:
      - redis
      - rabbitmq
    environment:
      - SFAPIVERSION=v60.0
      - CREATE_SUPERUSER=true
      - RUN_COLLECTSTATIC=false
      - DQE_ONE_SERVER_ADMIN_USER=<admin_user>
      - DQE_ONE_SERVER_ADMIN_PASSWORD=<admin_password>
      - DQE_CLIENT_LICENCE=<client_licence>
      - WEBSITE_HOSTNAME=https://<your-domain>
      - SECRET_ENCRYPTION_KEY=<secret_encryption_key>
      - WAIT_HOSTS=redis:6379
      - WAIT_HOSTS_TIMEOUT=300
      - WAIT_SLEEP_INTERVAL=5
      - WAIT_HOST_CONNECT_TIMEOUT=30
      - REDIS_URL=redis://redis:6379
      - CLOUDAMQP_URL=amqp://guest:guest@rabbitmq:5672/admin
      - PORT=8000
      - DEBUG=false
    command:
      - "bash"
      - "./entrypoint.sh"

  postgres:
    container_name: postgres
    image: dqeone.azurecr.io/dqe-one-postgres:v1.0
    logging:
      driver: none
    environment:
      POSTGRES_USER: dqeone
      POSTGRES_PASSWORD: dqeone
      POSTGRES_DB: dqeone
    expose:
      - "5432"
    ports:
      - "5432:5432"
    volumes:
      - postgres_data:/var/lib/postgresql/data

volumes:
  rabbitmq_data:
  rabbitmq_log:
  redis_data:
  postgres_data:

Important: use the image versions provided by DQE. Do not replace them with the latest tag, as some images may not be published with this tag.

2.3. Validate the Docker Compose file

$ docker compose config

If Docker Compose returns an error such as:

yaml: found character that cannot start any token

check the indentation of the file. YAML only supports spaces. Tabs or invisible characters may generate this error. The issue may also be located on the line before the one indicated in the error message.

3. Launcher

3.1. Connecting to the DQE Azure Container Registry

$ docker login dqeone.azurecr.io
Username: <Login provided by DQE>
Password: <Password provided by DQE>

3.2. Download the images

$ docker compose pull

If Docker returns an unauthorized error while pulling an image, verify that all images use the Azure Container Registry provided by DQE. Customer installations should not reference development registries such as dqeonedev.azurecr.io.

3.3. Start the services

$ docker compose up -d

Verify that every container is running:

$ docker compose ps

Expected services:

  • dqeone
  • redis
  • rabbitmq
  • postgres

3.4. Verify the installation

$ curl -I http://localhost:8000

A response similar to the following confirms that the application is running:

HTTP/1.1 301 Moved Permanently

Once NGINX is configured, the application should be accessible through the public HTTPS endpoint:

https://<your-domain>

4. Troubleshooting

YAML parsing error

yaml: found character that cannot start any token

Possible causes:

  • Tab character
  • Invalid indentation
  • Invisible character

Solution:

  • Replace tabs with spaces.
  • Validate the file using docker compose config.
  • Check the line before the one indicated by the error message.

Unauthorized while pulling images

unauthorized: authentication required

Verify that:

  • you successfully authenticated using docker login dqeone.azurecr.io;
  • all images reference the DQE production registry dqeone.azurecr.io;
  • the image versions match those provided by DQE.

Cannot access the application remotely

Verify that:

  • the Docker containers are running;
  • NGINX is running;
  • port 443 is allowed by the server firewall;
  • the SSL certificate is correctly configured;
  • the DNS entry points to the VM or gateway exposing the service.

Related to

Was this article helpful?

0 out of 0 found this helpful