Assumptions
- Internet access is available on the device.
- Ports 80, 443, 4007, 4010, 4011, 9443 are all available.
- SSH is available on the machine over port 22.
- A domain name exists (docker.fileflexdemo.com in this example), and points to the IP of the host machine.
- An combined SSL certificate (including the primary cert and all dependant chain portions), and it's key file are available for the same domain.
- We are deploying against a new instance of Debian 9 (stretch), with a user 'dadmin' having been created during the installation process.
- These instructions discuss the machine as being "virtual" but these steps work equally well for a physical device.
Instructions
Deploying a Virtual or Physical Machine
This is not covered in this document.
It's assumed that a Debian 9 instance is available, with:
- OpenSSH is installed
- A user "dadmin" with sudo permissions is present.
- SUDO has been installed, and the user dadmin has full sudo permissions.
- net-tools has been installed
You can ensure the packages above are present by running the following as root:
apt-get install net-tools sudo ssh
Is Docker Already Configured? If docker is already installed on your machine, you can skip this section The following steps assume that you have SSH'ed into your virtual machine using putty, bash, etc. Ensure the system is updated: Install some packages needed to allow the use of APT over HTTPS: Add Docker's official GPG key: Add the official docker APT repository (following the appropriate command for Debian, or for Ubuntu depending on your operating system): or Update the package index again: Install the latest version of Docker Engine (community edition and containerd): Now we must prepare our deployment specific configuration files. Start by downloading the FileFlex server image: Download the FileFlex docker image into the current user's home folder root: The method used for obtaining the image can be replaced by any method of your choosing, as long as a copy of the same image is used. This example proceeds with an HTTPS download as the chosen method. Once our docker image is downloaded, we will create a special folder inside our home that will contain all deployment configuration files which will be made available to the running Docker instance. Create a folder ~/config in the user's home folder that will contain all deployment configuration files The Mounting of Deployment Config The ~/config folder will be mounted by Docker, and will become available to the running instance under /opt/ffs/config. When setting path values in the configuration file (INI file), the code running within the container expects a path of /opt/ffs/config, despite it being available in the host machine as ~/config It's important to note that in this example we are placing the host's config folder under the user home folder (/home/dadmin/config), but this could be any other folder in the host system. Ensure that the INI file is adjusted to reflect this alternate location if you chose to use it. As mentioned in the note, ~/config will be available to the container code as /opt/ffs/config. We must now upload the certificate files, and the deployment info file (INI file) into this ~/config folder. Example Only This document does NOT specifically describe how to get these 3 files into the host machine. They can be copied through the local network, download by HTTP, or copied into the host machine by SCP. If the Docker host machine has been deployed in the cloud (for example in Azure), SCP is likely your best bet for getting the configuration files uploaded. An example is provided here whereby the files are copied from a remote machine into the host using SCP, but the specific method used must be adapted by the individuals following these steps. Copy your domain's certificate files into our ~/config folder. This is an example only! In our example, we have the following 3 certificate-related files in our ~/config folder: The deployment configuration file (INI file) expects a single certificate, so we must combine with bundle/intermediate with the primary certificate. An example for GoDaddy certificates is: In our case we have Sectigo certificates, so we issue the following command: This will result in a new file being created in our folder: We must now prepare a deployment configuration file (setup.ini). This will typically be done on another machine and then copied into this host machine. In our example, the file is being prepared on the same machine that had the certificates from the prior step. In a working folder somewhere, create a file called "setup.ini" that will contain our deployment configuration information. Note that the paths contained in this file are interpreted as bring within the running container instance's path, not the host machine's path! Ensure that you customize the following fields in the setup.ini file: The other fields should remain as they are in an automated Docker configuration. Let's copy the setup.ini file from the remote working machine into our host: Now that we have a folder on the host machine containing the certificate files, and deployment configuration file (setup.ini), we're ready to load our image into docker and start things up. Import the FileFlex docker image: This will take a moment. Once complete, check that the image is properly imported by running: ... and you should see output similar to: Run the imported FileFlex container: Hostname Warning Be sure to modify the hostname parameter in the following command to match your deployment hostname! Also, check that your bind source folder points to your actual host configuration folder Validate that the container is running: ... you should see output similar to: It can take a few minutes for the instance to finish booting, even after the docker command returns. Congratulations, FileFlex is now running. You should be able to access server admin by opening a browser to: Some configuration is necessary to obtain a properly running FileFlex server instance. The first step is to log in to Server Admin over port 9443. Open a browser at your domain URL (docker.fileflexdemo.com is an example only) When prompted for login credentials, use the following: Once logged in you will see a screen similar to the following: You will need a user administration account in order to configure user accounts. Under Control Panel, click on "User Administration": A prior account will be shown, but the password isn't known to you, so create a new one. Click the lock symbol to edit the values: Click Apply when you're satisfied. User Administration is accessed from the primary FileFlex login, which should now be accessible at the URL you provided earlier (docker.fileflexdemo.com in this example). Open your browser to that URL over HTTPS: ... you will be presented with the FileFlex login page: Enter the user admin credentials you previously created, and click login. You should then be presented with the "User Administration" user interface: Primary configuration of FileFlex Enterprise is now complete. Installing Docker
sudo apt-get update
sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io
Preparing a Deployment Configuration
cd ~
wget --http-user developer --http-password 2trEndY! https://res.fileflex.com/nec/docker/fileflex-v2.5.tar
mkdir ~/config
Preparing the Certificate
cd ~/config
scp some_user@some_domain.com:~/some_folder_with_certificates/STAR_fileflexdemo* .
-rw-r----- 1 dadmin dadmin 4123 Mar 26 22:01 STAR_fileflexdemo_com.ca-bundle
-rw-r----- 1 dadmin dadmin 2313 Mar 26 22:01 STAR_fileflexdemo_com.crt
-rw-r----- 1 dadmin dadmin 1704 Mar 26 22:01 STAR_fileflexdemo_com.key
cat 524daaa823ca8e28.crt gd_bundle-g2-g1.crt >> cert_chain.crt
cat STAR_fileflexdemo_com.crt STAR_fileflexdemo_com.ca-bundle >> cert_chain.crt
-rw-r--r-- 1 dadmin dadmin 6436 Mar 26 22:05 cert_chain.crt
-rw-r----- 1 dadmin dadmin 4123 Mar 26 22:01 STAR_fileflexdemo_com.ca-bundle
-rw-r----- 1 dadmin dadmin 2313 Mar 26 22:01 STAR_fileflexdemo_com.crt
-rw-r----- 1 dadmin dadmin 1704 Mar 26 22:01 STAR_fileflexdemo_com.key
Preparing a Deployment Configuration File
[default]
skip-page = [all]
admin-password = Q!w2e3r4
repo-select = None
firewall-enable = False
cert-pem = /opt/ffs/config/cert_chain.pem
cert-key = /opt/ffs/config/STAR_fileflexdemo_com.key
cert-password = randompassword
msp-id = 5e7bae3xxxxxxxxxxxxx67
msp-key = IBM34SOLELPXXXXXXXXXXXXXYWECF
hostname = docker.fileflexdemo.com
docker = True
cd ~/config
scp some_user@some_domain.com:~/some_folder_with_config/setup.ini .
Deploying our Docker Image
cd ~
sudo docker load -i fileflex-v2.4.tar
sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
fileflex v2.4 ee4498eb1078 18 hours ago 2.02GB
sudo docker run -it -p 9443:9443 -p 443:443 -p 80:80 -p 4007:4007 -p 4010:4010 -p 4011:4011 -p 3310:3310 -d --name=fileflex --mount type=bind,source=/home/dadmin/config,target=/opt/ffs/config --hostname docker.fileflexdemo.com fileflex:v2.4
sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4e0ad8deb93c fileflex:v2.4 "/usr/bin/supervisord" 22 seconds ago Up 16 seconds 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4007->4007/tcp, 0.0.0.0:4010-4011->4010-4011/tcp, 0.0.0.0:9443->9443/tcp, 0.0.0.0:32768->3310/tcp fileflex
https://docker.fileflexdemo.com:9443
Next Steps
Logging in to Server Admin
https://docker.fileflexdemo.com:9443
Configuring a User Administration Account
Accessing User Administration
https://docker.fileflexdemo.com