Production
Metaport in Production
Introduction
At time of writing (July 25) Metaport CE is the only product format currently available while a SaaS goes through a planning phase.
On-Premise
Options for on-premise setups are as follows. Dcentrica offer support plans tailored to your requirements. Get in touch to see what's on offer.
| Option | Requirements | Notes |
|---|---|---|
| Docker | Docker-aware compute (VM/VPS, AWS Fargate, SiteHost Cloud Containers, etc.). Metaport Docker image, Nginx image, managed MariaDB/MySQL, Secrets Manager | Example Dockerfile. (Path to mounted secrets manager set in MP_MASTER_KEY_PATH) |
| Standalone VM | Codebase, PHP 8.3+, MariaDB/MySQL, Nginx | N/A |
| Kubernetes | Metaport Helm Chart, Secrets Manager | Planned |
Procedure
Regardless of your selected on-premise hosting solution, there are some additional considerations:
The official Metaport Docker image only contains the Metaport application, but you'll also need to run a webserver in front to access the application. You also need to configure team/org specific environment variables.
Metaport relies heavily on environment variables which are built into custom images using the Dockerfile ARG directive. This can be done with stored secrets which are injected into the image when building your custom image within a CI pipeline.
You can base your changes on this example Dockerfile which also bundles nginx and configures your Metaport server uniquely for your team.
"Deployment" is achieved in different ways, depending on the level of automation/orchestration available to you in your hosting provider. In general, the final step is in initialising Metaport via a build script or recipe which does the following:
stop existing container ---> pull latest image ---> create volume(s) ---> start container ---> run setup.sh
Tip
Setup Script The setup.sh script does two things:
1. Scaffolds Metaport's database schema.
2. Generates a new global encryption key (if it doesn't exist).
Tip
Shared Volumes Depending on requirements, at least one F/S volume is required if you're using e.g. Let's Encrypt for SSL. Even though some host providers bundle an SSL offering into their services, you'll still need to share a volume on the host machine, with the container running on it.
Tip
Example Configuration Files * See the example Dockerfile combines Metaport Server with Nginx. * See the example nginx config file. * See the default .env.example file. Port each variable as required into your pipeline config.
Tip
Master Key: The lengths you will want to go to secure Metaport's global master encryption key are dependent on how sensitive and important your business considers data, and data-loss. If the key is lost, deleted or otherwise removed, team and application data cannot be rendered within Metaport. In this instance, data will need to be extracted, new keys generated, and imported into a new Metaport instance An alternative to saving the key on the filesystem, is to consider the use of a vault system hosted by your cloud provider of choice, or even the use of an HSM mounted as a volume in the same location.
Troubleshooting
Refer to the troubleshooting guide, submit an issue or join our community Slack.
SaaS
A SOC2 certified SaaS is in progress. In the meantime, a demo is available here for assessment purposes.