Local deployment

This example is designed to have a fully functional beVault with all external components deployed with Docker alongside the product.

With this installation, you will have:

beVault at the latest version
A PostgreSQL server configured as your target database
A Keycloak server configured to manage beVault authentication
A Redis server up configured for States

This deployment is not intended to be used in production because it does not follow security best practices like :

Enforcing SSL connection on the database
Enforcing HTTPS connection on all web applications
Enforcing strong authentication policies and better client redirect uri control in Keycloak
Using strong passwords for database and web applications accounts

DNS configuration

A domain name is required by some components of beVault because they interact between themselves by using this domain name. The built-in localhost domain name can’t be used because in a container based deployment localhost inside the container not the same as localhost on the host running these containers and so containers won’t be able to communicate between each other using this domain name.

To configure the domain used for this deployment, you must add the following line in your hosts file.

CODE

127.0.0.1 bevault.example.local

File location depend on the OS :

Linux → /etc/hosts
Windows → %WINDIR%\system32\drivers\etc\hosts

For people using docker desktop, this configuration is not required because docker provide the domain name host.docker.internal which allow interaction with the host network from a container

Deployment

Download the following archive and extract it in an empty directory of your choice
Open a terminal (bash, command line, powershell, other) in the target directory

Define environment variables to override default behavior (see Environment variables table)

BASH

export VARIABLE=value # Linux
set VARIABLE=value # Windows command line
$Env:VARIABLE="value" # Windows powershell

Launch the application
BASH
```
docker compose up -d
```

Check if containers are running correctly by executing docker ps command. The output should look like this (no restarting containers) :

BASH

CONTAINER ID   IMAGE                                COMMAND                  CREATED         STATUS                     PORTS                              NAMES
5f5bccc5c143   quay.io/dfakto_org/workers:latest    "/app/dFakto.States.…"   6 minutes ago   Up 6 minutes (healthy)                                        workers
772c65e05f8a   quay.io/dfakto_org/metavault:latest  "dotnet dFakto.DataV…"   6 minutes ago   Up 6 minutes (unhealthy)                                      metavault
9aa31cd1bcc1   quay.io/dfakto_org/states-ui:latest  "/docker-entrypoint.…"   6 minutes ago   Up 6 minutes (unhealthy)   0.0.0.0:5500->80/tcp               states-ui
9b4efd0f766e   quay.io/dfakto_org/states:latest     "dotnet dFakto.State…"   6 minutes ago   Up 6 minutes (unhealthy)                                      states
3af53891bb46   bevault-keycloak                     "/opt/keycloak/bin/k…"   6 minutes ago   Up 6 minutes               8443/tcp, 0.0.0.0:8000->8080/tcp   keycloak
4735ff565e54   postgres:16                          "docker-entrypoint.s…"   6 minutes ago   Up 6 minutes (healthy)     0.0.0.0:5432->5432/tcp             postgresql
b52f195907fb   quay.io/dfakto_org/df2-ui:latest     "/docker-entrypoint.…"   6 minutes ago   Up 6 minutes (healthy)     0.0.0.0:8080->80/tcp               ui
21ccab9ddf77   redis:alpine                         "docker-entrypoint.s…"   6 minutes ago   Up 6 minutes (healthy)     6379/tcp                           redis

Environment variables

Name	Purpose	Default value
`DF_HOSTNAME`	Domain name choosed to run the application	bevault.example.local
`REDIS_VERSION`	Version of Redis deployed	alpine
`POSTGRES_VERSION`	Version of PostgreSQL deployed	16
`POSTGRES_PASSWORD`	Password of the default PostgreSQL superuser (postgres)	postgres_password
`POSTGRES_PORT`	Port exposed on host to access PostgreSQL	5432
`KEYCLOAK_ADMIN`	Username of the default Keycloak administrator	admin
`KEYCLOAK_ADMIN_PASSWORD`	Password of the default Keycloak administrator	kc_admin_password
`KEYCLOAK_PORT`	Port exposed on host to access Keycloak	8000
`STATES_VERSION`	Version of States deployed	latest
`STATES_ACCESS_KEY`	Access Key used by beVault components to interract with States	States_Dummy_Access_Key
`STATES_SECRET_KEY`	Secret Key used by beVault components to interract with States	States_Dummy_Secret_Key
`WORKERS_VERSION`	Version of Workers deployed	latest
`METAVAULT_VERSION`	Version of Metavault deployed	latest
`METAVAULT_UI_VERSION`	Version of beVault UI deployed	latest
`METAVAULT_UI_PORT`	Port exposed on host to access Metavault	8080
`STATES_UI_VERSION`	Version of state UI deployed	latest
`STATES_UI_PORT`	Port exposed on host to access States	5500

Specific version of a beVault can be changed by using the STATES_VERSION, WORKERS_VERSION, METAVAULT_VERSION & UI_VERSION variables. The version number of each component can be found at the bottom of the release note page of the desired beVault version: Releases Notes

Access

Application	PATH	Accounts (username → password)
PostgreSQL	localhost:`POSTGRES_PORT`	postgres → `POSTGRES_PASSWORD` metavault → metavault_password metavault_readonly → metavault_readonly_password keycloak → keycloak_password
Keycloak	http://`DF_HOSTNAME`:`KEYCLOAK_PORT`	`KEYCLOAK_ADMIN` → `KEYCLOAK_PORT`
States	http://`DF_HOSTNAME`:`STATES_UI_PORT`	admin → password
Metavault	http://`DF_HOSTNAME`:`METAVAULT_UI_PORT`	admin → password