Deployment

Pre-requisites

Server Configuration

Create a 64-Bit server which has a minimum of 4GB, 2CPUs, 80GB SSD, 4TB transfer. Debian 10 should be the base OS.

The firewall should permit access to HTTPS and SSH.

Please see below for configuring the server with specific platforms:

• Digital Ocean
• AWS

DNS setup

Create A records for the following for the sub domains. These should point to the IP of the server.

• aapi
• api
• app
• asset
• bookingserviceapp
• bnp
• kc
• pay
• pg

SMTP Server

If you wish to use your own SMTP server, then there is no need to setup a SMTP provider.

If you wish to use Mailgun as your service provider please see Mailgun

Mailgun

If you wish to use mailgun as your mail provider, then please follow the steps below:

• Go here to signup to mailgun
• Fill in the form with your company details
• Follow the mailgun instructions to activate your account
• Follow the mailgun instructions to add & verify a domain
• To get your SMTP credentials click on Dashboard, then on the sending domain.
• Click on Sending->Domain Settings
• Click on the SMTP credentials tab
• You will be presented with the server/port and the username/password

Stripe

Please configure Stripe so that you can accept payments from your customers.

• Register for a stripe account
• Get the API keys
  • Go to https://dashboard.stripe.com/apikeys
  • Please note down the publishable key and secret key as these will be used for the STRIPE_PUBLISHABLE_KEY and STRIPE_SECRET_KEY variables.
• Add a webhook
  • Go to https://dashboard.stripe.com/webhooks
  • Click Add an endpoint
  • Choose the following events:
    • checkout.session.completed
    • invoice.payment_succeeded
    • customer.updated
    • customer.subscription.updated
  • Set the endpoint URL as https://pay.<hostname>/bnp-payment-complete
  • Click on the hook and click reveal next to Signing Secret. Please note this down as this will be used for the STRIPE_WEBHOOK_SECRET variable.
• Setup a price (free product)
  • Click on Products on the top menu
  • Click on the Add Product button
  • Set a Name
  • Set the Price as $0.00 Monthly
  • Click the Save Product button in the top right
  • You will see an API ID. Please note this down as this will be used for the STRIPE_PRICE_ID_ASSET_MONTHLY variable.

Docker installation

• SSH into the server
• Install Docker following the instructions at https://docs.docker.com/engine/install/debian/
• Please see https://docs.docker.com/engine/install/linux-postinstall/ to enable non-root users to run Docker
• Install docker-compose using the instructions at https://docs.docker.com/compose/install/.

Install Book & Pay

Installation

• Make an bnp directory in the users home folder
• Copy the docker-compose.yml and .env file to the bnp folder on the server.
• Set some key environment variables:
  • HOST - this is the domain name of the server, e.g. fionics.net
  • PLATFORM_BUSINESS_NAME - name of your business.
  • PLATFORM_BUSINESS_URL - a URL which links to your website.
  • PLATFORM_SUPPORT_EMAIL - support email that users can contact for help/support.
• Set the Stripe environment variables described in the Stripe section above:
  • STRIPE_PUBLISHABLE_KEY
  • STRIPE_SECRET_KEY
  • STRIPE_WEBHOOK_SECRET
  • STRIPE_PRICE_ID_ASSET_MONTHLY
• Note: For optional environment variables which can be configured please see Environment Variables
• Configure your Stripe account - please see Stripe
• Login to the BNP registry:

docker login registry.gitlab.com -u <user>

The user should be replaced with the username that we have provided you with. You will be prompted for a password where you should supply the password that we have supplied you with.

• Pull the docker images:

docker-compose pull

Note: it may take a few minutes to pull the images.

• Start the first set of containers:

docker-compose up -d bnpdb proxy keycloak

• (Optional) Modify the email template please see Customize the email templates

• Run some configuration containers:

docker-compose up keycloakconfig && docker-compose up user-api-config && docker-compose run keycloak-servicetoken

• Take the output of this command and replace the SERVICE_TOKEN variable in the .env file.
• Run the following command to start the final set of containers.

docker-compose up -d bookingserviceapp tomcat oauthclientdb user-api && docker-compose up provision && docker-compose up -d asset-api payment-service asset-api-config

Configure Email Settings

Configure Mail Settings #1

• Go to https://kc.<hostname>/admin/master/console/#/realms/bnprealm and login as the admin user
• Click on the Email tab
• Please supply the following fields: Host, Port, Username, Password.
• Please provide the From field. This should be set to an address on your domain, e.g. [email protected].

Configure Mail Settings #2

• Go to https://bnp.<hostname>/service and login as the service user
• Navigate to Settings->Message Settings
• Provide the appropriate mail settings (as above)
  • Host
  • Port
  • Username
  • Password
  • From - this should be an email address corresponding to your domain.
• Click Submit

Note: AWS blocks outbound traffic on port 25 (SMTP) of all EC2 instances.

Customize the email templates

• Startup up pgadmin container:

docker-compose up -d pgadmin

• Modify the templates
  • Go to the web interface at http://pg.<hostname>
  • Right-click Server, then Create->Server
  • On the General tab set a name for the Server connection
  • On the Connection tab set bnpdb as the Host. Set superuser as the password, and provide the password for this user.
  • Click Save
  • Go into the Databases on the left pane, and navigate to the message databse.
  • Expand Schemas, then Tables
  • To modify the templates for your installation Right click on the template_blueprint table, View/Edit Data, then All Rows
  • To modify the message rules for your installation Right click on the message_blueprint table, View/Edit Data, then All Rows
  • Click the Save Data Changes button.
• Stop the pgadmin container:

docker-compose stop pgadmin

Environment variables

• HTTP_SCHEME - this should be set to https
• Keycloak variables
  • KEYCLOAK_ADMIN_USER - this is the username of the administrative user. The default value of admin can be used.
  • KEYCLOAK_ADMIN_PASSWORD - this is the password of the administrative user. This should be changed to a secure password.
  • KEYCLOAK_SERVICE_USER - this is the username of the service user. This should be changed to a suitable email address as this will be used for the From address for certain email messages.
  • KEYCLOAK_SERVICE_PASSWORD - this should be changed to a secure value.
• DB variables - the password variables below should be set to secure values.
  • POSTGRES_USER
  • POSTGRES_PASSWORD
  • DB_KEYCLOAK_USER
  • DB_KEYCLOAK_PASSWORD
  • DB_API_USER
  • DB_API_PASSWORD
  • DB_PGADMIN_USER
  • DB_PGADMIN_PASSWORD
  • DB_AUTHENTICATOR_USER
  • DB_AUTHENTICATOR_PASSWORD
• (Optional) Recaptcha variables - if recaptcha is used then the following variables should be set. Please see Recaptcha
  • RECAPTCHA_SET_KEY
  • RECAPTCHA_SECRET_KEY
• (Optional) Google login variables - if Google login is used then the following variables should be set. Please see Google Oauth
  • GOOGLE_CLIENT_ID
  • GOOGLE_CLIENT_SECRET
• (Optional) Facebook login variables - if Facebook login is used then the following variables should be set. Please see Facebook Oauth
  • FB_CLIENT_ID
  • FB_CLIENT_SECRET
• (Optional) Rebrandly variables. Please see Rebrandly
  • REBRANDLY_API_KEY
  • REBRANDLY_WORKSPACE
• SERVICE_USER_TOKEN - please see the sections above. This will be generated during provisioning.

Optional Features

SMS

If you wish to use the SMS feature of BNP then you will need to signup with Plivo. Please see below for more details.

Plivo

To signup Plivo please follow the instructions below:

• Go to the Plivo registration page
• Activate your account and login
• On the dashboard you can see the Auth ID and the Auth Token which should be used for the SMS Public Key and the SMS Private key when configuring the SMS settings in BNP.

Configure SMS settings

Provide the SMS Public Key and SMS Private Key. Please see Plivo for more details.

• Go to https://bnp.<hostname>/service and login as the service user
  • Navigate to Settings->Message Settings
  • Provide the appropriate SMS settings
    • SMS Public Key - this corresponds to the Plivo Auth ID.
    • SMS Private Key - this corresponds to the Plivo Auth Token.
  • Click Submit

URL shortener - Rebrandly

• Register for a rebrandly account. There is no need to do any configuration during the Rebrandly signup process.
• Generate an API key
  • Click on the Account icon in the top right corner.
  • Click on Account Settings
  • Click on the API keys tab
  • Click the Generate new API key button
  • You should see a some information populate which shows your API key.
  • The API key should be used to set the REBRANDLY_API_KEY variable in the .env file.
• Find your Workspace ID
  • From the Rebrandly dashboard click on the Workspaces tab.
  • Click on the Main Workspace in the list
  • The browser address bar will then show a link like: https://app.rebrandly.com/workspaces/<workspace_id>
  • The last part of the URL (workspace_id) should be used to populate the value of the REBRANDLY_WORKSPACE variable in the .env file.
• Set the values of REBRANDLY_API_KEY and REBRANDLY_WORKSPACE in the .env file.
• Recreate some Docker containers to reload the rebrandly settings:

docker rm -f bookingserviceapp messagedeliveryapp && docker-compose up -d bookingserviceapp messagedeliveryapp

Recaptcha

The Recaptcha settings are configured within your Google account.

Google settings

• First login to your Google account
• Then go to the Recaptcha admin console
• Please fill in the form with the following details:
  • Label - descriptive label for the recaptcha settings, e.g. ‘business.com-v2’
  • reCAPTCHA type - please select reCAPTCHA v2 and “I’m not a robot” Checkbox
  • For the domain add the domain which will be used for your bookandpay deployment, e.g. business.com
  • Tick the checkbox to ‘Accept the reCAPTCHA Terms of Service’
  • Click the Submit button
• You will then be presented with the recaptcha site key and secret key. The secret key should be used for the RECAPTCHA_SECRET_KEY variable in th .env file.

Configure Recaptcha settings

• Modify the .env file with the RECAPTCHA_SITE_KEY and RECAPTCHA_SECRET_KEY variables.
• Rebuild docker containers:

docker rm -f bookingserviceapp payment-service && docker-compose up -d bookingserviceapp payment-service

Google Login

Google Configuration

• Go to Google’s page to administer your credentials.
• Click CREATE PROJECT. Provide a project name and submit the form.
• Configure consent screen
  • Click CONFIGURE CONSENT SCREEN
  • Click External as the User Type
  • Click the Create button
  • Please fill in the form with appropriate details
    • App name - this should be the name of the app to reflect your branding.
    • User support email - this should be an email contact within your organisation.
    • Under Authorised domains please add the external hostname that your customers will use to reach the app, e.g. business.com.
    • Developer contact email - this should be an email contact within your organisation.
    • Click Save and Continue
  • Skip the Scopes step and click Save and Continue
  • Skip the Optional Info step and click Save and Continue
  • Click on the Credentials option in the left menu bar
• Create credentials
  • Click on the credentials option in the left menu bar
  • At the top of the screen click on the CREATE CREDENTIALS button. Then Oauth Client ID
  • Select Web application as the application type
  • Choose a suitable name for the application, e.g. bookingapp
  • Add authorised redirect URIs. Please add https://kc.<hostname>/realms/bnprealm/broker/google/endpoint
  • Click the Create button
• A popup will show the Client ID and Secret. Keep a note of these values for the following section of this document.

BookAndPay configuration

• Go to https://kc.<hostname>/admin.
• Login with the admin credentials.
• Click on Identity Providers in the left menu.
• Click Add Provider and select Google
• In the Client ID field please enter the Client ID from the previous section.
• In the Client Secret field please enter the Secret from the previous section.
• Click the Save button.

Facebook Login

Facebook configuration

• Go to Facebook’s developer page at https://developers.facebook.com
• If you do not already have a Facebook account, then please create an account
  • Click Log in in the top right
  • Click Create New Account button. Fill in the form and click Sign Up
  • Go back to https://developers.facebook.com1
• Complete signup as a developer
  • Click the Get Started link in the top right
  • Click the Continue button
  • In the next step provide a mobile number to verify the developer account. You will need to verify the number with the code that Facebook will send to you.
  • Click the Confirm Email button
  • Select the role which best describes you then click the Complete Registration button.
• Create an app
  • Click the Create App button
  • Click Consumer as the app type, then click Next
  • Select a suitable display name which reflects your branding.
  • Click the Create App button
• Add domains
  • Click Settings->Basic on the left-side menu
  • Add the following domains: business.com, kc.business.com
  • Add Privacy Policy URL
  • Add User Data Deletion URL
  • Click Save Changes
• Add Facebook Login
  • Click Add Product in the left menu bar
  • Click Set Up next to Facebook login
  • Click Web
  • In Step 1 provide the following URL: https://kc.<hostname>/realms/bnprealm/broker/facebook/endpoint
  • Skip through the remaining steps
• Add permissions
  • Click on App Review and Permissions and Features
  • Add Advanced access for email and public_profile
• Toggle App mode to Live
• Get the client ID and secret
  • Click Settings->Basic on the left-side menu
  • The App ID should be used as the Client ID in the following section, and the App Secret should be used for the Client Secret.

BookAndPay configuration

• Go to https://kc.<hostname>/admin.
• Login with the admin credentials.
• Click on Identity Providers in the left menu.
• Click Add Provider and select Facebook
• In the Client ID field please enter the Client ID from the previous section.
• In the Client Secret field please enter the Secret from the previous section.
• Click the Save button.

Stripe Connect

• Get the client ID
  • Click on gear icon in top right
  • Click the ‘Settings’ link in the Connect section,
  • Scroll down and you will see the client id will be in the Integration section. This should be used for the STRIPE_CONNECT_CLIENT_ID variable.
• Configure redirect URI
  • While on the Settings page click the Add URI button
  • Enter the following URL: https://pay./payment-account-oauth-connect
• Add a webook
  • Go to https://dashboard.stripe.com/webhooks
  • Click Add an endpoint
  • Choose the following events:
  • Set the endpoint URL as ``
  • Enable Listen to events on Connected Accounts add webhook

Database backup

backup

docker run -v bnp_pg_data:/volume -v /tmp:/backup --rm loomchild/volume-backup backup bnp_pg_archive
docker run -v bnp_oa_data:/volume -v /tmp:/backup --rm loomchild/volume-backup backup bnp_oa_archive

restore

docker run -v bnp_pg_data:/volume -v /tmp:/backup --rm loomchild/volume-backup restore bnp_pg_archive
docker run -v bnp_oa_data:/volume -v /tmp:/backup --rm loomchild/volume-backup restore bnp_oa_archive

Details of the container used for backup can be found here

Copy the archive file to another location with date stamp