Deploying MUSE4Anything
This is a guide to deploying MUSE4Anything using the provided Dockerfile in the MUSE4Anything repository.
Warning
If you want to deploy MUSE4Anything in production then read this guide completely before deploying to not miss any security relevant setting!
Using the Dockerfile
Building the Container Image
# Clone the repository
git clone https://github.com/Muster-Suchen-und-Erkennen/muse-for-anything.git
cd muse-for-anything
# optionally checkout a branch
# git checkout branch-name
docker build --tag muse4anything-image-tag .
Creating a Volume for Persistent Storage
# create a new volume
docker volume create muse-volume-name
# get information about the volume
docker volume inspect muse-volume-name
The root folder of the volume is listed as Mountpoint in the output of :docker volume inspect.
Starting the Container
# start the container
docker run -d --mount source=muse-volume-name,target=/app/instance -p 8080:8080 --name muse4anything-container-name muse4anything-image-tag
# stop the container
docker stop muse4anything-container-name
# remove the container
docker rm muse4anything-container-name
Configuration Options
Configuration Options Using ENV Variables
To configure env variables with docker use the --env or --env-file options of the docker run command (see https://docs.docker.com/engine/reference/commandline/run/#options).
ENV Var |
Example |
Description |
|---|---|---|
|
|
The value is used as the server secret for checking JWT token validity. |
|
|
The number of reverse proxy headers flask should trust. Set this value to the number of reverse proxies you have configured for your MUSE4Anything instance. |
|
|
The minimal severity of log messages that should appear in the log. (10=DEBUG, 20=INFO, 30=WARNING; defaults to 30) |
|
|
Allow forwarding headers from the IP in this ENV var to the flask app. (see also forwarded_allow_ips) |
Configurations Using cinfig.py or config.json
Hint
Please set the SECRET_KEY setting via the environment variable M4A_SECRET_KEY described above!
Key |
Example |
Description |
|---|---|---|
REVERSE_PROXY_COUNT |
|
The number of reverse proxy headers flask should trust. Set this value to the number of reverse proxies you have configured for your MUSE4Anything instance. |
DEFAULT_LOG_SEVERITY |
|
The minimal severity of log messages that should appear in the log. (10=DEBUG, 20=INFO, 30=WARNING; defaults to 30) |
BCRYPT_LOG_ROUNDS |
|
The number of bcrypt hash rounds to use. (use the calibrate command for an indicator on what value to set for your server) |
SQLALCHEMY_DATABASE_URI |
|
The database connection string used by the SQLAchemy ORM. (Requires a database driver to be installed in the docker container! This is currently not the case…) |
See also
Settings from other libraries:
Deploying to Production
Warning
Always provide a sufficient random server secret via the environment variable M4A_SECRET_KEY described above!
This secret should stay the same on updates but can be exchanged if a security breach was detected to immediately invalidate all client sessions using JWT Tokens.
Hint
For https to work behind a reverse proxy make sure to set the REVERSE_PROXY_COUNT setting.
Also check if the reverse proxy correctly sends one of the headers (see secure_scheme_headers) indicating that the request was sent via https.