Deploying Tines on Docker Compose

Step 1. Install Netcat 

To install netcat, run the following:

AWS Linux or RedHat/CentOS:

sudo yum install nc

Ubuntu or Debian:

sudo apt-get install nc

Step 2. Install Docker 

To install docker, run the following:

AWS Linux or RedHat/CentOS:

sudo yum install docker

Ubuntu or Debian:

sudo apt-get install docker

💡Note

Step 3. Install docker-compose 

To install docker-compose, run the following:

curl -L --fail https://raw.githubusercontent.com/linuxserver/docker-docker-compose/master/run.sh -o /usr/local/bin/docker-compose

chmod +x /usr/local/bin/docker-compose

ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose

💡Note

Step 4. Create Installation Directory  

Create a directory for the Tines installation, for example, /opt/tines:

sudo mkdir /opt/tines

Step 5. Create tines.crt and tines.key Files 

To create the tines.crt and tines.key files, run the following command within your installation directory:

sudo openssl req -x509 -out /opt/tines/tines.crt -keyout /opt/tines/tines.key -newkey rsa:2048 -nodes -sha256

Example

[ec2-user@ip-172-31-13-57 tines]$ sudo openssl req -x509 -out /opt/tines/tines.crt -keyout /opt/tines/tines.key -newkey rsa:2048 -nodes -sha256

Generating a 2048-bit RSA private key

..........................................+++

.....................................+++

writing new private key to '/opt/tines/tines.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank.

For some fields, there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:US

State or Province Name (full name) []:Massachusetts

Locality Name (eg, city) [Default City]:Boston

Organization Name (eg, company) [Default Company Ltd]:Tines

Organizational Unit Name (eg, section) []:Support

Common Name (eg, your name or your server's hostname) []:ec2-44-192-9-108.compute-1.amazonaws.com

Email Address []:yourname@yourcompany.com

[ec2-user@ip-172-31-13-57 tines]$ ls

commands.sh  docker-compose.yml  docs  postgres.tar  redis.tar  setup.sh  tines-app.tar  tines.crt  tines.key  tines-nginx.tar  upgrade.sh

[ec2-user@ip-172-31-13-57 tines]$ 

Step 6. Generate Secret Token 

To generate the app secret token, run the following on your Linux host:

openssl rand -hex 64

Step 7. Download the Installation Package  

To download the installation package, follow these steps:

  1. Send an email to support@tines.io and request that your cloud tenant be enabled to allow the download of the self-hosted installation package.

  2. Once Tines Support has enabled the self-hosted installation package download, visit the /admin/upgrade page on your cloud tenant to download the installation package. The file will be a zip archive named as follows: tines_<build id>.zip. The installation package contains the following files:

Tines Self-Hosted Installation Package Files 

Filename and Description

  • docker-compose.yml

    • Configuration file for Docker Compose

  • .env.tmpl

    • Tines environment setting. Needs to be edited.

  • postgres.tar

    • Postgres docker image

  • redis.tar

    • Redis Docker image

  • tines-app.tar

    • Tines application Docker image

  • tines-nginx.tar

    • Tines nginx docker image

  • upgrade.sh

    • Script to upgrade between Tines versions

  • setup.sh

    • Script to install Tines

Step 8. Upload the Tines Application .zip File  

Upload the Tines application .zip file to your AWS S3 bucket and copy it over to your Linux host as follows:

ec2-user@ip-172-31-13-57 ~]$ sudo aws s3 cp s3://tines-test-env/tines_3cb262aa_v12_0_3.zip /tmp/

If you don’t have access to the S3 bucket from your Linux host, you can use scp with your private key, as shown below:

C:\Users\Ben\Downloads>scp -i BenTest.pem tines_3cb262aa_v12_0_3.zip ec2-user@ec2-44-192-9-108.compute-1.amazonaws.com:tines_3cb262aa_v12_0_3.zip

The authenticity of host 'ec2-44-192-9-108.compute-1.amazonaws.com (44.192.9.108)' can't be established.

ECDSA key fingerprint is SHA256:4uSIhoRWK9PemgpfLh8l/gY0Ng/XFlr4t0x/aK4sSkY.

Are you sure you want to continue connecting (yes/no/[fingerprint])?

Please type 'yes', 'no' or the fingerprint:

Warning: Permanently added 'ec2-44-192-9-108.compute-1.amazonaws.com,44.192.9.108' (ECDSA) to the list of known hosts.

tines_3cb262aa_v12_0_3.zip                                                            100%  368MB 2.9MB/s 02:08

Step 9. Move Files to Installation Directory  

Unzip the installation package and move all files to the installation directory:

unzip tines_<build_id>.zip

cp -rT tines_<build_id>/ /opt/tines

Step 10. Edit .env.tmpl File  

The .env file contains Tines environment variables and is used to configure the Tines instance. 

To edit the .env.tmpl file, follow these steps: 

  1. Open the .env.tmpl file using a text editor. 

  2. Using the information that you recorded in the “.env File Configuration Information Sheet” step, update the following two sections of the .env.tmpl file to reflect your environment: Tenant Configuration and Email Configuration.

Tenant Configuration: Enter basic information about the tenant, including its name, seed user details (the first user account that will be created) and domain (the FQDN).

Email Configuration: Enter SMTP server details. Tines will use these when sending emails.

 

Example

Here's an example of a configured .env file that shows Tenant Configuration and Email Configuration:

###################################
# Required: Initial Tenant Configuration #
#
# Note: the values  in this section will only be read on the first deployment of
# the Tines instance. If you need to change these values after the first run, you will
# need to update the app or database directly. All other values in this file will be
# picked up by the Tines app on every deployment or server restart.
###################################

# A human friendly identifier for this instance of Tines, e.g., "your-company-name":
TENANT_NAME=

# This is the domain where your Tines instance will be accessible:
DOMAIN=

# This will be the first user to be created and get invited to this Tines instance:
SEED_EMAIL=
SEED_FIRST_NAME=
SEED_LAST_NAME=

# If SEED_EMAIL_PASSWORD is set, this will bypass the email invite process for the first user and allow
# the SEED_EMAIL to login without SMTP configured using SEED_EMAIL:SEED_EMAIL_PASSWORD
# SEED_EMAIL_PASSWORD is *superceded* by either of the following 2 conditions:
# 1. If SMTP is configured correctly
# 2. If SSO is configured
SEED_EMAIL_PASSWORD=

#############################
# Required: Server Configuration #
#############################

# Company name and stack name (eg. tines_prod). This is used to identify your tenant's telemetry data,
# if you have enabled that feature.
TELEMETRY_ID=

# This should match the port that you use to access the Tines UI.
# Unless you have chosen a custom port, you should use 443 as typical for HTTPS.
PORT=443

# This should be set to a random 128 character string to ensure security for your installation.
# Changing this value may force users to log in again.
# You can generate a value for this by running: openssl rand -hex 64
APP_SECRET_TOKEN=__SET_YOUR_SECRET_TOKEN__

#############################
# Required: Email Configuration #
#############################
# Outgoing email settings. This must be configured correctly in order for the invite email
# to be sent to the first user.
#
# To use Gmail or Google Apps, put your Google Apps domain or gmail.com
# as the SMTP_DOMAIN and your Gmail username and password as the SMTP_USER_NAME and SMTP_PASSWORD.
#
# If you have trouble with port 587 on Gmail, you can also try setting
# SMTP_AUTHENTICATION to login and the SMTP_PORT to 465.

SMTP_DOMAIN=
SMTP_USER_NAME=
SMTP_PASSWORD=
SMTP_SERVER=
SMTP_PORT=25
SMTP_AUTHENTICATION=login
SMTP_ENABLE_STARTTLS_AUTO=true

# This address will be the default sender for all emails from this Tines instance:
EMAIL_FROM_ADDRESS="Example Support <support@example.com>"

############################
# Required: Database connections #
############################

# PostgreSQL database server connection configuration:
DATABASE_NAME=tines_production
DATABASE_POOL=20
DATABASE_USERNAME=tines
# This password needs to match the value in your docker-compose.yml file.
# A value that contains punctuation other than underscores and dashes may cause errors.
# You can generate a value for this by running: openssl rand -hex 32
DATABASE_PASSWORD=__SET_YOUR_DATABASE_PASSWORD__
DATABASE_HOST=db
DATABASE_PORT=5432

# Opt in to allow Tines app to send certain database queries to a read-only endpoint to reduce main database load
# DATABASE_READONLY_ENDPOINT=""

# Redis connection configuration
REDIS_URL=redis://redis:6379/1

########################
# Optional feature configuration #
########################

# Enables a periodic job to update public template date from integrations.tines.com.
SYNC_TEMPLATES=true

# Specify the default User-Agent header value for HTTP requests made
# by Agents that allow overriding the User-Agent header value.
# DEFAULT_HTTP_USER_AGENT=Tines (Advanced Security Automation; tines.com)

# Configure captcha feature for prompts
# PROMPT_CAPTCHA=false
# RECAPTCHA_SITE_KEY=
# RECAPTCHA_SECRET_KEY=

# Uncomment the line below to output Audit Logs to stdout
# AUDIT_LOGS_TO_STDOUT=true

# Disable ipv6 on nginx
# DISABLE_NGINX_IPV6=true

# Setup tines user on host machine
# SETUP_DEDICATED_LINUX_USER=true

# Set worker count
# SIDEKIQ_CONCURRENCY=12

# Seconds before a web request times out
# RACK_SERVICE_TIMEOUT_SECONDS=35

# Size of each output payload (in bytes) generated for each event
# OUTPUT_PAYLOAD_SIZE_BYTES = 104857600 # 100MB

# Maximum fraction of sidekiq workers that can be used for slow action runs
# ACTION_RUNS_MAX_CONCURRENCY = 0.4 # 40%

########################
# Core configuration #
#
# These values should not be changed.
########################

# Ensure system logs are included in Docker container logs.
RAILS_LOG_TO_STDOUT=true

# Configure Rails environment. This should always be set to 'production'.
RAILS_ENV=production

# Force all requests to use SSL.
FORCE_SSL=true

# Set the installation's timezone.
TIMEZONE=UTC

3. After updating the file, save it as .env.

Step 11. Run Setup Script  

Your installation directory should now contain the following files:

  • docker-compose.yml

  • .env (updated and renamed)

  • postgres.tar

  • redis.tar

  • tines-app.tar

  • tines-nginx.tar

  • tines.crt

  • tines.key

  • upgrade.sh

  • setup.sh

Use the following command to run the Tines setup script:

bash setup.sh

Upon completion of the installation and the startup of the services and containers, a verification email will be sent to the email address that you specified in the SEED_EMAIL entry of the .env file. To verify the installation and to launch the Tines dashboard, click on the link provided in the email.

Was this helpful?