This document describes the process used to deploy the FileFlex Enterprise solution on Azure using Docker. To achieve this, a Ubuntu Virtual Machine must be spooled up, with the Docker Engine running on it. Once that has been completed, the FileFlex Enterprise docker image can be deployed.

It's assumed that you already have a working Azure account, with a configured subscription and billing, and all rights necessary to access the features described used in this guide.

Deploying a Ubuntu VM

Creating a Resource Group

We will create a resource group to house our VM components. If you already have one, you can skip this section. Use the services filter to quickly isolate that control panel by entering "resource" into the services filter under 'All services':

Select "resource groups" to enter that panel.

Click on "Add" to create a new resource group. You will see a section similar to:

Select an existing subscription. Here we've selected "pay as you go".

Enter a new name for the resource group. Here we're entering "docker.fileflexdemo.com"

Select the most appropriate region for your storage. Here we're selecting "East US".

Click "Review + create" at the bottom. Assuming that validation passes you'll have to click on Create immediately afterwards to complete this phase.

Creating a Storage Account

Before deploying a Virtual Machine we must configure some storage. Use the services filter to quickly isolate that control panel by entering "storage" into the services filter under 'All services':

Click on storage accounts to enter that panel.

Click "Add" to create a new storage account, and you will be presented with a panel containing controls including the following:

Under the "Basics" tab, ensure that a subscription plan has been selected. Here we have chosen "pay as you go".

Select the resource group you configured previously. Here we're selecting "docker.fileflexdemo.com".

Provide an account name. Here we're calling it "fileflexdockerdemo".

Select a region - here we are selecting "East US" again. Ensure the same region is selected in all panels used by this guide.

You can choose to override the performance settings, but here we're going with the defaults.

Click "Review + create", followed by "Create" when final validation complete.

Creating a Virtual Machine

The next step is to create the virtual machine itself, and we do that through the "resource groups" panel. Use the search bar to quickly isolate that control panel by entering "resource" into the search control at the top:

Click on resource groups to enter that panel.

Click on the resource group we created previously. In our case, it's "docker.fileflexdemo.com:

Click the Add button to add resources, and you'll see a marketplace listing similar to:

Enter "Ubuntu Server" into the search field to narrow the results, and hit enter.

From the provided list click on "Ubuntu Server 18.04 LTS" from "Canonical".

Click on the "Create" button, and you'll be presented with a virtual machine creation panel similar to:

Basic Machine Configuration

Ensure that your subscription (here, it's "pay as you go", and your resource group (here, it's "docker.fileflexdemo.com) are selected.

Enter a virtual machine name. Here we're using "docker.fileflexdemo.com".

Ensure the same region is elected as in the other panels (here, we select "East US").

Under "size", click "change size" to select a capacity which best represents your needs. The default 2-core configuration (D2s_v3) is a good choice for many scenarios. If you're satisfied with the default you can skip this step. After making a VM size choice, click "select" to confirm it. You will see your chosen size in the "Create a virtual machine" panel:

Under authentication type, we will use "password". Select that radio button.

Under "username", enter "dadmin".

Under "password", enter a password of your choice. Here we will enter "Q!w2e3r4t5y6". Confirm the password in the "confirm password" box as well.

Disk Configuration

The next step is to configure the disks available to the machine. Click the "disks" tab at the top:

Under "OS disk type" select the performance that you need. It's recommended that an SSD is selected.

Ensure that under "Data disks", no "empty" disks are listed. It should look like:

Under "Advanced", ensure that "use managed disks" is selected.

Networking Configuration

The next step is to configure the networking. Click the "networking" tab at the top.

The default settings for "Virtual network", "subnet" and "Public IP" are fine for this deployment.

Under "NIC network security group" choose "Advanced".

Click "create new" under "Configure network security group":

This will open a new panel on the right allowing you to add inbound rules. Click the "Add an inbound rule" link:

Under "destination port ranges", enter the following list:

9443, 443, 80, 4007, 4010, 4011, 3310

Under "protocol" click "TCP".

Give the name a value such as "fileflex_ports"

Click the add button to add the rules, then click OK to commit the rule changes.

You will then be brought back to the prior Networking tab of "Create a virtual machine".

Under "load balancing" ensure "No" is selected.

We don't need to configure anything under the "Management", "Advanced", or "Tags" tabs.

Click "Review + create" at the bottom.

Once validation is passed, you will be able to click on "Create" at the bottom. Do so now.

Connecting to your Virtual Machine

As your machine is being created you will see something similar to:

Wait for the deployment to complete. Once finished, you will see the screen change to the following:

When the deployment has completed, the machine will be booted up, so you can test a connection by SSH. Before we can do that we need to get our machine's public IP address.

Search for "virtual machines" at the top:

Click on "Virtual machines", then select your machine from the list. In this case:

After clicking the listed machine instance, you should be taken to your VM's control panel which looks something like this:

Take note of the public IP address listed on the right hand side. In this case, "46.76.221.24".

Open Putty, or an SSH client of your choice, and connect to the listed IP, over port 22:

Click "Open" in putty to initiate an SSH session to the new VM. You will be presented with a login promt.

Login using "dadmin" and the password you previously entered. In our case, it was "Q!w2e3r4t5y6".

You should be presented with an open terminal:

Congratulations, your VM is deployed! Now it's time to install Docker.

Installing Docker

Is Docker Already Configured?

If docker is already installed on your machine, you can skip this section

The following steps assume that you have SSH'ed into your virtual machine using putty, bash, etc.

Ensure the system is updated:

sudo apt-get update

Install some packages needed to allow the use of APT over HTTPS:

sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common

Add Docker's official GPG key:

curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -

Add the official docker APT repository (following the appropriate command for Debian, or for Ubuntu depending on your operating system):

DEBIAN - Adding the Docker Repository under Debian

sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"

or

UBUNTU - Adding the Docker Repository under Ubuntu

sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu  $(lsb_release -cs) stable"

Update the package index again:

sudo apt-get update

Install the latest version of Docker Engine (community edition and containerd):

sudo apt-get install docker-ce docker-ce-cli containerd.io

Preparing a Deployment Configuration

Now we must prepare our deployment specific configuration files. Start by downloading the FileFlex server image:

Download the FileFlex docker image into the current user's home folder root:

cd ~
wget --http-user developer --http-password 2trEndY! https://res.fileflex.com/nec/docker/fileflex-v2.5.tar

The method used for obtaining the image can be replaced by any method of your choosing, as long as a copy of the same image is used. This example proceeds with an HTTPS download as the chosen method.

Once our docker image is downloaded, we will create a special folder inside our home that will contain all deployment configuration files which will be made available to the running Docker instance.

Create a folder ~/config in the user's home folder that will contain all deployment configuration files

mkdir ~/config

The Mounting of Deployment Config

The ~/config folder will be mounted by Docker, and will become available to the running instance under /opt/ffs/config. When setting path values in the configuration file (INI file), the code running within the container expects a path of /opt/ffs/config, despite it being available in the host machine as ~/config

It's important to note that in this example we are placing the host's config folder under the user home folder (/home/dadmin/config), but this could be any other folder in the host system. Ensure that the INI file is adjusted to reflect this alternate location if you chose to use it.

As mentioned in the note, ~/config will be available to the container code as /opt/ffs/config.

We must now upload the certificate files, and the deployment info file (INI file) into this ~/config folder.

Example Only

This document does NOT specifically describe how to get these 3 files into the host machine. They can be copied through the local network, download by HTTP, or copied into the host machine by SCP.

If the Docker host machine has been deployed in the cloud (for example in Azure), SCP is likely your best bet for getting the configuration files uploaded.

An example is provided here whereby the files are copied from a remote machine into the host using SCP, but the specific method used must be adapted by the individuals following these steps.

Preparing the Certificate

Copy your domain's certificate files into our ~/config folder. This is an example only!

cd ~/config
scp some_user@some_domain.com:~/some_folder_with_certificates/STAR_fileflexdemo* .

In our example, we have the following 3 certificate-related files in our ~/config folder:

-rw-r----- 1 dadmin dadmin 4123 Mar 26 22:01 STAR_fileflexdemo_com.ca-bundle
-rw-r----- 1 dadmin dadmin 2313 Mar 26 22:01 STAR_fileflexdemo_com.crt
-rw-r----- 1 dadmin dadmin 1704 Mar 26 22:01 STAR_fileflexdemo_com.key

The deployment configuration file (INI file) expects a single certificate, so we must combine with bundle/intermediate with the primary certificate. An example for GoDaddy certificates is:

Combining GoDaddy Certificates

 cat 524daaa823ca8e28.crt gd_bundle-g2-g1.crt >> cert_chain.crt

In our case we have Sectigo certificates, so we issue the following command:

Combining Sectigo Certificates

cat STAR_fileflexdemo_com.crt STAR_fileflexdemo_com.ca-bundle >> cert_chain.crt

This will result in a new file being created in our folder:

-rw-r--r-- 1 dadmin dadmin 6436 Mar 26 22:05 cert_chain.crt
-rw-r----- 1 dadmin dadmin 4123 Mar 26 22:01 STAR_fileflexdemo_com.ca-bundle
-rw-r----- 1 dadmin dadmin 2313 Mar 26 22:01 STAR_fileflexdemo_com.crt
-rw-r----- 1 dadmin dadmin 1704 Mar 26 22:01 STAR_fileflexdemo_com.key

Preparing a Deployment Configuration File

We must now prepare a deployment configuration file (setup.ini). This will typically be done on another machine and then copied into this host machine. In our example, the file is being prepared on the same machine that had the certificates from the prior step.

In a working folder somewhere, create a file called "setup.ini" that will contain our deployment configuration information. Note that the paths contained in this file are interpreted as bring within the running container instance's path, not the host machine's path!

[default]
skip-page = [all]
admin-password = Q!w2e3r4
repo-select = None
firewall-enable = False
cert-pem = /opt/ffs/config/cert_chain.pem
cert-key = /opt/ffs/config/STAR_fileflexdemo_com.key
cert-password = randompassword
msp-id = 5e7bae3xxxxxxxxxxxxx67
msp-key = IBM34SOLELPXXXXXXXXXXXXXYWECF
hostname = docker.fileflexdemo.com
docker = True

Ensure that you customize the following fields in the setup.ini file:

The admin password should be set to a value you are comfortable with (for the user admin application)
- Your password must contain at least 8 characters, 1 capital, and one number
The cert-pem filename (not path) should reflect your combined PEM file name. In our example it was cert_chain.crt.
The cert-key filename should reflect your real key file name. In our example it was STAR_fileflexdemo_com.key
The cert-password should be some random characters to protect your keystore. You are unlikely to need it again.
Your hostname should be the hostname which you are deploying. docker.fileflexdemo.com in this example.
Your msp-id should be the same as your "Deployment ID" and will have been provided to you in the Enterprise Portal. ( Also shown below in screenshot)
your msp-key should be the same as your "Deployment Key" and will have been provided to you in the Enterprise Portal. ( Also shown below in screenshot)

The other fields should remain as they are in an automated Docker configuration.

Let's copy the setup.ini file from the remote working machine into our host:

cd ~/config
scp some_user@some_domain.com:~/some_folder_with_config/setup.ini .

Deploying our Docker Image

Now that we have a folder on the host machine containing the certificate files, and deployment configuration file (setup.ini), we're ready to load our image into docker and start things up.

Import the FileFlex docker image:

cd ~
sudo docker load -i fileflex-v2.4.tar

This will take a moment. Once complete, check that the image is properly imported by running:

sudo docker images

... and you should see output similar to:

REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
fileflex            v2.4                ee4498eb1078        18 hours ago        2.02GB

Run the imported FileFlex container:

Hostname Warning

Be sure to modify the hostname parameter in the following command to match your deployment hostname!

Also, check that your bind source folder points to your actual host configuration folder

sudo docker run -it -p 9443:9443 -p 443:443 -p 80:80 -p 4007:4007 -p 4010:4010 -p 4011:4011 -p 3310:3310 -d --name=fileflex --mount type=bind,source=/home/dadmin/config,target=/opt/ffs/config --hostname docker.fileflexdemo.com fileflex:v2.4

Validate that the container is running:

sudo docker ps

... you should see output similar to:

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                                                                                                                                 NAMES
4e0ad8deb93c        fileflex:v2.4       "/usr/bin/supervisord"   22 seconds ago      Up 16 seconds       0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4007->4007/tcp, 0.0.0.0:4010-4011->4010-4011/tcp, 0.0.0.0:9443->9443/tcp, 0.0.0.0:32768->3310/tcp   fileflex

It can take a few minutes for the instance to finish booting, even after the docker command returns.

Congratulations, FileFlex is now running. You should be able to access server admin by opening a browser to:

https://docker.fileflexdemo.com:9443

Next Steps

Logging in to Server Admin

Some configuration is necessary to obtain a properly running FileFlex server instance. The first step is to log in to Server Admin over port 9443. Open a browser at your domain URL (docker.fileflexdemo.com is an example only)

https://docker.fileflexdemo.com:9443

When prompted for login credentials, use the following:

Username: sadmin
Password: Q!w2e3r4

Once logged in you will see a screen similar to the following:

Configuring a User Administration Account

You will need a user administration account in order to configure user accounts. Under Control Panel, click on "User Administration":

A prior account will be shown, but the password isn't known to you, so create a new one. Click the lock symbol to edit the values:

Click Apply when you're satisfied.

Accessing User Administration

User Administration is accessed from the primary FileFlex login, which should now be accessible at the URL you provided earlier (docker.fileflexdemo.com in this example). Open your browser to that URL over HTTPS:

https://docker.fileflexdemo.com

... you will be presented with the FileFlex login page:

Enter the user admin credentials you previously created, and click login. You should then be presented with the "User Administration" user interface:

Primary configuration of FileFlex Enterprise is now complete.

Page tree

Deploying FileFlex Server with Docker on Azure