System Administration via CLI

On self-hosted Rapid and Custom Portal installs you can SSH to the portal and manage content, and configuration.

ssh -i ~/.ssh/<keyname> <username>@<portal_host_name>

Upon SSHing into the machine you should be in the home directory of the default user. If not cd ~. If you list all files in the directory with ls -las there will be four files/directories important to the architecture of your portal.

-rw-rw-r--  1 ubuntu ubuntu      781 Mar 24 14:00 .env
drwxr-xr-x  4 root   root       4096 Mar 16 19:38 app
-rw-rw-r--  1 ubuntu ubuntu     1108 Mar 18 19:33 docker-compose.yaml
drwx------ 19    999 root       4096 Apr 25 00:34 pgdata

Docker

Your portal is running in three docker containers. To confirm it's running and see the containers run docker-compose ps.

To stop all the docker containers: docker-compose down

To start all docker containers: docker-compose up -d .. This will start the containers in the background.

To view logs for the running containers: docker-compose logs -f --tail=100 or for a single container: docker-compose logs -f --tail=100 auth

All of the configuration for the docker containers is in the file docker-compose.yaml. Below is an edited version for reference:

version: "3"
services:
  zwaf:
    ...
    networks:
      - zuar
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./app/nginx:/app/nginx
      - ./app/static:/app/static
      - ./server.key:/etc/ssl/private/server.key
      - ./server.crt:/etc/ssl/certs/server.crt
      - /etc/letsencrypt:/etc/letsencrypt
    env_file:
      - .env
    depends_on:
      - auth
  auth:
    ...
    networks:
      - zuar
    volumes:
      - ./app/static:/app/static
    env_file:
      - .env
    environment:
      - GUNICORN_CMD_ARGS=--bind=0.0.0.0:5756 --workers=4
    depends_on:
      - db
  db:
      ...
      networks:
        - zuar
      volumes:
        - ./pgdata:/var/lib/postgresql/data
      env_file:
        - .env

networks:
    zuar:

As you can see, There are three containers defined: zwaf, auth, and db. In the zwaf block we map ports using the pattern - "host:container". Similarly, in all three containers we map files and directories on the host machine to directories in the docker container using the volumes block.

The volumes map is important, because it means that changes made to these files or directories on the host machine will also happen inside the container.

Finally, the defined .env file has information about the Tableau server, and PostgreSQL (more on that later).

Front-end Files

All front end files are located in ~/app/static/. Any number of custom html files can be added to this directory, and they will available in the UI of your portal. Additionally, CSS styles are maintained in ~/app/static/css/style.css, and Javascript in ~/app/static/js/. Most of the javascript will be found in app.js. Images and site assets will be found in ~/app/static/assets/.

Nginx

The server running your portal is Nginx. The configuration files are located in ~/app/nginx/nginx.conf as well as any conf file included in ~/app/nginx/conf.d/. The first file is general settings that apply to http, and the files in conf.d apply to the server itself, including locations, etc. Below for reference is the default nginx conf file ~/app/nginx/conf.d/default.conf (edited):

# SSL Redirect: 80 -> 443
server {
    listen 80;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;

    server_name  _;
    root /app/static/;
    resolver 8.8.8.8;

    #charset koi8-r;
    access_log /proc/self/fd/1;

    # ENABLE SSL
    ssl_protocols TLSv1.2 TLSv1.1;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
    ssl_certificate /etc/ssl/certs/server.crt;
    ssl_certificate_key /etc/ssl/private/server.key;
    ...
    ... location blocks below ...

The first server block redirects traffic from port 80 to port 443, and the second server block controls all traffic (on 443). Important settings to take note of are the server_name blocks, the DNS resolver, the ssl_certificate and the ssl_certificate_key. A server_name of _ matches any hostname.

Any changes made to the Nginx configuration will require restarting Nginx inside the docker container to take effect using: docker exec zwaf nginx -s reload

Env

Settings in the ~/.env file also effects the configuration of the portal. Below is an .env file for reference:

DEBUG=True
SECRET=<secret>
DATABASE_URL=postgres://root:<rootpass>@db/portal
POSTGRES_DB=portal
POSTGRES_USER=root
POSTGRES_PASSWORD=<rootpass>
TABLEAU_SERVER_URL=https://tableau.yourhostname.com
TABLEAU_SERVER_SITE=Demo
LOGIN_TEMPLATE=/app/static/login.mako
TOKEN_EXPIRY=7200
PORTAL_ADMIN_USERNAME=<adminusername>
PORTAL_ADMIN_PASSWORD=<adminpass>

The most frequently changed information is probably the TABLEAU_SERVER_NAME and TABLEAU_SERVER_SITE. Any change made to this file will require restarting docker to take effect using: docker-compose down && docker-compose up -d.

Zuar Rapid Portal

Help Center Documentation

System Administration via CLI

Docker

Front-end Files

Nginx

Env

On This Page