From e0c8211aa960b3c3570c5af5d0fb0b02e4a71f9d Mon Sep 17 00:00:00 2001 From: "Billah, Tashrif" <35086881+tashrifbillah@users.noreply.github.com> Date: Mon, 27 Oct 2025 12:16:10 -0400 Subject: [PATCH 01/11] * make one VM and one worksation sections * renumber with proper numerals --- ON_PREM_DEPLOYMENT.md | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/ON_PREM_DEPLOYMENT.md b/ON_PREM_DEPLOYMENT.md index e5332453..7ada047e 100644 --- a/ON_PREM_DEPLOYMENT.md +++ b/ON_PREM_DEPLOYMENT.md @@ -7,11 +7,15 @@ ## Setup Instructions -### 1. Environment Configuration +### In an MGB provisioned VM -1. Create a `.env` file in application root directory -2. Copy the contents from `.env.sample` -3. Set the following required variables: +### In a private workstation + +#### 1. Environment Configuration + +i. Create a `.env` file in application root directory +ii. Copy the contents from `.env.sample` +iii. Set the following required variables: ``` MONGODB_URI=mongodb://mongodb:27017/dpdmongo?authSource=admin SESSION_SECRET= @@ -36,7 +40,7 @@ Received: from unknown (HELO pnl-xtreme.partners.org) ([170.123.12.123]) The last one is the `SMTP_HOST`. -### 2. Local Domain Setup +#### 2. Local Domain Setup The application is configured to use the hostname `dpdash.local`. Add this to your hosts file: @@ -46,7 +50,7 @@ The application is configured to use the hostname `dpdash.local`. Add this to yo 127.0.0.1 dpdash.local ``` -### 3. Generate Self-Signed Certificate +#### 3. Generate Self-Signed Certificate Run the provided script to generate a self-signed certificate: @@ -62,7 +66,7 @@ $ ls certs/ selfsigned.crt selfsigned.key ``` -### 4. Launch the Application +#### 4. Launch the Application From the application root directory, run: @@ -94,11 +98,11 @@ To stop the application: docker compose down ``` -### 5. Access the Application +#### 5. Access the Application First, you will have to set up Nginx proxy http://dpdash.local:81. Then you can access the application at: https://dpdash.local -1. Access the Nginx Proxy Manager admin interface at: http://dpdash.local:81 +i. Access the Nginx Proxy Manager admin interface at: http://dpdash.local:81 - Default login: `admin@example.com` / `changeme` - Upload the custom SSL certificate that you created: @@ -107,15 +111,16 @@ First, you will have to set up Nginx proxy http://dpdash.local:81. Then you can - From Nginx Proxy Manager dashboard, add this proxy: image -2. Access the application at: https://dpdash.local/ +ii. Access the application at: https://dpdash.local/ - Your browser will show a security warning because of the self-signed certificate. This is expected for local development. - Upon signing up, you may get some `Forbidden` issues. But those should go away once the DPdash admin grants you access to some data. - Import data to mongodb and contact the DPdash admin to get access. -#### Security Warning +##### Security Warning Nginx Proxy Manager should not be exposed to the internet. It is recommended to run it behind another web server that handles authentication and SSL termination. It also isn't required for production, as you can configure SSL termination and authentication at the load balancer level. It is necessary for local development because the application uses secure cookies AND it is considered a best practice to route all traffic over https. + ## Maintenance ### 1. Connecting directly to Mongo From 114dacdf00f3e9a50123f2fc3a1c4a9f7c0e8dd5 Mon Sep 17 00:00:00 2001 From: Tashrif Billah <35086881+tashrifbillah@users.noreply.github.com> Date: Mon, 27 Oct 2025 12:18:29 -0400 Subject: [PATCH 02/11] use I, II, etc. --- ON_PREM_DEPLOYMENT.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ON_PREM_DEPLOYMENT.md b/ON_PREM_DEPLOYMENT.md index 7ada047e..b25a91f4 100644 --- a/ON_PREM_DEPLOYMENT.md +++ b/ON_PREM_DEPLOYMENT.md @@ -13,9 +13,9 @@ #### 1. Environment Configuration -i. Create a `.env` file in application root directory -ii. Copy the contents from `.env.sample` -iii. Set the following required variables: +I. Create a `.env` file in application root directory +II. Copy the contents from `.env.sample` +III. Set the following required variables: ``` MONGODB_URI=mongodb://mongodb:27017/dpdmongo?authSource=admin SESSION_SECRET= @@ -102,7 +102,7 @@ docker compose down First, you will have to set up Nginx proxy http://dpdash.local:81. Then you can access the application at: https://dpdash.local -i. Access the Nginx Proxy Manager admin interface at: http://dpdash.local:81 +I. Access the Nginx Proxy Manager admin interface at: http://dpdash.local:81 - Default login: `admin@example.com` / `changeme` - Upload the custom SSL certificate that you created: @@ -111,7 +111,7 @@ i. Access the Nginx Proxy Manager admin interface at: http://dpdash.local:81 - From Nginx Proxy Manager dashboard, add this proxy: image -ii. Access the application at: https://dpdash.local/ +II. Access the application at: https://dpdash.local/ - Your browser will show a security warning because of the self-signed certificate. This is expected for local development. - Upon signing up, you may get some `Forbidden` issues. But those should go away once the DPdash admin grants you access to some data. - Import data to mongodb and contact the DPdash admin to get access. From 13c35d58b90cc21d9449e5c53f737614be9b7fc5 Mon Sep 17 00:00:00 2001 From: Tashrif Billah <35086881+tashrifbillah@users.noreply.github.com> Date: Mon, 27 Oct 2025 12:19:39 -0400 Subject: [PATCH 03/11] use i, iii, etc. --- ON_PREM_DEPLOYMENT.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/ON_PREM_DEPLOYMENT.md b/ON_PREM_DEPLOYMENT.md index b25a91f4..6f2297f5 100644 --- a/ON_PREM_DEPLOYMENT.md +++ b/ON_PREM_DEPLOYMENT.md @@ -13,9 +13,11 @@ #### 1. Environment Configuration -I. Create a `.env` file in application root directory -II. Copy the contents from `.env.sample` -III. Set the following required variables: +i. Create a `.env` file in application root directory + +ii. Copy the contents from `.env.sample` + +iii. Set the following required variables: ``` MONGODB_URI=mongodb://mongodb:27017/dpdmongo?authSource=admin SESSION_SECRET= @@ -102,7 +104,7 @@ docker compose down First, you will have to set up Nginx proxy http://dpdash.local:81. Then you can access the application at: https://dpdash.local -I. Access the Nginx Proxy Manager admin interface at: http://dpdash.local:81 +i. Access the Nginx Proxy Manager admin interface at: http://dpdash.local:81 - Default login: `admin@example.com` / `changeme` - Upload the custom SSL certificate that you created: @@ -111,7 +113,7 @@ I. Access the Nginx Proxy Manager admin interface at: http://dpdash.local:81 - From Nginx Proxy Manager dashboard, add this proxy: image -II. Access the application at: https://dpdash.local/ +ii. Access the application at: https://dpdash.local/ - Your browser will show a security warning because of the self-signed certificate. This is expected for local development. - Upon signing up, you may get some `Forbidden` issues. But those should go away once the DPdash admin grants you access to some data. - Import data to mongodb and contact the DPdash admin to get access. From 2cc318f4568063e8046993c3b912fe92dc3d0732 Mon Sep 17 00:00:00 2001 From: "Billah, Tashrif" <35086881+tashrifbillah@users.noreply.github.com> Date: Tue, 28 Oct 2025 13:14:20 -0400 Subject: [PATCH 04/11] instructions for deploying DPdash at an MGB VM --- ON_PREM_DEPLOYMENT.md | 82 +++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 79 insertions(+), 3 deletions(-) diff --git a/ON_PREM_DEPLOYMENT.md b/ON_PREM_DEPLOYMENT.md index 6f2297f5..e6515946 100644 --- a/ON_PREM_DEPLOYMENT.md +++ b/ON_PREM_DEPLOYMENT.md @@ -4,12 +4,88 @@ 1. Docker and Docker Compose should be installed on your system. 2. Port `27017/tcp` should be opened through `firewall-cmd` for external mongodb connection. +3. MGB mail relay server should be set in postfix configuration and postfix should be running. ## Setup Instructions -### In an MGB provisioned VM +### In an MGB Provisioned VM -### In a private workstation +#### 1. Environment Configuration + +i. Create a `.env` file in application root directory + +ii. Copy the contents from `.env.sample` + +iii. Set the following required variables: + ``` + MONGODB_URI=mongodb://mongodb:27017/dpdmongo?authSource=admin + SESSION_SECRET= + SMTP_HOST=MGB mail relay server + SMTP_PORT=25 + SMTP_USER= + SMTP_PASS= + SMTP_REJECT_UNAUTHORIZED=false + ADMIN_EMAIL= + EMAIL_SENDER= + HOME_URL=https://hostname.mgb.org + IMPORT_API_USERS= + IMPORT_API_KEYS= + ``` + +#### 2. Obtain official SSL certificate from rcc[dot]partners[dot]org + +Obtain official SSL certificate from rcc[dot]partners[dot]org. You can just +download the certificate and key in your computer. You will need to upload +these to Nginx proxy manager using GUI later. + +#### 3. Launch the Application + +From the application root directory, run: + +```bash +docker compose up +``` + +This will start all required services in background: + +- nginx-proxy-manager (web server that allows configuring SSL certificates and proxy) +- node-app (application server) +- mongodb (database) + +To run in detached mode: + +```bash +docker compose up -d +``` + +To stop the application: + +```bash +docker compose down +``` + +#### 4. Access the Application + +First, you will have to set up Nginx proxy via http://hostname.mgb.org:81. Then you can access the application at https://hostname.mgb.org + +i. Access the Nginx Proxy Manager admin interface at: http://hostname.mgb.org:81 + + - Default login: `admin@example.com` / `changeme` + - Upload the official SSL certificate that you downloaded: + image + + - From Nginx Proxy Manager dashboard, add this proxy: + image + +ii. Access the application at: https://hostname.mgb.org + - Upon signing up, you may get some `Forbidden` issues. But those should go away once the DPdash admin grants you access to some data. + - Import data to mongodb and contact the DPdash admin to get access. + + +--- + + +### In a Private Workstation #### 1. Environment Configuration @@ -102,7 +178,7 @@ docker compose down #### 5. Access the Application -First, you will have to set up Nginx proxy http://dpdash.local:81. Then you can access the application at: https://dpdash.local +First, you will have to set up Nginx proxy via http://dpdash.local:81. Then you can access the application at https://dpdash.local i. Access the Nginx Proxy Manager admin interface at: http://dpdash.local:81 From 35bc1e9d2f645d7d2f4e42e6343cdd41e6b30766 Mon Sep 17 00:00:00 2001 From: Tashrif Billah <35086881+tashrifbillah@users.noreply.github.com> Date: Tue, 28 Oct 2025 13:20:03 -0400 Subject: [PATCH 05/11] update screenshot --- ON_PREM_DEPLOYMENT.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ON_PREM_DEPLOYMENT.md b/ON_PREM_DEPLOYMENT.md index e6515946..a49855f2 100644 --- a/ON_PREM_DEPLOYMENT.md +++ b/ON_PREM_DEPLOYMENT.md @@ -72,7 +72,7 @@ i. Access the Nginx Proxy Manager admin interface at: http://hostname.mgb.org:81 - Default login: `admin@example.com` / `changeme` - Upload the official SSL certificate that you downloaded: - image + Image - From Nginx Proxy Manager dashboard, add this proxy: image From 9e84bcb5a62b3d6fbf6e9696b2c8b1059f8c514a Mon Sep 17 00:00:00 2001 From: Tashrif Billah <35086881+tashrifbillah@users.noreply.github.com> Date: Tue, 28 Oct 2025 13:27:17 -0400 Subject: [PATCH 06/11] attach SSL certificate to your host --- ON_PREM_DEPLOYMENT.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ON_PREM_DEPLOYMENT.md b/ON_PREM_DEPLOYMENT.md index a49855f2..099ef7fd 100644 --- a/ON_PREM_DEPLOYMENT.md +++ b/ON_PREM_DEPLOYMENT.md @@ -75,7 +75,9 @@ i. Access the Nginx Proxy Manager admin interface at: http://hostname.mgb.org:81 Image - From Nginx Proxy Manager dashboard, add this proxy: - image + Image + + - From SSL tab, also attach the uploaded certificate to your host. ii. Access the application at: https://hostname.mgb.org - Upon signing up, you may get some `Forbidden` issues. But those should go away once the DPdash admin grants you access to some data. @@ -189,6 +191,8 @@ i. Access the Nginx Proxy Manager admin interface at: http://dpdash.local:81 - From Nginx Proxy Manager dashboard, add this proxy: image + - From SSL tab, also attach the uploaded certificate to your host. + ii. Access the application at: https://dpdash.local/ - Your browser will show a security warning because of the self-signed certificate. This is expected for local development. - Upon signing up, you may get some `Forbidden` issues. But those should go away once the DPdash admin grants you access to some data. From a413b2083e9b1ae3e79644e76915d7b88800a174 Mon Sep 17 00:00:00 2001 From: "Billah, Tashrif" <35086881+tashrifbillah@users.noreply.github.com> Date: Tue, 28 Oct 2025 13:56:45 -0400 Subject: [PATCH 07/11] instructions for opening up 81/tcp port --- ON_PREM_DEPLOYMENT.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ON_PREM_DEPLOYMENT.md b/ON_PREM_DEPLOYMENT.md index 099ef7fd..37d79ff9 100644 --- a/ON_PREM_DEPLOYMENT.md +++ b/ON_PREM_DEPLOYMENT.md @@ -68,7 +68,10 @@ docker compose down First, you will have to set up Nginx proxy via http://hostname.mgb.org:81. Then you can access the application at https://hostname.mgb.org -i. Access the Nginx Proxy Manager admin interface at: http://hostname.mgb.org:81 +i. Open up `81/tcp` port through `firewall-cmd` in hostname.mgb.org. Since the VM is head-less, this is the only way you can access +Nginx Proxy Manager from outside the VM. + +ii. Access the Nginx Proxy Manager admin interface at: http://hostname.mgb.org:81 - Default login: `admin@example.com` / `changeme` - Upload the official SSL certificate that you downloaded: @@ -79,7 +82,7 @@ i. Access the Nginx Proxy Manager admin interface at: http://hostname.mgb.org:81 - From SSL tab, also attach the uploaded certificate to your host. -ii. Access the application at: https://hostname.mgb.org +iii. Access the application at: https://hostname.mgb.org - Upon signing up, you may get some `Forbidden` issues. But those should go away once the DPdash admin grants you access to some data. - Import data to mongodb and contact the DPdash admin to get access. From ee121331af149e25f559224dc5f6998f653fc4b0 Mon Sep 17 00:00:00 2001 From: Tashrif Billah <35086881+tashrifbillah@users.noreply.github.com> Date: Tue, 28 Oct 2025 13:59:44 -0400 Subject: [PATCH 08/11] minor --- ON_PREM_DEPLOYMENT.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ON_PREM_DEPLOYMENT.md b/ON_PREM_DEPLOYMENT.md index 37d79ff9..9388088a 100644 --- a/ON_PREM_DEPLOYMENT.md +++ b/ON_PREM_DEPLOYMENT.md @@ -74,10 +74,12 @@ Nginx Proxy Manager from outside the VM. ii. Access the Nginx Proxy Manager admin interface at: http://hostname.mgb.org:81 - Default login: `admin@example.com` / `changeme` + - Upload the official SSL certificate that you downloaded: Image - From Nginx Proxy Manager dashboard, add this proxy: + Image - From SSL tab, also attach the uploaded certificate to your host. From 9c5a43aad0de139ac42534122f1bb036c5a236e9 Mon Sep 17 00:00:00 2001 From: Tashrif Billah <35086881+tashrifbillah@users.noreply.github.com> Date: Tue, 28 Oct 2025 14:01:17 -0400 Subject: [PATCH 09/11] typo --- ON_PREM_DEPLOYMENT.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ON_PREM_DEPLOYMENT.md b/ON_PREM_DEPLOYMENT.md index 9388088a..d0685133 100644 --- a/ON_PREM_DEPLOYMENT.md +++ b/ON_PREM_DEPLOYMENT.md @@ -79,10 +79,9 @@ ii. Access the Nginx Proxy Manager admin interface at: http://hostname.mgb.org:8 Image - From Nginx Proxy Manager dashboard, add this proxy: - Image - - From SSL tab, also attach the uploaded certificate to your host. + - From SSL tab, also attach the uploaded certificate to your domain. iii. Access the application at: https://hostname.mgb.org - Upon signing up, you may get some `Forbidden` issues. But those should go away once the DPdash admin grants you access to some data. From 589c963331395ee2fea9698916b2659fb6c079cc Mon Sep 17 00:00:00 2001 From: Tashrif Billah <35086881+tashrifbillah@users.noreply.github.com> Date: Tue, 28 Oct 2025 14:01:56 -0400 Subject: [PATCH 10/11] typo --- ON_PREM_DEPLOYMENT.md | 1 + 1 file changed, 1 insertion(+) diff --git a/ON_PREM_DEPLOYMENT.md b/ON_PREM_DEPLOYMENT.md index d0685133..12bc09f8 100644 --- a/ON_PREM_DEPLOYMENT.md +++ b/ON_PREM_DEPLOYMENT.md @@ -79,6 +79,7 @@ ii. Access the Nginx Proxy Manager admin interface at: http://hostname.mgb.org:8 Image - From Nginx Proxy Manager dashboard, add this proxy: + Image - From SSL tab, also attach the uploaded certificate to your domain. From 51136599131c274c0ad99173df7c29cfe2c409c0 Mon Sep 17 00:00:00 2001 From: "Billah, Tashrif" <35086881+tashrifbillah@users.noreply.github.com> Date: Tue, 28 Oct 2025 14:53:03 -0400 Subject: [PATCH 11/11] add dpdash.service file --- dpdash.service | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 dpdash.service diff --git a/dpdash.service b/dpdash.service new file mode 100644 index 00000000..79aa65ea --- /dev/null +++ b/dpdash.service @@ -0,0 +1,19 @@ +[Unit] +Description=Gnar company developed DPdash (unstable) at https://predict-dp.mgb.org/ +After=network-online.target docker.service +Wants=network-online.target docker.service + +[Service] +User=root +Type=oneshot +RemainAfterExit=yes +WorkingDirectory=/opt/dpdash +ExecStart=docker compose up -d +ExecStop=docker compose down +KillMode=process +TimeoutSec=60 + +[Install] +WantedBy=multi-user.target + +